From fa79ae87f12d2709482375f56a1c13737a8513f3 Mon Sep 17 00:00:00 2001
From: Tom Cherry <tomcherry@google.com>
Date: Fri, 26 Oct 2018 08:40:55 -0700
Subject: [PATCH] init: allow vendor init to action on any vendor or odm
 property

Partial revert of "init: if vendor_init can read a property, let it be
a trigger too" (b35f827c97ceb24e33fb2514ff62c8636bc46f59).

We made a mistake when we allowed vendor init to action on any vendor
or odm property, since when a new SELinux label is created for a
vendor property, vendor_init does not automatically get read
permissions for it.

Recently, we tried to use read permissions instead of the built-in
list in init, but that broke due to the above mistaken.  Since we have
already launched with these permissions as is, we must restore them.

Bug: 118457755
Test: no denials for vendor init actionable properties on crosshatch
Change-Id: I7a9a560c9a54a177c6b83d28309e2f288f05d400
---
 init/action_parser.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/init/action_parser.cpp b/init/action_parser.cpp
index 2d497b386..4f8bd166a 100644
--- a/init/action_parser.cpp
+++ b/init/action_parser.cpp
@@ -40,6 +40,18 @@ bool IsActionableProperty(Subcontext* subcontext, const std::string& prop_name)
         return true;
     }
 
+    static constexpr const char* kPartnerPrefixes[] = {
+            "init.svc.vendor.", "ro.vendor.",    "persist.vendor.",
+            "vendor.",          "init.svc.odm.", "ro.odm.",
+            "persist.odm.",     "odm.",          "ro.boot.",
+    };
+
+    for (const auto& prefix : kPartnerPrefixes) {
+        if (android::base::StartsWith(prop_name, prefix)) {
+            return true;
+        }
+    }
+
     return CanReadProperty(subcontext->context(), prop_name);
 }