system_properties.cpp: special case ro.* properties
Currently, reads of ro.* properties are treated differently than
writes of ro.* properties. When writing an ro.* property, we ignore
the "ro." portion of the property, and base the security decision
on the label of the remaining portion.
See https://android.googlesource.com/platform/system/core/+/e7a9e52740c952c623f7842ffa1d09b58b45e552/init/property_service.cpp
line 120-126
For example, for writing, the label associated with
"ro.build.fingerprint" comes from the /property_contexts file
entry:
# ro.build.fingerprint is either set in /system/build.prop, or is
# set at runtime by system_server.
build.fingerprint u:object_r:fingerprint_prop:s0
However, we fail to follow this same special case when sorting
properties into files. Instead, ro.build.fingerprint is assigned
u:object_r:default_prop:s0 instead of u:object_r:fingerprint_prop:s0
Ignore the "ro." portion when sorting properties into files.
This will make reads and writes of properties use the same label.
Bug: 21852512
Change-Id: Ie88ffc6b78b31fc8ddf370ae27c218546fb25a83
diff --git a/libc/bionic/system_properties.cpp b/libc/bionic/system_properties.cpp
index 2720455..28cce40 100644
--- a/libc/bionic/system_properties.cpp
+++ b/libc/bionic/system_properties.cpp
@@ -826,6 +826,10 @@
}
static prop_area* get_prop_area_for_name(const char* name) {
+ if (strncmp(name, "ro.", 3) == 0) {
+ name += 3;
+ }
+
auto entry = list_find(prefixes, [name](prefix_node* l) {
return l->prefix[0] == '*' || !strncmp(l->prefix, name, l->prefix_len);
});