treble/lineage_patches_unified
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lineage_patches_unified/patches_platform/frameworks_base/0022-gmscompat-Make-CTS-Play-Integrity-pass-again.patch
Andy CrossGate Yan 17dc085b51 Changes for October 2023, syncing up to 20230905
2023-10-18 08:08:56 +08:00

66 lines
2.8 KiB
Diff
Raw Blame History

From 4ffed064b21d9662631ee70d20dfd8441fcec574 Mon Sep 17 00:00:00 2001
From: Dyneteve <dyneteve@hentaios.com>
Date: Wed, 8 Feb 2023 15:21:01 +0000
Subject: [PATCH 22/22] gmscompat: Make CTS/Play Integrity pass again
The logic behind CTS and Play Integrity has been updated today it now
checks the product and model names against the fingerprint and if
they do not match the CTS profile will fail.
Also while we are at it use a newer FP from Pixel XL and add logging
for key attestation blocking for debugging.
Test: Boot, check for CTS and Play Integrity
Change-Id: I089d5ef935bba40338e10c795ea7d181103ffd15
Signed-off-by: Dyneteve <dyneteve@hentaios.com>
---
.../internal/gmscompat/AttestationHooks.java | 20 +++++++++----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
index d2b1d2879c9c..ef7a308a25bc 100644
--- a/core/java/com/android/internal/gmscompat/AttestationHooks.java
+++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
@@ -72,9 +72,11 @@ public final class AttestationHooks {
private static void spoofBuildGms() {
// Alter model name and fingerprint to avoid hardware attestation enforcement
- setBuildField("FINGERPRINT", "google/angler/angler:6.0/MDB08L/2343525:user/release-keys");
- setBuildField("MODEL", Build.MODEL + "\u200b");
- setVersionField("DEVICE_INITIAL_SDK_INT", Build.VERSION_CODES.S);
+ setBuildField("FINGERPRINT", "google/marlin/marlin:7.1.2/NJH47F/4146041:user/release-keys");
+ setBuildField("PRODUCT", "marlin");
+ setBuildField("DEVICE", "marlin");
+ setBuildField("MODEL", "Pixel XL");
+ setVersionField("DEVICE_INITIAL_SDK_INT", Build.VERSION_CODES.N_MR1);
}
public static void initApplicationBeforeOnCreate(Application app) {
@@ -90,18 +92,14 @@ public final class AttestationHooks {
}
private static boolean isCallerSafetyNet() {
- return Arrays.stream(Thread.currentThread().getStackTrace())
+ return sIsGms && Arrays.stream(Thread.currentThread().getStackTrace())
.anyMatch(elem -> elem.getClassName().contains("DroidGuard"));
}
public static void onEngineGetCertificateChain() {
- // Check stack for SafetyNet
- if (sIsGms && isCallerSafetyNet()) {
- throw new UnsupportedOperationException();
- }
-
- // Check stack for PlayIntegrity
- if (sIsFinsky) {
+ // Check stack for SafetyNet or Play Integrity
+ if (isCallerSafetyNet() || sIsFinsky) {
+ Log.i(TAG, "Blocked key attestation sIsGms=" + sIsGms + " sIsFinsky=" + sIsFinsky);
throw new UnsupportedOperationException();
}
}
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink