init: allow vendor init to action on any vendor or odm property
Partial revert of "init: if vendor_init can read a property, let it be
a trigger too" (b35f827c97ceb24e33fb2514ff62c8636bc46f59).
We made a mistake when we allowed vendor init to action on any vendor
or odm property, since when a new SELinux label is created for a
vendor property, vendor_init does not automatically get read
permissions for it.
Recently, we tried to use read permissions instead of the built-in
list in init, but that broke due to the above mistaken. Since we have
already launched with these permissions as is, we must restore them.
Bug: 118457755
Test: no denials for vendor init actionable properties on crosshatch
Change-Id: I7a9a560c9a54a177c6b83d28309e2f288f05d400
diff --git a/init/action_parser.cpp b/init/action_parser.cpp
index 2d497b3..4f8bd16 100644
--- a/init/action_parser.cpp
+++ b/init/action_parser.cpp
@@ -40,6 +40,18 @@
return true;
}
+ static constexpr const char* kPartnerPrefixes[] = {
+ "init.svc.vendor.", "ro.vendor.", "persist.vendor.",
+ "vendor.", "init.svc.odm.", "ro.odm.",
+ "persist.odm.", "odm.", "ro.boot.",
+ };
+
+ for (const auto& prefix : kPartnerPrefixes) {
+ if (android::base::StartsWith(prop_name, prefix)) {
+ return true;
+ }
+ }
+
return CanReadProperty(subcontext->context(), prop_name);
}