From d01bd29e27e70ea755e8471abb49ea4330092d64 Mon Sep 17 00:00:00 2001 From: alk3pInjection Date: Sun, 17 Sep 2023 12:54:04 +0800 Subject: fw/b: Squashed revert of SafetyNet workarounds Reason for revert: broken beyond fix This reverts the following commits: 7a15c15 "gmscompat: Make CTS/Play Integrity pass again" c6f3d56 "keystore: Block key attestation for SafetyNet" 555e3a9 "Limit SafetyNet workarounds to unstable GMS process" 51c0024 "Spoof build fingerprint for Google Play Services" Change-Id: Id683fd971dee2c7f0219cb5bcbac3c80822eccb6 --- core/java/android/app/Instrumentation.java | 4 - .../internal/gmscompat/AttestationHooks.java | 99 ---------------------- .../security/keystore2/AndroidKeyStoreSpi.java | 3 - 3 files changed, 106 deletions(-) delete mode 100644 core/java/com/android/internal/gmscompat/AttestationHooks.java diff --git a/core/java/android/app/Instrumentation.java b/core/java/android/app/Instrumentation.java index d2bc403e6f3e..ed6face5dc5c 100644 --- a/core/java/android/app/Instrumentation.java +++ b/core/java/android/app/Instrumentation.java @@ -57,8 +57,6 @@ import android.view.WindowManagerGlobal; import com.android.internal.content.ReferrerIntent; -import com.android.internal.gmscompat.AttestationHooks; - import java.io.File; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; @@ -1245,7 +1243,6 @@ public class Instrumentation { Application app = getFactory(context.getPackageName()) .instantiateApplication(cl, className); app.attach(context); - AttestationHooks.initApplicationBeforeOnCreate(app); return app; } @@ -1263,7 +1260,6 @@ public class Instrumentation { ClassNotFoundException { Application app = (Application)clazz.newInstance(); app.attach(context); - AttestationHooks.initApplicationBeforeOnCreate(app); return app; } diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java deleted file mode 100644 index e55f0cad9d53..000000000000 --- a/core/java/com/android/internal/gmscompat/AttestationHooks.java +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.internal.gmscompat; - -import android.app.Application; -import android.os.Build; -import android.os.Build.VERSION; -import android.util.Log; - -import java.lang.reflect.Field; -import java.util.Arrays; - -/** @hide */ -public final class AttestationHooks { - private static final String TAG = "GmsCompat/Attestation"; - - private static final String PACKAGE_GMS = "com.google.android.gms"; - private static final String PROCESS_UNSTABLE = "com.google.android.gms.unstable"; - private static final String PACKAGE_FINSKY = "com.android.vending"; - - private static volatile boolean sIsGms = false; - private static volatile boolean sIsFinsky = false; - - private AttestationHooks() { } - - private static void setBuildField(String key, Object value) { - try { - // Unlock - Field field = Build.class.getDeclaredField(key); - field.setAccessible(true); - - // Edit - field.set(null, value); - - // Lock - field.setAccessible(false); - } catch (NoSuchFieldException | IllegalAccessException e) { - Log.e(TAG, "Failed to spoof Build." + key, e); - } - } - - private static void setVersionField(String key, Integer value) { - try { - // Unlock - Field field = Build.VERSION.class.getDeclaredField(key); - field.setAccessible(true); - - // Edit - field.set(null, value); - - // Lock - field.setAccessible(false); - } catch (NoSuchFieldException | IllegalAccessException e) { - Log.e(TAG, "Failed to spoof Build." + key, e); - } - } - - public static void initApplicationBeforeOnCreate(Application app) { - final String packageName = app.getPackageName(); - final String processName = Application.getProcessName(); - - if (PACKAGE_GMS.equals(packageName) && PROCESS_UNSTABLE.equals(processName)) { - sIsGms = true; - setBuildField("DEVICE", "walleye"); - setBuildField("PRODUCT", "walleye"); - setBuildField("MODEL", "Pixel 2"); - setBuildField("FINGERPRINT", "google/walleye/walleye:8.1.0/OPM1.171019.011/4448085:user/release-keys"); - setVersionField("DEVICE_INITIAL_SDK_INT", Build.VERSION_CODES.O); - } else if (PACKAGE_FINSKY.equals(packageName)) { - sIsFinsky = true; - } - } - - private static boolean isCallerSafetyNet() { - return sIsGms && Arrays.stream(Thread.currentThread().getStackTrace()) - .anyMatch(elem -> elem.getClassName().contains("DroidGuard")); - } - - public static void onEngineGetCertificateChain() { - // Check stack for SafetyNet or Play Integrity - if (isCallerSafetyNet() || sIsFinsky) { - throw new UnsupportedOperationException(); - } - } -} diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java index 133a4094d434..33411e1ec5b9 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java @@ -42,7 +42,6 @@ import android.system.keystore2.ResponseCode; import android.util.Log; import com.android.internal.annotations.VisibleForTesting; -import com.android.internal.gmscompat.AttestationHooks; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -165,8 +164,6 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { @Override public Certificate[] engineGetCertificateChain(String alias) { - AttestationHooks.onEngineGetCertificateChain(); - KeyEntryResponse response = getKeyMetadata(alias); if (response == null || response.metadata.certificate == null) { -- cgit v1.2.3