init: Unconditionally set SafetyNet properties
* Most devices simply can't relock bootloader
Change-Id: I0cd17b44928ad0a63fa194beb405af93cbf07489
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 95df095..cb3407a 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1363,7 +1363,6 @@
}
constexpr auto ANDROIDBOOT_PREFIX = "androidboot."sv;
-constexpr auto ANDROIDBOOT_VERIFIEDBOOTSTATE = "androidboot.verifiedbootstate"sv;
static void ProcessKernelCmdline() {
android::fs_mgr::ImportKernelCmdline([&](const std::string& key, const std::string& value) {
@@ -1390,34 +1389,10 @@
return;
#endif
- // Check whether verified boot state is yellow
- auto isVerifiedBootYellow = false;
- // This runs before keys are set as props, so we need to process them ourselves.
- ImportKernelCmdline([&](const std::string& key, const std::string& value) {
- if (key == ANDROIDBOOT_VERIFIEDBOOTSTATE && value == "yellow") {
- isVerifiedBootYellow = true;
- }
- });
- ImportBootconfig([&](const std::string& key, const std::string& value) {
- if (key == ANDROIDBOOT_VERIFIEDBOOTSTATE && value == "yellow") {
- isVerifiedBootYellow = true;
- }
- });
-
- // Spoof verified boot state to green only when it's yellow
- if (isVerifiedBootYellow) {
- InitPropertySet("ro.boot.verifiedbootstate", "green");
- }
-#if ALLOW_PERMISSIVE_SELINUX == 1
- else {
- // Use the above as a userdebug/eng check, since we don't
- // need this on production builds which will always be -user
- InitPropertySet("ro.boot.flash.locked", "1");
- InitPropertySet("ro.boot.verifiedbootstate", "green");
- InitPropertySet("ro.boot.veritymode", "enforcing");
- InitPropertySet("ro.boot.vbmeta.device_state", "locked");
- }
-#endif
+ InitPropertySet("ro.boot.flash.locked", "1");
+ InitPropertySet("ro.boot.verifiedbootstate", "green");
+ InitPropertySet("ro.boot.veritymode", "enforcing");
+ InitPropertySet("ro.boot.vbmeta.device_state", "locked");
}
void PropertyInit() {