commit faeb3eb0ba190e6d6cfe2b82ce20af587848de57
author Paul Crowley <paulcrowley@google.com> Mon Feb 08 15:58:29 2016 +0000
committer Paul Crowley <paulcrowley@google.com> Mon Feb 08 15:58:29 2016 +0000
tree eb611cc0e57ef8467dfd575dc6a0d274f98d7277
parent e64f3da729ae6a00fb627f00b8a97e7c5feb8bcb

Password security for FBE disk encryption keys

Add the means to protect FBE keys with a combination of an auth token
from Gatekeeper, and a hash of the password. Both of these must be
passed to unlock_user_key. Keys are created unprotected, and
change_user_key changes the way they are protected.

Bug: 22950892
Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30

services/core/java/com/android/server/am/UserController.java

diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index 2f63b2d3..a355fa4 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -783,7 +783,7 @@
         return result;
     }
 
-    boolean unlockUser(final int userId, byte[] token) {
+    boolean unlockUser(final int userId, byte[] token, byte[] secret) {
         if (mService.checkCallingPermission(INTERACT_ACROSS_USERS_FULL)
                 != PackageManager.PERMISSION_GRANTED) {
             String msg = "Permission Denial: unlockUser() from pid="
@@ -796,7 +796,7 @@
 
         final long binderToken = Binder.clearCallingIdentity();
         try {
-            return unlockUserCleared(userId, token);
+            return unlockUserCleared(userId, token, secret);
         } finally {
             Binder.restoreCallingIdentity(binderToken);
         }
@@ -810,10 +810,10 @@
      */
     boolean maybeUnlockUser(final int userId) {
         // Try unlocking storage using empty token
-        return unlockUserCleared(userId, null);
+        return unlockUserCleared(userId, null, null);
     }
 
-    boolean unlockUserCleared(final int userId, byte[] token) {
+    boolean unlockUserCleared(final int userId, byte[] token, byte[] secret) {
         synchronized (mService) {
             // Bail if already running unlocked
             final UserState uss = mStartedUsers.get(userId);
@@ -824,7 +824,7 @@
             final UserInfo userInfo = getUserInfo(userId);
             final IMountService mountService = getMountService();
             try {
-                mountService.unlockUserKey(userId, userInfo.serialNumber, token);
+                mountService.unlockUserKey(userId, userInfo.serialNumber, token, secret);
             } catch (RemoteException | RuntimeException e) {
                 Slog.w(TAG, "Failed to unlock: " + e.getMessage());
                 return false;