I'm on a Nexus 5 (hammerhead) running the latest LineageOS 7.1.1 build. com.google.android.gms-10087435.apk and org.microg.gms.droidguard-8.apk are installed in /system/priv-app, and the su addon, while it was once installed, has been removed.
The relevant portion of logcat's output when running a safetynet test is:
03-03 13:31:08.376 4394 4394 D c : apkCertificateDigests:[FJZqNb3u3c9XbWF4NmmpNkUzP/q2q9IW+5LyS/P86/s=]
03-03 13:31:08.421 4394 4394 D c : apkDigest:Nu7iBqfVPKJocBAen1etJeEVrbU/CrKE8f2bzPIv08c=
03-03 13:31:08.425 4394 4394 E Ads : This app is using a lightweight version of the Google Mobile Ads SDK that requires the latest Google Play services to be installed, but Google Play services is either missing or out of date.
03-03 13:31:08.430 3384 6317 D SafeParcel: Unknown field num 9 in com.google.android.gms.common.internal.GetServiceRequest, skipping.
03-03 13:31:08.430 3384 6317 D GmsSafetyNetClientSvc: bound by: GetServiceRequest{serviceId=SAFETY_NET_CLIENT, gmsVersion=10084000, packageName='org.freeandroidtools.safetynettest', extras=Bundle[{}]}
03-03 13:31:08.441 4394 4394 V c : Google play services connected
03-03 13:31:08.441 4394 4394 V c : running SafetyNet.API Test
03-03 13:31:08.489 4589 6544 D GmsDroidguardHelper: -- Request --
03-03 13:31:08.489 4589 6544 D GmsDroidguardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BOARD, val=hammerhead}, KeyValuePair{key=BOOTLOADER, val=HHZ20h}, KeyValuePair{key=BRAND, val=google}, KeyValuePair{key=CPU_ABI, val=armeabi-v7a}, KeyValuePair{key=CPU_ABI2, val=armeabi}, KeyValuePair{key=DEVICE, val=hammerhead}, KeyValuePair{key=DISPLAY, val=lineage_hammerhead-userdebug 7.1.1 NOF26W c16dd0a420}, KeyValuePair{key=FINGERPRINT, val=google/hammerhead/hammerhead:6.0.1/M4B30Z/3437181:user/release-keys}, KeyValuePair{key=HARDWARE, val=hammerhead}, KeyValuePair{key=HOST, val=phenom.zifnab.net}, KeyValuePair{key=ID, val=NOF26W}, KeyValuePair{key=MANUFACTURER, val=LGE}, KeyValuePair{key=MODEL, val=Nexus 5}, KeyValuePair{key=PRODUCT, val=hammerhead}, KeyValuePair{key=RADIO, val=M8974A-2.0.50.2.30}, KeyValuePair{key=SERIAL, val=03abe5e2094772e2}, KeyValuePair{key=TAGS, val=release-keys}, KeyValuePair{key=TIME, val=1488258759000}, KeyValuePair{key=TYPE, val=user}, KeyValuePair{key=USER, val=jenkins}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=c16dd0a420}, KeyValuePair{key=RELEASE, val=7.1.1}, KeyValuePair{key=SDK, val=25}, KeyValuePair{key=SDK_INT, val=25}], versionNamePrefix=10.0.84 (430-, isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=10c9039e3b03bbcf21b4cbe38464b3c0]], currentVersion=3, arch=armv7l}
03-03 13:31:08.739 4589 6544 D GmsDroidguardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/728c52bb3c15b9bc06d2d3bdeab4dbceb7306c79/the.apk
03-03 13:31:08.743 4589 6544 E linker : readlink("/proc/self/fd/46") failed: No such file or directory [fd=46]
03-03 13:31:08.743 4589 6544 E linker : warning: unable to get realpath for the library "/data/user/0/org.microg.gms.droidguard/app_dg_cache/728c52bb3c15b9bc06d2d3bdeab4dbceb7306c79/lib/libdBF914251138C.so". Will use given path.
03-03 13:31:08.885 6544 6544 W Thread-4: type=1400 audit(0.0:28): avc: denied { read } for name="/" dev="tmpfs" ino=7172 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
03-03 13:31:08.916 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:08.916 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:08.916 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:08.920 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:08.922 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:08.922 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:08.922 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:08.925 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:08.995 4589 6544 D GmsDroidguardHelper: b -> 4248316063309356145
03-03 13:31:08.995 6544 6544 W Thread-4: type=1400 audit(0.0:29): avc: denied { read } for name="address" dev="sysfs" ino=20239 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_mac_address:s0 tclass=file permissive=0
03-03 13:31:09.003 4589 6544 D GmsDroidguardHelper: c -> com.google.android.gms
03-03 13:31:09.007 4589 6544 I Adreno-EGL: <qeglDrvAPI_eglInitialize:379>: QUALCOMM Build: 10/21/15, 369a2ea, I96aee987eb
03-03 13:31:09.042 4589 6544 D GmsDroidguardHelper: a: DMuISYaK+q0io/0+ygI7o4VhjQ4RsFzkElF/mvv7ybaUO7EDau5H0IM/Cyu5W9c9rNMrTHHxitzEroV0UdrSbA== -> 5=b13be5fe2cc2762b4a7ae73a0dd371167d3e1d07
03-03 13:31:09.042 4589 6544 D GmsDroidguardHelper: 7=Qualcomm:Adreno (TM) 330
03-03 13:31:09.042 4589 6544 D GmsDroidguardHelper: 8=-7479576191701395881
03-03 13:31:09.042 4589 6544 D GmsDroidguardHelper: 9=-9192185862579480407
03-03 13:31:09.046 4589 6544 I Adreno-EGL: <qeglDrvAPI_eglInitialize:379>: QUALCOMM Build: 10/21/15, 369a2ea, I96aee987eb
03-03 13:31:09.082 4589 6544 D GmsDroidguardHelper: a: wCMeQIFDuvk/GTVS2nZCUivMs//OxtszFTnlp89/VXdXRqnxNlx+tY3NdhX+bC1leKhdsBBRBV0frquiYVdyoQ== -> 5=b13be5fe2cc2762b4a7ae73a0dd371167d3e1d07
03-03 13:31:09.082 4589 6544 D GmsDroidguardHelper: 7=Qualcomm:Adreno (TM) 330
03-03 13:31:09.082 4589 6544 D GmsDroidguardHelper: 8=354111959722915893
03-03 13:31:09.082 4589 6544 D GmsDroidguardHelper: 9=3622246987746052370
03-03 13:31:09.254 4394 4394 D d : decodedJWTPayload json:{"extension":"CQl2cO+bLite","apkCertificateDigestSha256":[],"error":"internal_error"}
03-03 13:31:09.255 4394 4394 E c : invalid nonce, expected = "fVXSgXQRvLDfNhDEcLp1JOHTh3omZfPJYbIeO3S0/BI="
03-03 13:31:09.255 4394 4394 E c : invalid nonce, response = "null"
03-03 13:31:09.359 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.359 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.359 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.367 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.368 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.368 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.368 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.374 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.377 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.377 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.377 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.385 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.388 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.388 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.388 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.396 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.399 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.400 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.400 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.406 3233 3233 D KP2AAF : Cancel notif
03-03 13:31:09.409 3233 3233 D KP2AAF : OnAccEvent
03-03 13:31:09.409 3233 3233 D KP2AAF : event: 2048, package = org.freeandroidtools.safetynettest
03-03 13:31:09.409 3233 3233 D KP2AAF : no com.android.systemui
03-03 13:31:09.418 3233 3233 D KP2AAF : Cancel notif
FWIW: this exact combination of software is working just fine on my Nexus 7 2013 (flo). I'm suspecting there's a mislabeled selinux context somewhere (I'm not seeing the avc denials on the Nexus 7), but don't know enough about the guts of this to have a good idea where to start digging.
Any ideas, or additional information I could add that would help?
After this week's LineageOS update, as well as this week's GmsCore update (I didn't do them separately to test this, unfortunately), safetynet is passing on my Nexus 5 again. So, might as well close this out.
Hi,
I'm on a Nexus 5 (hammerhead) running the latest LineageOS 7.1.1 build.
com.google.android.gms-10087435.apk
andorg.microg.gms.droidguard-8.apk
are installed in/system/priv-app
, and the su addon, while it was once installed, has been removed.The relevant portion of logcat's output when running a safetynet test is:
FWIW: this exact combination of software is working just fine on my Nexus 7 2013 (flo). I'm suspecting there's a mislabeled selinux context somewhere (I'm not seeing the avc denials on the Nexus 7), but don't know enough about the guts of this to have a good idea where to start digging.
Any ideas, or additional information I could add that would help?