Compare commits
No commits in common. "afee2eb6bfa3a9dca987806353f73ee571bf9328" and "0d071119a06f5b10ea0d907d231e3970f2872ba8" have entirely different histories.
afee2eb6bf
...
0d071119a0
4 changed files with 8 additions and 64 deletions
|
|
@ -123,7 +123,6 @@ libinit_cc_defaults {
|
|||
"-DREBOOT_BOOTLOADER_ON_PANIC=0",
|
||||
"-DSHUTDOWN_ZERO_TIMEOUT=0",
|
||||
"-DWORLD_WRITABLE_KMSG=0",
|
||||
"-DSPOOF_SAFETYNET=1",
|
||||
"-Wall",
|
||||
"-Werror",
|
||||
"-Wextra",
|
||||
|
|
@ -151,8 +150,6 @@ libinit_cc_defaults {
|
|||
cppflags: [
|
||||
"-USHUTDOWN_ZERO_TIMEOUT",
|
||||
"-DSHUTDOWN_ZERO_TIMEOUT=1",
|
||||
"-USPOOF_SAFETYNET",
|
||||
"-DSPOOF_SAFETYNET=0",
|
||||
],
|
||||
},
|
||||
uml: {
|
||||
|
|
@ -424,7 +421,6 @@ init_first_stage_cc_defaults {
|
|||
"-DSHUTDOWN_ZERO_TIMEOUT=0",
|
||||
"-DLOG_UEVENTS=0",
|
||||
"-DSEPOLICY_VERSION=30", // TODO(jiyong): externalize the version number
|
||||
"-DSPOOF_SAFETYNET=1",
|
||||
],
|
||||
|
||||
product_variables: {
|
||||
|
|
@ -454,8 +450,6 @@ init_first_stage_cc_defaults {
|
|||
cflags: [
|
||||
"-USHUTDOWN_ZERO_TIMEOUT",
|
||||
"-DSHUTDOWN_ZERO_TIMEOUT=1",
|
||||
"-USPOOF_SAFETYNET",
|
||||
"-DSPOOF_SAFETYNET=0",
|
||||
],
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -132,8 +132,6 @@ struct PropertyAuditData {
|
|||
const char* name;
|
||||
};
|
||||
|
||||
static bool weaken_prop_override_security = false;
|
||||
|
||||
static int PropertyAuditCallback(void* data, security_class_t /*cls*/, char* buf, size_t len) {
|
||||
auto* d = reinterpret_cast<PropertyAuditData*>(data);
|
||||
|
||||
|
|
@ -408,8 +406,8 @@ static std::optional<uint32_t> PropertySet(const std::string& name, const std::s
|
|||
} else {
|
||||
prop_info* pi = (prop_info*)__system_property_find(name.c_str());
|
||||
if (pi != nullptr) {
|
||||
// ro.* properties are actually "write-once", unless the system decides to
|
||||
if (StartsWith(name, "ro.") && !weaken_prop_override_security) {
|
||||
// ro.* properties are actually "write-once".
|
||||
if (StartsWith(name, "ro.")) {
|
||||
*error = "Read-only property was already set";
|
||||
return {PROP_ERROR_READ_ONLY_PROPERTY};
|
||||
}
|
||||
|
|
@ -1244,9 +1242,6 @@ void PropertyLoadBootDefaults() {
|
|||
}
|
||||
}
|
||||
|
||||
// Weaken property override security during execution of the vendor init extension
|
||||
weaken_prop_override_security = true;
|
||||
|
||||
// Update with vendor-specific property runtime overrides
|
||||
vendor_load_properties();
|
||||
|
||||
|
|
@ -1257,9 +1252,6 @@ void PropertyLoadBootDefaults() {
|
|||
property_initialize_ro_cpu_abilist();
|
||||
property_initialize_ro_vendor_api_level();
|
||||
|
||||
// Restore the normal property override security after init extension is executed
|
||||
weaken_prop_override_security = false;
|
||||
|
||||
update_sys_usb_config();
|
||||
}
|
||||
|
||||
|
|
@ -1418,36 +1410,6 @@ static void ProcessBootconfig() {
|
|||
});
|
||||
}
|
||||
|
||||
static void SetSafetyNetProps() {
|
||||
InitPropertySet("ro.boot.flash.locked", "1");
|
||||
InitPropertySet("ro.boot.vbmeta.device_state", "locked");
|
||||
InitPropertySet("ro.boot.verifiedbootstate", "green");
|
||||
InitPropertySet("ro.boot.veritymode", "enforcing");
|
||||
InitPropertySet("ro.boot.warranty_bit", "0");
|
||||
InitPropertySet("ro.warranty_bit", "0");
|
||||
InitPropertySet("ro.debuggable", "0");
|
||||
InitPropertySet("ro.force.debuggable", "0");
|
||||
InitPropertySet("ro.adb.secure", "1");
|
||||
InitPropertySet("ro.secure", "1");
|
||||
InitPropertySet("ro.bootimage.build.type", "user");
|
||||
InitPropertySet("ro.build.type", "user");
|
||||
InitPropertySet("ro.build.keys", "release-keys");
|
||||
InitPropertySet("ro.build.tags", "release-keys");
|
||||
InitPropertySet("ro.system.build.tags", "release-keys");
|
||||
InitPropertySet("ro.product.build.type", "user");
