Replace string secret with a byte[] for CE storage in vold binder
Replace the current `string secret` argument to the lock/unlock of
CE storage with a `byte[]`. This is part of an effort to remove
instances of the LSKF and LSKF-derived secrets that are available
in a RAMdump -- since the strings are passed from Java, they cannot
be cleared, but `byte[]` can be.
This CL is the described argument change, and the propagation of this
change to the various functions that are called by the vold binder
functions.
Bug: 320392352
Test: Manual upgrade test:
1. Flash the device with a build not including these changes
2. Rebuild with these changes
3. Flash the device (but do not wipe) with the build including
these changes
4. See if the device boots and works normally -- if the CE
storage cannot be unlocked it will not start up and be usable
when the user logs in.
Change-Id: Icd4c925f2fd79e7533fdf9027e16f6736dbe1ab3
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index dfccc00..d37697b 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -91,10 +91,10 @@
void createUserStorageKeys(int userId, boolean ephemeral);
void destroyUserStorageKeys(int userId);
- void setCeStorageProtection(int userId, @utf8InCpp String secret);
+ void setCeStorageProtection(int userId, in byte[] secret);
int[] getUnlockedUsers();
- void unlockCeStorage(int userId, @utf8InCpp String secret);
+ void unlockCeStorage(int userId, in byte[] secret);
void lockCeStorage(int userId);
void prepareUserStorage(@nullable @utf8InCpp String uuid, int userId, int storageFlags);