Support Resume on Reboot
When an OTA is downloaded, the RecoverySystem can be triggered to store
the user's lock screen knowledge factor in a secure way using the
IRebootEscrow HAL. This will allow the credential encrypted (CE)
storage, keymaster credentials, and possibly others to be unlocked when
the device reboots after an OTA.
Bug: 63928581
Test: atest VtsHalRebootEscrowTargetTest
Change-Id: I32881c82d22f9b1f83e5fba6495c6de4fde14596
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 70c5fd9..2a31497 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -3,6 +3,7 @@
/dev/ab-dram u:object_r:airbrush_device:s0
/dev/abc-pcie-dma u:object_r:airbrush_device:s0
/dev/abc-pcie-tpu_0 u:object_r:abc_tpu_device:s0
+/dev/access-kregistry u:object_r:rebootescrow_device:s0
/dev/access-metadata u:object_r:ramoops_device:s0
/dev/access-ramoops u:object_r:ramoops_device:s0
/dev/block/zram0 u:object_r:swap_block_device:s0
@@ -34,6 +35,7 @@
/vendor/bin/hw/android\.hardware\.oemlock@1\.0-service\.citadel u:object_r:hal_oemlock_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel u:object_r:hal_power_stats_default_exec:s0
/vendor/bin/hw/android\.hardware\.power@1\.3-service\.pixel-libperfmgr u:object_r:hal_power_default_exec:s0
+/vendor/bin/hw/android\.hardware\.rebootescrow-service\.default u:object_r:hal_rebootescrow_default_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element@1\.0-service\.st u:object_r:hal_secure_element_default_exec:s0
/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.pixel u:object_r:hal_thermal_default_exec:s0
/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.coral u:object_r:hal_usb_impl_exec:s0