Password security for FBE disk encryption keys
Add the means to protect FBE keys with a combination of an auth token
from Gatekeeper, and a hash of the password. Both of these must be
passed to unlock_user_key. Keys are created unprotected, and
change_user_key changes the way they are protected.
Bug: 22950892
Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30
diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index 2f63b2d3..a355fa4 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -783,7 +783,7 @@
return result;
}
- boolean unlockUser(final int userId, byte[] token) {
+ boolean unlockUser(final int userId, byte[] token, byte[] secret) {
if (mService.checkCallingPermission(INTERACT_ACROSS_USERS_FULL)
!= PackageManager.PERMISSION_GRANTED) {
String msg = "Permission Denial: unlockUser() from pid="
@@ -796,7 +796,7 @@
final long binderToken = Binder.clearCallingIdentity();
try {
- return unlockUserCleared(userId, token);
+ return unlockUserCleared(userId, token, secret);
} finally {
Binder.restoreCallingIdentity(binderToken);
}
@@ -810,10 +810,10 @@
*/
boolean maybeUnlockUser(final int userId) {
// Try unlocking storage using empty token
- return unlockUserCleared(userId, null);
+ return unlockUserCleared(userId, null, null);
}
- boolean unlockUserCleared(final int userId, byte[] token) {
+ boolean unlockUserCleared(final int userId, byte[] token, byte[] secret) {
synchronized (mService) {
// Bail if already running unlocked
final UserState uss = mStartedUsers.get(userId);
@@ -824,7 +824,7 @@
final UserInfo userInfo = getUserInfo(userId);
final IMountService mountService = getMountService();
try {
- mountService.unlockUserKey(userId, userInfo.serialNumber, token);
+ mountService.unlockUserKey(userId, userInfo.serialNumber, token, secret);
} catch (RemoteException | RuntimeException e) {
Slog.w(TAG, "Failed to unlock: " + e.getMessage());
return false;