diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-08-14 03:09:28 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-08-14 03:09:28 +0000 |
| commit | 4ab9f4dd7b7c8ba0eb9077418aec8f4c91eacfcf (patch) | |
| tree | e8f33c2dd866ade9fbfd2240893bd4251a227ce8 | |
| parent | 7b234ead4e76492f4124bbbffcb9bcbeccad3ecb (diff) | |
| parent | 1566a5bf000ae002529d010012c40801ccf1246d (diff) | |
| download | vold-android12-d1-s4-release.tar.gz | |
Snap for 7641964 from 1566a5bf000ae002529d010012c40801ccf1246d to sc-d1-releaseandroid-12.0.0_r7android-12.0.0_r6android-12.0.0_r5android-12.0.0_r4android-12.0.0_r15android-12.0.0_r14android-12.0.0_r13android-12.0.0_r12android12-d1-s6-releaseandroid12-d1-s5-releaseandroid12-d1-s4-releaseandroid12-d1-s3-releaseandroid12-d1-s2-releaseandroid12-d1-s1-releaseandroid12-d1-release
Change-Id: Ic18c6c3dc23d123062abfeeb7bc1fcaa271cf7b0
| -rw-r--r-- | Keymaster.cpp | 13 | ||||
| -rw-r--r-- | Keymaster.h | 3 | ||||
| -rw-r--r-- | MetadataCrypt.cpp | 11 |
3 files changed, 27 insertions, 0 deletions
diff --git a/Keymaster.cpp b/Keymaster.cpp index 80386818..23145504 100644 --- a/Keymaster.cpp +++ b/Keymaster.cpp @@ -230,5 +230,18 @@ void Keymaster::earlyBootEnded() { logKeystore2ExceptionIfPresent(rc, "earlyBootEnded"); } +void Keymaster::deleteAllKeys() { + ::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name)); + auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder); + + if (!maint_service) { + LOG(ERROR) << "Unable to connect to keystore2 maintenance service for deleteAllKeys"; + return; + } + + auto rc = maint_service->deleteAllKeys(); + logKeystore2ExceptionIfPresent(rc, "deleteAllKeys"); +} + } // namespace vold } // namespace android diff --git a/Keymaster.h b/Keymaster.h index 1100840b..47bf4a26 100644 --- a/Keymaster.h +++ b/Keymaster.h @@ -127,6 +127,9 @@ class Keymaster { // be created or used. static void earlyBootEnded(); + // Tell all Keymint devices to delete all rollback-protected keys. + static void deleteAllKeys(); + private: std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel; DISALLOW_COPY_AND_ASSIGN(Keymaster); diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp index dc50679e..9038e8d5 100644 --- a/MetadataCrypt.cpp +++ b/MetadataCrypt.cpp @@ -112,6 +112,17 @@ static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& g auto dir = metadata_key_dir + "/key"; LOG(DEBUG) << "metadata_key_dir/key: " << dir; if (!MkdirsSync(dir, 0700)) return false; + if (!pathExists(dir)) { + auto delete_all = android::base::GetBoolProperty( + "ro.crypto.metadata_init_delete_all_keys.enabled", false); + if (delete_all) { + LOG(INFO) << "Metadata key does not exist, calling deleteAllKeys"; + Keymaster::deleteAllKeys(); + } else { + LOG(DEBUG) << "Metadata key does not exist but " + "ro.crypto.metadata_init_delete_all_keys.enabled is false"; + } + } auto temp = metadata_key_dir + "/tmp"; return retrieveOrGenerateKey(dir, temp, kEmptyAuthentication, gen, key); } |