Initialize /dev/urandom earlier in boot.

It's a security best practice to carry entropy across reboots. (see "man 4 random"). Currently, entropy saving and mixing occur in the system_server, via the EntropyMixer code. Unfortunately, the EntropyMixer code runs fairly late in the boot process, which means early boot doesn't have high quality entropy. This has caused security problems in the past. Load entropy data as soon as we can in the early boot process, so that we can get /dev/random / /dev/urandom into a "random" state earlier. Bug: 9983133 Change-Id: Id4a6f39e9060f30fe7497bd8f8085a9bec851e80
author: Nick Kralevich 2013-09-17 18:18:23 -0500
committer: Nick Kralevich 2013-09-18 09:53:51 -0500
commit: b410eb19130cf1eca158a672bba8f515e7627f11 (patch)
tree: 86bea1774e2ac5f1199b8733966985e88c2a6150
parent: 5535b05120fa3fd3d68a09e01284aba35cc6e058 (diff)
download: platform-system-core-b410eb19130cf1eca158a672bba8f515e7627f11.tar.gz
platform-system-core-b410eb19130cf1eca158a672bba8f515e7627f11.tar.xz
platform-system-core-b410eb19130cf1eca158a672bba8f515e7627f11.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 19ab6cc7e..be74f6fc2 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -177,6 +177,9 @@ on post-fs-data
    # We restorecon /data in case the userdata partition has been reset.
    restorecon /data
+    # Avoid predictable entropy pool. Carry over entropy from previous boot.
+    copy /data/system/entropy.dat /dev/urandom
    # Create dump dir and collect dumps.
    # Do this before we mount cache so eventually we can use cache for
    # storing dumps on platforms which do not have a dedicated dump partition.
author	Nick Kralevich	2013-09-17 18:18:23 -0500
committer	Nick Kralevich	2013-09-18 09:53:51 -0500
commit	b410eb19130cf1eca158a672bba8f515e7627f11 (patch)
tree	86bea1774e2ac5f1199b8733966985e88c2a6150
parent	5535b05120fa3fd3d68a09e01284aba35cc6e058 (diff)
download	platform-system-core-b410eb19130cf1eca158a672bba8f515e7627f11.tar.gz platform-system-core-b410eb19130cf1eca158a672bba8f515e7627f11.tar.xz platform-system-core-b410eb19130cf1eca158a672bba8f515e7627f11.zip

diff --git a/rootdir/init.rc b/rootdir/init.rc index 19ab6cc7e..be74f6fc2 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc
@@ -177,6 +177,9 @@ on post-fs-data
177	# We restorecon /data in case the userdata partition has been reset.	177	# We restorecon /data in case the userdata partition has been reset.
178	restorecon /data	178	restorecon /data
179		179
		180	# Avoid predictable entropy pool. Carry over entropy from previous boot.
		181	copy /data/system/entropy.dat /dev/urandom
		182
180	# Create dump dir and collect dumps.	183	# Create dump dir and collect dumps.
181	# Do this before we mount cache so eventually we can use cache for	184	# Do this before we mount cache so eventually we can use cache for
182	# storing dumps on platforms which do not have a dedicated dump partition.	185	# storing dumps on platforms which do not have a dedicated dump partition.