diff options
| -rw-r--r-- | init/action_parser.cpp | 16 | ||||
| -rw-r--r-- | init/host_init_stubs.cpp | 3 | ||||
| -rw-r--r-- | init/host_init_stubs.h | 1 | ||||
| -rw-r--r-- | init/property_service.cpp | 16 | ||||
| -rw-r--r-- | init/property_service.h | 2 | ||||
| -rw-r--r-- | init/stable_properties.h | 67 |
6 files changed, 28 insertions, 77 deletions
diff --git a/init/action_parser.cpp b/init/action_parser.cpp index 148116200..2d497b386 100644 --- a/init/action_parser.cpp +++ b/init/action_parser.cpp @@ -19,7 +19,11 @@ #include <android-base/properties.h> #include <android-base/strings.h> -#include "stable_properties.h" +#if defined(__ANDROID__) +#include "property_service.h" +#else +#include "host_init_stubs.h" +#endif using android::base::GetBoolProperty; using android::base::StartsWith; @@ -36,15 +40,7 @@ bool IsActionableProperty(Subcontext* subcontext, const std::string& prop_name) return true; } - if (kExportedActionableProperties.count(prop_name) == 1) { - return true; - } - for (const auto& prefix : kPartnerPrefixes) { - if (android::base::StartsWith(prop_name, prefix)) { - return true; - } - } - return false; + return CanReadProperty(subcontext->context(), prop_name); } Result<Success> ParsePropertyTrigger(const std::string& trigger, Subcontext* subcontext, diff --git a/init/host_init_stubs.cpp b/init/host_init_stubs.cpp index 8866bdcd6..b85e54a69 100644 --- a/init/host_init_stubs.cpp +++ b/init/host_init_stubs.cpp @@ -30,6 +30,9 @@ namespace init { std::string default_console = "/dev/console"; // property_service.h +bool CanReadProperty(const std::string& source_context, const std::string& name) { + return true; +} uint32_t SetProperty(const std::string& key, const std::string& value) { android::base::SetProperty(key, value); return 0; diff --git a/init/host_init_stubs.h b/init/host_init_stubs.h index 0af11f667..63ceead67 100644 --- a/init/host_init_stubs.h +++ b/init/host_init_stubs.h @@ -39,6 +39,7 @@ namespace init { extern std::string default_console; // property_service.h +bool CanReadProperty(const std::string& source_context, const std::string& name); extern uint32_t (*property_set)(const std::string& name, const std::string& value); uint32_t HandlePropertySet(const std::string& name, const std::string& value, const std::string& source_context, const ucred& cr, std::string* error); diff --git a/init/property_service.cpp b/init/property_service.cpp index 6aed0a393..53288697d 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -111,6 +111,22 @@ void property_init() { LOG(FATAL) << "Failed to load serialized property info file"; } } + +bool CanReadProperty(const std::string& source_context, const std::string& name) { + const char* target_context = nullptr; + property_info_area->GetPropertyInfo(name.c_str(), &target_context, nullptr); + + PropertyAuditData audit_data; + + audit_data.name = name.c_str(); + + ucred cr = {.pid = 0, .uid = 0, .gid = 0}; + audit_data.cr = &cr; + + return selinux_check_access(source_context.c_str(), target_context, "file", "read", + &audit_data) == 0; +} + static bool CheckMacPerms(const std::string& name, const char* target_context, const char* source_context, const ucred& cr) { if (!target_context || !source_context) { diff --git a/init/property_service.h b/init/property_service.h index cacd987f7..9022f5a8a 100644 --- a/init/property_service.h +++ b/init/property_service.h @@ -26,6 +26,8 @@ namespace android { namespace init { +bool CanReadProperty(const std::string& source_context, const std::string& name); + extern uint32_t (*property_set)(const std::string& name, const std::string& value); uint32_t HandlePropertySet(const std::string& name, const std::string& value, diff --git a/init/stable_properties.h b/init/stable_properties.h deleted file mode 100644 index baef833f7..000000000 --- a/init/stable_properties.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (C) 2018 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _INIT_STABLE_PROPERTIES_H -#define _INIT_STABLE_PROPERTIES_H - -#include <set> -#include <string> - -namespace android { -namespace init { - -static constexpr const char* kPartnerPrefixes[] = { - "init.svc.vendor.", "ro.vendor.", "persist.vendor.", "vendor.", "init.svc.odm.", "ro.odm.", - "persist.odm.", "odm.", "ro.boot.", -}; - -static const std::set<std::string> kExportedActionableProperties = { - "dev.bootcomplete", - "init.svc.console", - "init.svc.dumpstatez", - "init.svc.mediadrm", - "init.svc.surfaceflinger", - "init.svc.zygote", - "persist.bluetooth.btsnoopenable", - "persist.sys.crash_rcu", - "persist.sys.usb.usbradio.config", - "persist.sys.zram_enabled", - "ro.board.platform", - "ro.bootmode", - "ro.build.type", - "ro.crypto.state", - "ro.crypto.type", - "ro.debuggable", - "sys.boot_completed", - "sys.boot_from_charger_mode", - "sys.retaildemo.enabled", - "sys.shutdown.requested", - "sys.usb.config", - "sys.usb.configfs", - "sys.usb.ffs.mtp.ready", - "sys.usb.ffs.ready", - "sys.user.0.ce_available", - "sys.vdso", - "vold.decrypt", - "vold.post_fs_data_done", - "vts.native_server.on", - "wlan.driver.status", -}; - -} // namespace init -} // namespace android - -#endif |