Replace string secret with a byte[] for CE storage in vold binder
Replace the current `string secret` argument to the lock/unlock of
CE storage with a `byte[]`. This is part of an effort to remove
instances of the LSKF and LSKF-derived secrets that are available
in a RAMdump -- since the strings are passed from Java, they cannot
be cleared, but `byte[]` can be.
This CL is the described argument change, and the propagation of this
change to the various functions that are called by the vold binder
functions.
Bug: 320392352
Test: Manual upgrade test:
1. Flash the device with a build not including these changes
2. Rebuild with these changes
3. Flash the device (but do not wipe) with the build including
these changes
4. See if the device boots and works normally -- if the CE
storage cannot be unlocked it will not start up and be usable
when the user logs in.
Change-Id: Icd4c925f2fd79e7533fdf9027e16f6736dbe1ab3
diff --git a/VoldNativeService.h b/VoldNativeService.h
index bb00d35..a4fbf00 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -116,10 +116,10 @@
binder::Status createUserStorageKeys(int32_t userId, bool ephemeral);
binder::Status destroyUserStorageKeys(int32_t userId);
- binder::Status setCeStorageProtection(int32_t userId, const std::string& secret);
+ binder::Status setCeStorageProtection(int32_t userId, const std::vector<uint8_t>& secret);
binder::Status getUnlockedUsers(std::vector<int>* _aidl_return);
- binder::Status unlockCeStorage(int32_t userId, const std::string& secret);
+ binder::Status unlockCeStorage(int32_t userId, const std::vector<uint8_t>& secret);
binder::Status lockCeStorage(int32_t userId);
binder::Status prepareUserStorage(const std::optional<std::string>& uuid, int32_t userId,