Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c3892c04 authored by Tom Cherry's avatar Tom Cherry Committed by Gerrit Code Review
Browse files

Merge "Restrict setting platform properties from vendor .prop files"

parents a281389b dc375869

init/property_service.cpp

+28 −4
Original line number Diff line number Diff line
@@ -59,8 +59,11 @@ 
#include "init.h"

#include "persistent_properties.h"

#include "property_type.h"

#include "subcontext.h"

#include "util.h"



using namespace std::literals;



using android::base::ReadFileToString;

using android::base::Split;

using android::base::StartsWith;
@@ -533,11 +536,17 @@ static bool load_properties_from_file(const char *, const char *); 
 * Filter is used to decide which properties to load: NULL loads all keys,

 * "ro.foo.*" is a prefix match, and "ro.foo.bar" is an exact match.

 */

static void load_properties(char *data, const char *filter)

{

static void LoadProperties(char* data, const char* filter, const char* filename) {

    char *key, *value, *eol, *sol, *tmp, *fn;

    size_t flen = 0;



    const char* context = kInitContext.c_str();

    for (const auto& [path_prefix, secontext] : paths_and_secontexts) {

        if (StartsWith(filename, path_prefix)) {

            context = secontext;

        }

    }



    if (filter) {

        flen = strlen(filter);

    }
@@ -584,7 +593,21 @@ static void load_properties(char *data, const char *filter) 
                }

            }



            property_set(key, value);

            if (StartsWith(key, "ctl.") || key == "sys.powerctl"s ||

                key == "selinux.restorecon_recursive"s) {

                LOG(ERROR) << "Ignoring disallowed property '" << key

                           << "' with special meaning in prop file '" << filename << "'";

                continue;

            }



            uint32_t result = 0;

            ucred cr = {.pid = 1, .uid = 0, .gid = 0};

            std::string error;

            result = HandlePropertySet(key, value, context, cr, &error);

            if (result != PROP_SUCCESS) {

                LOG(ERROR) << "Unable to set property '" << key << "' to '" << value

                           << "' in property file '" << filename << "': " << error;

            }

        }

    }

}
@@ -600,7 +623,8 @@ static bool load_properties_from_file(const char* filename, const char* filter) 
        return false;

    }

    file_contents->push_back('\n');

    load_properties(file_contents->data(), filter);



    LoadProperties(file_contents->data(), filter, filename);

    LOG(VERBOSE) << "(Loading properties from " << filename << " took " << t << ".)";

    return true;

}

init/subcontext.cpp

+5 −3
Original line number Diff line number Diff line
@@ -49,6 +49,11 @@ namespace init { 
const std::string kInitContext = "u:r:init:s0";

const std::string kVendorContext = "u:r:vendor_init:s0";



const char* const paths_and_secontexts[2][2] = {

    {"/vendor", kVendorContext.c_str()},

    {"/odm", kVendorContext.c_str()},

};



namespace {



constexpr size_t kBufferSize = 4096;
@@ -349,9 +354,6 @@ Result<std::vector<std::string>> Subcontext::ExpandArgs(const std::vector<std::s 
static std::vector<Subcontext> subcontexts;



std::vector<Subcontext>* InitializeSubcontexts() {

    static const char* const paths_and_secontexts[][2] = {

        {"/vendor", kVendorContext.c_str()},

    };

    for (const auto& [path_prefix, secontext] : paths_and_secontexts) {

        subcontexts.emplace_back(path_prefix, secontext);

    }

init/subcontext.h

+1 −0
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ namespace init { 


extern const std::string kInitContext;

extern const std::string kVendorContext;

extern const char* const paths_and_secontexts[2][2];



class Subcontext {

  public: