patches/system/core/0002-init-Override-select-system-properties.patch

From b5256522214257f1a5f8ee5ecac84609993f8129 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 23 Feb 2022 17:37:47 -0500
Subject: [PATCH 2/2] init: Override select system properties

* adb secure props and logd can be overridden from system.

Change-Id: I94efa3f108ae97711026f099f367b6bea325629f
---
 init/property_service.cpp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/init/property_service.cpp b/init/property_service.cpp
index 013924778..ce164372a 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -64,6 +64,7 @@
 #include <selinux/android.h>
 #include <selinux/label.h>
 #include <selinux/selinux.h>
+
 #include "debug_ramdisk.h"
 #include "epoll.h"
 #include "init.h"
@@ -796,13 +797,20 @@ static void LoadProperties(char* data, const char* filter, const char* filename,
             std::string error;
             if (CheckPermissions(key, value, context, cr, &error) == PROP_SUCCESS) {
                 auto it = properties->find(key);
+                const char *new_value = value;
+
                 if (it == properties->end()) {
-                    (*properties)[key] = value;
-                } else if (it->second != value) {
+                    (*properties)[key] = new_value;
+                } else if (it->second != new_value) {
                     LOG(WARNING) << "Overriding previous property '" << key << "':'" << it->second
                                  << "' with new value '" << value << "'";
-                    it->second = value;
-                }
+                    if (strstr(key, "adb") || strstr(key, "secure") || strstr(key, "ro.logd.kernel")
+                                   || strcmp("ro.control_privapp_permissions", key) == 0) {
+                        LOG(WARNING) << "... Ignored";
+                    } else {
+                        it->second = new_value;
+                    }
+		}
             } else {
                 LOG(ERROR) << "Do not have permissions to set '" << key << "' to '" << value
                            << "' in property file '" << filename << "': " << error;
-- 
2.44.0