Add @SensitiveData tag to IVold
Mitigate data leak across the Binder boundary to Vold, of secrets derived from the LSKF. Specifically: the `String secret` argument to both `setCeStorageProtection` and `unlockCeStorage` is a secret derived from the user's synthetic password. This CL is part of an effort to wipe instances of the LSKF and secrets derived from it, so they are not available in a RAMdump. Bug: 320392352 Test: launch_cvd -daemon Change-Id: I0439f63fd4739bf5a6c957695cc9c3003ec89eb0
This commit is contained in:
parent
300df5a5d8
commit
da1d160074
1 changed files with 1 additions and 0 deletions
|
@ -22,6 +22,7 @@ import android.os.IVoldMountCallback;
|
|||
import android.os.IVoldTaskListener;
|
||||
|
||||
/** {@hide} */
|
||||
@SensitiveData
|
||||
interface IVold {
|
||||
void setListener(IVoldListener listener);
|
||||
|
||||
|
|
Loading…
Reference in a new issue