[FIXUP] 4ae31ba / d5804ca ("proc: cmdline: Patch SafetyNet flags")

Userspace parses androidboot.* flags from /proc/cmdline and sets the ro.boot.* props accordingly, which in turn trips SafetyNet when the reported values are incorrect. Patch the cmdline flags checked by SafetyNet to prevent it from failing a device. These flags were found by extracting the latest snet.jar and searching for 'ro.boot.' strings. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> Signed-off-by: Adam W. Willis <return.of.octobot@gmail.com>
0ctobot · Jul 24, 2020 · 01cdf25 · 01cdf25
1 parent 692c935
commit 01cdf25
Showing 1 changed file with 19 additions and 18 deletions.
diff --git a/fs/proc/cmdline.c b/fs/proc/cmdline.c
@@ -26,40 +26,41 @@ static const struct file_operations cmdline_proc_fops = {
 	.release	= single_release,
 };
 
-static void remove_flag(char *cmd, const char *flag)
+static void patch_flag(char *cmd, const char *flag, const char *val)
 {
-	char *start_addr, *end_addr;
+	size_t flag_len, val_len;
+	char *start, *end;
 
-	/* Ensure all instances of a flag are removed */
-	while ((start_addr = strstr(cmd, flag))) {
-		end_addr = strchr(start_addr, ' ');
-		if (end_addr)
-			memmove(start_addr, end_addr + 1, strlen(end_addr));
-		else
-			*(start_addr - 1) = '\0';
-	}
+	start = strstr(cmd, flag);
+	if (!start)
+		return;
+
+	flag_len = strlen(flag);
+	val_len = strlen(val);
+	end = start + flag_len + strcspn(start + flag_len, " ");
+	memmove(start + flag_len + val_len, end, strlen(end) + 1);
+	memcpy(start + flag_len, val, val_len);
 }
 
-static void remove_safetynet_flags(char *cmd)
+static void patch_safetynet_flags(char *cmd)
 {
-	remove_flag(cmd, "androidboot.enable_dm_verity=");
-	remove_flag(cmd, "androidboot.secboot=");
+	patch_flag(cmd, "androidboot.veritymode=", "enforcing");
+	patch_flag(cmd, "androidboot.vbmeta.device_state=", "locked");
 	if (strstr(saved_command_line, "project_name=18857") ||
 		strstr(saved_command_line, "project_name=18821")) {
-		remove_flag(cmd, "androidboot.verifiedbootstate=");
+		patch_flag(cmd, "androidboot.verifiedbootstate=", "green");
 	}
-	remove_flag(cmd, "androidboot.veritymode=");
 }
 
 static int __init proc_cmdline_init(void)
 {
 	strcpy(new_command_line, saved_command_line);
 
 	/*
-	 * Remove various flags from command line seen by userspace in order to
-	 * pass SafetyNet CTS check.
+	 * Patch various flags from command line seen by userspace in order to
+	 * pass SafetyNet checks.
 	 */
-	remove_safetynet_flags(new_command_line);
+	patch_safetynet_flags(new_command_line);
 
 	proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
 	return 0;