From 7d6f0bfa68b682849d5c8a021a6ada4364b793bc Mon Sep 17 00:00:00 2001 From: Sultanxda Date: Mon, 22 May 2017 15:41:38 -0700 Subject: [PATCH] proc: Remove additional SafetyNet flags from /proc/cmdline SafetyNet checks androidboot.veritymode in Nougat, so remove it. Additionally, remove androidboot.enable_dm_verity and androidboot.secboot in case SafetyNet will check them in the future. Signed-off-by: Sultanxda --- fs/proc/cmdline.c | 45 ++++++++++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/fs/proc/cmdline.c b/fs/proc/cmdline.c index 47fead689b2c..e97650b56af7 100644 --- a/fs/proc/cmdline.c +++ b/fs/proc/cmdline.c @@ -24,30 +24,37 @@ static const struct file_operations cmdline_proc_fops = { .release = single_release, }; -static int __init proc_cmdline_init(void) +static void remove_flag(char *cmd, const char *flag) +{ + char *start_addr, *end_addr; + + /* Ensure all instances of a flag are removed */ + while ((start_addr = strstr(cmd, flag))) { + end_addr = strchr(start_addr, ' '); + if (end_addr) + memmove(start_addr, end_addr + 1, strlen(end_addr)); + else + *(start_addr - 1) = '\0'; + } +} + +static void remove_safetynet_flags(char *cmd) { - char *offset_addr, *cmd = new_command_line; + remove_flag(cmd, "androidboot.enable_dm_verity="); + remove_flag(cmd, "androidboot.secboot="); + remove_flag(cmd, "androidboot.verifiedbootstate="); + remove_flag(cmd, "androidboot.veritymode="); +} - strcpy(cmd, saved_command_line); +static int __init proc_cmdline_init(void) +{ + strcpy(new_command_line, saved_command_line); /* - * Remove 'androidboot.verifiedbootstate' flag from command line seen - * by userspace in order to pass SafetyNet CTS check. + * Remove various flags from command line seen by userspace in order to + * pass SafetyNet CTS check. */ - offset_addr = strstr(cmd, "androidboot.verifiedbootstate="); - if (offset_addr) { - size_t i, len, offset; - - len = strlen(cmd); - offset = offset_addr - cmd; - - for (i = 1; i < (len - offset); i++) { - if (cmd[offset + i] == ' ') - break; - } - - memmove(offset_addr, &cmd[offset + i + 1], len - i - offset); - } + remove_safetynet_flags(new_command_line); proc_create("cmdline", 0, NULL, &cmdline_proc_fops); return 0;