Merge "RESTRICT AUTOMERGE Delete keystore keys from...

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.ServiceSpecificException;

import android.os.StrictMode;

import android.security.maintenance.IKeystoreMaintenance;

import android.system.keystore2.Domain;

import android.system.keystore2.KeyDescriptor;

            return SYSTEM_ERROR;

        }

    }

    /**

    * Deletes all keys in all KeyMint devices.

    * Called by RecoverySystem before rebooting to recovery in order to delete all KeyMint keys,

    * including synthetic password protector keys (used by LockSettingsService), as well as keys

    * protecting DE and metadata encryption keys (used by vold). This ensures that FBE-encrypted

    * data is unrecoverable even if the data wipe in recovery is interrupted or skipped.

    */

    public static void deleteAllKeys() throws KeyStoreException {

        StrictMode.noteDiskWrite();

        try {

            getService().deleteAllKeys();

        } catch (RemoteException | NullPointerException e) {

            throw new KeyStoreException(SYSTEM_ERROR,

                    "Failure to connect to Keystore while trying to delete all keys.");

        } catch (ServiceSpecificException e) {

            throw new KeyStoreException(e.errorCode,

                    "Keystore error while trying to delete all keys.");

        }

    }

}

import android.os.SystemProperties;

import android.provider.DeviceConfig;

import android.sysprop.ApexProperties;

import android.security.AndroidKeyStoreMaintenance;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.FastImmutableArraySet;

import com.android.server.LocalServices;

import com.android.server.SystemService;

import com.android.server.pm.ApexManager;

import com.android.server.utils.Slogf;

import libcore.io.IoUtils;

    static final String LSKF_CAPTURED_TIMESTAMP_PREF = "lskf_captured_timestamp";

    static final String LSKF_CAPTURED_COUNT_PREF = "lskf_captured_count";

    static final String RECOVERY_WIPE_DATA_COMMAND = "--wipe_data";

    private final Injector mInjector;

    private final Context mContext;

    @Override // Binder call

    public void rebootRecoveryWithCommand(String command) {

        if (DEBUG) Slog.d(TAG, "rebootRecoveryWithCommand: [" + command + "]");

        boolean isForcedWipe = command != null && command.contains(RECOVERY_WIPE_DATA_COMMAND);

        synchronized (sRequestLock) {

            if (!setupOrClearBcb(true, command)) {

                return;

            }

            if (isForcedWipe) {

                deleteSecrets();

            }

            // Having set up the BCB, go ahead and reboot.

            PowerManager pm = mInjector.getPowerManager();

            pm.reboot(PowerManager.REBOOT_RECOVERY);

        }

    }

    private static void deleteSecrets() {

        Slogf.w(TAG, "deleteSecrets");

        try {

            AndroidKeyStoreMaintenance.deleteAllKeys();

        } catch (android.security.KeyStoreException e) {

            Log.wtf(TAG, "Failed to delete all keys from keystore.", e);

        }

    }

    private void enforcePermissionForResumeOnReboot() {

        if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.RECOVERY)

                != PackageManager.PERMISSION_GRANTED