Continuation of #29 - Githubissues

microg / RemoteDroidGuard

Service to run Google's DroidGuard binary in an isolated environment

99 stars 29 forks source link

Continuation of #29 #30

Closed 0x5ECF4ULT closed 3 years ago

0x5ECF4ULT commented 4 years ago

As the previous PR (#29) has been closed here is the continuation with some bugfixes.

To reproduce the build follow these steps:

https://github.com/microg/android_packages_apps_GmsCore/wiki/Development-Tools#using-the-emulator
./gradlew clean installDebug (if the emulator is running, otherwise do ./gradlew clean assembleDebug and install manually)
install GSM Core, GSF Proxy, FakeStore from microG's website
Make sure that ALL (excluding UnifiedNlp, they seem to be irrelevant) boxes in the self-check are checked
Make sure that Device Registration, GCM and SN are enabled
Download some SN Checker App and pay attention to the logcat logs!

Observing process com.google.android.gms.unstable: Bildschirmfoto-20200728110026-1789x216

Observing process org.freeandroidtools.safetynettest: Bildschirmfoto-20200728110329-1672x45

Ofc the validation fails (because this is an emulator obviously) but the request is successful.

SakiiCode commented 4 years ago

Tried to debug the code and found some things:

removing db.close() from onCreate() in DroidGuardDatabase fixes java.lang.IllegalStateException: attempt to re-open an already-closed object: SQLiteDatabase which caused crashes for me
it seems like the database gets reopened because of the invocation in DroidGuardHelper. This may give a better idea why the connection is leaking, not sure if the begin/endtransaction() calls help anything.

Now it gives a successful request with failed validation. If I have a proper device, I'll test with that as well

ErnyTech commented 4 years ago

7-28 17:59:08.031   813  1055 I ActivityManager: Start proc 7746:com.google.android.gms.unstable/u0a211 for service {org.microg.gms.droidguard/org.microg.gms.droidguard.RemoteDroidGuardService}
07-28 17:59:08.054  7746  7746 W id.gms.unstabl: Core platform API violation: Ljava/lang/reflect/Field;->accessFlags:I from Landroid/os/Build; using reflection
07-28 17:59:08.055  3431  3463 D GmsMeasureSvcImpl: onTransact [unknown]: 1, android.os.Parcel@9689284, 16
07-28 17:59:08.121  7746  7767 I SQLiteConnectionPool: The connection pool for /data/user/0/org.microg.gms.droidguard/databases/dg.db has been closed but there are still 1 connections in use.  They will be closed as they are released back to the pool.
07-28 17:59:08.122  7746  7767 W GmsDroidGuardRemote: 
07-28 17:59:08.122  7746  7767 W GmsDroidGuardRemote: java.lang.IllegalStateException: attempt to re-open an already-closed object: SQLiteDatabase: /data/user/0/org.microg.gms.droidguard/databases/dg.db

0x5ECF4ULT commented 4 years ago

Thanks @SakiiCode! I just pushed the changes you suggested. Also thanks for testing on a real device ^^

ErnyTech commented 4 years ago

Now it seems to be working but I am unable to get at least a basicIntegrity on real device.

