Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 2b3177074449d0e990e19183017b223abf670692
commit2b3177074449d0e990e19183017b223abf670692[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Tue Dec 06 12:36:01 2022 -0800
committerPaul Crowley <paulcrowley@google.com>Thu Feb 02 13:43:46 2023 -0800
treee0b000ed02d3680637319dab678cff773f5f3f68
parent738650d918a13b8a333f7a67569b99bc9d253527 [diff]
Fix insider attack resistance on headless devices

On HSUM devices where the main user is a permanent admin, we want to
entrust the vendor auth secret only to full users. We generate the
secret when the main user is created, and store it on disk encrypted
using their SP. We also store it in memory so that when each user is
created they can get their own encrypted copy on disk.

Bug: 258560859
Test: atest com.android.server.locksettings
Test: boot without hsum, check that only user 0 writes auth secret
Test: boot with hsum, check that user 0 does not write auth secret
Test: boot with hsum, check user 10 writes auth secret
Test: boot with hsum, create user 11, check that user writes auth secret
Change-Id: I2b3141a573a4457ade0edd0eb989ec7929be006d
6 files changed
tree: e0b000ed02d3680637319dab678cff773f5f3f68
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc-extras/
  23. obex/
  24. omapi/
  25. opengl/
  26. packages/
  27. proto/
  28. rs/
  29. samples/
  30. sax/
  31. services/
  32. startop/
  33. telecomm/
  34. telephony/
  35. test-base/
  36. test-legacy/
  37. test-mock/
  38. test-runner/
  39. tests/
  40. tools/
  41. wifi/
  42. .clang-format
  43. .gitignore
  44. .mailmap
  45. Android.bp
  46. Android.mk
  47. ApiDocs.bp
  48. BATTERY_STATS_OWNERS
  49. BROADCASTS_OWNERS
  50. CleanSpec.mk
  51. framework-jarjar-rules.txt
  52. GAME_MANAGER_OWNERS
  53. INPUT_OWNERS
  54. lint-baseline.xml
  55. METADATA
  56. MODULE_LICENSE_APACHE2
  57. MULTIUSER_OWNERS
  58. NOTICE
  59. OWNERS
  60. OWNERS.md
  61. PACKAGE_MANAGER_OWNERS
  62. pathmap.mk
  63. PREUPLOAD.cfg
  64. ProtoLibraries.bp
  65. StubLibraries.bp
  66. TEST_MAPPING
  67. TestProtoLibraries.bp
  68. TRACE_OWNERS
  69. WEAR_OWNERS
  70. ZYGOTE_OWNERS