DerpFest-AOSP · MxkulSharma · Apr 8, 2017 · Nov 6, 2017 · May 9, 2020 · Nov 20, 2020
diff --git a/debuggerd/Android.bp b/debuggerd/Android.bp
@@ -257,7 +257,7 @@ cc_library_static {
             cflags: ["-DROOT_POSSIBLE"],
         },
 
-        malloc_not_svelte: {
+        malloc_use_scudo: {
             cflags: ["-DUSE_SCUDO"],
             whole_static_libs: ["libscudo"],
             srcs: ["libdebuggerd/scudo.cpp"],

diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp
@@ -46,6 +46,8 @@
 
 #define POWER_SUPPLY_SUBSYSTEM "power_supply"
 #define POWER_SUPPLY_SYSFS_PATH "/sys/class/" POWER_SUPPLY_SUBSYSTEM
+#define SYSFS_BATTERY_CURRENT "/sys/class/power_supply/battery/current_now"
+#define SYSFS_BATTERY_VOLTAGE "/sys/class/power_supply/battery/voltage_now"
 #define FAKE_BATTERY_CAPACITY 42
 #define FAKE_BATTERY_TEMPERATURE 424
 #define MILLION 1.0e6
@@ -520,19 +522,13 @@ void BatteryMonitor::updateValues(void) {
                     KLOG_WARNING(LOG_TAG, "%s: Unknown power supply type\n",
                                  mChargerNames[i].string());
             }
-            path.clear();
-            path.appendFormat("%s/%s/current_max", POWER_SUPPLY_SYSFS_PATH,
-                              mChargerNames[i].string());
-            int ChargingCurrent =
-                    (access(path.string(), R_OK) == 0) ? getIntField(path) : 0;
 
-            path.clear();
-            path.appendFormat("%s/%s/voltage_max", POWER_SUPPLY_SYSFS_PATH,
-                              mChargerNames[i].string());
+            int ChargingCurrent =
+                  (access(SYSFS_BATTERY_CURRENT, R_OK) == 0) ? abs(getIntField(String8(SYSFS_BATTERY_CURRENT))) : 0;
 
             int ChargingVoltage =
-                (access(path.string(), R_OK) == 0) ? getIntField(path) :
-                DEFAULT_VBUS_VOLTAGE;
+                  (access(SYSFS_BATTERY_VOLTAGE, R_OK) == 0) ? getIntField(String8(SYSFS_BATTERY_VOLTAGE)) :
+                   DEFAULT_VBUS_VOLTAGE;
 
             double power = ((double)ChargingCurrent / MILLION) *
                            ((double)ChargingVoltage / MILLION);

diff --git a/init/property_service.cpp b/init/property_service.cpp
@@ -128,6 +128,8 @@ struct PropertyAuditData {
     const char* name;
 };
 
+static bool weaken_prop_override_security = false;
+
 static int PropertyAuditCallback(void* data, security_class_t /*cls*/, char* buf, size_t len) {
     auto* d = reinterpret_cast<PropertyAuditData*>(data);
 
@@ -397,8 +399,8 @@ static std::optional<uint32_t> PropertySet(const std::string& name, const std::s
 
     prop_info* pi = (prop_info*)__system_property_find(name.c_str());
     if (pi != nullptr) {
-        // ro.* properties are actually "write-once".
-        if (StartsWith(name, "ro.")) {
+        // ro.* properties are actually "write-once", unless the system decides to
+        if (StartsWith(name, "ro.") && !weaken_prop_override_security) {
             *error = "Read-only property was already set";
             return {PROP_ERROR_READ_ONLY_PROPERTY};
         }
@@ -858,6 +860,94 @@ static void load_override_properties() {
     }
 }
 
