From 69908af269c76085862d4034abf615e5416838a1 Mon Sep 17 00:00:00 2001
From: Dyneteve <dyneteve@hentaios.com>
Date: Wed, 8 Feb 2023 15:21:01 +0000
Subject: [PATCH 23/23] gmscompat: Make CTS/Play Integrity pass again

The logic behind CTS and Play Integrity has been updated today it now
checks the product and model names against the fingerprint and if
they do not match the CTS profile will fail.

Also while we are at it use a newer FP from Pixel XL and add logging
for key attestation blocking for debugging.

Test: Boot, check for CTS and Play Integrity

Change-Id: I089d5ef935bba40338e10c795ea7d181103ffd15
Signed-off-by: Dyneteve <dyneteve@hentaios.com>
---
 .../internal/gmscompat/AttestationHooks.java  | 20 +++++++++----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
index d2b1d2879c9c..ef7a308a25bc 100644
--- a/core/java/com/android/internal/gmscompat/AttestationHooks.java
+++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
@@ -72,9 +72,11 @@ public final class AttestationHooks {
 
     private static void spoofBuildGms() {
         // Alter model name and fingerprint to avoid hardware attestation enforcement
-        setBuildField("FINGERPRINT", "google/angler/angler:6.0/MDB08L/2343525:user/release-keys");
-        setBuildField("MODEL", Build.MODEL + "\u200b");
-        setVersionField("DEVICE_INITIAL_SDK_INT", Build.VERSION_CODES.S);
+        setBuildField("FINGERPRINT", "google/marlin/marlin:7.1.2/NJH47F/4146041:user/release-keys");
+        setBuildField("PRODUCT", "marlin");
+        setBuildField("DEVICE", "marlin");
+        setBuildField("MODEL", "Pixel XL");
+        setVersionField("DEVICE_INITIAL_SDK_INT", Build.VERSION_CODES.N_MR1);
     }
 
     public static void initApplicationBeforeOnCreate(Application app) {
@@ -90,18 +92,14 @@ public final class AttestationHooks {
     }
 
     private static boolean isCallerSafetyNet() {
-        return Arrays.stream(Thread.currentThread().getStackTrace())
+        return sIsGms && Arrays.stream(Thread.currentThread().getStackTrace())
                 .anyMatch(elem -> elem.getClassName().contains("DroidGuard"));
     }
 
     public static void onEngineGetCertificateChain() {
-        // Check stack for SafetyNet
-        if (sIsGms && isCallerSafetyNet()) {
-            throw new UnsupportedOperationException();
-        }
-
-        // Check stack for PlayIntegrity
-        if (sIsFinsky) {
+        // Check stack for SafetyNet or Play Integrity
+        if (isCallerSafetyNet() || sIsFinsky) {
+            Log.i(TAG, "Blocked key attestation sIsGms=" + sIsGms + " sIsFinsky=" + sIsFinsky);
             throw new UnsupportedOperationException();
         }
     }
-- 
2.34.1