Disable super encryption for now It's clashing with synthetic password flow due to the fact that synthetic password flow requires an auth-bound key in keystore, but when the key is being requested, keystore is yet to receive the synthetic password so it can't encrypt the auth-bound key Bug: 37474130 Bug: 35849499 Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testResetPasswordWithToken Change-Id: I58b05f1464d2c85a30ce17fbf5d7eca5da114173

commit: 484779559c15728cb4b96b7090083ee9f5a3cf95 [log] [tgz]
author: Rubin Xu <rubinxu@google.com> Wed Apr 19 14:16:57 2017 +0100
committer: Rubin Xu <rubinxu@google.com> Wed Apr 19 15:39:20 2017 +0100
tree: cc83c99b12deefd049915929432857b486db1443
parent: 45c112a5664660ba303aedf89de3f7fa2a2e43be [diff] [blame]
diff --git a/keystore/blob.cpp b/keystore/blob.cpp
index e173b68..8c8267b 100644
--- a/keystore/blob.cpp
+++ b/keystore/blob.cpp

@@ -83,8 +83,11 @@
     mBlob.flags = setFlag(mBlob.flags, encrypted, KEYSTORE_FLAG_ENCRYPTED);
 }
 
-void Blob::setSuperEncrypted(bool superEncrypted) {
-    mBlob.flags = setFlag(mBlob.flags, superEncrypted, KEYSTORE_FLAG_SUPER_ENCRYPTED);
+void Blob::setSuperEncrypted(__attribute__((unused)) bool superEncrypted) {
+    // Do not enable super encryption yet, as it's clashing with synthetic password flow
+    // TODO: re-enables this once keystore knows about synthetic password keys
+
+    //mBlob.flags = setFlag(mBlob.flags, superEncrypted, KEYSTORE_FLAG_SUPER_ENCRYPTED);
 }
 
 void Blob::setFallback(bool fallback) {
commit	484779559c15728cb4b96b7090083ee9f5a3cf95	[log] [tgz]
author	Rubin Xu <rubinxu@google.com>	Wed Apr 19 14:16:57 2017 +0100
committer	Rubin Xu <rubinxu@google.com>	Wed Apr 19 15:39:20 2017 +0100
tree	cc83c99b12deefd049915929432857b486db1443
parent	45c112a5664660ba303aedf89de3f7fa2a2e43be [diff] [blame]