Revert "proc: cmdline: Patch SafetyNet flags"

kdrag0n · karthik558 · commit e5f09807d872 · 2021-10-13T11:56:10.000+05:30
On Android 12, userspace enforces vbmeta signature verification based on
the bootloader lock state, which is read from verifiedbootstate. This
means that spoofing verifiedbootstate=green causes init to bail out
during early boot if vbmeta doesn't pass verification:

[    9.229305] init: [libfs_avb]ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed
[    9.237357] init: Failed to open AvbHandle: No such file or directory
[    9.244103] init: Failed to setup verity for '/system': No such file or directory
[    9.252018] init: Failed to mount /system: No such file or directory
[    9.258648] init: Failed to mount required partitions early ...
[    9.264738] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00007f00

Given that this workaround is no longer sufficient for passing SafetyNet
anyway due to the opportunistic use of hardware-backed attestation,
revert it to fix issues booting on Android 12.

  Stock + custom kernel: FAIL due to hardware attestation
  Stock + root: PASS with Universal SafetyNet Fix + MagiskHide (which
      sets the same props)
  Custom ROM with SafetyNet workarounds: PASS without custom kernel

This workaround alone doesn't really help anyone pass.

Signed-off-by: Danny Lin &lt;danny@kdrag0n.dev&gt;
Signed-off-by: K A R T H I K &lt;karthik.lal558@gmail.com&gt;
diff --git a/fs/proc/cmdline.c b/fs/proc/cmdline.c
@@ -3,14 +3,10 @@
 #include <linux/init.h>
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
-#include <asm/setup.h>
-
-static char new_command_line[COMMAND_LINE_SIZE];
 
 static int cmdline_proc_show(struct seq_file *m, void *v)
 {
-	seq_puts(m, new_command_line);
-	seq_putc(m, '\n');
+	seq_printf(m, "%s\n", saved_command_line);
 	return 0;
 }
 
@@ -26,39 +22,8 @@ static const struct file_operations cmdline_proc_fops = {
 	.release	= single_release,
 };
 
-static void patch_flag(char *cmd, const char *flag, const char *val)
-{
-	size_t flag_len, val_len;
-	char *start, *end;
-
-	start = strstr(cmd, flag);
-	if (!start)
-		return;
-
-	flag_len = strlen(flag);
-	val_len = strlen(val);
-	end = start + flag_len + strcspn(start + flag_len, " ");
-	memmove(start + flag_len + val_len, end, strlen(end) + 1);
-	memcpy(start + flag_len, val, val_len);
-}
-
-static void patch_safetynet_flags(char *cmd)
-{
-	patch_flag(cmd, "androidboot.verifiedbootstate=", "green");
-	patch_flag(cmd, "androidboot.veritymode=", "enforcing");
-	patch_flag(cmd, "androidboot.vbmeta.device_state=", "locked");
-}
-
 static int __init proc_cmdline_init(void)
 {
-	strcpy(new_command_line, saved_command_line);
-
-	/*
-	 * Patch various flags from command line seen by userspace in order to
-	 * pass SafetyNet checks.
-	 */
-	patch_safetynet_flags(new_command_line);
-
 	proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
 	return 0;
 }