|
||||
InitPropertySet("ro.odm.build.type", "user");
|
||||
InitPropertySet("ro.system.build.type", "user");
|
||||
InitPropertySet("ro.system_ext.build.type", "user");
|
||||
InitPropertySet("ro.vendor.build.type", "user");
|
||||
InitPropertySet("ro.vendor_dlkm.build.type", "user");
|
||||
InitPropertySet("ro.vendor.boot.warranty_bit", "0");
|
||||
InitPropertySet("ro.vendor.warranty_bit", "0");
|
||||
InitPropertySet("vendor.boot.vbmeta.device_state", "locked");
|
||||
InitPropertySet("vendor.boot.verifiedbootstate", "green");
|
||||
InitPropertySet("oplusboot.verifiedbootstate", "green");
|
||||
InitPropertySet("sys.oem_unlock_allowed", "0");
|
||||
}
|
||||
|
||||
void PropertyInit() {
|
||||
selinux_callback cb;
|
||||
cb.func_audit = PropertyAuditCallback;
|
||||
|
|
@ -1462,16 +1424,6 @@ void PropertyInit() {
|
|||
LOG(FATAL) << "Failed to load serialized property info file";
|
||||
}
|
||||
|
||||
// Report a valid verified boot chain to make Google SafetyNet integrity
|
||||
// checks pass. This needs to be done before parsing the kernel cmdline as
|
||||
// these properties are read-only and will be set to invalid values with
|
||||
// androidboot cmdline arguments.
|
||||
if (SPOOF_SAFETYNET) {
|
||||
if (!IsRecoveryMode()) {
|
||||
SetSafetyNetProps();
|
||||
}
|
||||
}
|
||||
|
||||
// If arguments are passed both on the command line and in DT,
|
||||
// properties set in DT always have priority over the command-line ones.
|
||||
ProcessKernelDt();
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@
|
|||
namespace android {
|
||||
namespace init {
|
||||
|
||||
static std::string init_fatal_reboot_target = "recovery";
|
||||
static std::string init_fatal_reboot_target = "bootloader";
|
||||
static bool init_fatal_panic = false;
|
||||
|
||||
// this needs to read the /proc/* files directly because it is called before
|
||||
|
|
|
|||
|
|
@ -1143,12 +1143,14 @@ on zygote-start
|
|||
wait_for_prop odsign.verification.done 1
|
||||
# A/B update verifier that marks a successful boot.
|
||||
exec_start update_verifier
|
||||
start statsd
|
||||
start zygote
|
||||
start zygote_secondary
|
||||
|
||||
# Tweak background writeout
|
||||
on boot && property:ro.config.low_ram=true
|
||||
# Tweak background writeout
|
||||
write /proc/sys/vm/dirty_expire_centisecs 200
|
||||
write /proc/sys/vm/dirty_background_ratio 5
|
||||
|
||||
on boot && property:suspend.disable_sync_on_suspend=true
|
||||
write /sys/power/sync_on_suspend 0
|
||||
|
|
@ -1167,8 +1169,6 @@ on boot
|
|||
# parameters to match how it is managing things.
|
||||
write /proc/sys/vm/overcommit_memory 1
|
||||
write /proc/sys/vm/min_free_order_shift 4
|
||||
write /proc/sys/vm/dirty_background_bytes 52428800
|
||||
write /proc/sys/vm/dirty_bytes 209715200
|
||||
|
||||
# System server manages zram writeback
|
||||
chown root system /sys/block/zram0/idle
|
||||
|
|
@ -1190,12 +1190,10 @@ on boot
|
|||
# to avoid power consumption when system becomes mostly idle. Be careful
|
||||
# to make it too large, since it may bring userdata loss, if they
|
||||
# are not aware of using fsync()/sync() to prepare sudden power-cut.
|
||||
write /dev/sys/fs/by-name/userdata/cp_interval 6000
|
||||
write /dev/sys/fs/by-name/userdata/gc_urgent_sleep_time 200
|
||||
write /dev/sys/fs/by-name/userdata/cp_interval 200
|
||||
write /dev/sys/fs/by-name/userdata/gc_urgent_sleep_time 50
|
||||
write /dev/sys/fs/by-name/userdata/iostat_period_ms 1000
|
||||
write /dev/sys/fs/by-name/userdata/iostat_enable 0
|
||||
write /proc/sys/vm/dirty_expire_centisecs 3000
|
||||
write /proc/sys/vm/dirty_background_ratio 10
|
||||
|
||||
# set readahead multiplier for POSIX_FADV_SEQUENTIAL files
|
||||
write /dev/sys/fs/by-name/userdata/seq_file_ra_mul 128
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue