Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 60671e3230d6a59b205e70fb37f7bdf1275670a3
commit60671e3230d6a59b205e70fb37f7bdf1275670a3[log] [tgz]
authorSatya Tangirala <satyat@google.com>Thu Mar 04 16:12:19 2021 -0800
committerSatya Tangirala <satyat@google.com>Fri Mar 05 10:41:13 2021 -0800
tree0812bdd9655a6a7db6d471a9c091d13193c99296
parentd60ebe2e2e144d6a0f5a9e7619f4ba81fc814d57 [diff]
Keystore 2.0: Don't use DB for keys with Domain::BLOB

The global DB can only be initialized after /data is mounted, so we can't
use it before /data is mounted. In particular, store_new_key() was
accessing DB unconditionally to call
SUPER_KEY.handle_super_encryption_on_key_init(), which won't work once
keystore2 starts before /data is mounted.

This patch makes store_new_key() directly handle Domain::BLOB keys to
avoid initializing DB.

Bug: 181910578
Test: Make keystore2 boot early and call generate_key from vold
      before /data is mounted
Change-Id: I12877c1732cee8ced3ae53e8dce070280afd3bbb
1 file changed
tree: 0812bdd9655a6a7db6d471a9c091d13193c99296
  1. fsverity_init/
  2. identity/
  3. keystore/
  4. keystore-engine/
  5. keystore2/
  6. ondevice-signing/
  7. provisioner/
  8. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  9. .clang-format
  10. .gitignore
  11. Android.bp
  12. METADATA
  13. MODULE_LICENSE_APACHE2
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg