ScoopDroid/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init: Weaken property override security for the init extension

Browse source 
Sometimes we need to override ro.* properties by using our vendor init
extension.

Previously there was a security check which was blocking that.
To resolve the issue, we need to weaken the security check during the
execution of our vendor init extension.

This is safe because the vendor init extension gets executed as part of init
construction and it is considered a trusted system component.

Change-Id: I6198b453745cb92c65d3e3d49e3262354cddd2a2
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
This commit is contained in:
Alex Naidis 2017-04-09 01:29:27 +02:00 committed by DigiGoon
parent 35dd4cf950
commit af70f20d4c
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
init/property_service.cpp
View file

@ -132,6 +132,8 @@ struct PropertyAuditData {
const char* name; const char* name;
}; };
static bool weaken_prop_override_security = false;
static int PropertyAuditCallback(void* data, security_class_t /*cls*/, char* buf, size_t len) { static int PropertyAuditCallback(void* data, security_class_t /*cls*/, char* buf, size_t len) {
auto* d = reinterpret_cast<PropertyAuditData*>(data); auto* d = reinterpret_cast<PropertyAuditData*>(data);
@ -406,8 +408,8 @@ static std::optional<uint32_t> PropertySet(const std::string& name, const std::s
} else { } else {
prop_info* pi = (prop_info*)__system_property_find(name.c_str()); prop_info* pi = (prop_info*)__system_property_find(name.c_str());
if (pi != nullptr) { if (pi != nullptr) {
// ro.* properties are actually "write-once". // ro.* properties are actually "write-once", unless the system decides to
if (StartsWith(name, "ro.")) { if (StartsWith(name, "ro.") && !weaken_prop_override_security) {
*error = "Read-only property was already set"; *error = "Read-only property was already set";
return {PROP_ERROR_READ_ONLY_PROPERTY}; return {PROP_ERROR_READ_ONLY_PROPERTY};
} }
@ -1242,6 +1244,9 @@ void PropertyLoadBootDefaults() {
} }
} }
// Weaken property override security during execution of the vendor init extension
weaken_prop_override_security = true;
// Update with vendor-specific property runtime overrides // Update with vendor-specific property runtime overrides
vendor_load_properties(); vendor_load_properties();
@ -1252,6 +1257,9 @@ void PropertyLoadBootDefaults() {
property_initialize_ro_cpu_abilist(); property_initialize_ro_cpu_abilist();
property_initialize_ro_vendor_api_level(); property_initialize_ro_vendor_api_level();
// Restore the normal property override security after init extension is executed
weaken_prop_override_security = false;
update_sys_usb_config(); update_sys_usb_config();
} }