Sometimes we need to override ro.* properties by using our vendor init
extension.
Previously there was a security check which was blocking that.
To resolve the issue, we need to weaken the security check during the
execution of our vendor init extension.
This is safe because the vendor init extension gets executed as part of init
construction and it is considered a trusted system component.
Change-Id: I6198b453745cb92c65d3e3d49e3262354cddd2a2
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
This is a squash of the following commits.
Author: Danny Lin <danny@kdrag0n.dev>
Date: Wed Oct 7 00:24:54 2020 -0700
init: Set properties to make SafetyNet pass
Google's SafetyNet integrity checks will check the values of these
properties when performing basic attestation. Setting fake values helps
us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.
Note that these properties need to be set very early, before parsing the
kernel command-line, as they are read-only properties that the bootloader
sets using androidboot kernel arguments. The bootloader's real values
cause SafetyNet to fail with an unlocked bootloader and/or custom
software because the verified boot chain is broken in that case.
Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
Author: Jarl-Penguin <jarlpenguin@outlook.com>
Date: Wed Jun 16 11:28:46 2021 +0000
init: Don't spoof SafetyNet properties in recovery mode
Change-Id: Ib6d3808c3b8f3e0cffab685a24d3cdd436b0fe9b
Change-Id: I0a219245b8e8f59ab1acc31068b4f8f98f708d81
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IsswAKCRDorT+BmrEO
eHLxAJ9VFRJgjolHUwxeYIHRrAxp7WFw0wCeIiUvtF763IeQx6Ri6gz3/i1V9mY=
=uE+H
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEHrBYPudH862glXQBzJUERRm+ZmkFAmdYsU0XHG1rYmVzdGFz
QGxpbmVhZ2Vvcy5vcmcACgkQzJUERRm+ZmlzEhAAkyT+qSieZv1roFs6MW0sBnjP
60eSCsj/eVetsK91ExBdm+NPHmpFG1XUcwxxiWzlPweIYA+eaECdoP9qngwxH/fy
7m6lxzVx2C9JbSCRWuBmyFWfsm7l+cjDoO8a5QnummBNobhV6/z680+CPzhsXXp5
wQ8cRYLlZEwSMGlgW5KufhbEQISZK1rxWGcx7C0MwoAZybm0V7bcv9ot9XWVZdBI
0uvpZEAYuLqMTTOxd1HNZBKA+cMmWLE+0ALfydGqdHxTkpDXY17Ek4/R3H7KTcy0
mhp6rLQHMKn/atDUsYGvDp/wGs+PWHl9QPXprwj9g9XBNRaAcw/ANi+I/Gc17Qsc
X/5DeC0ycGBljhjnl7ZoXAPwLyN+tYZi+ekwBs0E4+uQCLG5AMSLGZHGHcZafXB1
s0pR1u85BxC/7CoVB22J5utjsLdJT0G8bIgfyrKVVIA9iIe9zO/rsMN+9kffrQ9W
xPohc1XyVrsQ2b6xk/PyqbAI5mk7+IKKhxhX+Vv2Fczp2OCPuefa1aS1lIv4bZBL
rRPlVyodLWsEqxGNhiCo5Hh24uufJGuBTL2w6Rn5/UkqUkvUQZbsRNTg7WQIfcWh
sNvuNNxpgsilXFJC0/aoLE557MjCWq4eolPLnyrz3yR3jPcAa269bMuiMXKsVeEd
PvjxgQawPY8QkE2woe0=
=R9aC
-----END PGP SIGNATURE-----
Merge tag 'android-15.0.0_r6' into staging/lineage-22.0_merge-android-15.0.0_r6
Android 15.0.0 Release 6 (AP4A.241205.013)
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IsswAKCRDorT+BmrEO
# eHLxAJ9VFRJgjolHUwxeYIHRrAxp7WFw0wCeIiUvtF763IeQx6Ri6gz3/i1V9mY=
# =uE+H
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri Dec 6 00:44:03 2024 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal]
# gpg: initial-contribution@android.com: Verified 2481 signatures in the past
# 3 years. Encrypted 4 messages in the past 2 years.
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78
# By Akilesh Kailash (13) and others
# Via Automerger Merge Worker (317) and others
* tag 'android-15.0.0_r6': (158 commits)
trusty: storage: proxy: FS_READY property setting on vendor only
Fix the trigger name for loading bpf programs.
start netd earlier
Replace base::RandInt with std::uniform_int_distribution
trusty: keymint: rename trusty_ipc_dev property
Move the `dist` target of `mke2fs` to `build/core/tasks`
Remove define of SA_EXPOSE_TAGBITS.
Add input event profile to mitigate input latency of input threads
Remove usage of base/string/* in libfs_avb
Add getFdStateDebug to access Looper's callbacks
libsnapshot: CHECK -> CHECK_EQ
Mount /mnt/vm earlier
Define linker.config.json as a filegroup
Remove usage of base/logging.h in libfs_avb
debuggerd: recognize jumps to non-executable memory.
Support vendor partition in non-debuggable pVMs
Remind the reader that they'll need to modify CTS too.
Rename system/core/rootdir/Android.mk to create_root_structure.mk
trusty: keymint/gatekeeper: Pass device name from init scripts
Remove unused variable.
...
Conflicts:
fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
fs_mgr/libsnapshot/snapshot.cpp
init/Android.bp
init/fuzzer/Android.bp
Change-Id: I29c07b3ac76940cb2b82726e98d2beb643b3e6e4
This is to match the changes in post_process_props made in
I33ae5c6f2787017a62e679aa0c28d4b909d45935
Change-Id: If521a8abb4810f8b5d4e3164a06969af4fc12374
Allow optional vendor-specific initializations
within init. This can be used for runtime
initialization setup that init rc scripts do
not support.
Change-Id: I7623a0d59b18f9ec8e3623958e2f7ccd72b877bf
ro.boot.hardware.cpu.pagesize is used on some devices to
report the page size. However, we also know what value this
should be from the CPU. Rather than create a separate property
for this, standardize around this property.
This also allows us to test the value of this property on all
devices.
Bug: 358696947
Test: Vts16KPageSizeTest
Change-Id: I7f6260c68e17e7df8a789e9066a7171f3a56f4b0
When someone uses the 16kb dev option, they switch
out the kernel, but the same build is used. Make
sure this is visible in the fingerprint to help
split up any analytics or reports.
Bug: 332406754
Test: no change on normal device, on 16k dev option device:
:) adb shell getprop ro.product.build.16k_page.enabled
true
:) adb shell getconf PAGE_SIZE
16384
:) adb shell getprop ro.build.fingerprint
generic/aosp_cf_x86_64_phone_pgagnostic_16kb/vsoc_x86_64_pgagnostic:VanillaIceCream/MAIN.b7aab5e4/eng.smorel.20240514.203625:userdebug/test-keys
^^^^^^
----------------------------/
cheers
Change-Id: I9632237cef4a3b077761022eda8cf42784a41753
We're shutting down anyway, so the service is either dead already
or about to be killed, and callers get upset (and don't have a good
response themselves) if we reject the request.
This was seen by a partner where adbd was asked to stop during
shutdown.
Bug: https://issuetracker.google.com/336223505
Change-Id: If09feeef2e0f2d1be9ff84a88cca6ed593a35362
Devices may predefine ro.vendor.api_level. Skip calculating the value
if the ro.vendor.api_level is already defined.
Bug: 326164316
Test: getprop ro.vendor.api_level
Change-Id: Ic9fd2a0eef6ba9345f98a5cb1eb790080e19ca19
Remove temporary 'vendor_api_level_of' function from init and replace
the function with the same in libvendorsupport.
Bug: 312403948
Test: getprop ro.vendor.api_level
Change-Id: I095353e602397220571e131431e7cbd1b8511fa6
Merged-In: I095353e602397220571e131431e7cbd1b8511fa6
In Android V, ro.vendor.api_level read ro.board.api_level only if
ro.board.first_api_level is defined. The format of the vendor api
level is YYYYMM.
Update the ro.vendor.api_level initialize funtion with this change.
As ro.product.first_api_level follows the version from the SDK, a
new function `vendor_api_level_of` translates the SDK version to the
vendor API level.
Bug: 312403948
Test: getprop ro.vendor.api_level
Change-Id: I2961ed9a6de8e9156f72c1bbfeabcac9c35f08fb
unit tests
1, Previous implementation has the staged prop application done in
property_service, which caused a number of unnecessary changes which
including exposing apis like AddPersistentProperty. In addition, it made
the property_service logic complicated. A better design is to have the
staged value application done while reading the persistent properties
from file. This way, no change to property service. In addition, unit
test is much cleaner and efficient.
2, add a unit test to lock down the behavior. Specifically, it locks down that when a prop is staged, it should be applied the next time when the persistent prop is loaded. In addition, it should lock down that other persistent props are not overwritten.
Bug: b/307752841, b/300111812, b/306062513
Change-Id: I43c603efbb803195065dda3f0bc2145716302bbc
This fixes a bug introduced by I81b6bd984aad8f7ddec93ce74f4543e4f71be508
In the original CL, setting a sysprop `next_boot.<name>` and then
rebooting the device could remove all the persistent properties stored
in /data/property/persistent_properties. It happened because the
function `WritePersistentProperty` is called with a properties set which
is initialized as an empty set and then added with the properties which
had the next_boot prefix.
As a result...
Before the boot:
* persist.a = 1
* next_boot.b = 2
* next_boot.persist.c = 3
After the reboot:
* b = 2
* persist.c = 3
persist.a gets lost.
This change fixes the issue by populating properties set from the memory
and then save it to the file.
Bug: 306062513
Bug: 300111812
Test: do the following.
$ adb root
$ adb shell setprop persist.a 1
$ adb shell setprop next_boot.b 1
$ adb shell setprop next_boot.persist.c 1
$ adb reboot
$ adb shell getprop persist.a
1 // was (none) before this change
$ adb shell getprop b
1
$ adb shell getprop persist.c
1
$ adb reboot
$ adb shell getprop persist.a
1 // was (none) before this change
$ adb shell getprop b
// (none) because b isn't persisted. WAI.
$ adb shell getprop persist.c
1
Change-Id: I85d3777f9b32523b010e49b8ca53f4319dd2ce05
Certain applications may have their system properties overlaid with the
contents overlaid for appcompat purposes. Init must initialize the
appcompat folder, same as it does the standard folder.
Bug: 291814949
Test: manual
Change-Id: I6d239e0a10a1c81a05d4121e5fc2c41da5b3dbc4
Merged-In: I0c6a0f66dc543c6e861bc86a417e4feb5ecd7789
Certain applications may have their system properties overlaid with the
contents overlaid for appcompat purposes. Init must initialize the
appcompat folder, same as it does the standard folder.
Bug: 291814949
Ignore-AOSP-First: must be merged with ag/24558703, which has an Aosp -> internal merge conflict
Test: manual
Change-Id: I0c6a0f66dc543c6e861bc86a417e4feb5ecd7789
