diff options
author | Yo Chiang <yochiang@google.com> | 2020-10-26 05:27:36 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-10-26 05:27:36 +0000 |
commit | cb581cc8de8f5939d8fba6d333defa3cb5189c4d (patch) | |
tree | e86f5af6180cce2ca97cfd0ee01ed95c1a0c9f6e | |
parent | 739ca2c2980014e2131bd6494fe1551f2ae8ed81 (diff) | |
parent | 0af25a3a9857b20f652e96660758632277062c65 (diff) | |
download | vold-cb581cc8de8f5939d8fba6d333defa3cb5189c4d.tar.gz |
Merge "Add IVold::destroyDsuMetadataKey()"
-rw-r--r-- | Android.bp | 1 | ||||
-rw-r--r-- | MetadataCrypt.cpp | 40 | ||||
-rw-r--r-- | MetadataCrypt.h | 2 | ||||
-rw-r--r-- | VoldNativeService.cpp | 7 | ||||
-rw-r--r-- | VoldNativeService.h | 2 | ||||
-rw-r--r-- | binder/android/os/IVold.aidl | 2 |
6 files changed, 54 insertions, 0 deletions
@@ -54,6 +54,7 @@ cc_defaults { "libdiskconfig", "libext4_utils", "libf2fs_sparseblock", + "libgsi", "libhardware", "libhardware_legacy", "libincfs", diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp index 4f35e9a6..59504253 100644 --- a/MetadataCrypt.cpp +++ b/MetadataCrypt.cpp @@ -35,6 +35,7 @@ #include <cutils/fs.h> #include <fs_mgr.h> #include <libdm/dm.h> +#include <libgsi/libgsi.h> #include "Checkpoint.h" #include "CryptoType.h" @@ -352,5 +353,44 @@ bool defaultkey_setup_ext_volume(const std::string& label, const std::string& bl return create_crypto_blk_dev(label, blk_device, key, options, out_crypto_blkdev, &nr_sec); } +bool destroy_dsu_metadata_key(const std::string& dsu_slot) { + LOG(DEBUG) << "destroy_dsu_metadata_key: " << dsu_slot; + + const auto dsu_metadata_key_dir = android::gsi::GetDsuMetadataKeyDir(dsu_slot); + if (!pathExists(dsu_metadata_key_dir)) { + LOG(DEBUG) << "DSU metadata_key_dir doesn't exist, nothing to remove: " + << dsu_metadata_key_dir; + return true; + } + + // Ensure that the DSU key directory is different from the host OS'. + // Under normal circumstances, this should never happen, but handle it just in case. + if (auto data_rec = GetEntryForMountPoint(&fstab_default, "/data")) { + if (dsu_metadata_key_dir == data_rec->metadata_key_dir) { + LOG(ERROR) << "DSU metadata_key_dir is same as host OS: " << dsu_metadata_key_dir; + return false; + } + } + + bool ok = true; + for (auto suffix : {"/key", "/tmp"}) { + const auto key_path = dsu_metadata_key_dir + suffix; + if (pathExists(key_path)) { + LOG(DEBUG) << "Destroy key: " << key_path; + if (!android::vold::destroyKey(key_path)) { + LOG(ERROR) << "Failed to destroyKey(): " << key_path; + ok = false; + } + } + } + if (!ok) { + return false; + } + + LOG(DEBUG) << "Remove DSU metadata_key_dir: " << dsu_metadata_key_dir; + // DeleteDirContentsAndDir() already logged any error, so don't log repeatedly. + return android::vold::DeleteDirContentsAndDir(dsu_metadata_key_dir) == android::OK; +} + } // namespace vold } // namespace android diff --git a/MetadataCrypt.h b/MetadataCrypt.h index dc68e7ce..7341a086 100644 --- a/MetadataCrypt.h +++ b/MetadataCrypt.h @@ -34,6 +34,8 @@ bool defaultkey_setup_ext_volume(const std::string& label, const std::string& bl const android::vold::KeyBuffer& key, std::string* out_crypto_blkdev); +bool destroy_dsu_metadata_key(const std::string& dsu_slot); + } // namespace vold } // namespace android #endif diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp index d310acd6..3fb4e65b 100644 --- a/VoldNativeService.cpp +++ b/VoldNativeService.cpp @@ -950,5 +950,12 @@ binder::Status VoldNativeService::bindMount(const std::string& sourceDir, return translate(incfs::bindMount(sourceDir, targetDir)); } +binder::Status VoldNativeService::destroyDsuMetadataKey(const std::string& dsuSlot) { + ENFORCE_SYSTEM_OR_ROOT; + ACQUIRE_LOCK; + + return translateBool(destroy_dsu_metadata_key(dsuSlot)); +} + } // namespace vold } // namespace android diff --git a/VoldNativeService.h b/VoldNativeService.h index f10bf5f0..9914879d 100644 --- a/VoldNativeService.h +++ b/VoldNativeService.h @@ -159,6 +159,8 @@ class VoldNativeService : public BinderService<VoldNativeService>, public os::Bn const ::android::os::incremental::IncrementalFileSystemControlParcel& control, bool enableReadLogs) override; binder::Status bindMount(const std::string& sourceDir, const std::string& targetDir) override; + + binder::Status destroyDsuMetadataKey(const std::string& dsuSlot) override; }; } // namespace vold diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl index 61e1e543..1d6225f0 100644 --- a/binder/android/os/IVold.aidl +++ b/binder/android/os/IVold.aidl @@ -139,6 +139,8 @@ interface IVold { void setIncFsMountOptions(in IncrementalFileSystemControlParcel control, boolean enableReadLogs); void bindMount(@utf8InCpp String sourceDir, @utf8InCpp String targetDir); + void destroyDsuMetadataKey(@utf8InCpp String dsuSlot); + const int ENCRYPTION_FLAG_NO_UI = 4; const int ENCRYPTION_STATE_NONE = 1; |