07-28 20:36:58.709  1881  1881 D c       : apkCertificateDigests:[FJZqNb3u3c9XbWF4NmmpNkUzP/q2q9IW+5LyS/P86/s=]
07-28 20:36:58.743  1881  1881 D c       : apkDigest:+/C5jpOdoz2vmkJTjh1YG+7GKDA8OtgQHc1OOFqCeIY=
07-28 20:36:58.743  1881  1881 V c       : running SafetyNet.API Test
07-28 20:36:58.854 18938 19401 D GmsDroidGuardHelper: -- Request --
07-28 20:36:58.854 18938 19401 D GmsDroidGuardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BOARD, val=msm8996}, KeyValuePair{key=BOOTLOADER, val=unknown}, KeyValuePair{key=BRAND, val=OnePlus}, KeyValuePair{key=CPU_ABI, val=arm64-v8a}, KeyValuePair{key=CPU_ABI2, val=}, KeyValuePair{key=SUPPORTED_ABIS, val=arm64-v8a,armeabi-v7a,armeabi}, KeyValuePair{key=DEVICE, val=OnePlus3}, KeyValuePair{key=DISPLAY, val=QQ3A.200705.002}, KeyValuePair{key=FINGERPRINT, val=OnePlus/OnePlus3/OnePlus3:8.0.0/OPR1.170623.032/02281230:user/release-keys}, KeyValuePair{key=HARDWARE, val=qcom}, KeyValuePair{key=HOST, val=builder}, KeyValuePair{key=ID, val=QQ3A.200705.002}, KeyValuePair{key=MANUFACTURER, val=OnePlus}, KeyValuePair{key=MODEL, val=ONEPLUS A3003}, KeyValuePair{key=PRODUCT, val=lineage_oneplus3}, KeyValuePair{key=RADIO, val=unknown}, KeyValuePair{key=SERIAL, val=unknown}, KeyValuePair{key=TAGS, val=release-keys}, KeyValuePair{key=TIME, val=1594789897000}, KeyValuePair{key=TYPE, val=user}, KeyValuePair{key=USER, val=frankeggen}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=eng.franke.20200715.071307}, KeyValuePair{key=RELEASE, val=10}, KeyValuePair{key=SDK, val=29}, KeyValuePair{key=SDK_INT, val=29}], versionNamePrefix=20.24.14 (040400-{{cl}}), isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=5f9fe6ff0443bea330b8f9862e3852a5]], currentVersion=3, arch=aarch64}

07-28 20:37:02.826  1881  1881 D d       : decodedJWTPayload json:{"nonce":"Tvr5NM2ZA/x03oUIiLeq++gIQuxl6uSX2tBUzD3JuHo=","timestampMs":1595961423482,"ctsProfileMatch":false,"apkCertificateDigestSha256":[],"basicIntegrity":false,"evaluationType":"BASIC"}
07-28 20:37:02.827  1881  1881 E c       : invalid packageName, expected = "org.freeandroidtools.safetynettest"
07-28 20:37:02.827  1881  1881 E c       : invalid packageName, response = "null"

ErnyTech commented 4 years ago

Why apkCertificateDigestSha256 is empty and packageName is null?

0x5ECF4ULT commented 4 years ago

@EmyTech I guess I know why... saw those SELinux denials? I guess DG does need those requests to succeed. As I said I'll look into those issues. I don't know yet why the certificate hash array is empty.

ErnyTech commented 4 years ago

I have enabled selinux permissive (and hidden from droidguard of course)

ErnyTech commented 4 years ago

@tacticalDevC I tested SafetyNet using one Xiaomi Redmi Note 10 Lite with stock rom and Google Apps, using DroidGuard pre-installed in the stock rom I get the same SELinux denials.

Obviously SafetyNet passes here with ctsProfile and basicIntegrity, evaluationType HARDWARE_BACKED So it's not our problem, SafetyNet fails for something else.

07-28 21:22:43.828 24673 24673 W Binder:24673_4: type=1400 audit(0.0:135749): avc: denied { search } for name="vendor" dev="tmpfs" ino=13866 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0
07-28 21:22:43.838 24673 24673 W Binder:24673_4: type=1400 audit(0.0:135750): avc: denied { getattr } for name="/" dev="sde52" ino=1 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:firmware_file:s0 tclass=filesystem permissive=0
07-28 21:22:43.838 24673 24673 W Binder:24673_4: type=1400 audit(0.0:135751): avc: denied { getattr } for name="/" dev="sde27" ino=1 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:bt_firmware_file:s0 tclass=filesystem permissive=0

mar-v-in commented 4 years ago

Negative SELinux audit results can also mean that the device passed a test (= test if selinux is working properly)

0x5ECF4ULT commented 4 years ago

Alright so the only problem I see here would be the hashes being null. I'll fire up the debugger tomorrow and push a (hopefully functional) fix. Also I'll revert the changes I've made to DroidGuardDatabase (cc @mar-v-in)

ArchangeGabriel commented 4 years ago

In case it might helps, here are logs on my device:

