From a0d05d71842fedae20aaa54d5c5b491d6aab4ece Mon Sep 17 00:00:00 2001
From: Jonathan Klee <jonathan.klee@e.email>
Date: Thu, 6 Jan 2022 09:28:05 +0100
Subject: [PATCH] Allow security_patch to be overriden for SafetyNet purpose

Device tree can now define PLATFORM_SECURITY_PATCH_OVERRIDE
to specify a specific ro.build.version.security_patch value.

If PLATFORM_SECURITY_PATCH_OVERRIDE is defined,
ro.eos.version.security_patch will have the overriden value
and will be read by the framework to be displayed to the user.
---
 core/Makefile            | 6 ++++++
 core/version_defaults.mk | 1 -
 tools/buildinfo.sh       | 1 +
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/core/Makefile b/core/Makefile
index 82987646e9..c050e73f48 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -445,6 +445,7 @@ $(intermediate_system_build_prop): $(BUILDINFO_SH) $(BUILDINFO_COMMON_SH) $(INTE
 	        PLATFORM_VERSION="$(PLATFORM_VERSION)" \
 	        PLATFORM_VERSION_LAST_STABLE="$(PLATFORM_VERSION_LAST_STABLE)" \
 	        PLATFORM_SECURITY_PATCH="$(PLATFORM_SECURITY_PATCH)" \
+	        PLATFORM_SECURITY_PATCH_EOS="$(PLATFORM_SECURITY_PATCH_EOS)" \
 	        PLATFORM_BASE_OS="$(PLATFORM_BASE_OS)" \
 	        PLATFORM_SDK_VERSION="$(PLATFORM_SDK_VERSION)" \
 	        PLATFORM_PREVIEW_SDK_VERSION="$(PLATFORM_PREVIEW_SDK_VERSION)" \
@@ -1250,6 +1251,11 @@ ifdef GENERIC_KERNEL_CMDLINE
 endif
 endif
 
+ifneq (,$(PLATFORM_SECURITY_PATCH_OVERRIDE)
+  PLATFORM_SECURITY_PATCH_EOS := $(PLATFORM_SECURITY_PATCH)
+  PLATFORM_SECURITY_PATCH := $(PLATFORM_SECURITY_PATCH_OVERRIDE)
+endif
+
 INTERNAL_MKBOOTIMG_VERSION_ARGS := \
     --os_version $(PLATFORM_VERSION_LAST_STABLE) \
     --os_patch_level $(PLATFORM_SECURITY_PATCH)
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index 9e1b859928..afa1cb99b0 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -242,7 +242,6 @@ ifndef PLATFORM_SECURITY_PATCH
     #  If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
       PLATFORM_SECURITY_PATCH := 2022-01-05
 endif
-.KATI_READONLY := PLATFORM_SECURITY_PATCH
 
 ifndef PLATFORM_SECURITY_PATCH_TIMESTAMP
   # Used to indicate the matching timestamp for the security patch string in PLATFORM_SECURITY_PATCH.
diff --git a/tools/buildinfo.sh b/tools/buildinfo.sh
index 954a01fb28..cde5e5048b 100755
--- a/tools/buildinfo.sh
+++ b/tools/buildinfo.sh
@@ -14,6 +14,7 @@ echo "ro.build.version.all_codenames=$PLATFORM_VERSION_ALL_CODENAMES"
 echo "ro.build.version.release=$PLATFORM_VERSION_LAST_STABLE"
 echo "ro.build.version.release_or_codename=$PLATFORM_VERSION"
 echo "ro.build.version.security_patch=$PLATFORM_SECURITY_PATCH"
+echo "ro.eos.version.security_patch=$PLATFORM_SECURITY_PATCH_EOS"
 echo "ro.build.version.base_os=$PLATFORM_BASE_OS"
 echo "ro.build.version.min_supported_target_sdk=$PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION"
 echo "ro.build.date=`$DATE`"
-- 
GitLab