Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 76ea325a3de506110a5308be51c0c48ac305c09e^! / . / private
commit76ea325a3de506110a5308be51c0c48ac305c09e[log] [tgz]
authorKenny Root <kroot@google.com>Tue Dec 03 16:55:43 2019 -0800
committerKenny Root <kroot@google.com>Mon Dec 09 14:25:04 2019 -0800
tree1cec3b0bf5378e5f754ac6b406ac0bdb76132c64
parent8f079fb0e2c094232c9354f24d7d28f46793a50b [diff]
Support Resume on Reboot

When an OTA is downloaded, the RecoverySystem can be triggered to store
the user's lock screen knowledge factor in a secure way using the
IRebootEscrow HAL. This will allow the credential encrypted (CE)
storage, keymaster credentials, and possibly others to be unlocked when
the device reboots after an OTA.

Bug: 63928581
Test: make
Test: boot emulator with default implementation
Test: boot Pixel 4 with default implementation
Change-Id: I1f02e7a502478715fd642049da01eb0c01d112f6

diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index bd950dd..6a4b4db 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -19,6 +19,7 @@
     gmscore_app
     hal_can_bus_hwservice
     hal_can_controller_hwservice
+    hal_rebootescrow_service
     hal_tv_tuner_hwservice
     hal_vibrator_service
     init_svc_debug_prop

diff --git a/private/service_contexts b/private/service_contexts
index dd71111..4399ea4 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -1,3 +1,4 @@
+android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
 android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
 
 accessibility                             u:object_r:accessibility_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index 5544279..fe1cc42 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -222,6 +222,7 @@
 hal_client_domain(system_server, hal_omx)
 hal_client_domain(system_server, hal_power)
 hal_client_domain(system_server, hal_power_stats)
+hal_client_domain(system_server, hal_rebootescrow)
 hal_client_domain(system_server, hal_sensors)
 hal_client_domain(system_server, hal_tetheroffload)
 hal_client_domain(system_server, hal_thermal)