tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add @SensitiveData tag to IVold

Browse source 
Mitigate data leak across the Binder boundary to Vold, of secrets derived from the LSKF.
Specifically: the `String secret` argument to both `setCeStorageProtection` and `unlockCeStorage` is
a secret derived from the user's synthetic password.

This CL is part of an effort to wipe instances of the LSKF and
secrets derived from it, so they are not available in a RAMdump.

Bug: 320392352
Test: launch_cvd -daemon

Change-Id: I0439f63fd4739bf5a6c957695cc9c3003ec89eb0
This commit is contained in:
Ellen Arteca 2024-03-12 17:38:48 +00:00
parent 300df5a5d8
commit da1d160074
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
binder/android/os/IVold.aidl
View file

@ -22,6 +22,7 @@ import android.os.IVoldMountCallback;
import android.os.IVoldTaskListener; import android.os.IVoldTaskListener;
/** {@hide} */ /** {@hide} */
@SensitiveData
interface IVold { interface IVold {
void setListener(IVoldListener listener); void setListener(IVoldListener listener);