Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eed1312a authored by Howard Chen's avatar Howard Chen
Browse files

Corrupt the PersistentDataBlock payload explicitly in factory reset 

The current formatPartitionLocked only sets the data length to zero and
leave the payload unchanged. If the client side ignores the header and
read the payload directly, it still has the chance to read old data.
This CL corrupts the payload explicitly in formatPartitionLocked.

Bug: 185369514
Test: \
  1. Flash device, wipe
  2. Go through SUW with a google account. Set a PIN.
  3. Factory Reset through Settings.
  4. In SUW, when setting up an account (or copy from an old device),
     it should not ask for the previous PIN.

Merged-In: Ib60c68e3e91a4f0a7fd4e86b462091995bbe4fe2
Change-Id: Ib60c68e3e91a4f0a7fd4e86b462091995bbe4fe2
parent bd5c79d2

services/core/java/com/android/server/PersistentDataBlockService.java

+6 −3
Original line number Diff line number Diff line
@@ -39,11 +39,9 @@ import com.android.internal.annotations.GuardedBy; 
import libcore.io.IoUtils;



import java.io.DataInputStream;

import java.io.DataOutputStream;

import java.io.File;

import java.io.FileInputStream;

import java.io.FileNotFoundException;

import java.io.FileOutputStream;

import java.io.IOException;

import java.io.RandomAccessFile;

import java.nio.ByteBuffer;
@@ -377,11 +375,16 @@ public class PersistentDataBlockService extends SystemService { 


        try {

            FileChannel channel = getBlockOutputChannel();

            ByteBuffer buf = ByteBuffer.allocate(DIGEST_SIZE_BYTES + HEADER_SIZE);

            int header_size = DIGEST_SIZE_BYTES + HEADER_SIZE;

            ByteBuffer buf = ByteBuffer.allocate(header_size);

            buf.put(new byte[DIGEST_SIZE_BYTES]);

            buf.putInt(PARTITION_TYPE_MARKER);

            buf.putInt(0);

            channel.write(buf);

            // corrupt the payload explicitly

            int payload_size = (int) getBlockDeviceSize() - header_size;

            buf = ByteBuffer.allocate(payload_size);

            channel.write(buf);

            channel.force(true);

        } catch (IOException e) {

            Slog.e(TAG, "failed to format block", e);