diff --git a/init/property_service.cpp b/init/property_service.cpp index 5001aa9e7..9a7fc2dcc 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -876,45 +876,55 @@ static void load_override_properties() { } static const char *snet_prop_key[] = { - "ro.boot.vbmeta.device_state", - "ro.boot.verifiedbootstate", - "ro.boot.flash.locked", - "ro.boot.selinux", - "ro.boot.veritymode", - "ro.boot.warranty_bit", - "ro.warranty_bit", - "ro.debuggable", - "ro.secure", - "ro.build.type", - "ro.build.keys", - "ro.build.tags", - "ro.system.build.tags", - "ro.vendor.boot.warranty_bit", - "ro.vendor.warranty_bit", - "vendor.boot.vbmeta.device_state", - "vendor.boot.verifiedbootstate", - NULL + "ro.boot.vbmeta.device_state", + "ro.boot.verifiedbootstate", + "ro.boot.flash.locked", + "ro.boot.selinux", + "ro.boot.veritymode", + "ro.boot.warranty_bit", + "ro.warranty_bit", + "ro.debuggable", + "ro.secure", + "ro.build.type", + "ro.system.build.type", + "ro.system_ext.build.type", + "ro.vendor.build.type", + "ro.product.build.type", + "ro.odm.build.type", + "ro.build.keys", + "ro.build.tags", + "ro.system.build.tags", + "ro.vendor.boot.warranty_bit", + "ro.vendor.warranty_bit", + "vendor.boot.vbmeta.device_state", + "vendor.boot.verifiedbootstate", + NULL }; static const char *snet_prop_value[] = { - "locked", // ro.boot.vbmeta.device_state - "green", // ro.boot.verifiedbootstate - "1", // ro.boot.flash.locked - "enforcing", // ro.boot.selinux - "enforcing", // ro.boot.veritymode - "0", // ro.boot.warranty_bit - "0", // ro.warranty_bit - "0", // ro.debuggable - "1", // ro.secure - "user", // ro.build.type - "release-keys", // ro.build.keys - "release-keys", // ro.build.tags - "release-keys", // ro.system.build.tags - "0", // ro.vendor.boot.warranty_bit - "0", // ro.vendor.warranty_bit - "locked", // vendor.boot.vbmeta.device_state - "green", // vendor.boot.verifiedbootstate - NULL + "locked", // ro.boot.vbmeta.device_state + "green", // ro.boot.verifiedbootstate + "1", // ro.boot.flash.locked + "enforcing", // ro.boot.selinux + "enforcing", // ro.boot.veritymode + "0", // ro.boot.warranty_bit + "0", // ro.warranty_bit + "0", // ro.debuggable + "1", // ro.secure + "user", // ro.build.type + "user", // ro.system.build.type + "user", // ro.system_ext.build.type + "user", // ro.vendor.build.type + "user", // ro.product.build.type + "user", // ro.odm.build.type + "release-keys", // ro.build.keys + "release-keys", // ro.build.tags + "release-keys", // ro.system.build.tags + "0", // ro.vendor.boot.warranty_bit + "0", // ro.vendor.warranty_bit + "locked", // vendor.boot.vbmeta.device_state + "green", // vendor.boot.verifiedbootstate + NULL }; static void workaround_snet_properties() { @@ -923,16 +933,22 @@ static void workaround_snet_properties() { // Weaken property override security to set safetynet props weaken_prop_override_security = true; - std::string error; + std::string error; - // Hide all sensitive props if not eng build + // Hide all sensitive props if not eng build if (build_type != "eng") { - LOG(INFO) << "snet: Hiding sensitive props"; - for (int i = 0; snet_prop_key[i]; ++i) { + LOG(INFO) << "snet: Hiding sensitive props"; + for (int i = 0; snet_prop_key[i]; ++i) { PropertySetNoSocket(snet_prop_key[i], snet_prop_value[i], &error); - } + } } + // Extra pops + std::string build_flavor_key = "ro.build.flavor"; + std::string build_flavor_value = android::base::GetProperty(build_flavor_key, ""); + build_flavor_value = android::base::StringReplace(build_flavor_value, "userdebug", "user", false); + PropertySetNoSocket(build_flavor_key, build_flavor_value, &error); + // Restore the normal property override security after safetynet props have been set weaken_prop_override_security = false; }