build/snet20-1.patch

From c9a37a5a5a9e63fda74f6fcf45bc9f164957f295 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Wed, 7 Oct 2020 00:24:54 -0700
Subject: [PATCH] XXXHIDEXXX init: Set properties to make SafetyNet pass

Google's SafetyNet integrity checks will check the values of these
properties when performing basic attestation. Setting fake values helps
us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.

Note that these properties need to be set very early, before parsing the
kernel command-line, as they are read-only properties that the bootloader
sets using androidboot kernel arguments. The bootloader's real values
cause SafetyNet to fail with an unlocked bootloader and/or custom
software because the verified boot chain is broken in that case.

Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f

fastboot: Revert to Android 11 method of checking lock status

Now that we're setting system-wide properties for SafetyNet, which
includes ro.boot.verifiedbootstate=green, fastbootd always detects the
bootloader as being locked. Revert to the Android 11 method of reading
directly from the kernel cmdline to work arround the issue.

- Also don't set these in recovery

Change-Id: I57f6d48acddb29748778053edf354d7bd8994bd7
---
 fastboot/device/utility.cpp |  7 ++++++-
 init/property_service.cpp   | 15 +++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp
index 3302c4310c9..a14eea37662 100644
--- a/fastboot/device/utility.cpp
+++ b/fastboot/device/utility.cpp
@@ -196,7 +196,12 @@ std::vector<std::string> ListPartitions(FastbootDevice* device) {
 }
 
 bool GetDeviceLockStatus() {
-    return android::base::GetProperty("ro.boot.verifiedbootstate", "") != "orange";
+    std::string cmdline;
+    // Return lock status true if unable to read kernel command line.
+    if (!android::base::ReadFileToString("/proc/cmdline", &cmdline)) {
+        return true;
+    }
+    return cmdline.find("androidboot.verifiedbootstate=orange") == std::string::npos;
 }
 
 bool UpdateAllPartitionMetadata(FastbootDevice* device, const std::string& super_name,
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 9f7c21543e9..d1e802cca19 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1282,6 +1282,13 @@ static void ProcessBootconfig() {
     });
 }
 
+static void SetSafetyNetProps() {
+    InitPropertySet("ro.boot.flash.locked", "1");
+    InitPropertySet("ro.boot.verifiedbootstate", "green");
+    InitPropertySet("ro.boot.veritymode", "enforcing");
+    InitPropertySet("ro.boot.vbmeta.device_state", "locked");
+}
+
 void PropertyInit() {
     selinux_callback cb;
     cb.func_audit = PropertyAuditCallback;
@@ -1296,6 +1303,14 @@ void PropertyInit() {
         LOG(FATAL) << "Failed to load serialized property info file";
     }
 
+    // Report a valid verified boot chain to make Google SafetyNet integrity
+    // checks pass. This needs to be done before parsing the kernel cmdline as
+    // these properties are read-only and will be set to invalid values with
+    // androidboot cmdline arguments.
+    if (!IsRecoveryMode()) {
+      SetSafetyNetProps();
+    }
+
     // If arguments are passed both on the command line and in DT,
     // properties set in DT always have priority over the command-line ones.
     ProcessKernelDt();
upd patches 2022-12-25 20:51:09 +01:00			`From c9a37a5a5a9e63fda74f6fcf45bc9f164957f295 Mon Sep 17 00:00:00 2001`
			`From: Danny Lin <danny@kdrag0n.dev>`
			`Date: Wed, 7 Oct 2020 00:24:54 -0700`
fix: changelog 2023-05-28 08:47:33 +02:00			`Subject: [PATCH] XXXHIDEXXX init: Set properties to make SafetyNet pass`
upd patches 2022-12-25 20:51:09 +01:00
			`Google's SafetyNet integrity checks will check the values of these`
			`properties when performing basic attestation. Setting fake values helps`
			`us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.`

			`Note that these properties need to be set very early, before parsing the`
			`kernel command-line, as they are read-only properties that the bootloader`
			`sets using androidboot kernel arguments. The bootloader's real values`
			`cause SafetyNet to fail with an unlocked bootloader and/or custom`
			`software because the verified boot chain is broken in that case.`

			`Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f`

			`fastboot: Revert to Android 11 method of checking lock status`

			`Now that we're setting system-wide properties for SafetyNet, which`
			`includes ro.boot.verifiedbootstate=green, fastbootd always detects the`
			`bootloader as being locked. Revert to the Android 11 method of reading`
			`directly from the kernel cmdline to work arround the issue.`

			`- Also don't set these in recovery`

			`Change-Id: I57f6d48acddb29748778053edf354d7bd8994bd7`
			`---`
			`fastboot/device/utility.cpp \| 7 ++++++-`
			`init/property_service.cpp \| 15 +++++++++++++++`
			`2 files changed, 21 insertions(+), 1 deletion(-)`

			`diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp`
			`index 3302c4310c9..a14eea37662 100644`
			`--- a/fastboot/device/utility.cpp`
			`+++ b/fastboot/device/utility.cpp`
			`@@ -196,7 +196,12 @@ std::vector<std::string> ListPartitions(FastbootDevice* device) {`
			`}`

			`bool GetDeviceLockStatus() {`
			`- return android::base::GetProperty("ro.boot.verifiedbootstate", "") != "orange";`
			`+ std::string cmdline;`
			`+ // Return lock status true if unable to read kernel command line.`
			`+ if (!android::base::ReadFileToString("/proc/cmdline", &cmdline)) {`
			`+ return true;`
			`+ }`
			`+ return cmdline.find("androidboot.verifiedbootstate=orange") == std::string::npos;`
			`}`

			`bool UpdateAllPartitionMetadata(FastbootDevice* device, const std::string& super_name,`
			`diff --git a/init/property_service.cpp b/init/property_service.cpp`
			`index 9f7c21543e9..d1e802cca19 100644`
			`--- a/init/property_service.cpp`
			`+++ b/init/property_service.cpp`
			`@@ -1282,6 +1282,13 @@ static void ProcessBootconfig() {`
			`});`
			`}`

			`+static void SetSafetyNetProps() {`
			`+ InitPropertySet("ro.boot.flash.locked", "1");`
			`+ InitPropertySet("ro.boot.verifiedbootstate", "green");`
			`+ InitPropertySet("ro.boot.veritymode", "enforcing");`
			`+ InitPropertySet("ro.boot.vbmeta.device_state", "locked");`
			`+}`
			`+`
			`void PropertyInit() {`
			`selinux_callback cb;`
			`cb.func_audit = PropertyAuditCallback;`
			`@@ -1296,6 +1303,14 @@ void PropertyInit() {`
			`LOG(FATAL) << "Failed to load serialized property info file";`
			`}`

			`+ // Report a valid verified boot chain to make Google SafetyNet integrity`
			`+ // checks pass. This needs to be done before parsing the kernel cmdline as`
			`+ // these properties are read-only and will be set to invalid values with`
			`+ // androidboot cmdline arguments.`
			`+ if (!IsRecoveryMode()) {`
			`+ SetSafetyNetProps();`
			`+ }`
			`+`
			`// If arguments are passed both on the command line and in DT,`
			`// properties set in DT always have priority over the command-line ones.`
			`ProcessKernelDt();`