Google Git
Sign in
android / platform / system / vold / 5177ed2e5030ed46ec34a581793890eaa167e4b1
commit5177ed2e5030ed46ec34a581793890eaa167e4b1[log] [tgz]
authorEllen Arteca <emarteca@google.com>Wed Apr 03 21:18:01 2024 +0000
committerEllen Arteca <emarteca@google.com>Wed Apr 17 18:41:54 2024 +0000
tree5bf91a143e597193583fed03e4c20987e35663be
parente76fb7a81010b5ecb42450566465b31e66dc5270 [diff]
Replace string secret with a byte[] for CE storage in vold binder

Replace the current `string secret` argument to the lock/unlock of
CE storage with a `byte[]`. This is part of an effort to remove
instances of the LSKF and LSKF-derived secrets that are available
in a RAMdump -- since the strings are passed from Java, they cannot
be cleared, but `byte[]` can be.

This CL is the described argument change, and the propagation of this
change to the various functions that are called by the vold binder
functions.

Bug: 320392352
Test: Manual upgrade test:
	1. Flash the device with a build not including these changes
	2. Rebuild with these changes
	3. Flash the device (but do not wipe) with the build including
	   these changes
	4. See if the device boots and works normally -- if the CE
	   storage cannot be unlocked it will not start up and be usable
	   when the user logs in.
Change-Id: Icd4c925f2fd79e7533fdf9027e16f6736dbe1ab3
5 files changed
tree: 5bf91a143e597193583fed03e4c20987e35663be
  1. bench/
  2. binder/
  3. fs/
  4. model/
  5. tests/
  6. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  7. Android.bp
  8. AppFuseUtil.cpp
  9. AppFuseUtil.h
  10. Benchmark.cpp
  11. Benchmark.h
  12. BenchmarkGen.h
  13. Checkpoint.cpp
  14. Checkpoint.h
  15. CleanSpec.mk
  16. cryptfs.cpp
  17. cryptfs.h
  18. CryptoType.cpp
  19. CryptoType.h
  20. EncryptInplace.cpp
  21. EncryptInplace.h
  22. FileDeviceUtils.cpp
  23. FileDeviceUtils.h
  24. FsCrypt.cpp
  25. FsCrypt.h
  26. IdleMaint.cpp
  27. IdleMaint.h
  28. KeyBuffer.cpp
  29. KeyBuffer.h
  30. KeyStorage.cpp
  31. KeyStorage.h
  32. Keystore.cpp
  33. Keystore.h
  34. KeyUtil.cpp
  35. KeyUtil.h
  36. Loop.cpp
  37. Loop.h
  38. main.cpp
  39. MetadataCrypt.cpp
  40. MetadataCrypt.h
  41. MoveStorage.cpp
  42. MoveStorage.h
  43. NetlinkHandler.cpp
  44. NetlinkHandler.h
  45. NetlinkManager.cpp
  46. NetlinkManager.h
  47. OWNERS
  48. PREUPLOAD.cfg
  49. Process.cpp
  50. Process.h
  51. secdiscard.cpp
  52. sehandle.h
  53. TEST_MAPPING
  54. Utils.cpp
  55. Utils.h
  56. vdc.cpp
  57. vold.rc
  58. vold_prepare_subdirs.cpp
  59. VoldNativeService.cpp
  60. VoldNativeService.h
  61. VoldNativeServiceValidation.cpp
  62. VoldNativeServiceValidation.h
  63. VoldUtil.cpp
  64. VoldUtil.h
  65. VolumeManager.cpp
  66. VolumeManager.h