Skip to content

Commit

Permalink
kernel/sys.c: Strip localversion from uname for GMS processes
Browse files Browse the repository at this point in the history 
Play Integrity now hashes the kernel's localversion and compares it to a
blacklist of localversion hashes for the purpose of failing Play Integrity
attestation.

Among the banned localversion hashes are "-Sultan" and "-sultan".

Since this is biased and doesn't improve security for end users in any way,
strip the localversion from uname for processes which are part of GMS's
thread group so that Play Integrity doesn't fail due to this.

Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
  • Loading branch information
@kerneltoast @fluffball3
kerneltoast authored and fluffball3 committed Dec 2, 2024
1 parent bc8a5cf commit 3748345
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions kernel/sys.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1288,10 +1288,28 @@ static int override_release(char __user *release, size_t len)
SYSCALL_DEFINE1(newuname, struct new_utsname __user *, name)
{
struct new_utsname tmp;
struct task_struct *t;
bool is_gms = false;

down_read(&uts_sem);
memcpy(&tmp, utsname(), sizeof(tmp));
up_read(&uts_sem);

rcu_read_lock();
for_each_thread(current, t) {
if (thread_group_leader(t)) {
is_gms = !strcmp(t->comm, "id.gms.unstable");
break;
}
}
rcu_read_unlock();

if (is_gms)
snprintf(tmp.release, sizeof(tmp.release), "%u.%u.%u",
(u8)(LINUX_VERSION_CODE >> 16),
(u8)(LINUX_VERSION_CODE >> 8),
LINUX_VERSION_CODE & 0xffff);

if (copy_to_user(name, &tmp, sizeof(tmp)))
return -EFAULT;

Expand Down

0 comments on commit 3748345

Please sign in to comment.