diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-04-02 11:02:32 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2019-04-02 11:02:32 -0700 |
| commit | 171217cb379a67bbd57790b9118b94cab61ad41c (patch) | |
| tree | ef02e825186a1ea738f3ace2e96b12d57e6c3c3b /tools/aapt2/java/JavaClassGenerator_test.cpp | |
| parent | 1279c3ffe9335b6eff2789b8b8f4848d997ee6ee (diff) | |
With native FBE, lock user directories when framework is started
If the framework is restarted, the user must unlock their device in the
same way as after a reboot. But with FBE, vold was never told to lock
the credential-encrypted storage directories, so any that were unlocked
at the time the framework stopped remain unlocked, i.e. their keys are
still in the kernel. This is unexpected and differs from a reboot.
Fix this by locking all user directories when the framework is started.
This was already done for emulated FBE, but this change extends it to
native FBE too.
Test: Unlock device with PIN. Then in adb shell: 'stop; start;
sleep 10; ls /data/data/' shows filenames in ciphertext form.
Change-Id: If993d93d9837b09ff8029642f8641dec69af04e0
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')
0 files changed, 0 insertions, 0 deletions