system_properties.cpp: special case ro.* properties
Currently, reads of ro.* properties are treated differently than
writes of ro.* properties. When writing an ro.* property, we ignore
the "ro." portion of the property, and base the security decision
on the label of the remaining portion.
See e7a9e52740/init/property_service.cpp
line 120-126
For example, for writing, the label associated with
"ro.build.fingerprint" comes from the /property_contexts file
entry:
# ro.build.fingerprint is either set in /system/build.prop, or is
# set at runtime by system_server.
build.fingerprint u:object_r:fingerprint_prop:s0
However, we fail to follow this same special case when sorting
properties into files. Instead, ro.build.fingerprint is assigned
u:object_r:default_prop:s0 instead of u:object_r:fingerprint_prop:s0
Ignore the "ro." portion when sorting properties into files.
This will make reads and writes of properties use the same label.
Bug: 21852512
Change-Id: Ie88ffc6b78b31fc8ddf370ae27c218546fb25a83
This commit is contained in:
parent
507d6f2a51
commit
c5fd81ab25
@ -826,6 +826,10 @@ static bool map_system_property_area(bool access_rw, bool* fsetxattr_failed) {
|
||||
}
|
||||
|
||||
static prop_area* get_prop_area_for_name(const char* name) {
|
||||
if (strncmp(name, "ro.", 3) == 0) {
|
||||
name += 3;
|
||||
}
|
||||
|
||||
auto entry = list_find(prefixes, [name](prefix_node* l) {
|
||||
return l->prefix[0] == '*' || !strncmp(l->prefix, name, l->prefix_len);
|
||||
});
|
||||
|
Loading…
x
Reference in New Issue
Block a user