08-06 21:14:39.340 30811 30811 D SafetyNetHelperSAMPLE: SafetyNet start request
08-06 21:14:39.342 30811 30811 D SafetyNetHelper: apkCertificateDigests:[MZNsDhz8VAJMmFxPPso38ZRvZE6r7VIyzUqypkakG8E=]
08-06 21:14:39.342 30811 30811 V SafetyNetHelper: running SafetyNet.API Test
08-06 21:14:39.355 11607 11607 D GmsSafetyNetClientSvc: onBind: Intent { act=com.google.android.gms.safetynet.service.START pkg=com.google.android.gms }
08-06 21:14:39.374 11607  2143 D SafeParcel: Unknown field id 10 in com.google.android.gms.common.internal.GetServiceRequest, skipping.
08-06 21:14:39.374 11607  2143 D SafeParcel: Unknown field id 11 in com.google.android.gms.common.internal.GetServiceRequest, skipping.
08-06 21:14:39.374 11607  2143 D SafeParcel: Unknown field id 12 in com.google.android.gms.common.internal.GetServiceRequest, skipping.
08-06 21:14:39.374 11607  2143 D GmsSafetyNetClientSvc: bound by: GetServiceRequest{serviceId=SAFETY_NET_CLIENT, gmsVersion=12451000, packageName='com.scottyab.safetynet.sample', extras=Bundle[{}]}
08-06 21:14:39.415 30844  1051 D GmsDroidGuardHelper: -- Request --
08-06 21:14:39.415 30844  1051 D GmsDroidGuardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BOARD, val=msm8998}, KeyValuePair{key=BOOTLOADER, val=unknown}, KeyValuePair{key=BRAND, val=OnePlus}, KeyValuePair{key=CPU_ABI, val=arm64-v8a}, KeyValuePair{key=CPU_ABI2, val=}, KeyValuePair{key=SUPPORTED_ABIS, val=arm64-v8a,armeabi-v7a,armeabi}, KeyValuePair{key=DEVICE, val=OnePlus5T}, KeyValuePair{key=DISPLAY, val=omni_oneplus5t-userdebug 9 PQ3B.190801.002 55 test-keys}, KeyValuePair{key=FINGERPRINT, val=OnePlus/OnePlus5T/OnePlus5T:9/PKQ1.180716.001/1905271747:user/release-keys}, KeyValuePair{key=HARDWARE, val=qcom}, KeyValuePair{key=HOST, val=devbox.omnirom.org}, KeyValuePair{key=ID, val=PQ3B.190801.002}, KeyValuePair{key=MANUFACTURER, val=OnePlus}, KeyValuePair{key=MODEL, val=ONEPLUS A5010}, KeyValuePair{key=PRODUCT, val=OnePlus5T}, KeyValuePair{key=RADIO, val=unknown}, KeyValuePair{key=SERIAL, val=unknown}, KeyValuePair{key=TAGS, val=release-keys}, KeyValuePair{key=TIME, val=1570929656000}, KeyValuePair{key=TYPE, val=user}, KeyValuePair{key=USER, val=jenkins}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=55}, KeyValuePair{key=RELEASE, val=9}, KeyValuePair{key=SDK, val=28}, KeyValuePair{key=SDK_INT, val=28}], versionNamePrefix=20.24.14 (040400-{{cl}}), isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=bcfbdc3a985a4e1084e41930fe46f5c3]], currentVersion=3, arch=aarch64}
08-06 21:14:40.898 30844  1051 D GmsDroidGuardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/d799b3786f20534d6edad93e9ab9ec2bbc65d38e/the.apk
08-06 21:14:41.024 30844  1051 D GmsDroidGuardHelper: b -> 4434509754776069776
08-06 21:14:41.022 30844 30844 W Thread-9: type=1400 audit(0.0:248937): avc: denied { read } for name="type" dev="sysfs" ino=58199 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
08-06 21:14:41.022 30844 30844 W Thread-9: type=1400 audit(0.0:248938): avc: denied { read } for name="type" dev="sysfs" ino=58067 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
08-06 21:14:41.154 30844  1051 D GmsDroidGuardHelper: c -> com.google.android.gms
08-06 21:14:41.172 30844 30844 W Thread-9: type=1400 audit(0.0:248939): avc: denied { getattr } for name="/" dev="sde10" ino=1 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:firmware_file:s0 tclass=filesystem permissive=0
08-06 21:14:41.172 30844 30844 W Thread-9: type=1400 audit(0.0:248940): avc: denied { getattr } for name="/" dev="sde24" ino=1 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:bt_firmware_file:s0 tclass=filesystem permissive=0
08-06 21:14:41.188 11607  1050 D GmsSafetyNetClientImpl: Status: 0, error:null
08-06 21:14:42.583 30811 30811 D SafetyNetResponse: decodedJWTPayload json:{"nonce":"G/0zFkGd+J6gJw1YfqUJhJrMTXQ0/Cq8hSWhqh8piOw=","timestampMs":1596734082685,"ctsProfileMatch":false,"apkCertificateDigestSha256":[],"basicIntegrity":false,"evaluationType":"BASIC"}
08-06 21:14:42.586 30811 30811 D SafetyNetHelperSAMPLE: SafetyNet req success: ctsProfileMatch:false and basicIntegrity, false

0x5ECF4ULT commented 4 years ago

Thanks @ArchangeGabriel ! Those logs are really appreciated! But still it's the same issue in the decoded response: apkCertificateDigestSha256 is an empty array.

