ScoopDroid/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init: Set properties to make SafetyNet pass

Browse source 
This is a squash of the following commits.

  Author: Danny Lin <danny@kdrag0n.dev>
  Date:   Wed Oct 7 00:24:54 2020 -0700

      init: Set properties to make SafetyNet pass

      Google's SafetyNet integrity checks will check the values of these
      properties when performing basic attestation. Setting fake values helps
      us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.

      Note that these properties need to be set very early, before parsing the
      kernel command-line, as they are read-only properties that the bootloader
      sets using androidboot kernel arguments. The bootloader's real values
      cause SafetyNet to fail with an unlocked bootloader and/or custom
      software because the verified boot chain is broken in that case.

      Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
      Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>

  Author: Jarl-Penguin <jarlpenguin@outlook.com>
  Date:   Wed Jun 16 11:28:46 2021 +0000

      init: Don't spoof SafetyNet properties in recovery mode

      Change-Id: Ib6d3808c3b8f3e0cffab685a24d3cdd436b0fe9b

Change-Id: I0a219245b8e8f59ab1acc31068b4f8f98f708d81
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
This commit is contained in:
Danny Lin 2020-10-07 00:24:54 -07:00 committed by DigiGoon
parent 7934335c2a
commit 35dd4cf950
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
init/property_service.cpp
View file

@ -1410,6 +1410,15 @@ static void ProcessBootconfig() {
}); });
} }
static void SetSafetyNetProps() {
InitPropertySet("ro.boot.flash.locked", "1");
InitPropertySet("ro.boot.vbmeta.device_state", "locked");
InitPropertySet("ro.boot.verifiedbootstate", "green");
InitPropertySet("ro.boot.veritymode", "enforcing");
}
void PropertyInit() { void PropertyInit() {
selinux_callback cb; selinux_callback cb;
cb.func_audit = PropertyAuditCallback; cb.func_audit = PropertyAuditCallback;
@ -1424,6 +1433,14 @@ void PropertyInit() {
LOG(FATAL) << "Failed to load serialized property info file"; LOG(FATAL) << "Failed to load serialized property info file";
} }
// Report a valid verified boot chain to make Google SafetyNet integrity
// checks pass. This needs to be done before parsing the kernel cmdline as
// these properties are read-only and will be set to invalid values with
// androidboot cmdline arguments.
if (!IsRecoveryMode()) {
SetSafetyNetProps();
}
// If arguments are passed both on the command line and in DT, // If arguments are passed both on the command line and in DT,
// properties set in DT always have priority over the command-line ones. // properties set in DT always have priority over the command-line ones.
ProcessKernelDt(); ProcessKernelDt();