|
|
Support decrypting Pixel 1 devices using secdis method with the
gatekeeper instead of weaver.
Add a bit of a dirty workaround to a permissions issue that the
keystore presents because the keystore checks the uid of the
calling process and refuses to let the root user add authorization
tokens. We write the auth token to a file and start a separate
service that runs under the system user. The service reads the
token from the file and adds it to the keystore. You must define
this service in your init.recovery.{hardware}.rc file:
service keystore_auth /sbin/keystore_auth
disabled
oneshot
user system
group root
seclabel u:r:recovery:s0
TWRP will run this service when needed.
Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772
|