Funatiker commented 4 years ago

I'm not sure whether that helps but here's the logcat output of a OnePlus 7T Pro with yesterday's LineageOS+MicroG build. All selfchecks of MicroG succeed, device registration, cloud messaging and safetynet (external server, droidguard installed) are enabled. I start Pokémon Go (which uses SafetyNet), login with correct credentials, and the login fails.

09-24 12:13:13.209  4892  6341 W GmsDroidguardHelper: 
09-24 12:13:13.209  4892  6341 W GmsDroidguardHelper: java.lang.NoSuchFieldException: BUILD
09-24 12:13:13.209  4892  6341 W GmsDroidguardHelper:   at java.lang.Class.getField(Class.java:1604)
09-24 12:13:13.209  4892  6341 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.createSystemInfoPair(DroidguardHelper.java:169)
09-24 12:13:13.209  4892  6341 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.getSystemInfo(DroidguardHelper.java:117)
09-24 12:13:13.209  4892  6341 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.guard(DroidguardHelper.java:64)
09-24 12:13:13.209  4892  6341 W GmsDroidguardHelper:   at org.microg.gms.droidguard.RemoteDroidGuardService$1$1.run(RemoteDroidGuardService.java:23)
09-24 12:13:13.209  4892  6341 W GmsDroidguardHelper:   at java.lang.Thread.run(Thread.java:919)
09-24 12:13:13.212  4892  6341 D GmsDroidguardHelper: -- Request --
09-24 12:13:13.212  4892  6341 D GmsDroidguardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BUILD, val=unknown}, KeyValuePair{key=BOARD, val=msmnile}, KeyValuePair{key=BOOTLOADER, val=unknown}, KeyValuePair{key=BRAND, val=OnePlus}, KeyValuePair{key=CPU_ABI, val=arm64-v8a}, KeyValuePair{key=CPU_ABI2, val=}, KeyValuePair{key=DEVICE, val=OnePlus7TPro}, KeyValuePair{key=DISPLAY, val=lineage_hotdog-userdebug 10 QQ3A.200805.001 eng.root.20200923.095306 dev-keys}, KeyValuePair{key=FINGERPRINT, val=OnePlus/OnePlus7TPro_EEA/OnePlus7TPro:10/QKQ1.190716.003/1910120055:user/release-keys}, KeyValuePair{key=HARDWARE, val=qcom}, KeyValuePair{key=HOST, val=ace17f424bd5}, KeyValuePair{key=ID, val=QQ3A.200805.001}, KeyValuePair{key=MANUFACTURER, val=OnePlus}, KeyValuePair{key=MODEL, val=OnePlus 7T Pro}, KeyValuePair{key=PRODUCT, val=OnePlus7TPro}, KeyValuePair{key=RADIO, val=unknown}, KeyValuePair{key=SERIAL, val=unknown}, KeyValuePair{key=TAGS, val=dev-keys}, KeyValuePair{key=TIME, val=1600854708000}, KeyValuePair{key=TYPE, val=userdebug}, KeyValuePair{key=USER, val=root}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=eng.root.20200923.095306}, KeyValuePair{key=RELEASE, val=10}, KeyValuePair{key=SDK, val=29}, KeyValuePair{key=SDK_INT, val=29}], versionNamePrefix=9.6.83 (430-, isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=e35d47f44dcb5b548020f1f22f6260aa]], currentVersion=3, arch=aarch64}
09-24 12:13:13.368  4892  6341 D GmsDroidguardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/fdfd1d429f7a2e5f5a47de3971a40ed9737d5756/the.apk
09-24 12:13:13.385  4892  4907 W System  : A resource failed to call end. 
09-24 12:13:13.446  4892  4892 W Thread-12: type=1400 audit(0.0:418): avc: denied { search } for name="vendor" dev="tmpfs" ino=15061 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0 app=org.microg.gms.droidguard
09-24 12:13:13.456  4892  4892 W Thread-12: type=1400 audit(0.0:420): avc: denied { getattr } for name="/" dev="sde5" ino=1 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:bt_firmware_file:s0 tclass=filesystem permissive=0 app=org.microg.gms.droidguard
09-24 12:13:13.468  4892  6341 D GmsDroidguardHelper: c -> com.google.android.gms
09-24 12:13:13.456  4892  4892 W Thread-12: type=1400 audit(0.0:422): avc: denied { read } for name="modules" dev="proc" ino=4026532186 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:proc_modules:s0 tclass=file permissive=0 app=org.microg.gms.droidguard
09-24 12:13:13.474  4892  6341 E SQLiteLog: (14) cannot open file at line 36683 of [68b898381a]
09-24 12:13:13.474  4892  6341 E SQLiteLog: (14) os_unix.c:36683: (2) open(/data/user/0/org.microg.gms.droidguard/databases/dg.db) - 
09-24 12:13:13.475  4892  6341 E SQLiteDatabase: Failed to open database '/data/user/0/org.microg.gms.droidguard/databases/dg.db'.
09-24 12:13:13.475  4892  6341 E SQLiteDatabase: android.database.sqlite.SQLiteCantOpenDatabaseException: unknown error (code 14 SQLITE_CANTOPEN): Could not open database
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.nativeOpen(Native Method)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:215)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:197)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.openConnectionLocked(SQLiteConnectionPool.java:505)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.open(SQLiteConnectionPool.java:206)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.open(SQLiteConnectionPool.java:198)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openInner(SQLiteDatabase.java:915)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.open(SQLiteDatabase.java:895)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openDatabase(SQLiteDatabase.java:786)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openDatabase(SQLiteDatabase.java:733)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.initNative(Native Method)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.init(DroidGuard.java:447)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.run(DroidGuard.java:429)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at java.lang.reflect.Method.invoke(Native Method)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at org.microg.gms.droidguard.DroidguardHelper.invoke(DroidguardHelper.java:111)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at org.microg.gms.droidguard.DroidguardHelper.guard(DroidguardHelper.java:92)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at org.microg.gms.droidguard.RemoteDroidGuardService$1$1.run(RemoteDroidGuardService.java:23)
09-24 12:13:13.475  4892  6341 E SQLiteDatabase:    at java.lang.Thread.run(Thread.java:919)
09-24 12:13:13.482  4892  6341 D GmsDroidguardHelper: b -> 3471548608822811245
09-24 12:13:13.557  3445  6340 D GmsSafetyNetClientImpl: Status: 0, error:null
09-24 12:13:13.564   744  1245 I netd    : firewallSetUidRule(2, 10137, 2) <0.19ms>
09-24 12:13:13.629  3445  3462 W System  : A resource failed to call close. 
09-24 12:13:14.858  1376  1463 E LightsService: Light requested not available on this device. 2
09-24 12:13:16.408  2307  2307 D QtiCarrierConfigHelper: WARNING, no carrier configs on phone Id: 0
09-24 12:13:29.837  2307  2307 I chatty  : uid=1001(radio) com.android.phone identical 2 lines
09-24 12:13:30.502  2307  2307 D QtiCarrierConfigHelper: WARNING, no carrier configs on phone Id: 0
09-24 12:13:31.284  1058  1143 I ThermalEngine: Monitor : quiet_therm = 32026, msm_therm = 34806, xo_therm = 33715, battery_therm = 309,current_now = -23000 
09-24 12:13:34.069   744  1245 I netd    : firewallSetUidRule(2, 10137, 1) <0.04ms>
09-24 12:13:34.072  4892  6345 W GmsDroidguardHelper: 
09-24 12:13:34.072  4892  6345 W GmsDroidguardHelper: java.lang.NoSuchFieldException: BUILD
09-24 12:13:34.072  4892  6345 W GmsDroidguardHelper:   at java.lang.Class.getField(Class.java:1604)
09-24 12:13:34.072  4892  6345 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.createSystemInfoPair(DroidguardHelper.java:169)
09-24 12:13:34.072  4892  6345 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.getSystemInfo(DroidguardHelper.java:117)
09-24 12:13:34.072  4892  6345 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.guard(DroidguardHelper.java:64)
09-24 12:13:34.072  4892  6345 W GmsDroidguardHelper:   at org.microg.gms.droidguard.RemoteDroidGuardService$1$1.run(RemoteDroidGuardService.java:23)
09-24 12:13:34.072  4892  6345 W GmsDroidguardHelper:   at java.lang.Thread.run(Thread.java:919)
09-24 12:13:34.075  4892  6345 D GmsDroidguardHelper: -- Request --
