Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 171217cb authored by Eric Biggers's avatar Eric Biggers
Browse files

With native FBE, lock user directories when framework is started 

If the framework is restarted, the user must unlock their device in the
same way as after a reboot.  But with FBE, vold was never told to lock
the credential-encrypted storage directories, so any that were unlocked
at the time the framework stopped remain unlocked, i.e. their keys are
still in the kernel.  This is unexpected and differs from a reboot.

Fix this by locking all user directories when the framework is started.
This was already done for emulated FBE, but this change extends it to
native FBE too.

Test: Unlock device with PIN.  Then in adb shell: 'stop; start;
      sleep 10; ls /data/data/' shows filenames in ciphertext form.
Change-Id: If993d93d9837b09ff8029642f8641dec69af04e0
parent 1279c3ff
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment