Revert "proc: cmdline: Patch SafetyNet flags"

On Android 12, userspace enforces vbmeta signature verification based on the bootloader lock state, which is read from verifiedbootstate. This means that spoofing verifiedbootstate=green causes init to bail out during early boot if vbmeta doesn't pass verification: [ 9.229305] init: [libfs_avb]ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed [ 9.237357] init: Failed to open AvbHandle: No such file or directory [ 9.244103] init: Failed to setup verity for '/system': No such file or directory [ 9.252018] init: Failed to mount /system: No such file or directory [ 9.258648] init: Failed to mount required partitions early ... [ 9.264738] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00007f00 Given that this workaround is no longer sufficient for passing SafetyNet anyway due to the opportunistic use of hardware-backed attestation, revert it to fix issues booting on Android 12. Stock + custom kernel: FAIL due to hardware attestation Stock + root: PASS with Universal SafetyNet Fix + MagiskHide (which sets the same props) Custom ROM with SafetyNet workarounds: PASS without custom kernel This workaround alone doesn't really help anyone pass. Signed-off-by: Danny Lin <danny@kdrag0n.dev> Signed-off-by: K A R T H I K <karthik.lal558@gmail.com>
karthik558 · Oct 13, 2021 · e5f0980 · e5f0980
1 parent cb25a07
commit e5f0980
Showing 1 changed file with 1 addition and 36 deletions.
diff --git a/fs/proc/cmdline.c b/fs/proc/cmdline.c
@@ -3,14 +3,10 @@
 #include <linux/init.h>
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
-#include <asm/setup.h>
-
-static char new_command_line[COMMAND_LINE_SIZE];
 
 static int cmdline_proc_show(struct seq_file *m, void *v)
 {
-	seq_puts(m, new_command_line);
-	seq_putc(m, '\n');
+	seq_printf(m, "%s\n", saved_command_line);
 	return 0;
 }
 
@@ -26,39 +22,8 @@ static const struct file_operations cmdline_proc_fops = {
 	.release	= single_release,
 };
 
-static void patch_flag(char *cmd, const char *flag, const char *val)
-{
-	size_t flag_len, val_len;
-	char *start, *end;
-
-	start = strstr(cmd, flag);
-	if (!start)
-		return;
-
-	flag_len = strlen(flag);
-	val_len = strlen(val);
-	end = start + flag_len + strcspn(start + flag_len, " ");
-	memmove(start + flag_len + val_len, end, strlen(end) + 1);
-	memcpy(start + flag_len, val, val_len);
-}
-
-static void patch_safetynet_flags(char *cmd)
-{
-	patch_flag(cmd, "androidboot.verifiedbootstate=", "green");
-	patch_flag(cmd, "androidboot.veritymode=", "enforcing");
-	patch_flag(cmd, "androidboot.vbmeta.device_state=", "locked");
-}
-
 static int __init proc_cmdline_init(void)
 {
-	strcpy(new_command_line, saved_command_line);
-
-	/*
-	 * Patch various flags from command line seen by userspace in order to
-	 * pass SafetyNet checks.
-	 */
-	patch_safetynet_flags(new_command_line);
-
 	proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
 	return 0;
 }