09-24 12:13:34.075  4892  6345 D GmsDroidguardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BUILD, val=unknown}, KeyValuePair{key=BOARD, val=msmnile}, KeyValuePair{key=BOOTLOADER, val=unknown}, KeyValuePair{key=BRAND, val=OnePlus}, KeyValuePair{key=CPU_ABI, val=arm64-v8a}, KeyValuePair{key=CPU_ABI2, val=}, KeyValuePair{key=DEVICE, val=OnePlus7TPro}, KeyValuePair{key=DISPLAY, val=lineage_hotdog-userdebug 10 QQ3A.200805.001 eng.root.20200923.095306 dev-keys}, KeyValuePair{key=FINGERPRINT, val=OnePlus/OnePlus7TPro_EEA/OnePlus7TPro:10/QKQ1.190716.003/1910120055:user/release-keys}, KeyValuePair{key=HARDWARE, val=qcom}, KeyValuePair{key=HOST, val=ace17f424bd5}, KeyValuePair{key=ID, val=QQ3A.200805.001}, KeyValuePair{key=MANUFACTURER, val=OnePlus}, KeyValuePair{key=MODEL, val=OnePlus 7T Pro}, KeyValuePair{key=PRODUCT, val=OnePlus7TPro}, KeyValuePair{key=RADIO, val=unknown}, KeyValuePair{key=SERIAL, val=unknown}, KeyValuePair{key=TAGS, val=dev-keys}, KeyValuePair{key=TIME, val=1600854708000}, KeyValuePair{key=TYPE, val=userdebug}, KeyValuePair{key=USER, val=root}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=eng.root.20200923.095306}, KeyValuePair{key=RELEASE, val=10}, KeyValuePair{key=SDK, val=29}, KeyValuePair{key=SDK_INT, val=29}], versionNamePrefix=9.6.83 (430-, isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=e35d47f44dcb5b548020f1f22f6260aa]], currentVersion=3, arch=aarch64}
09-24 12:13:34.145  4892  6345 D GmsDroidguardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/fdfd1d429f7a2e5f5a47de3971a40ed9737d5756/the.apk
09-24 12:13:34.147  4892  4912 I id.gms.unstabl: Waiting for a blocking GC ProfileSaver
09-24 12:13:34.163  4892  4912 I id.gms.unstabl: WaitForGcToComplete blocked ProfileSaver on HeapTrim for 15.862ms
09-24 12:13:34.163  4892  4907 W System  : A resource failed to call end. 
09-24 12:13:34.216  4892  4892 W Thread-13: type=1400 audit(0.0:432): avc: denied { read } for name="block" dev="sysfs" ino=45848 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0 app=org.microg.gms.droidguard
09-24 12:13:34.250  4892  6345 D GmsDroidguardHelper: c -> com.google.android.gms
09-24 12:13:34.252  4892  6345 D GmsDroidguardHelper: b -> 3471548608822811245
09-24 12:13:34.253  4892  6345 E SQLiteLog: (14) cannot open file at line 36683 of [68b898381a]
09-24 12:13:34.253  4892  6345 E SQLiteLog: (14) os_unix.c:36683: (2) open(/data/user/0/org.microg.gms.droidguard/databases/dg.db) - 
09-24 12:13:34.253  4892  6345 E SQLiteDatabase: Failed to open database '/data/user/0/org.microg.gms.droidguard/databases/dg.db'.
09-24 12:13:34.253  4892  6345 E SQLiteDatabase: android.database.sqlite.SQLiteCantOpenDatabaseException: unknown error (code 14 SQLITE_CANTOPEN): Could not open database
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.nativeOpen(Native Method)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:215)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:197)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.openConnectionLocked(SQLiteConnectionPool.java:505)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.open(SQLiteConnectionPool.java:206)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.open(SQLiteConnectionPool.java:198)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openInner(SQLiteDatabase.java:915)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.open(SQLiteDatabase.java:895)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openDatabase(SQLiteDatabase.java:786)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openDatabase(SQLiteDatabase.java:733)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.initNative(Native Method)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.init(DroidGuard.java:447)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.run(DroidGuard.java:429)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at java.lang.reflect.Method.invoke(Native Method)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at org.microg.gms.droidguard.DroidguardHelper.invoke(DroidguardHelper.java:111)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at org.microg.gms.droidguard.DroidguardHelper.guard(DroidguardHelper.java:92)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at org.microg.gms.droidguard.RemoteDroidGuardService$1$1.run(RemoteDroidGuardService.java:23)
