diff options
author | Ellen Arteca <emarteca@google.com> | 2024-03-12 17:38:48 +0000 |
---|---|---|
committer | Ellen Arteca <emarteca@google.com> | 2024-03-21 23:12:18 +0000 |
commit | da1d160074b90eb349d058321bad5175a2f90824 (patch) | |
tree | 070553bb3d778a7cecae50a6fcac8af05994b995 | |
parent | 300df5a5d843402b675a8e8ab873b1794cd332a0 (diff) | |
download | vold-da1d160074b90eb349d058321bad5175a2f90824.tar.gz |
Add @SensitiveData tag to IVold
Mitigate data leak across the Binder boundary to Vold, of secrets derived from the LSKF.
Specifically: the `String secret` argument to both `setCeStorageProtection` and `unlockCeStorage` is
a secret derived from the user's synthetic password.
This CL is part of an effort to wipe instances of the LSKF and
secrets derived from it, so they are not available in a RAMdump.
Bug: 320392352
Test: launch_cvd -daemon
Change-Id: I0439f63fd4739bf5a6c957695cc9c3003ec89eb0
-rw-r--r-- | binder/android/os/IVold.aidl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl index d121dee3..dfccc004 100644 --- a/binder/android/os/IVold.aidl +++ b/binder/android/os/IVold.aidl @@ -22,6 +22,7 @@ import android.os.IVoldMountCallback; import android.os.IVoldTaskListener; /** {@hide} */ +@SensitiveData interface IVold { void setListener(IVoldListener listener); |