Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d50f72fe authored by Eric Biggers's avatar Eric Biggers
Browse files

Always set CE key protection in migrateUserToSpWithBoundKeysLocked() 

The conditions for skipping setCeStorageProtection() in
migrateUserToSpWithBoundKeysLocked() have been causing some confusion.
They exist only to avoid some misleading log messages from vold during
this migration.  Let's just remove these conditions and run
setCeStorageProtection() unconditionally, like what is already done for
initUserSuperKeys().  I will try to improve the log messages in vold.

Test: Upgraded a device from UQ1A to main with this CL
Flag: EXEMPT should only affect log messages.
Change-Id: I30b74162bc36c5e4fc614fe64d05c8b3bf19e73c
parent 7d00da34

services/core/java/com/android/server/locksettings/LockSettingsService.java

+6 −11
Original line number Diff line number Diff line
@@ -253,10 +253,10 @@ public class LockSettingsService extends ILockSettings.Stub { 


    private static final String MIGRATED_FRP2 = "migrated_frp2";

    private static final String MIGRATED_KEYSTORE_NS = "migrated_keystore_namespace";

    private static final String MIGRATED_SP_CE_ONLY = "migrated_all_users_to_sp_and_bound_ce";

    private static final String MIGRATED_SP_FULL = "migrated_all_users_to_sp_and_bound_keys";

    private static final String MIGRATED_WEAVER_DISABLED_ON_UNSECURED_USERS =

            "migrated_weaver_disabled_on_unsecured_users";

    // Note: some other migrated_* strings used to be used and may exist in the database already.



    // Duration that LockSettingsService will store the gatekeeper password for. This allows

    // multiple biometric enrollments without prompting the user to enter their password via
@@ -1226,16 +1226,11 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }



        // Call setCeStorageProtection(), to re-encrypt the CE key with the SP if it's currently

        // encrypted by an empty secret.  Skip this if it was definitely already done as part of the

        // upgrade to Android 14, since while setCeStorageProtection() is idempotent it does log

        // some error messages when called again.  Do not skip this if

        // config_disableWeaverOnUnsecuredUsers=true, since in that case we'd like to recover from

        // the case where an earlier upgrade to Android 14 incorrectly skipped this step.

        if (getString(MIGRATED_SP_CE_ONLY, null, 0) == null

                || isWeaverDisabledOnUnsecuredUsers()) {

        // encrypted by an empty secret.  If the CE key is already encrypted by the SP, then this is

        // a no-op except for some log messages.

        Slogf.i(TAG, "Encrypting CE key of user %d with synthetic password", userId);

        setCeStorageProtection(userId, sp);

        }



        Slogf.i(TAG, "Initializing Keystore super keys for user %d", userId);

        initKeystoreSuperKeys(userId, sp, /* allowExisting= */ true);

    }