From fc1df0eae05eebd2ee992185090b77766b63f2ae Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 1 Aug 2023 19:34:53 +0000 Subject: Fold read_and_install_user_ce_key() into fscrypt_unlock_user_key() No change in behavior, except for removing a redundant check of 's_ce_policies.count(user_id)' and removing an extra ERROR message. Test: see I7f11a135d8550618cd96013f834cebd54be5ef84 Change-Id: If221e23991e8e04138ae7dbdafe8160b00893655 Merged-In: If221e23991e8e04138ae7dbdafe8160b00893655 (cherry picked from commit 92428b247f86807f96d60d4fa99dae350a7a5237) --- FsCrypt.cpp | 35 ++++++++++++----------------------- 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/FsCrypt.cpp b/FsCrypt.cpp index 9d257406..7ba31620 100644 --- a/FsCrypt.cpp +++ b/FsCrypt.cpp @@ -316,18 +316,6 @@ static bool get_volume_file_encryption_options(EncryptionOptions* options) { return true; } -static bool read_and_install_user_ce_key(userid_t user_id, - const android::vold::KeyAuthentication& auth) { - if (s_ce_policies.count(user_id) != 0) return true; - KeyBuffer ce_key; - if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false; - EncryptionPolicy ce_policy; - if (!install_storage_key(DATA_MNT_POINT, s_data_options, ce_key, &ce_policy)) return false; - s_ce_policies[user_id] = ce_policy; - LOG(DEBUG) << "Installed ce key for user " << user_id; - return true; -} - // Prepare a directory without assigning it an encryption policy. The directory // will inherit the encryption policy of its parent directory, or will be // unencrypted if the parent directory is unencrypted. @@ -896,18 +884,19 @@ std::vector fscrypt_get_unlocked_users() { // TODO: rename to 'install' for consistency, and take flags to know which keys to install bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret_hex) { LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial; - if (IsFbeEnabled()) { - if (s_ce_policies.count(user_id) != 0) { - LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id; - return true; - } - auto auth = authentication_from_hex(secret_hex); - if (!auth) return false; - if (!read_and_install_user_ce_key(user_id, *auth)) { - LOG(ERROR) << "Couldn't read key for " << user_id; - return false; - } + if (!IsFbeEnabled()) return true; + if (s_ce_policies.count(user_id) != 0) { + LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id; + return true; } + auto auth = authentication_from_hex(secret_hex); + if (!auth) return false; + KeyBuffer ce_key; + if (!read_and_fixate_user_ce_key(user_id, *auth, &ce_key)) return false; + EncryptionPolicy ce_policy; + if (!install_storage_key(DATA_MNT_POINT, s_data_options, ce_key, &ce_policy)) return false; + s_ce_policies[user_id] = ce_policy; + LOG(DEBUG) << "Installed ce key for user " << user_id; return true; } -- cgit v1.2.3