Merge "Mitigate LSKF leaks in RecoverableKeyStoreManager" into main

author: Ellen Arteca <emarteca@google.com> 2024-04-25 17:10:56 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2024-04-25 17:10:56 +0000
commit: 4857d7011dead69039771c5b05807615e859fa1c (patch)
tree: 71315bdd0029a04f3018f9302244c6f5801a332d
parent: 548ee3851e394f9eeac1f105904cba9f2a6f2d10 (diff)
parent: 562ea6037ef28ecf7ceae78d22b132aff4f94dfc (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
index e5807e84a70e..54303c01890a 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
@@ -1082,7 +1082,8 @@ public class RecoverableKeyStoreManager {
             int keyguardCredentialsType = lockPatternUtilsToKeyguardType(savedCredentialType);
             try (LockscreenCredential credential =
                     createLockscreenCredential(keyguardCredentialsType, decryptedCredentials)) {
-                // TODO(b/254335492): remove decryptedCredentials
+                Arrays.fill(decryptedCredentials, (byte) 0);
+                decryptedCredentials = null;
                 VerifyCredentialResponse verifyResponse =
                         lockSettingsService.verifyCredential(credential, userId, 0);
                 return handleVerifyCredentialResponse(verifyResponse, userId);
author	Ellen Arteca <emarteca@google.com>	2024-04-25 17:10:56 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2024-04-25 17:10:56 +0000
commit	4857d7011dead69039771c5b05807615e859fa1c (patch)
tree	71315bdd0029a04f3018f9302244c6f5801a332d
parent	548ee3851e394f9eeac1f105904cba9f2a6f2d10 (diff)
parent	562ea6037ef28ecf7ceae78d22b132aff4f94dfc (diff)