From 1f08091aea005c86612e5900ab213670956e9492 Mon Sep 17 00:00:00 2001
From: Yo Chiang <yochiang@google.com>
Date: Wed, 7 Oct 2020 17:29:57 +0800
Subject: Destroy DSU metadata encryption key when wiping an installation

Call IVold::destroyDsuMetadataKey() to destroy the old key.
This ensures that wiping and reinstalling a DSU system would generate
different metadata encryption keys, albeit using the same key dir.

Bug: 168571434
Test: 1. Install a DSU system.
  2. Boot the DSU system and reboot back to the host system.
  3. Wipe the DSU installation.
  4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
     destroyed.
Change-Id: I5b66c6ac440f857a7bb22341d5dc70480a4075b2
---
 Android.bp      |  1 +
 gsi_service.cpp | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/Android.bp b/Android.bp
index 1e9d3a6..8e3acaa 100644
--- a/Android.bp
+++ b/Android.bp
@@ -99,6 +99,7 @@ cc_binary {
         "liblp",
         "libutils",
         "libc++fs",
+        "libvold_binder",
     ],
     target: {
         android: {
diff --git a/gsi_service.cpp b/gsi_service.cpp
index 3c875f8..41b8811 100644
--- a/gsi_service.cpp
+++ b/gsi_service.cpp
@@ -32,6 +32,8 @@
 #include <android-base/strings.h>
 #include <android/gsi/BnImageService.h>
 #include <android/gsi/IGsiService.h>
+#include <android/os/IVold.h>
+#include <binder/IServiceManager.h>
 #include <binder/LazyServiceRegistrar.h>
 #include <ext4_utils/ext4_utils.h>
 #include <fs_mgr.h>
@@ -171,6 +173,18 @@ binder::Status GsiService::createPartition(const ::std::string& name, int64_t si
     if (size == 0 && name == "userdata") {
         size = kDefaultUserdataSize;
     }
+
+    if (name == "userdata") {
+        auto dsu_slot = GetDsuSlot(install_dir_);
+        auto key_dir = DefaultDsuMetadataKeyDir(dsu_slot);
+        auto key_dir_file = DsuMetadataKeyDirFile(dsu_slot);
+        if (!android::base::WriteStringToFile(key_dir, key_dir_file)) {
+            PLOG(ERROR) << "write failed: " << key_dir_file;
+            *_aidl_return = INSTALL_ERROR_GENERIC;
+            return binder::Status::ok();
+        }
+    }
+
     installer_ = std::make_unique<PartitionInstaller>(this, install_dir_, name,
                                                       GetDsuSlot(install_dir_), size, readOnly);
     progress_ = {};
@@ -891,6 +905,10 @@ int GsiService::ReenableGsi(bool one_shot) {
     return IGsiService::INSTALL_OK;
 }
 
+static android::sp<android::os::IVold> GetVoldService() {
+    return android::waitForService<android::os::IVold>(android::String16("vold"));
+}
+
 bool GsiService::RemoveGsiFiles(const std::string& install_dir) {
     bool ok = true;
     auto active_dsu = GetDsuSlot(install_dir);
@@ -920,6 +938,22 @@ bool GsiService::RemoveGsiFiles(const std::string& install_dir) {
             ok = false;
         }
     }
+    if (auto vold = GetVoldService()) {
+        auto status = vold->destroyDsuMetadataKey(dsu_slot);
+        if (status.isOk()) {
+            std::string message;
+            if (!RemoveFileIfExists(DsuMetadataKeyDirFile(dsu_slot), &message)) {
+                LOG(ERROR) << message;
+                ok = false;
+            }
+        } else {
+            LOG(ERROR) << "Failed to destroy DSU metadata encryption key.";
+            ok = false;
+        }
+    } else {
+        LOG(ERROR) << "Failed to retrieve vold service.";
+        ok = false;
+    }
     if (ok) {
         SetProperty(kGsiInstalledProp, "0");
     }
-- 
cgit v1.2.3