Merge changes from topic "fbe-wipe-no-reboot" into main am: fd9335cd8f am: 4073ee27ad

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/3008298 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:05b1440e06c84212b4353be7f5cbe97fd1bccafb) Merged-In: Ia6d83f7582ce0d976c857c7318a1f9ed1fe3bae8 Change-Id: Ia6d83f7582ce0d976c857c7318a1f9ed1fe3bae8
author: Nikolay Elenkov <nikolayelenkov@google.com> 2024-04-09 02:20:53 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2024-04-12 21:22:27 +0000
commit: bad78169b11942f408c68700b9ba96833ee82c7d (patch)
tree: ed03300e8550e50689ca8051e7db09bba674626b /keystore
parent: fcac9b6f0c4c25a7dd79eabcc11f047706630b22 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/keystore/java/android/security/AndroidKeyStoreMaintenance.java b/keystore/java/android/security/AndroidKeyStoreMaintenance.java
index 2430e8d8e662..7821102b8459 100644
--- a/keystore/java/android/security/AndroidKeyStoreMaintenance.java
+++ b/keystore/java/android/security/AndroidKeyStoreMaintenance.java
@@ -243,4 +243,24 @@ public class AndroidKeyStoreMaintenance {
                     "Keystore error while trying to get apps affected by SID.");
         }
     }
+
+    /**
+    * Deletes all keys in all KeyMint devices.
+    * Called by RecoverySystem before rebooting to recovery in order to delete all KeyMint keys,
+    * including synthetic password protector keys (used by LockSettingsService), as well as keys
+    * protecting DE and metadata encryption keys (used by vold). This ensures that FBE-encrypted
+    * data is unrecoverable even if the data wipe in recovery is interrupted or skipped.
+    */
+    public static void deleteAllKeys() throws KeyStoreException {
+        StrictMode.noteDiskWrite();
+        try {
+            getService().deleteAllKeys();
+        } catch (RemoteException | NullPointerException e) {
+            throw new KeyStoreException(SYSTEM_ERROR,
+                    "Failure to connect to Keystore while trying to delete all keys.");
+        } catch (ServiceSpecificException e) {
+            throw new KeyStoreException(e.errorCode,
+                    "Keystore error while trying to delete all keys.");
+        }
+    }
 }
author	Nikolay Elenkov <nikolayelenkov@google.com>	2024-04-09 02:20:53 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2024-04-12 21:22:27 +0000
commit	bad78169b11942f408c68700b9ba96833ee82c7d (patch)
tree	ed03300e8550e50689ca8051e7db09bba674626b /keystore
parent	fcac9b6f0c4c25a7dd79eabcc11f047706630b22 (diff)