8c1659e271
When generating a CE key, don't persist it immediately with kEmptyAuthentication. Instead, cache it in memory and persist it later when the secret to protect it with is given. This is needed to make it so that the CE key is always encrypted by the user's synthetic password while it is stored on-disk. See the corresponding system_server changes for more information about this design change and its motivation. As part of this, simplify vold's Binder interface by replacing the three methods addUserKeyAuth(), clearUserKeyAuth(), and fixateNewestUserKeyAuth() with a single method setUserKeyProtection(). setUserKeyProtection() handles persisting the key for a new user or re-encrypting the default-encrypted key for an existing unsecured user. Bug: 232452368 Ignore-AOSP-First: This depends on frameworks/base changes that can only be submitted to internal master, due to conflicts. Test: see Ia753ea21bbaca8ef7a90c03fe73b66c896b1536e Change-Id: Id36ba8ee343ccb6de7ec892c3f600abd636f6ce5 |
||
---|---|---|
.. | ||
IVold.aidl | ||
IVoldListener.aidl | ||
IVoldMountCallback.aidl | ||
IVoldTaskListener.aidl |