diff options
| author | Danny Lin <danny@kdrag0n.dev> | 2020-10-07 00:24:54 -0700 |
|---|---|---|
| committer | Julian Veit <claymore1298@gmail.com> | 2023-04-15 08:00:08 +0200 |
| commit | 422e786928d645844cf86678dc5c2fc0027a73fa (patch) | |
| tree | 3dad92c6e3b10ff80b5ea596bb83f40c6e1c2bb0 | |
| parent | 4c06a040222ccdc76049427e0bb62f0718209f96 (diff) | |
init: Check for fastbootd before spoofing safetynet props
The real prop values must be retained in recovery/fastbootd in
order for fastbootd to allow/deny flashing correctly based on the
bootloader lock state. This is accomplished by checking androidboot keys
in the kernel cmdline and bootconfig (necessary on Pixel 6), and not
spoofing anything if the boot isn't a normal full-blown Android boot.
@jhenrique09 - Adapt to PE
Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
Former-commit-id: 33d4578679733fb2d6fd0fd9b7baba8fd5f0be57
Change-Id: I17630a84c64ce96735fd6141c4dcf163cb7308fd
| -rw-r--r-- | init/property_service.cpp | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/init/property_service.cpp b/init/property_service.cpp index 60227354e2..db343e61f6 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -798,6 +798,8 @@ static void load_override_properties() { } } +constexpr auto ANDROIDBOOT_MODE = "androidboot.mode"sv; + static const char *snet_prop_key[] = { "ro.boot.vbmeta.device_state", "ro.boot.verifiedbootstate", @@ -853,17 +855,41 @@ static const char *snet_prop_value[] = { static void workaround_snet_properties() { std::string build_type = android::base::GetProperty("ro.build.type", ""); + // Check whether this is a normal boot, and whether the bootloader is actually locked + auto isNormalBoot = true; // no prop = normal boot + // This runs before keys are set as props, so we need to process them ourselves. + ImportKernelCmdline([&](const std::string& key, const std::string& value) { + if (key == ANDROIDBOOT_MODE && value != "normal") { + isNormalBoot = false; + } + }); + ImportBootconfig([&](const std::string& key, const std::string& value) { + if (key == ANDROIDBOOT_MODE && value != "normal") { + isNormalBoot = false; + } + }); + + // Bail out if this is recovery, fastbootd, or anything other than a normal boot. + // fastbootd, in particular, needs the real values so it can allow flashing on + // unlocked bootloaders. + if (!isNormalBoot) { + return; + } + + // Exit if eng build + if (build_type == "eng") { + return; + } + // Weaken property override security to set safetynet props weaken_prop_override_security = true; std::string error; - // Hide all sensitive props if not eng build - if (build_type != "eng") { - LOG(INFO) << "snet: Hiding sensitive props"; - for (int i = 0; snet_prop_key[i]; ++i) { - PropertySet(snet_prop_key[i], snet_prop_value[i], &error); - } + // Hide all sensitive props + LOG(INFO) << "snet: Hiding sensitive props"; + for (int i = 0; snet_prop_key[i]; ++i) { + PropertySet(snet_prop_key[i], snet_prop_value[i], &error); } // Extra pops |