[guardian-dev] developer sneak peak: CacheWord

Hans-Christoph Steiner hans at guardianproject.info
Tue Mar 26 13:06:47 EDT 2013



On 03/20/2013 12:14 PM, Mark Murphy wrote:
> On Wed, Mar 20, 2013 at 2:54 PM, Abel Luck <abel at guardianproject.info> wrote:
>> I want to be able to perform zeroization on the cached data fields
>> before my process is terminated, which is one benefit to using the Alarm
>> Manager like I currently am.
> 
> Not really. Your process will be terminated with or without
> AlarmManager. All you are doing with AlarmManager is creating
> *another* process, if the first one was terminated.
> 
>> But it sounds like a ScheduledExecutorService will not give me the
>> opportunity to run this wiping code.
> 
> Nothing at the SDK level gives you the opportunity to run this wiping
> code, if the process terminates before your timeout. Bear in mind that
> many things can trigger your process to be terminated, including the
> user running a task killer, or even just swiping you off the
> recent-tasks list on Android 4.0+.
> 
>> I realize there is no POSIX/Linux facility for "run some code before
>> your pid is terminated by the kernel" (aside from catching SIGTERM perhaps)
> 
> It's conceivable that you could catch SIGTERM in the NDK layer, though
> the state of the VM at this point is indeterminate. I haven't tried
> that or run into any discussions about that approach.
> 
> If you absolutely have to have "zeroization" (which, BTW, is an
> awesome nounification of a noun you previously verbified!), you could
> see if SIGTERM can be caught at the NDK level, and then maintain your
> credentials in native code instead of in the Dalvik VM.


SIGTERM in UNIX is meant for exactly this: it is sent to a process
*requesting* it to terminate.  SIGKILL terminates the process and is not a
request.


Can't the zeroization be done in the service's onDestroy() to guarantee that
it is run?

.hc


More information about the Guardian-dev mailing list