From 67159b9dacdd2271e18926ebc6955261f3a5ac3f Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Thu, 29 Dec 2022 15:12:03 +0000
Subject: [PATCH 07/10] treble: Securize on-demand

Status is stored in /metadata and controlled by persist prop

Change-Id: I8069b6f471ad87ab34c18b743689ab3584cee35b
---
 phh-prop-handler.sh | 14 ++++++++++++++
 vndk.rc             |  3 +++
 2 files changed, 17 insertions(+)

diff --git a/phh-prop-handler.sh b/phh-prop-handler.sh
index b01c0cc..390b76f 100644
--- a/phh-prop-handler.sh
+++ b/phh-prop-handler.sh
@@ -233,3 +233,17 @@ if [ "$1" == "persist.bluetooth.system_audio_hal.enabled" ]; then
     restartAudio
     exit
 fi
+
+if [ "$1" == "persist.sys.phh.securize" ];then
+    if [[ "$prop_value" != "true" && "$prop_value" != "false" ]]; then
+        exit 1
+    fi
+
+    if [[ "$prop_value" == "true" ]]; then
+        mkdir /metadata/phh
+        touch /metadata/phh/secure
+    else
+        rm /metadata/phh/secure
+    fi
+    exit
+fi
diff --git a/vndk.rc b/vndk.rc
index d319c9e..08bc1aa 100644
--- a/vndk.rc
+++ b/vndk.rc
@@ -87,3 +87,6 @@ service watchdogd-gsi /system/bin/watchdogd 10 20
     class core
     oneshot
     seclabel u:r:watchdogd:s0
+
+on property:persist.sys.phh.securize=*
+    exec u:r:phhsu_daemon:s0 root -- /system/bin/phh-prop-handler.sh "persist.sys.phh.securize"
-- 
2.34.1