09-24 12:13:34.253  4892  6345 E SQLiteDatabase:    at java.lang.Thread.run(Thread.java:919)
09-24 12:13:34.236  4892  4892 W Thread-13: type=1400 audit(0.0:436): avc: denied { read } for name="/" dev="tmpfs" ino=15051 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0 app=org.microg.gms.droidguard
09-24 12:13:34.291  3445  6344 D GmsSafetyNetClientImpl: Status: 0, error:null
09-24 12:13:34.293   744  1245 I netd    : firewallSetUidRule(2, 10137, 2) <0.05ms>
09-24 12:13:34.330  3445  3462 W System  : A resource failed to call close. 
09-24 12:13:36.245  2307  2307 D QtiCarrierConfigHelper: WARNING, no carrier configs on phone Id: 0
09-24 12:13:43.277  2307  2307 D QtiCarrierConfigHelper: WARNING, no carrier configs on phone Id: 0
09-24 12:13:46.808   744  1245 I netd    : firewallSetUidRule(2, 10137, 1) <0.04ms>
09-24 12:13:46.813  4892  6348 W GmsDroidguardHelper: 
09-24 12:13:46.813  4892  6348 W GmsDroidguardHelper: java.lang.NoSuchFieldException: BUILD
09-24 12:13:46.813  4892  6348 W GmsDroidguardHelper:   at java.lang.Class.getField(Class.java:1604)
09-24 12:13:46.813  4892  6348 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.createSystemInfoPair(DroidguardHelper.java:169)
09-24 12:13:46.813  4892  6348 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.getSystemInfo(DroidguardHelper.java:117)
09-24 12:13:46.813  4892  6348 W GmsDroidguardHelper:   at org.microg.gms.droidguard.DroidguardHelper.guard(DroidguardHelper.java:64)
09-24 12:13:46.813  4892  6348 W GmsDroidguardHelper:   at org.microg.gms.droidguard.RemoteDroidGuardService$1$1.run(RemoteDroidGuardService.java:23)
09-24 12:13:46.813  4892  6348 W GmsDroidguardHelper:   at java.lang.Thread.run(Thread.java:919)
09-24 12:13:46.817  4892  6348 D GmsDroidguardHelper: -- Request --
09-24 12:13:46.817  4892  6348 D GmsDroidguardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BUILD, val=unknown}, KeyValuePair{key=BOARD, val=msmnile}, KeyValuePair{key=BOOTLOADER, val=unknown}, KeyValuePair{key=BRAND, val=OnePlus}, KeyValuePair{key=CPU_ABI, val=arm64-v8a}, KeyValuePair{key=CPU_ABI2, val=}, KeyValuePair{key=DEVICE, val=OnePlus7TPro}, KeyValuePair{key=DISPLAY, val=lineage_hotdog-userdebug 10 QQ3A.200805.001 eng.root.20200923.095306 dev-keys}, KeyValuePair{key=FINGERPRINT, val=OnePlus/OnePlus7TPro_EEA/OnePlus7TPro:10/QKQ1.190716.003/1910120055:user/release-keys}, KeyValuePair{key=HARDWARE, val=qcom}, KeyValuePair{key=HOST, val=ace17f424bd5}, KeyValuePair{key=ID, val=QQ3A.200805.001}, KeyValuePair{key=MANUFACTURER, val=OnePlus}, KeyValuePair{key=MODEL, val=OnePlus 7T Pro}, KeyValuePair{key=PRODUCT, val=OnePlus7TPro}, KeyValuePair{key=RADIO, val=unknown}, KeyValuePair{key=SERIAL, val=unknown}, KeyValuePair{key=TAGS, val=dev-keys}, KeyValuePair{key=TIME, val=1600854708000}, KeyValuePair{key=TYPE, val=userdebug}, KeyValuePair{key=USER, val=root}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=eng.root.20200923.095306}, KeyValuePair{key=RELEASE, val=10}, KeyValuePair{key=SDK, val=29}, KeyValuePair{key=SDK_INT, val=29}], versionNamePrefix=9.6.83 (430-, isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=e35d47f44dcb5b548020f1f22f6260aa]], currentVersion=3, arch=aarch64}
09-24 12:13:46.880  4892  6348 D GmsDroidguardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/fdfd1d429f7a2e5f5a47de3971a40ed9737d5756/the.apk
09-24 12:13:46.876  4892  4892 W Thread-14: type=1400 audit(0.0:446): avc: denied { read } for name="devices" dev="proc" ino=4026532204 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=file permissive=0 app=org.microg.gms.droidguard
