mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-09-14 13:31:58 +00:00
4f8cfc8a41
now compile it yourself. Signed-off-by: Tavi <tavi@divested.dev>
60 lines
2.3 KiB
Diff
60 lines
2.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Danny Lin <danny@kdrag0n.dev>
|
|
Date: Wed, 7 Oct 2020 00:24:54 -0700
|
|
Subject: [PATCH] init: Set properties to make SafetyNet pass
|
|
|
|
Google's SafetyNet integrity checks will check the values of these
|
|
properties when performing basic attestation. Setting fake values helps
|
|
us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.
|
|
|
|
Note that these properties need to be set very early, before parsing the
|
|
kernel command-line, as they are read-only properties that the bootloader
|
|
sets using androidboot kernel arguments. The bootloader's real values
|
|
cause SafetyNet to fail with an unlocked bootloader and/or custom
|
|
software because the verified boot chain is broken in that case.
|
|
|
|
Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
|
|
|
|
- Also don't set these in recovery
|
|
|
|
Change-Id: I57f6d48acddb29748778053edf354d7bd8994bd7
|
|
---
|
|
init/property_service.cpp | 17 +++++++++++++++++
|
|
1 file changed, 17 insertions(+)
|
|
|
|
diff --git a/init/property_service.cpp b/init/property_service.cpp
|
|
index 65e9cda1c..7be56d0db 100644
|
|
--- a/init/property_service.cpp
|
|
+++ b/init/property_service.cpp
|
|
@@ -117,6 +117,15 @@ static int PropertyAuditCallback(void* data, security_class_t /*cls*/, char* buf
|
|
return 0;
|
|
}
|
|
|
|
+static void SetSafetyNetProps() {
|
|
+ InitPropertySet("ro.boot.flash.locked", "1");
|
|
+ InitPropertySet("ro.boot.verifiedbootstate", "green");
|
|
+ InitPropertySet("ro.boot.veritymode", "enforcing");
|
|
+ InitPropertySet("ro.boot.vbmeta.device_state", "locked");
|
|
+ InitPropertySet("ro.boot.warranty_bit", "0");
|
|
+ InitPropertySet("ro.warranty_bit", "0");
|
|
+}
|
|
+
|
|
void property_init() {
|
|
selinux_callback cb;
|
|
cb.func_audit = PropertyAuditCallback;
|
|
@@ -130,6 +139,14 @@ void property_init() {
|
|
if (!property_info_area.LoadDefaultPath()) {
|
|
LOG(FATAL) << "Failed to load serialized property info file";
|
|
}
|
|
+
|
|
+ // Report a valid verified boot chain to make Google SafetyNet integrity
|
|
+ // checks pass. This needs to be done before parsing the kernel cmdline as
|
|
+ // these properties are read-only and will be set to invalid values with
|
|
+ // androidboot cmdline arguments.
|
|
+ if (!IsRecoveryMode()) {
|
|
+ SetSafetyNetProps();
|
|
+ }
|
|
}
|
|
|
|
bool CanReadProperty(const std::string& source_context, const std::string& name) {
|