From c5fd81ab2524a06be907d9c5234e79346bbbbd7c Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Tue, 5 Jan 2016 16:19:24 -0800 Subject: [PATCH] system_properties.cpp: special case ro.* properties Currently, reads of ro.* properties are treated differently than writes of ro.* properties. When writing an ro.* property, we ignore the "ro." portion of the property, and base the security decision on the label of the remaining portion. See https://android.googlesource.com/platform/system/core/+/e7a9e52740c952c623f7842ffa1d09b58b45e552/init/property_service.cpp line 120-126 For example, for writing, the label associated with "ro.build.fingerprint" comes from the /property_contexts file entry: # ro.build.fingerprint is either set in /system/build.prop, or is # set at runtime by system_server. build.fingerprint u:object_r:fingerprint_prop:s0 However, we fail to follow this same special case when sorting properties into files. Instead, ro.build.fingerprint is assigned u:object_r:default_prop:s0 instead of u:object_r:fingerprint_prop:s0 Ignore the "ro." portion when sorting properties into files. This will make reads and writes of properties use the same label. Bug: 21852512 Change-Id: Ie88ffc6b78b31fc8ddf370ae27c218546fb25a83 --- libc/bionic/system_properties.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libc/bionic/system_properties.cpp b/libc/bionic/system_properties.cpp index 27204553d..28cce4050 100644 --- a/libc/bionic/system_properties.cpp +++ b/libc/bionic/system_properties.cpp @@ -826,6 +826,10 @@ static bool map_system_property_area(bool access_rw, bool* fsetxattr_failed) { } static prop_area* get_prop_area_for_name(const char* name) { + if (strncmp(name, "ro.", 3) == 0) { + name += 3; + } + auto entry = list_find(prefixes, [name](prefix_node* l) { return l->prefix[0] == '*' || !strncmp(l->prefix, name, l->prefix_len); });