SafetyNet check failing

[logic]

Hi,

I'm on a Nexus 5 (hammerhead) running the latest LineageOS 7.1.1 build. com.google.android.gms-10087435.apk and org.microg.gms.droidguard-8.apk are installed in /system/priv-app, and the su addon, while it was once installed, has been removed.

The relevant portion of logcat's output when running a safetynet test is:

03-03 13:31:08.376  4394  4394 D c       : apkCertificateDigests:[FJZqNb3u3c9XbWF4NmmpNkUzP/q2q9IW+5LyS/P86/s=]
03-03 13:31:08.421  4394  4394 D c       : apkDigest:Nu7iBqfVPKJocBAen1etJeEVrbU/CrKE8f2bzPIv08c=
03-03 13:31:08.425  4394  4394 E Ads     : This app is using a lightweight version of the Google Mobile Ads SDK that requires the latest Google Play services to be installed, but Google Play services is either missing or out of date.
03-03 13:31:08.430  3384  6317 D SafeParcel: Unknown field num 9 in com.google.android.gms.common.internal.GetServiceRequest, skipping.
03-03 13:31:08.430  3384  6317 D GmsSafetyNetClientSvc: bound by: GetServiceRequest{serviceId=SAFETY_NET_CLIENT, gmsVersion=10084000, packageName='org.freeandroidtools.safetynettest', extras=Bundle[{}]}
03-03 13:31:08.441  4394  4394 V c       : Google play services connected
03-03 13:31:08.441  4394  4394 V c       : running SafetyNet.API Test
03-03 13:31:08.489  4589  6544 D GmsDroidguardHelper: -- Request --
03-03 13:31:08.489  4589  6544 D GmsDroidguardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BOARD, val=hammerhead}, KeyValuePair{key=BOOTLOADER, val=HHZ20h}, KeyValuePair{key=BRAND, val=google}, KeyValuePair{key=CPU_ABI, val=armeabi-v7a}, KeyValuePair{key=CPU_ABI2, val=armeabi}, KeyValuePair{key=DEVICE, val=hammerhead}, KeyValuePair{key=DISPLAY, val=lineage_hammerhead-userdebug 7.1.1 NOF26W c16dd0a420}, KeyValuePair{key=FINGERPRINT, val=google/hammerhead/hammerhead:6.0.1/M4B30Z/3437181:user/release-keys}, KeyValuePair{key=HARDWARE, val=hammerhead}, KeyValuePair{key=HOST, val=phenom.zifnab.net}, KeyValuePair{key=ID, val=NOF26W}, KeyValuePair{key=MANUFACTURER, val=LGE}, KeyValuePair{key=MODEL, val=Nexus 5}, KeyValuePair{key=PRODUCT, val=hammerhead}, KeyValuePair{key=RADIO, val=M8974A-2.0.50.2.30}, KeyValuePair{key=SERIAL, val=03abe5e2094772e2}, KeyValuePair{key=TAGS, val=release-keys}, KeyValuePair{key=TIME, val=1488258759000}, KeyValuePair{key=TYPE, val=user}, KeyValuePair{key=USER, val=jenkins}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=c16dd0a420}, KeyValuePair{key=RELEASE, val=7.1.1}, KeyValuePair{key=SDK, val=25}, KeyValuePair{key=SDK_INT, val=25}], versionNamePrefix=10.0.84 (430-, isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=10c9039e3b03bbcf21b4cbe38464b3c0]], currentVersion=3, arch=armv7l}
03-03 13:31:08.739  4589  6544 D GmsDroidguardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/728c52bb3c15b9bc06d2d3bdeab4dbceb7306c79/the.apk
03-03 13:31:08.743  4589  6544 E linker  : readlink("/proc/self/fd/46") failed: No such file or directory [fd=46]
03-03 13:31:08.743  4589  6544 E linker  : warning: unable to get realpath for the library "/data/user/0/org.microg.gms.droidguard/app_dg_cache/728c52bb3c15b9bc06d2d3bdeab4dbceb7306c79/lib/libdBF914251138C.so". Will use given path.
03-03 13:31:08.885  6544  6544 W Thread-4: type=1400 audit(0.0:28): avc: denied { read } for name="/" dev="tmpfs" ino=7172 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
03-03 13:31:08.916  3233  3233 D KP2AAF  : OnAccEvent
03-03 13:31:08.916  3233  3233 D KP2AAF  : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:08.916  3233  3233 D KP2AAF  : no com.android.systemui
03-03 13:31:08.920  3233  3233 D KP2AAF  : Cancel notif
03-03 13:31:08.922  3233  3233 D KP2AAF  : OnAccEvent
03-03 13:31:08.922  3233  3233 D KP2AAF  : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:08.922  3233  3233 D KP2AAF  : no com.android.systemui
03-03 13:31:08.925  3233  3233 D KP2AAF  : Cancel notif
