Merge "Add IVold::destroyDsuMetadataKey()"

author: Yo Chiang <yochiang@google.com> 2020-10-26 05:27:36 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2020-10-26 05:27:36 +0000
commit: cb581cc8de8f5939d8fba6d333defa3cb5189c4d (patch)
tree: e86f5af6180cce2ca97cfd0ee01ed95c1a0c9f6e
parent: 739ca2c2980014e2131bd6494fe1551f2ae8ed81 (diff)
parent: 0af25a3a9857b20f652e96660758632277062c65 (diff)
download: vold-cb581cc8de8f5939d8fba6d333defa3cb5189c4d.tar.gz
6 files changed, 54 insertions, 0 deletions
diff --git a/Android.bp b/Android.bp
index 4852fe41..1c0ed17b 100644
--- a/Android.bp
+++ b/Android.bp
@@ -54,6 +54,7 @@ cc_defaults {
         "libdiskconfig",
         "libext4_utils",
         "libf2fs_sparseblock",
+        "libgsi",
         "libhardware",
         "libhardware_legacy",
         "libincfs",
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 4f35e9a6..59504253 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -35,6 +35,7 @@
 #include <cutils/fs.h>
 #include <fs_mgr.h>
 #include <libdm/dm.h>
+#include <libgsi/libgsi.h>
 
 #include "Checkpoint.h"
 #include "CryptoType.h"
@@ -352,5 +353,44 @@ bool defaultkey_setup_ext_volume(const std::string& label, const std::string& bl
     return create_crypto_blk_dev(label, blk_device, key, options, out_crypto_blkdev, &nr_sec);
 }
 
+bool destroy_dsu_metadata_key(const std::string& dsu_slot) {
+    LOG(DEBUG) << "destroy_dsu_metadata_key: " << dsu_slot;
+
+    const auto dsu_metadata_key_dir = android::gsi::GetDsuMetadataKeyDir(dsu_slot);
+    if (!pathExists(dsu_metadata_key_dir)) {
+        LOG(DEBUG) << "DSU metadata_key_dir doesn't exist, nothing to remove: "
+                   << dsu_metadata_key_dir;
+        return true;
+    }
+
+    // Ensure that the DSU key directory is different from the host OS'.
+    // Under normal circumstances, this should never happen, but handle it just in case.
+    if (auto data_rec = GetEntryForMountPoint(&fstab_default, "/data")) {
+        if (dsu_metadata_key_dir == data_rec->metadata_key_dir) {
+            LOG(ERROR) << "DSU metadata_key_dir is same as host OS: " << dsu_metadata_key_dir;
+            return false;
+        }
+    }
+
+    bool ok = true;
+    for (auto suffix : {"/key", "/tmp"}) {
+        const auto key_path = dsu_metadata_key_dir + suffix;
+        if (pathExists(key_path)) {
+            LOG(DEBUG) << "Destroy key: " << key_path;
+            if (!android::vold::destroyKey(key_path)) {
+                LOG(ERROR) << "Failed to destroyKey(): " << key_path;
+                ok = false;
+            }
+        }
+    }
+    if (!ok) {
+        return false;
+    }
+
+    LOG(DEBUG) << "Remove DSU metadata_key_dir: " << dsu_metadata_key_dir;
+    // DeleteDirContentsAndDir() already logged any error, so don't log repeatedly.
+    return android::vold::DeleteDirContentsAndDir(dsu_metadata_key_dir) == android::OK;
+}
+
 }  // namespace vold
 }  // namespace android
diff --git a/MetadataCrypt.h b/MetadataCrypt.h
index dc68e7ce..7341a086 100644
--- a/MetadataCrypt.h
+++ b/MetadataCrypt.h
@@ -34,6 +34,8 @@ bool defaultkey_setup_ext_volume(const std::string& label, const std::string& bl
                                  const android::vold::KeyBuffer& key,
                                  std::string* out_crypto_blkdev);
 
+bool destroy_dsu_metadata_key(const std::string& dsu_slot);
+
 }  // namespace vold
 }  // namespace android
 #endif
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index d310acd6..3fb4e65b 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -950,5 +950,12 @@ binder::Status VoldNativeService::bindMount(const std::string& sourceDir,
     return translate(incfs::bindMount(sourceDir, targetDir));
 }
 
+binder::Status VoldNativeService::destroyDsuMetadataKey(const std::string& dsuSlot) {
+    ENFORCE_SYSTEM_OR_ROOT;
+    ACQUIRE_LOCK;
+
+    return translateBool(destroy_dsu_metadata_key(dsuSlot));
+}
+
 }  // namespace vold
 }  // namespace android
diff --git a/VoldNativeService.h b/VoldNativeService.h
index f10bf5f0..9914879d 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -159,6 +159,8 @@ class VoldNativeService : public BinderService<VoldNativeService>, public os::Bn
             const ::android::os::incremental::IncrementalFileSystemControlParcel& control,
             bool enableReadLogs) override;
     binder::Status bindMount(const std::string& sourceDir, const std::string& targetDir) override;
+
+    binder::Status destroyDsuMetadataKey(const std::string& dsuSlot) override;
 };
 
 }  // namespace vold
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index 61e1e543..1d6225f0 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -139,6 +139,8 @@ interface IVold {
     void setIncFsMountOptions(in IncrementalFileSystemControlParcel control, boolean enableReadLogs);
     void bindMount(@utf8InCpp String sourceDir, @utf8InCpp String targetDir);
 
+    void destroyDsuMetadataKey(@utf8InCpp String dsuSlot);
+
     const int ENCRYPTION_FLAG_NO_UI = 4;
 
     const int ENCRYPTION_STATE_NONE = 1;
author	Yo Chiang <yochiang@google.com>	2020-10-26 05:27:36 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2020-10-26 05:27:36 +0000
commit	cb581cc8de8f5939d8fba6d333defa3cb5189c4d (patch)
tree	e86f5af6180cce2ca97cfd0ee01ed95c1a0c9f6e
parent	739ca2c2980014e2131bd6494fe1551f2ae8ed81 (diff)
parent	0af25a3a9857b20f652e96660758632277062c65 (diff)
download	vold-cb581cc8de8f5939d8fba6d333defa3cb5189c4d.tar.gz