From 79b23411b14da150388a5079f641c7c9ed68a5f6 Mon Sep 17 00:00:00 2001
From: Jonathan Klee <jonathan.klee@e.email>
Date: Thu, 6 Jan 2022 09:28:05 +0100
Subject: [PATCH] Allow security_patch to be overriden for SafetyNet purpose

Device tree can now define PLATFORM_SECURITY_PATCH_OVERRIDE
to specify a specific ro.build.version.security_patch value.

If PLATFORM_SECURITY_PATCH_OVERRIDE is defined,
ro.eos.version.security_patch will have the overriden value
and will be read by the framework to be displayed to the user.
---
 core/Makefile            | 6 ++++++
 core/version_defaults.mk | 1 -
 tools/buildinfo.sh       | 1 +
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/core/Makefile b/core/Makefile
index add63d7b89..6cbc275a83 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -442,6 +442,7 @@ endif
 	        AB_OTA_UPDATER="$(AB_OTA_UPDATER)" \
 	        PLATFORM_VERSION="$(PLATFORM_VERSION)" \
 	        PLATFORM_SECURITY_PATCH="$(PLATFORM_SECURITY_PATCH)" \
+	        PLATFORM_SECURITY_PATCH_EOS="$(PLATFORM_SECURITY_PATCH_EOS)" \
 	        PLATFORM_BASE_OS="$(PLATFORM_BASE_OS)" \
 	        PLATFORM_SDK_VERSION="$(PLATFORM_SDK_VERSION)" \
 	        PLATFORM_PREVIEW_SDK_VERSION="$(PLATFORM_PREVIEW_SDK_VERSION)" \
@@ -993,6 +994,11 @@ ifdef INTERNAL_KERNEL_CMDLINE
 INTERNAL_BOOTIMAGE_ARGS += --cmdline "$(INTERNAL_KERNEL_CMDLINE)"
 endif
 
+ifneq (,$(PLATFORM_SECURITY_PATCH_OVERRIDE)
+  PLATFORM_SECURITY_PATCH_EOS := $(PLATFORM_SECURITY_PATCH)
+  PLATFORM_SECURITY_PATCH := $(PLATFORM_SECURITY_PATCH_OVERRIDE)
+endif
+
 INTERNAL_MKBOOTIMG_VERSION_ARGS := \
     --os_version $(PLATFORM_VERSION) \
     --os_patch_level $(PLATFORM_SECURITY_PATCH)
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index e5fca63007..565d0426b9 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -252,7 +252,6 @@ ifndef PLATFORM_SECURITY_PATCH
     #  If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
       PLATFORM_SECURITY_PATCH := 2021-12-05
 endif
-.KATI_READONLY := PLATFORM_SECURITY_PATCH
 
 ifndef PLATFORM_SECURITY_PATCH_TIMESTAMP
   # Used to indicate the matching timestamp for the security patch string in PLATFORM_SECURITY_PATCH.
diff --git a/tools/buildinfo.sh b/tools/buildinfo.sh
index d7f3b96a36..63eda9c624 100755
--- a/tools/buildinfo.sh
+++ b/tools/buildinfo.sh
@@ -13,6 +13,7 @@ echo "ro.build.version.codename=$PLATFORM_VERSION_CODENAME"
 echo "ro.build.version.all_codenames=$PLATFORM_VERSION_ALL_CODENAMES"
 echo "ro.build.version.release=$PLATFORM_VERSION"
 echo "ro.build.version.security_patch=$PLATFORM_SECURITY_PATCH"
+echo "ro.eos.version.security_patch=$PLATFORM_SECURITY_PATCH_EOS"
 echo "ro.build.version.base_os=$PLATFORM_BASE_OS"
 echo "ro.build.version.min_supported_target_sdk=$PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION"
 echo "ro.build.date=`$DATE`"
-- 
GitLab