PawletOS/android_bootable_recovery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a82a754bbeb49b2d44fa25d5abd64a3c3f4e9ae0
android_bootable_recovery/crypto/ext4crypt/HashPassword.h
Ethan Yonker e131bec179 Add spblob decrypt for secdis method (Pixel 1 non-weaver) 
Support decrypting Pixel 1 devices using secdis method with the
gatekeeper instead of weaver.

Add a bit of a dirty workaround to a permissions issue that the
keystore presents because the keystore checks the uid of the
calling process and refuses to let the root user add authorization
tokens. We write the auth token to a file and start a separate
service that runs under the system user. The service reads the
token from the file and adds it to the keystore. You must define
this service in your init.recovery.{hardware}.rc file:

service keystore_auth /sbin/keystore_auth
    disabled
    oneshot
    user system
    group root
    seclabel u:r:recovery:s0

TWRP will run this service when needed.

Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772
2018-01-04 07:40:22 -06:00

37 lines
1.4 KiB
C++
Raw Blame History

/*
* Copyright (C) 2016 Team Win Recovery Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __HASH_PASSWORD_H
#define __HASH_PASSWORD_H
#include <string>
#define FBE_PERSONALIZATION "Android FBE credential hash"
#define PERSONALISATION_WEAVER_KEY "weaver-key"
#define PERSONALISATION_WEAVER_PASSWORD "weaver-pwd"
#define PERSONALISATION_APPLICATION_ID "application-id"
#define PERSONALIZATION_FBE_KEY "fbe-key"
#define PERSONALIZATION_USER_GK_AUTH "user-gk-authentication"
#define PERSONALISATION_SECDISCARDABLE "secdiscardable-transform"
void* PersonalizedHashBinary(const char* prefix, const char* key, const size_t key_size);
std::string PersonalizedHash(const char* prefix, const char* key, const size_t key_size);
std::string PersonalizedHash(const char* prefix, const std::string& Password);
std::string HashPassword(const std::string& Password);
#endif
Reference in New Issue View Git Blame Copy Permalink