init: workaround SafetyNet check

Doing this in the userspace allows more properties to be spoofed
and eliminate the needs for a hack in the kernel.

Change-Id: I6ad755c085491c958c8a7d75db7df2c8e5481a55
Signed-off-by: Dmitrii <bankersenator@gmail.com>

init/property_service.cpp

@@ -875,6 +875,50 @@ static void load_override_properties() {
     }
 }
 
+static const char *snet_prop_key[] = {
+	"ro.boot.vbmeta.device_state",
+	"ro.boot.verifiedbootstate",
+	"ro.boot.flash.locked",
+	"ro.boot.selinux",
+	"ro.boot.veritymode",
+	"ro.boot.warranty_bit",
+	"ro.warranty_bit",
+	"ro.debuggable",
+	"ro.secure",
+	"ro.build.type",
+	"ro.build.keys",
+	"ro.build.tags",
+	"ro.system.build.tags",
+	NULL
+};
+
+static const char *snet_prop_value[] = {
+	"locked", // ro.boot.vbmeta.device_state
+	"green", // ro.boot.verifiedbootstate
+	"1", // ro.boot.flash.locked
+	"enforcing", // ro.boot.selinux
+	"enforcing", // ro.boot.veritymode
+	"0", // ro.boot.warranty_bit
+	"0", // ro.warranty_bit
+	"0", // ro.debuggable
+	"1", // ro.secure
+	"user", // ro.build.type
+	"release-keys", // ro.build.keys
+	"release-keys", // ro.build.tags
+	"release-keys", // ro.system.build.tags
+	NULL
+};
+
+static void workaround_snet_properties() {
+	std::string error;
+	LOG(INFO) << "snet: Hiding sensitive props";
+
+	// Hide all sensitive props
+	for (int i = 0; snet_prop_key[i]; ++i) {
+		PropertySetNoSocket(snet_prop_key[i], snet_prop_value[i], &error);
+	}
+}
+
 // If the ro.product.[brand|device|manufacturer|model|name] properties have not been explicitly
 // set, derive them from ro.product.${partition}.* properties
 static void property_initialize_ro_product_props() {
@@ -1259,6 +1303,9 @@ void PropertyLoadBootDefaults() {
 
     update_sys_usb_config();
 
+    // Workaround SafetyNet
+    workaround_snet_properties();
+
     // Restore the normal property override security after init extension is executed
     weaken_prop_override_security = false;
 }