gsi: quirks: Implement version / SPL spoofing for MTK KeyMint

Turns out it is still required -- just that on Android 13 it happened to work fine on devices released on Android 13
Revert "init_gsi: Ignore trustkernel hack if key{master,mint} is new enough"
2023-10-15 09:37:48 -04:00 · 2023-10-14 22:04:33 -04:00
2 changed files with 25 additions and 5 deletions
--- a/init/quirks/soc/mtk_trustkernel.cpp
+++ b/init/quirks/soc/mtk_trustkernel.cpp
@ -9,6 +9,7 @@
 #include <cstdlib>
 #include <filesystem>
 #include <map>
 #include <optional>
 #include <string>
 #include <utility>
@ -18,6 +19,11 @@ using namespace std;
 #define AVB_PROP_OS_VERSION "com.android.build.boot.os_version"
 #define AVB_PROP_SPL "com.android.build.boot.security_patch"
 map<int, string> api_to_version{
    {30, "11"}, {31, "12"}, {32, "12L"},
    {33, "13"}, {34, "14"}
 };
 optional<pair<string, string>> try_get_spl() {
    string boot_part = "/dev/block/by-name/boot" + android::base::GetProperty("ro.boot.slot_suffix", "");
@ -50,9 +56,7 @@ optional<pair<string, string>> try_get_spl() {
 class MtkTkQuirk : DeviceQuirk {
 public:
    bool ShouldRun() {
-        return filesystem::exists("/proc/tkcore/tkcore_log")
+        return filesystem::exists("/proc/tkcore/tkcore_log");
                 // No longer an issue after MediaTek upgraded to KeyMint AIDL services
                 && !filesystem::exists("/vendor/bin/hw/android.hardware.security.keymint-service.trustkernel");
    }
    void Run() {
@ -61,13 +65,27 @@ public:
        android::base::SetProperty("ro.keymaster.brn", "Android");
        android::base::SetProperty("ro.keymaster.mod", "AOSP on ARM64");
 	string release = android::base::GetProperty("ro.vendor.build.version.release", "11");
 	string spl = android::base::GetProperty("ro.vendor.build.version.security_patch", "2023-01-05");
        auto res = try_get_spl();
        if (res) {
-            android::base::SetProperty("ro.keymaster.xxx.release", res->first);
+            release = res->first;
-            android::base::SetProperty("ro.keymaster.xxx.security_patch", res->second);
+            spl = res->second;
        }
        // With GRF, release version from vendor or boot may not be what we need
        int first_api_level = android::base::GetIntProperty("ro.product.first_api_level", 30);
        if (api_to_version.count(first_api_level) > 0) {
            string release_from_first_api = api_to_version[first_api_level];
            if (stoi(release_from_first_api) >= stoi(release)) {
                release = release_from_first_api;
            }
        }
        android::base::SetProperty("ro.keymaster.xxx.release", release);
        android::base::SetProperty("ro.keymaster.xxx.security_patch", spl);
        android::base::SetProperty("ctl.restart", "teed");
    }
 };
--- a/sepolicy/private/keymaster.te
+++ b/sepolicy/private/keymaster.te
@ -1,7 +1,9 @@
 # Access to fake keymaster SPL/Android version props -- from TrebleDroid
 get_prop(hal_keymaster, default_prop);
 get_prop(hal_keymint, default_prop);
 get_prop(tee, default_prop);
 get_prop(hal_keymaster, system_prop);
 get_prop(hal_keymint, system_prop);
 get_prop(hal_gatekeeper, system_prop);
Author	SHA1	Message	Date
Peter Cai	24a646279c	gsi: quirks: Implement version / SPL spoofing for MTK KeyMint Turns out it is still required -- just that on Android 13 it happened to work fine on devices released on Android 13	2023-10-15 09:37:48 -04:00
Peter Cai	0fadf6d607	Revert "init_gsi: Ignore trustkernel hack if key{master,mint} is new enough" This reverts commit `c935edd3d8`.	2023-10-14 22:04:33 -04:00