+static const char *snet_prop_key[] = {
+    "ro.boot.vbmeta.device_state",
+    "ro.boot.verifiedbootstate",
+    "ro.boot.flash.locked",
+    "ro.boot.selinux",
+    "ro.boot.veritymode",
+    "ro.boot.warranty_bit",
+    "ro.warranty_bit",
+    "ro.debuggable",
+    "ro.secure",
+    "ro.build.type",
+    "ro.system.build.type",
+    "ro.system_ext.build.type",
+    "ro.vendor.build.type",
+    "ro.product.build.type",
+    "ro.odm.build.type",
+    "ro.build.keys",
+    "ro.build.tags",
+    "ro.system.build.tags",
+    "ro.vendor.boot.warranty_bit",
+    "ro.vendor.warranty_bit",
+    "vendor.boot.vbmeta.device_state",
+    "vendor.boot.verifiedbootstate",
+    NULL
+};
+
+static const char *snet_prop_value[] = {
+    "locked", // ro.boot.vbmeta.device_state
+    "green", // ro.boot.verifiedbootstate
+    "1", // ro.boot.flash.locked
+    "enforcing", // ro.boot.selinux
+    "enforcing", // ro.boot.veritymode
+    "0", // ro.boot.warranty_bit
+    "0", // ro.warranty_bit
+    "0", // ro.debuggable
+    "1", // ro.secure
+    "user", // ro.build.type
+    "user", // ro.system.build.type
+    "user", // ro.system_ext.build.type
+    "user", // ro.vendor.build.type
+    "user", // ro.product.build.type
+    "user", // ro.odm.build.type
+    "release-keys", // ro.build.keys
+    "release-keys", // ro.build.tags
+    "release-keys", // ro.system.build.tags
+    "0", // ro.vendor.boot.warranty_bit
+    "0", // ro.vendor.warranty_bit
+    "locked", // vendor.boot.vbmeta.device_state
+    "green", // vendor.boot.verifiedbootstate
+    NULL
+};
+
+static void workaround_snet_properties() {
+    std::string build_type = android::base::GetProperty("ro.build.type", "");
+
+    // Bail out if this is recovery, fastbootd, or anything other than a normal boot.
+    // fastbootd, in particular, needs the real values so it can allow flashing on
+    // unlocked bootloaders.
+    if (IsRecoveryMode()) {
+        return;
+    }
+
+    // Exit if eng build
+    if (build_type == "eng") {
+        return;
+    }
+
+    // Weaken property override security to set safetynet props
+    weaken_prop_override_security = true;
+
+    std::string error;
+
+    // Hide all sensitive props 
+    LOG(INFO) << "snet: Hiding sensitive props";
+    for (int i = 0; snet_prop_key[i]; ++i) {
+        PropertySetNoSocket(snet_prop_key[i], snet_prop_value[i], &error);
+    }
+
+    // Extra pops
+    std::string build_flavor_key = "ro.build.flavor";
+    std::string build_flavor_value = android::base::GetProperty(build_flavor_key, "");
+    build_flavor_value = android::base::StringReplace(build_flavor_value, "userdebug", "user", false);
+    PropertySetNoSocket(build_flavor_key, build_flavor_value, &error);
+
+    // Restore the normal property override security after safetynet props have been set
+    weaken_prop_override_security = false;
+}
+
 // If the ro.product.[brand|device|manufacturer|model|name] properties have not been explicitly
 // set, derive them from ro.product.${partition}.* properties
 static void property_initialize_ro_product_props() {
@@ -1207,6 +1297,9 @@ void PropertyLoadBootDefaults() {
         }
     }
 
+    // Weaken property override security during execution of the vendor init extension
+    weaken_prop_override_security = true;
+
     // Update with vendor-specific property runtime overrides
     vendor_load_properties();
 
@@ -1217,7 +1310,13 @@ void PropertyLoadBootDefaults() {
     property_initialize_ro_cpu_abilist();
     property_initialize_ro_vendor_api_level();
 
+    // Restore the normal property override security after init extension is executed
+    weaken_prop_override_security = false;
+
     update_sys_usb_config();
+
+    // Workaround SafetyNet
+    workaround_snet_properties();
 }
 
 bool LoadPropertyInfoFromFile(const std::string& filename,

diff --git a/libprocessgroup/profiles/task_profiles.json b/libprocessgroup/profiles/task_profiles.json
@@ -521,7 +521,7 @@
           "Params":
           {
             "Controller": "cpuset",
-            "Path": "system-background"
+            "Path": "foreground"
           }
         }
       ]
@@ -534,7 +534,7 @@
           "Params":
           {
             "Controller": "cpuset",
-            "Path": "system-background"
+            "Path": "foreground"
           }
         }
       ]

diff --git a/rootdir/etc/hosts b/rootdir/etc/hosts
@@ -1,2 +1,5 @@
 127.0.0.1       localhost
 ::1             ip6-localhost
+127.0.0.1 ota.googlezip.net
+127.0.0.1 ota-cache1.googlezip.net
+127.0.0.1 ota-cache2.googlezip.net
diff --git a/rootdir/init.rc b/rootdir/init.rc
@@ -1096,10 +1096,9 @@ on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type
     start zygote
     start zygote_secondary
 
+# Tweak background writeout
 on boot && property:ro.config.low_ram=true
-    # Tweak background writeout
     write /proc/sys/vm/dirty_expire_centisecs 200
-    write /proc/sys/vm/dirty_background_ratio  5
 
 on boot
     # basic network init
@@ -1115,6 +1114,8 @@ on boot
     # parameters to match how it is managing things.
     write /proc/sys/vm/overcommit_memory 1
     write /proc/sys/vm/min_free_order_shift 4
+    write /proc/sys/vm/dirty_background_bytes 52428800
+    write /proc/sys/vm/dirty_bytes 209715200
 
     # System server manages zram writeback
     chown root system /sys/block/zram0/idle