Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 688d3ab29923ba85954581d8b524f903379fae9d
commit688d3ab29923ba85954581d8b524f903379fae9d[log] [tgz]
authorShawn Willden <swillden@google.com>Wed Oct 02 11:55:27 2019 -0600
committerShawn Willden <swillden@google.com>Wed Nov 13 06:30:13 2019 -0700
treef4280b8beb39c87e651891231bf6e5b74696904b
parent5f5576fe939f4dd7e90f93b496c19fc64c56bfba [diff]
Don't clear kesytore after 5 auth failures.

Keystore's security originally derived from encrypting keys with a key
derived from the user's password.  To avoid making keystore into a
password brute force oracle, keystore cleared itself after five
incorrect presentations.  All of this has been superseded by moving
keystore's security into Keymaster, and by moving password security
into Gatekeeper/Weaver, and further by implmenting the synthetic
password model.

This CL removes the now-useless and occasionally-dangerous keystore
self-destruct.

Test: Manual
Change-Id: Id85c1c39769701bbc0dcfcb76511faf9eeb65496
2 files changed
tree: f4280b8beb39c87e651891231bf6e5b74696904b
  1. fsverity_init/
  2. keystore/
  3. keystore-engine/
  4. .clang-format
  5. Android.bp
  6. MODULE_LICENSE_APACHE2
  7. NOTICE
  8. OWNERS
  9. PREUPLOAD.cfg