Introduce KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION This flag is used by system server to mark keys used during the synthetic password auth flow. keys marked with this flag will not be super encrypted because super encryption requires knowledge of the synthetic password, causing a chicken-and-egg problem. Bug: 35849499 Bug: 34600579 Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testResetPasswordWithToken Change-Id: Ibd900e3ede1f51c476d462085caaf216d911d693

commit: 67899de5ade4bc2a6ffae54f2e66cd5d99b67029 [log] [tgz]
author: Rubin Xu <rubinxu@google.com> Fri Apr 21 19:15:13 2017 +0100
committer: Rubin Xu <rubinxu@google.com> Mon Apr 24 21:08:07 2017 +0100
tree: b048f6a9e8bb5c0861a0f8836d402e6e4c21f2fc
parent: 484779559c15728cb4b96b7090083ee9f5a3cf95 [diff] [blame]
diff --git a/keystore/blob.h b/keystore/blob.h
index f710641..06f9ea5 100644
--- a/keystore/blob.h
+++ b/keystore/blob.h

@@ -98,6 +98,9 @@
     bool isSuperEncrypted() const;
     void setSuperEncrypted(bool superEncrypted);
 
+    bool isCriticalToDeviceEncryption() const;
+    void setCriticalToDeviceEncryption(bool critical);
+
     bool isFallback() const { return mBlob.flags & KEYSTORE_FLAG_FALLBACK; }
     void setFallback(bool fallback);
commit	67899de5ade4bc2a6ffae54f2e66cd5d99b67029	[log] [tgz]
author	Rubin Xu <rubinxu@google.com>	Fri Apr 21 19:15:13 2017 +0100
committer	Rubin Xu <rubinxu@google.com>	Mon Apr 24 21:08:07 2017 +0100
tree	b048f6a9e8bb5c0861a0f8836d402e6e4c21f2fc
parent	484779559c15728cb4b96b7090083ee9f5a3cf95 [diff] [blame]