From 3b82e07023c6561c9fcb4ba87f07f2a2a003ab5c Mon Sep 17 00:00:00 2001
From: Inseob Kim <inseob@google.com>
Date: Tue, 15 Oct 2019 17:24:35 +0900
Subject: [PATCH 1/2] Do not initialize BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW

BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW is meant to be set depending on
targets, not devices. This allows that value to be set outside
BoardConfig.mk.

Bug: 131162102
Bug: 142684203
Test: m sepolicy_tests
Change-Id: I14f7cd06dcbaf1b5354c648079a815d7b6cc6f3a
---
 core/board_config.mk | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/board_config.mk b/core/board_config.mk
index 4c128f1188..973182b240 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -87,7 +87,6 @@ _board_strip_readonly_list += $(_dynamic_partitions_var_list)
 _build_broken_var_list := \
   BUILD_BROKEN_DUP_RULES \
   BUILD_BROKEN_PREBUILT_ELF_FILES \
-  BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW \
   BUILD_BROKEN_USES_NETWORK \
 
 _build_broken_var_list += \
@@ -109,6 +108,10 @@ endif
 # ###############################################################
 $(foreach v,$(_build_broken_var_list),$(eval $(v) :=))
 
+# Build broken vars without default initialization above
+_build_broken_var_list += \
+  BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW
+
 # Boards may be defined under $(SRC_TARGET_DIR)/board/$(TARGET_DEVICE)
 # or under vendor/*/$(TARGET_DEVICE).  Search in both places, but
 # make sure only one exists.

From 98568893810c5490b05047716ed7ad4be34fb093 Mon Sep 17 00:00:00 2001
From: Inseob Kim <inseob@google.com>
Date: Tue, 15 Oct 2019 10:44:58 +0900
Subject: [PATCH 2/2] Set BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW on sdk and
 full

This temporariliy turns off treble sysprop neverallow rules which
enforces marking the owner and accessibility to each system property.

Bug: 131162102
Bug: 142684203
Test: m sepolicy_tests
Change-Id: Ie9de9576fcf28c432543ab8f8971c1d048c55819
---
 target/product/full.mk             | 3 +++
 target/product/full_x86.mk         | 3 +++
 target/product/sdk_phone_arm64.mk  | 3 ++-
 target/product/sdk_phone_armv7.mk  | 3 +++
 target/product/sdk_phone_x86.mk    | 3 +++
 target/product/sdk_phone_x86_64.mk | 3 +++
 6 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/target/product/full.mk b/target/product/full.mk
index b356f9d424..2cda6d04f6 100644
--- a/target/product/full.mk
+++ b/target/product/full.mk
@@ -31,3 +31,6 @@ PRODUCT_NAME := full
 PRODUCT_DEVICE := generic
 PRODUCT_BRAND := Android
 PRODUCT_MODEL := AOSP on ARM Emulator
+
+# TODO(b/131162102): remove this after cleaning up accesses of sysprop
+BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
diff --git a/target/product/full_x86.mk b/target/product/full_x86.mk
index 55c450a80f..05e8e38fff 100644
--- a/target/product/full_x86.mk
+++ b/target/product/full_x86.mk
@@ -44,3 +44,6 @@ PRODUCT_NAME := full_x86
 PRODUCT_DEVICE := generic_x86
 PRODUCT_BRAND := Android
 PRODUCT_MODEL := AOSP on IA Emulator
+
+# TODO(b/131162102): remove this after cleaning up accesses of sysprop
+BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
diff --git a/target/product/sdk_phone_arm64.mk b/target/product/sdk_phone_arm64.mk
index ad726333a7..7592fa7a9d 100644
--- a/target/product/sdk_phone_arm64.mk
+++ b/target/product/sdk_phone_arm64.mk
@@ -31,4 +31,5 @@ PRODUCT_NAME := sdk_phone_arm64
 PRODUCT_DEVICE := generic_arm64
 PRODUCT_MODEL := Android SDK built for arm64
 
-
+# TODO(b/131162102): remove this after cleaning up accesses of sysprop
+BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
diff --git a/target/product/sdk_phone_armv7.mk b/target/product/sdk_phone_armv7.mk
index 77b8b50644..950a531e56 100644
--- a/target/product/sdk_phone_armv7.mk
+++ b/target/product/sdk_phone_armv7.mk
@@ -30,3 +30,6 @@ PRODUCT_PACKAGES += \
 PRODUCT_BRAND := Android
 PRODUCT_NAME := sdk_phone_armv7
 PRODUCT_DEVICE := generic
+
+# TODO(b/131162102): remove this after cleaning up accesses of sysprop
+BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
diff --git a/target/product/sdk_phone_x86.mk b/target/product/sdk_phone_x86.mk
index efb3c6e705..59d2343671 100644
--- a/target/product/sdk_phone_x86.mk
+++ b/target/product/sdk_phone_x86.mk
@@ -49,3 +49,6 @@ PRODUCT_BRAND := Android
 PRODUCT_NAME := sdk_phone_x86
 PRODUCT_DEVICE := generic_x86
 PRODUCT_MODEL := Android SDK built for x86
+
+# TODO(b/131162102): remove this after cleaning up accesses of sysprop
+BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
diff --git a/target/product/sdk_phone_x86_64.mk b/target/product/sdk_phone_x86_64.mk
index 267796f39c..c342159ca8 100644
--- a/target/product/sdk_phone_x86_64.mk
+++ b/target/product/sdk_phone_x86_64.mk
@@ -51,3 +51,6 @@ PRODUCT_BRAND := Android
 PRODUCT_NAME := sdk_phone_x86_64
 PRODUCT_DEVICE := generic_x86_64
 PRODUCT_MODEL := Android SDK built for x86_64
+
+# TODO(b/131162102): remove this after cleaning up accesses of sysprop
+BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true