5a43d61e66
With this change, vold exposes an API that may be used to bind key storage encryption keys to a given seed value. The seed value passed to vold must be consistent across reboots, or key storage keys will not be derived consistently. The seed is expected to be set very early in boot, prior to the use of any key storage encryption keys. This feature is intended to be used for embedded applications such as in autos, where the seed may be provided by some other component of the system. In such systems, there is a default user that is automatically signed in without a PIN or other credentials. By binding the file encryption to a platform-provided seed, the default user's data gains additional protection against removal of the Android embedded device from the integrated system. Bug: 157501579 Test: Set seed at startup via init.rc. Seed changes fail as expected. Change-Id: I9b048ec5e045b84c45883724ace2356d4ef6244d |
||
---|---|---|
.. | ||
android/os |