Add spblob decrypt for secdis method (Pixel 1 non-weaver) Support decrypting Pixel 1 devices using secdis method with the gatekeeper instead of weaver. Add a bit of a dirty workaround to a permissions issue that the keystore presents because the keystore checks the uid of the calling process and refuses to let the root user add authorization tokens. We write the auth token to a file and start a separate service that runs under the system user. The service reads the token from the file and adds it to the keystore. You must define this service in your init.recovery.{hardware}.rc file: service keystore_auth /sbin/keystore_auth disabled oneshot user system group root seclabel u:r:recovery:s0 TWRP will run this service when needed. Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772

commit: e131bec179826431b7b89e4748ae05e8a4262145 [log] [tgz]
author: Ethan Yonker <dees_troy@teamw.in> Fri Dec 15 23:48:02 2017 -0600
committer: Ethan Yonker <dees_troy@teamw.in> Thu Jan 04 07:40:22 2018 -0600
tree: 6d03dc4ffe679f642438fc9451dffdc57d4055fe
parent: ecbd3e8ba9d84eca9d4fdea9b24717364f81a668 [diff] [blame]
diff --git a/crypto/ext4crypt/HashPassword.h b/crypto/ext4crypt/HashPassword.h
index 8abd0de..4be107b 100644
--- a/crypto/ext4crypt/HashPassword.h
+++ b/crypto/ext4crypt/HashPassword.h

@@ -24,6 +24,8 @@
 #define PERSONALISATION_WEAVER_PASSWORD "weaver-pwd"
 #define PERSONALISATION_APPLICATION_ID "application-id"
 #define PERSONALIZATION_FBE_KEY "fbe-key"
+#define PERSONALIZATION_USER_GK_AUTH "user-gk-authentication"
+#define PERSONALISATION_SECDISCARDABLE "secdiscardable-transform"
 
 void* PersonalizedHashBinary(const char* prefix, const char* key, const size_t key_size);
commit	e131bec179826431b7b89e4748ae05e8a4262145	[log] [tgz]
author	Ethan Yonker <dees_troy@teamw.in>	Fri Dec 15 23:48:02 2017 -0600
committer	Ethan Yonker <dees_troy@teamw.in>	Thu Jan 04 07:40:22 2018 -0600
tree	6d03dc4ffe679f642438fc9451dffdc57d4055fe
parent	ecbd3e8ba9d84eca9d4fdea9b24717364f81a668 [diff] [blame]