03-03 13:31:08.995  4589  6544 D GmsDroidguardHelper: b -> 4248316063309356145
03-03 13:31:08.995  6544  6544 W Thread-4: type=1400 audit(0.0:29): avc: denied { read } for name="address" dev="sysfs" ino=20239 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_mac_address:s0 tclass=file permissive=0
03-03 13:31:09.003  4589  6544 D GmsDroidguardHelper: c -> com.google.android.gms
03-03 13:31:09.007  4589  6544 I Adreno-EGL: <qeglDrvAPI_eglInitialize:379>: QUALCOMM Build: 10/21/15, 369a2ea, I96aee987eb
03-03 13:31:09.042  4589  6544 D GmsDroidguardHelper: a: DMuISYaK+q0io/0+ygI7o4VhjQ4RsFzkElF/mvv7ybaUO7EDau5H0IM/Cyu5W9c9rNMrTHHxitzEroV0UdrSbA== -> 5=b13be5fe2cc2762b4a7ae73a0dd371167d3e1d07
03-03 13:31:09.042  4589  6544 D GmsDroidguardHelper: 7=Qualcomm:Adreno (TM) 330
03-03 13:31:09.042  4589  6544 D GmsDroidguardHelper: 8=-7479576191701395881
03-03 13:31:09.042  4589  6544 D GmsDroidguardHelper: 9=-9192185862579480407
03-03 13:31:09.046  4589  6544 I Adreno-EGL: <qeglDrvAPI_eglInitialize:379>: QUALCOMM Build: 10/21/15, 369a2ea, I96aee987eb
03-03 13:31:09.082  4589  6544 D GmsDroidguardHelper: a: wCMeQIFDuvk/GTVS2nZCUivMs//OxtszFTnlp89/VXdXRqnxNlx+tY3NdhX+bC1leKhdsBBRBV0frquiYVdyoQ== -> 5=b13be5fe2cc2762b4a7ae73a0dd371167d3e1d07
03-03 13:31:09.082  4589  6544 D GmsDroidguardHelper: 7=Qualcomm:Adreno (TM) 330
03-03 13:31:09.082  4589  6544 D GmsDroidguardHelper: 8=354111959722915893
03-03 13:31:09.082  4589  6544 D GmsDroidguardHelper: 9=3622246987746052370
03-03 13:31:09.254  4394  4394 D d       : decodedJWTPayload json:{"extension":"CQl2cO+bLite","apkCertificateDigestSha256":[],"error":"internal_error"}
03-03 13:31:09.255  4394  4394 E c       : invalid nonce, expected = "fVXSgXQRvLDfNhDEcLp1JOHTh3omZfPJYbIeO3S0/BI="
03-03 13:31:09.255  4394  4394 E c       : invalid nonce, response   = "null"
03-03 13:31:09.359  3233  3233 D KP2AAF  : OnAccEvent
03-03 13:31:09.359  3233  3233 D KP2AAF  : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.359  3233  3233 D KP2AAF  : no com.android.systemui
03-03 13:31:09.367  3233  3233 D KP2AAF  : Cancel notif
03-03 13:31:09.368  3233  3233 D KP2AAF  : OnAccEvent
03-03 13:31:09.368  3233  3233 D KP2AAF  : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.368  3233  3233 D KP2AAF  : no com.android.systemui
03-03 13:31:09.374  3233  3233 D KP2AAF  : Cancel notif
03-03 13:31:09.377  3233  3233 D KP2AAF  : OnAccEvent
03-03 13:31:09.377  3233  3233 D KP2AAF  : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.377  3233  3233 D KP2AAF  : no com.android.systemui
03-03 13:31:09.385  3233  3233 D KP2AAF  : Cancel notif
03-03 13:31:09.388  3233  3233 D KP2AAF  : OnAccEvent
03-03 13:31:09.388  3233  3233 D KP2AAF  : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.388  3233  3233 D KP2AAF  : no com.android.systemui
03-03 13:31:09.396  3233  3233 D KP2AAF  : Cancel notif
03-03 13:31:09.399  3233  3233 D KP2AAF  : OnAccEvent
03-03 13:31:09.400  3233  3233 D KP2AAF  : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.400  3233  3233 D KP2AAF  : no com.android.systemui
03-03 13:31:09.406  3233  3233 D KP2AAF  : Cancel notif
03-03 13:31:09.409  3233  3233 D KP2AAF  : OnAccEvent
03-03 13:31:09.409  3233  3233 D KP2AAF  : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.409  3233  3233 D KP2AAF  : no com.android.systemui
03-03 13:31:09.418  3233  3233 D KP2AAF  : Cancel notif

FWIW: this exact combination of software is working just fine on my Nexus 7 2013 (flo). I'm suspecting there's a mislabeled selinux context somewhere (I'm not seeing the avc denials on the Nexus 7), but don't know enough about the guts of this to have a good idea where to start digging.

Any ideas, or additional information I could add that would help?

[logic]

After this week's LineageOS update, as well as this week's GmsCore update (I didn't do them separately to test this, unfortunately), safetynet is passing on my Nexus 5 again. So, might as well close this out.