09-24 12:13:46.892  4892  4907 W System  : A resource failed to call end. 
09-24 12:13:46.906  4892  4892 W Thread-14: type=1400 audit(0.0:447): avc: denied { search } for name="vendor" dev="tmpfs" ino=15061 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0 app=org.microg.gms.droidguard
09-24 12:13:46.924  4892  6348 D GmsDroidguardHelper: c -> com.google.android.gms
09-24 12:13:46.906  4892  4892 W Thread-14: type=1400 audit(0.0:450): avc: denied { getattr } for name="/" dev="sde56" ino=2 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:op1_file:s0 tclass=filesystem permissive=0 app=org.microg.gms.droidguard
09-24 12:13:47.000  4892  6348 D GmsDroidguardHelper: b -> 3471548608822811245
09-24 12:13:47.010  4892  6348 E SQLiteLog: (14) cannot open file at line 36683 of [68b898381a]
09-24 12:13:47.010  4892  6348 E SQLiteLog: (14) os_unix.c:36683: (2) open(/data/user/0/org.microg.gms.droidguard/databases/dg.db) - 
09-24 12:13:47.010  4892  6348 E SQLiteDatabase: Failed to open database '/data/user/0/org.microg.gms.droidguard/databases/dg.db'.
09-24 12:13:47.010  4892  6348 E SQLiteDatabase: android.database.sqlite.SQLiteCantOpenDatabaseException: unknown error (code 14 SQLITE_CANTOPEN): Could not open database
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.nativeOpen(Native Method)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:215)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:197)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.openConnectionLocked(SQLiteConnectionPool.java:505)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.open(SQLiteConnectionPool.java:206)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteConnectionPool.open(SQLiteConnectionPool.java:198)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openInner(SQLiteDatabase.java:915)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.open(SQLiteDatabase.java:895)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openDatabase(SQLiteDatabase.java:786)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at android.database.sqlite.SQLiteDatabase.openDatabase(SQLiteDatabase.java:733)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.initNative(Native Method)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.init(DroidGuard.java:447)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at com.google.ccc.abuse.droidguard.DroidGuard.run(DroidGuard.java:429)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at java.lang.reflect.Method.invoke(Native Method)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at org.microg.gms.droidguard.DroidguardHelper.invoke(DroidguardHelper.java:111)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at org.microg.gms.droidguard.DroidguardHelper.guard(DroidguardHelper.java:92)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at org.microg.gms.droidguard.RemoteDroidGuardService$1$1.run(RemoteDroidGuardService.java:23)
09-24 12:13:47.010  4892  6348 E SQLiteDatabase:    at java.lang.Thread.run(Thread.java:919)
09-24 12:13:47.012  3445  6347 D GmsSafetyNetClientImpl: Status: 0, error:null

mid-kid commented 3 years ago

Why was this closed and deleted?

0x5ECF4ULT commented 3 years ago

Why was this closed and deleted?

Weird... I've never closed this PR. I've just filed it as a draft. Reopening.

0x5ECF4ULT commented 3 years ago

Okay apparently GH thinks this PR is dead and closed it. I have to push commits to be able to reopen again

0x5ECF4ULT commented 3 years ago

Update regarding a potential fix: I think I've tracked down the empty apkCertificateDigestSha256 array to GmsCore. First I'll have to verify that they are indeed filled after a successful SN request but I doubt that the issue is somewhere in RemoteDroidGuard. Other than that: I'm actively working on that issue again (really sorry for the long long delay).

mid-kid commented 3 years ago

Hey man, don't worry about it. Getting anything at all is a blessing, and you've already given us a bunch of info.