1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
// SPDX-License-Identifier: GPL-2.0
#include <linux/fs.h>
#include <linux/init.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <asm/setup.h>
static char new_command_line[COMMAND_LINE_SIZE];
static int cmdline_proc_show(struct seq_file *m, void *v)
{
seq_puts(m, saved_command_line);
seq_putc(m, '\n');
return 0;
}
static int cmdline_proc_open(struct inode *inode, struct file *file)
{
return single_open(file, cmdline_proc_show, NULL);
}
static const struct file_operations cmdline_proc_fops = {
.open = cmdline_proc_open,
.read = seq_read,
.llseek = seq_lseek,
.release = single_release,
};
static char *padding = " ";
static void replace_flag(char *cmd, const char *flag, const char *flag_new)
{
char *start_addr, *end_addr;
/* Ensure all instances of a flag are replaced */
while ((start_addr = strstr(cmd, flag))) {
end_addr = strchr(start_addr, ' ');
if (end_addr) {
if (strlen(flag)<strlen(flag_new)) {
// xx yy=a zz
// ^ ^
// xx yy=bb zz
int length_to_copy = strlen( start_addr + (strlen(flag) ) ) + 1; // +1 to copy trailing '/0'
int length_diff = strlen(flag_new)-strlen(flag);
memcpy(start_addr+(strlen(flag)+length_diff), start_addr+(strlen(flag)), length_to_copy);
memcpy(start_addr+(strlen(flag)), padding, length_diff);
}
memcpy(start_addr, flag_new, strlen(flag_new));
}
else
*(start_addr - 1) = '\0';
}
}
static void replace_safetynet_flags(char *cmd)
{
// WARNING: be aware that you can't replace shorter string with longer ones in the function called here...
replace_flag(cmd, "androidboot.vbmeta.device_state=unlocked",
"androidboot.vbmeta.device_state=locked ");
replace_flag(cmd, "androidboot.enable_dm_verity=0",
"androidboot.enable_dm_verity=1");
replace_flag(cmd, "androidboot.secboot=disabled",
"androidboot.secboot=enabled ");
replace_flag(cmd, "androidboot.verifiedbootstate=orange",
"androidboot.verifiedbootstate=green ");
replace_flag(cmd, "androidboot.veritymode=logging",
"androidboot.veritymode=enforcing");
replace_flag(cmd, "androidboot.veritymode=eio",
"androidboot.veritymode=enforcing");
}
static int __init proc_cmdline_init(void)
{
strcpy(new_command_line, saved_command_line);
/*
* Replace various flags from command line seen by userspace in order to
* pass SafetyNet CTS check.
*/
replace_safetynet_flags(new_command_line);
proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
return 0;
}
fs_initcall(proc_cmdline_init);
|
