diff options
| author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2019-06-09 16:02:02 +0200 |
|---|---|---|
| committer | Joonas Kylmälä <joonas.kylmala@iki.fi> | 2020-06-25 07:57:45 -0400 |
| commit | c92720b38d68913f61f1419c8bf910a09aba9e1d (patch) | |
| tree | 3e21340861a19bdd1c08c219b94a51949f2958f7 /watchdogd | |
| parent | 75afa19b3a854d09ee0f5c59862b33514d206cf4 (diff) | |
| download | system_core-c92720b38d68913f61f1419c8bf910a09aba9e1d.tar.gz system_core-c92720b38d68913f61f1419c8bf910a09aba9e1d.tar.bz2 system_core-c92720b38d68913f61f1419c8bf910a09aba9e1d.zip | |
HACK: gatekeeperd: force software imeplementation
Without that hack, IGatekeeper::getService() will try to get
a service implementing the Gatekeeper HAL. The HAL is supposed
to talk to a component that resides in a Trusted Execution
Environment (TEE) such as MobiCore.
On many Android device, the Trusted Execution Environment
is not free software, nor under the control of the user, so it
cannot be trusted by the user, and in fact it's better, if possible,
to make sure that it does not to run at all in that case.
Because of that the proper fix would be either to implement
a Gatekeeper HAL that would not depend on nonfree software that
cannot be trusted.
This could for instance be implemented by:
* Using a simple software implementation.
* Using the linux kernel keyring for that which can
provide good resilience against userspace trying to get key
material. See man 7 keyrings for more information on that.
* Have a free software Trusted Execution Environment like
Google's Trusty or other implementations.
See the following documentation for more background information:
https://source.android.com/security/authentication/gatekeeper
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Rebased and adapted for Replicant 10
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Diffstat (limited to 'watchdogd')
0 files changed, 0 insertions, 0 deletions