Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / 8c1659e27155a5c52f5739f1a0c82576a672ce28
commit8c1659e27155a5c52f5739f1a0c82576a672ce28[log] [tgz]
authorEric Biggers <ebiggers@google.com>Tue Sep 06 21:29:14 2022 +0000
committerEric Biggers <ebiggers@google.com>Tue Sep 06 21:30:36 2022 +0000
tree3085204964646073ce392f9aecde18d71d0eeedd
parentc954f8d8bfbe3431e64e9d1aa86fa1855abb3656 [diff]
Make the CE key always be encrypted by the synthetic password

When generating a CE key, don't persist it immediately with
kEmptyAuthentication.  Instead, cache it in memory and persist it later
when the secret to protect it with is given.  This is needed to make it
so that the CE key is always encrypted by the user's synthetic password
while it is stored on-disk.  See the corresponding system_server changes
for more information about this design change and its motivation.

As part of this, simplify vold's Binder interface by replacing the three
methods addUserKeyAuth(), clearUserKeyAuth(), and
fixateNewestUserKeyAuth() with a single method setUserKeyProtection().
setUserKeyProtection() handles persisting the key for a new user or
re-encrypting the default-encrypted key for an existing unsecured user.

Bug: 232452368
Ignore-AOSP-First: This depends on frameworks/base changes that can only
                   be submitted to internal master, due to conflicts.
Test: see Ia753ea21bbaca8ef7a90c03fe73b66c896b1536e
Change-Id: Id36ba8ee343ccb6de7ec892c3f600abd636f6ce5
6 files changed
tree: 3085204964646073ce392f9aecde18d71d0eeedd
  1. bench/
  2. binder/
  3. fs/
  4. model/
  5. tests/
  6. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  7. Android.bp
  8. AppFuseUtil.cpp
  9. AppFuseUtil.h
  10. Benchmark.cpp
  11. Benchmark.h
  12. BenchmarkGen.h
  13. Checkpoint.cpp
  14. Checkpoint.h
  15. CleanSpec.mk
  16. cryptfs.cpp
  17. cryptfs.h
  18. CryptoType.cpp
  19. CryptoType.h
  20. EncryptInplace.cpp
  21. EncryptInplace.h
  22. FileDeviceUtils.cpp
  23. FileDeviceUtils.h
  24. FsCrypt.cpp
  25. FsCrypt.h
  26. IdleMaint.cpp
  27. IdleMaint.h
  28. KeyBuffer.cpp
  29. KeyBuffer.h
  30. KeyStorage.cpp
  31. KeyStorage.h
  32. Keystore.cpp
  33. Keystore.h
  34. KeyUtil.cpp
  35. KeyUtil.h
  36. Loop.cpp
  37. Loop.h
  38. main.cpp
  39. MetadataCrypt.cpp
  40. MetadataCrypt.h
  41. MoveStorage.cpp
  42. MoveStorage.h
  43. NetlinkHandler.cpp
  44. NetlinkHandler.h
  45. NetlinkManager.cpp
  46. NetlinkManager.h
  47. OWNERS
  48. PREUPLOAD.cfg
  49. Process.cpp
  50. Process.h
  51. secdiscard.cpp
  52. sehandle.h
  53. TEST_MAPPING
  54. Utils.cpp
  55. Utils.h
  56. vdc.cpp
  57. vold.rc
  58. vold_prepare_subdirs.cpp
  59. VoldNativeService.cpp
  60. VoldNativeService.h
  61. VoldNativeServiceValidation.cpp
  62. VoldNativeServiceValidation.h
  63. VoldUtil.cpp
  64. VoldUtil.h
  65. VolumeManager.cpp
  66. VolumeManager.h