init: Spoof additional props

Change-Id: I3a22f2a923628c54462ed878f2c98a228d355f60
Signed-off-by: Alvin Francis <nivlafx@gmail.com>
Signed-off-by: Dmitrii <bankersenator@gmail.com>

fs_mgr/fs_mgr_remount.cpp

@@ -634,8 +634,9 @@ int main(int argc, char* argv[]) {
         LOG(ERROR) << "Device must be userdebug build";
         return EXIT_FAILURE;
     }
-
+#if 0
-#if ALLOW_ADBD_DISABLE_VERITY == 0  // "user" build
+    // We already use safety net hacks which spoof to green state.
+    // Remove this check completely.
     if (android::base::GetProperty("ro.boot.verifiedbootstate", "") != "orange") {
         LOG(ERROR) << "Device must be bootloader unlocked";
         return EXIT_FAILURE;

init/property_service.cpp

@@ -876,55 +876,99 @@ static void load_override_properties() {
 }
 
 static const char *snet_prop_key[] = {
-	"ro.boot.vbmeta.device_state",
+    "ro.boot.vbmeta.device_state",
-	"ro.boot.verifiedbootstate",
+    "ro.boot.verifiedbootstate",
-	"ro.boot.flash.locked",
+    "ro.boot.flash.locked",
-	"ro.boot.selinux",
+    "ro.boot.veritymode",
-	"ro.boot.veritymode",
+    "ro.boot.warranty_bit",
-	"ro.boot.warranty_bit",
+    "ro.warranty_bit",
-	"ro.warranty_bit",
+    "ro.debuggable",
-	"ro.debuggable",
+    "ro.secure",
-	"ro.secure",
+    "ro.bootimage.build.type",
-	"ro.build.type",
+    "ro.build.type",
-	"ro.build.keys",
+    "ro.system.build.type",
-	"ro.build.tags",
+    "ro.system_ext.build.type",
-	"ro.system.build.tags",
+    "ro.vendor.build.type",
-	"ro.vendor.boot.warranty_bit",
+    "ro.vendor_dlkm.build.type",
-	"ro.vendor.warranty_bit",
+    "ro.product.build.type",
-	"vendor.boot.vbmeta.device_state",
+    "ro.odm.build.type",
-	"vendor.boot.verifiedbootstate",
+    "ro.build.keys",
-	NULL
+    "ro.build.tags",
+    "ro.system.build.tags",
+    "ro.vendor.boot.warranty_bit",
+    "ro.vendor.warranty_bit",
+    "vendor.boot.vbmeta.device_state",
+    "vendor.boot.verifiedbootstate",
+    "sys.oem_unlock_allowed",
+    "ro.adb.secure",
+    "ro.force.debuggable",
+    NULL
 };
 
 static const char *snet_prop_value[] = {
-	"locked", // ro.boot.vbmeta.device_state
+    "locked", // ro.boot.vbmeta.device_state
-	"green", // ro.boot.verifiedbootstate
+    "green", // ro.boot.verifiedbootstate
-	"1", // ro.boot.flash.locked
+    "1", // ro.boot.flash.locked
-	"enforcing", // ro.boot.selinux
+    "enforcing", // ro.boot.veritymode
-	"enforcing", // ro.boot.veritymode
+    "0", // ro.boot.warranty_bit
-	"0", // ro.boot.warranty_bit
+    "0", // ro.warranty_bit
-	"0", // ro.warranty_bit
+    "0", // ro.debuggable
-	"0", // ro.debuggable
+    "1", // ro.secure
-	"1", // ro.secure
+    "user", // ro.bootimage.build.type
-	"user", // ro.build.type
+    "user", // ro.build.type
-	"release-keys", // ro.build.keys
+    "user", // ro.system.build.type
-	"release-keys", // ro.build.tags
+    "user", // ro.system_ext.build.type
-	"release-keys", // ro.system.build.tags
+    "user", // ro.vendor.build.type
-	"0", // ro.vendor.boot.warranty_bit
+    "user", // ro.vendor_dlkm.build.type
-	"0", // ro.vendor.warranty_bit
+    "user", // ro.product.build.type
-	"locked", // vendor.boot.vbmeta.device_state
+    "user", // ro.odm.build.type
-	"green", // vendor.boot.verifiedbootstate
+    "release-keys", // ro.build.keys
-	NULL
+    "release-keys", // ro.build.tags
+    "release-keys", // ro.system.build.tags
+    "0", // ro.vendor.boot.warranty_bit
+    "0", // ro.vendor.warranty_bit
+    "locked", // vendor.boot.vbmeta.device_state
+    "green", // vendor.boot.verifiedbootstate
+    "0", // sys.oem_unlock_allowed
+    "1", // ro.adb.secure
+    "0", // ro.force.debuggable
+    NULL
 };
 
 static void workaround_snet_properties() {
-	std::string error;
+    std::string build_type = android::base::GetProperty("ro.build.type", "");
-	LOG(INFO) << "snet: Hiding sensitive props";
 
-	// Hide all sensitive props
+    // Bail out if this is recovery, fastbootd, or anything other than a normal boot.
-	for (int i = 0; snet_prop_key[i]; ++i) {
+    // fastbootd, in particular, needs the real values so it can allow flashing on
-		PropertySetNoSocket(snet_prop_key[i], snet_prop_value[i], &error);
+    // unlocked bootloaders.
-	}
+    if (IsRecoveryMode()) {
+        return;
+    }
+
+    // Exit if eng build
+    if (build_type == "eng") {
+        return;
+    }
+
+    // Weaken property override security to set safetynet props
+    weaken_prop_override_security = true;
+
+    std::string error;
+
+    // Hide all sensitive props 
+    LOG(INFO) << "snet: Hiding sensitive props";
+    for (int i = 0; snet_prop_key[i]; ++i) {
+        PropertySetNoSocket(snet_prop_key[i], snet_prop_value[i], &error);
+    }
+
+    // Extra pops
+    std::string build_flavor_key = "ro.build.flavor";
+    std::string build_flavor_value = android::base::GetProperty(build_flavor_key, "");
+    build_flavor_value = android::base::StringReplace(build_flavor_value, "userdebug", "user", false);
+    PropertySetNoSocket(build_flavor_key, build_flavor_value, &error);
+
+    // Restore the normal property override security after safetynet props have been set
+    weaken_prop_override_security = false;
 }
 
 // If the ro.product.[brand|device|manufacturer|model|name] properties have not been explicitly
@@ -1296,9 +1340,6 @@ void PropertyLoadBootDefaults() {
         }
     }
 
-    // Weaken property override security during execution of the vendor init extension
-    weaken_prop_override_security = true;
-
     // Update with vendor-specific property runtime overrides
     vendor_load_properties();
 
@@ -1313,9 +1354,6 @@ void PropertyLoadBootDefaults() {
 
     // Workaround SafetyNet
     workaround_snet_properties();
-
-    // Restore the normal property override security after init extension is executed
-    weaken_prop_override_security = false;
 }
 
 void PropertyLoadDerivedDefaults() {