Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aeb86cdc authored by Nikolay Elenkov's avatar Nikolay Elenkov
Browse files

Call ISecretKeeper.deleteAll() from deleteSecrets() 

deleteSecrets() is called from rebootRecoveryWithCommand () before the
--wipe_data command is passed to recovery and the device is
force-rebooted.

Calling ISecretkeeper.deleteAll() destroys all secrets managed by
secretkeeper, thus ensuring that they are unrecoverable even if the full
data wipe in recovery is interrupted or skipped.

Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
Test: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...'

Change-Id: I4c1c6615c0877d447d06ae45dd8ff86f7f14685a
parent 0d000318

services/core/Android.bp

+2 −0
Original line number Diff line number Diff line
@@ -169,7 +169,9 @@ java_library_static { 
        "android.hardware.health-V3-java", // AIDL

        "android.hardware.health-translate-java",

        "android.hardware.light-V1-java",

        "android.hardware.security.authgraph-V1-java",

        "android.hardware.security.rkp-V3-java",

        "android.hardware.security.secretkeeper-V1-java",

        "android.hardware.tv.cec-V1.1-java",

        "android.hardware.tv.hdmi.cec-V1-java",

        "android.hardware.tv.hdmi.connection-V1-java",

services/core/java/com/android/server/recoverysystem/RecoverySystemService.java

+24 −0
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ import static com.android.internal.widget.LockSettingsInternal.ARM_REBOOT_ERROR_ 
import static com.android.internal.widget.LockSettingsInternal.ARM_REBOOT_ERROR_NO_PROVIDER;



import android.annotation.IntDef;

import android.annotation.Nullable;

import android.apex.CompressedApexInfo;

import android.apex.CompressedApexInfoList;

import android.content.Context;
@@ -37,6 +38,7 @@ import android.content.IntentSender; 
import android.content.SharedPreferences;

import android.content.pm.PackageManager;

import android.hardware.boot.IBootControl;

import android.hardware.security.secretkeeper.ISecretkeeper;

import android.net.LocalSocket;

import android.net.LocalSocketAddress;

import android.os.Binder;
@@ -552,6 +554,28 @@ public class RecoverySystemService extends IRecoverySystem.Stub implements Reboo 
        } catch (android.security.KeyStoreException e) {

            Log.wtf(TAG, "Failed to delete all keys from keystore.", e);

        }



        try {

            ISecretkeeper secretKeeper = getSecretKeeper();

            if (secretKeeper != null) {

                Slogf.i(TAG, "ISecretkeeper.deleteAll();");

                secretKeeper.deleteAll();

            }

        } catch (RemoteException e) {

            Log.wtf(TAG, "Failed to delete all secrets from secretkeeper.", e);

        }

    }



    private static @Nullable ISecretkeeper getSecretKeeper() {

        ISecretkeeper result = null;

        try {

            result = ISecretkeeper.Stub.asInterface(

                ServiceManager.waitForDeclaredService(ISecretkeeper.DESCRIPTOR + "/default"));

        } catch (SecurityException e) {

            Slog.w(TAG, "Does not have permissions to get AIDL secretkeeper service");

        }



        return result;

    }



    private void enforcePermissionForResumeOnReboot() {