Delete patches_platform/frameworks_base/0016-keystore-Block-key-attestation-for-SafetyNet.patch

patches_platform/frameworks_base/0016-keystore-Block-key-attestation-for-SafetyNet.patch

@@ -1,93 +0,0 @@
-From dc4bd0f140c6946e01e0a3c31bfc71c884138981 Mon Sep 17 00:00:00 2001
-From: Danny Lin <danny@kdrag0n.dev>
-Date: Mon, 11 Oct 2021 20:00:44 -0700
-Subject: [PATCH 16/22] keystore: Block key attestation for SafetyNet
-
-SafetyNet (part of Google Play Services) opportunistically uses
-hardware-backed key attestation via KeyStore as a strong integrity
-check. This causes SafetyNet to fail on custom ROMs because the verified
-boot key and bootloader unlock state can be detected from attestation
-certificates.
-
-As a workaround, we can take advantage of the fact that SafetyNet's
-usage of key attestation is opportunistic (i.e. falls back to basic
-integrity checks if it fails) and prevent it from getting the
-attestation certificate chain from KeyStore. This is done by checking
-the stack for DroidGuard, which is the codename for SafetyNet, and
-pretending that the device doesn't support key attestation.
-
-Key attestation has only been blocked for SafetyNet specifically, as
-Google Play Services and other apps have many valid reasons to use it.
-For example, it appears to be involved in Google's mobile security key
-ferature.
-
-Change-Id: I5146439d47f42dc6231cb45c4dab9f61540056f6
----
- .../internal/gmscompat/AttestationHooks.java      | 15 +++++++++++++++
- .../security/keystore2/AndroidKeyStoreSpi.java    |  3 +++
- 2 files changed, 18 insertions(+)
-
-diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
-index 55db97dc28a1..f2c85c82821f 100644
---- a/core/java/com/android/internal/gmscompat/AttestationHooks.java
-+++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
-@@ -22,12 +22,14 @@ import android.os.SystemProperties;
- import android.util.Log;
- 
- import java.lang.reflect.Field;
-+import java.util.Arrays;
- 
- /** @hide */
- public final class AttestationHooks {
-     private static final String TAG = "GmsCompat/Attestation";
- 
-     private static final String PACKAGE_GMS = "com.google.android.gms";
-+    private static volatile boolean sIsGms = false;
- 
-     private AttestationHooks() { }
- 
-@@ -54,7 +56,20 @@ public final class AttestationHooks {
- 
-     public static void initApplicationBeforeOnCreate(Application app) {
-         if (PACKAGE_GMS.equals(app.getPackageName())) {
-+            sIsGms = true;
-             spoofBuildGms();
-         }
-     }
-+
-+    private static boolean isCallerSafetyNet() {
-+        return Arrays.stream(Thread.currentThread().getStackTrace())
-+                .anyMatch(elem -> elem.getClassName().contains("DroidGuard"));
-+    }
-+
-+    public static void onEngineGetCertificateChain() {
-+        // Check stack for SafetyNet
-+        if (sIsGms && isCallerSafetyNet()) {
-+            throw new UnsupportedOperationException();
-+        }
-+    }
- }
-diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
-index 33411e1ec5b9..133a4094d434 100644
---- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
-+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
-@@ -42,6 +42,7 @@ import android.system.keystore2.ResponseCode;
- import android.util.Log;
- 
- import com.android.internal.annotations.VisibleForTesting;
-+import com.android.internal.gmscompat.AttestationHooks;
- 
- import java.io.ByteArrayInputStream;
- import java.io.IOException;
-@@ -164,6 +165,8 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
- 
-     @Override
-     public Certificate[] engineGetCertificateChain(String alias) {
-+        AttestationHooks.onEngineGetCertificateChain();
-+
-         KeyEntryResponse response = getKeyMetadata(alias);
- 
-         if (response == null || response.metadata.certificate == null) {
--- 
-2.34.1
-