This sort of stuff was pretty common in the early Android days. Most root exploits were just clever attacks on the startup scripts and that continued for some time until the manufacturers finally wised up. HTC was particularly bad here.
I wouldn't attribute it to malice - just engineers without the right time and/or training.
This is explicitly security oriented code. The release notes indicate a high awareness of security issues and discuss some advanced topics and items its trying to mitigate.... and then the code has a way of leaking kernel memory. Do you really doubt an engineer (or potentially team of engineers) working in security could not see what was outlined in the article? Its suspect at least
C is absurdly easy to screw up like this. You need a lot of focused engineers, complete institutional focus on proactively catching things like this, and robust tooling to even have a hope of fixing all the low hanging security issues consistently. I don't find it hard to believe that Huawei missed one or all of those for at least long enough to make a patch.
I wouldn't attribute it to malice - just engineers without the right time and/or training.