Initialize /dev/urandom earlier in boot. It's a security best practice to carry entropy across reboots. (see "man 4 random"). Currently, entropy saving and mixing occur in the system_server, via the EntropyMixer code. Unfortunately, the EntropyMixer code runs fairly late in the boot process, which means early boot doesn't have high quality entropy. This has caused security problems in the past. Load entropy data as soon as we can in the early boot process, so that we can get /dev/random / /dev/urandom into a "random" state earlier. Bug: 9983133 Change-Id: Id4a6f39e9060f30fe7497bd8f8085a9bec851e80

commit: b410eb19130cf1eca158a672bba8f515e7627f11 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Tue Sep 17 16:18:23 2013 -0700
committer: Nick Kralevich <nnk@google.com> Wed Sep 18 07:53:51 2013 -0700
tree: 86bea1774e2ac5f1199b8733966985e88c2a6150
parent: 5535b05120fa3fd3d68a09e01284aba35cc6e058 [diff]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 19ab6cc..be74f6f 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -177,6 +177,9 @@
     # We restorecon /data in case the userdata partition has been reset.
     restorecon /data
 
+    # Avoid predictable entropy pool. Carry over entropy from previous boot.
+    copy /data/system/entropy.dat /dev/urandom
+
     # Create dump dir and collect dumps.
     # Do this before we mount cache so eventually we can use cache for
     # storing dumps on platforms which do not have a dedicated dump partition.
commit	b410eb19130cf1eca158a672bba8f515e7627f11	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Tue Sep 17 16:18:23 2013 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Sep 18 07:53:51 2013 -0700
tree	86bea1774e2ac5f1199b8733966985e88c2a6150
parent	5535b05120fa3fd3d68a09e01284aba35cc6e058 [diff]