From c48971f69fa07c98e62b9a8b0a2ba171846fbea1 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 18 Nov 2014 14:36:23 -0800
Subject: [PATCH] allow system_server to set ro.build.fingerprint

Some devices leave "ro.build.fingerprint" undefined at build time,
since they need to build it from the components at runtime.
See https://android.googlesource.com/platform/frameworks/base/+/5568772e8161205b86905d815783505fd3d461d8
for details.

Allow system_server to set ro.build.fingerprint

Addresses the following denial/error:

  avc:  denied  { set } for property=build.fingerprint scontext=u:r:system_server:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
  init: sys_prop: permission denied uid:1000  name:ro.build.fingerprint

Bug: 18188956
Change-Id: I98b25773904a7be3e3d2926daa82c1d08f9bcc29
---
 property.te       | 1 +
 property_contexts | 4 ++++
 system_server.te  | 1 +
 3 files changed, 6 insertions(+)

diff --git a/property.te b/property.te
index 1a209e9a4..6fedfa7a5 100644
--- a/property.te
+++ b/property.te
@@ -3,6 +3,7 @@ type shell_prop, property_type;
 type debug_prop, property_type;
 type debuggerd_prop, property_type;
 type dhcp_prop, property_type;
+type fingerprint_prop, property_type;
 type radio_prop, property_type;
 type net_radio_prop, property_type;
 type system_radio_prop, property_type;
diff --git a/property_contexts b/property_contexts
index 8403d382d..06f6c174b 100644
--- a/property_contexts
+++ b/property_contexts
@@ -49,6 +49,10 @@ selinux.                u:object_r:security_prop:s0
 vold.                   u:object_r:vold_prop:s0
 crypto.                 u:object_r:vold_prop:s0
 
+# ro.build.fingerprint is either set in /system/build.prop, or is
+# set at runtime by system_server.
+build.fingerprint       u:object_r:fingerprint_prop:s0
+
 # ctl properties
 ctl.bootanim            u:object_r:ctl_bootanim_prop:s0
 ctl.dumpstate           u:object_r:ctl_dumpstate_prop:s0
diff --git a/system_server.te b/system_server.te
index ae14ab36b..a8348e720 100644
--- a/system_server.te
+++ b/system_server.te
@@ -277,6 +277,7 @@ allow system_server net_radio_prop:property_service set;
 allow system_server system_radio_prop:property_service set;
 allow system_server debug_prop:property_service set;
 allow system_server powerctl_prop:property_service set;
+allow system_server fingerprint_prop:property_service set;
 
 # ctl interface
 allow system_server ctl_default_prop:property_service set;
-- 
GitLab