From 0c26690f08e52c13a1e71c54b535bf72477c6ca3 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Tue, 1 Oct 2024 05:52:28 +0000
Subject: [PATCH] Override OEM unlock check with downstream security state flag
 whenever it is present

---
 .../java/app/attestation/auditor/AttestationProtocol.java  | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/src/main/java/app/attestation/auditor/AttestationProtocol.java b/app/src/main/java/app/attestation/auditor/AttestationProtocol.java
index 676a3310..66fedd01 100644
--- a/app/src/main/java/app/attestation/auditor/AttestationProtocol.java
+++ b/app/src/main/java/app/attestation/auditor/AttestationProtocol.java
@@ -1523,6 +1523,13 @@ static AttestationResult generateSerialized(final Context context, final byte[]
                 osEnforcedFlags |= OS_ENFORCED_FLAGS_SYSTEM_USER;
             }
             if (extraSecurityState != Bundle.EMPTY) {
+                String oemUnlockAllowedKey = "android.ext.OEM_UNLOCK_ALLOWED";
+                if (extraSecurityState.containsKey(oemUnlockAllowedKey)) {
+                    osEnforcedFlags &= ~OS_ENFORCED_FLAGS_OEM_UNLOCK_ALLOWED;
+                    if (extraSecurityState.getBoolean(oemUnlockAllowedKey, false)) {
+                        osEnforcedFlags |= OS_ENFORCED_FLAGS_OEM_UNLOCK_ALLOWED;
+                    }
+                }
             }
             serializer.putInt(osEnforcedFlags);