From 1f40c94a1ffa5e406fd9626b52ee8f55b41dc944 Mon Sep 17 00:00:00 2001
From: Nikita Ioffe <ioffe@google.com>
Date: Wed, 4 Dec 2019 17:47:37 +0000
Subject: [PATCH] FscryptInstallKeyring: don't re-create keyring if it's
 already created

During userspace reboot FscryptInstallKeyring will be called again, this
CL will make it second call a no-op, which IMHO is better than having a
special logic in init to conditionally call FscryptInstallKeyring
depending on whenever it's normal boot, or userspace reboot.

Test: adb reboot userspace
Test: checked in kernel logs that new keyring is not created
Bug: 135984674
Change-Id: I4ad5aee6887b7318fb1cd02bf1c7be8da6ece599
---
 init/builtins.cpp                | 6 +++---
 init/fscrypt_init_extensions.cpp | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/init/builtins.cpp b/init/builtins.cpp
index 485806b90..98a980571 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -583,7 +583,7 @@ static Result<void> queue_fs_event(int code, bool userdata_remount) {
         return reboot_into_recovery(options);
         /* If reboot worked, there is no return. */
     } else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED) {
-        if (!userdata_remount && !FscryptInstallKeyring()) {
+        if (!FscryptInstallKeyring()) {
             return Error() << "FscryptInstallKeyring() failed";
         }
         property_set("ro.crypto.state", "encrypted");
@@ -594,7 +594,7 @@ static Result<void> queue_fs_event(int code, bool userdata_remount) {
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
         return {};
     } else if (code == FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED) {
-        if (!userdata_remount && !FscryptInstallKeyring()) {
+        if (!FscryptInstallKeyring()) {
             return Error() << "FscryptInstallKeyring() failed";
         }
         property_set("ro.crypto.state", "encrypted");
@@ -605,7 +605,7 @@ static Result<void> queue_fs_event(int code, bool userdata_remount) {
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
         return {};
     } else if (code == FS_MGR_MNTALL_DEV_NEEDS_METADATA_ENCRYPTION) {
-        if (!userdata_remount && !FscryptInstallKeyring()) {
+        if (!FscryptInstallKeyring()) {
             return Error() << "FscryptInstallKeyring() failed";
         }
         property_set("ro.crypto.state", "encrypted");
diff --git a/init/fscrypt_init_extensions.cpp b/init/fscrypt_init_extensions.cpp
index 7820f3da5..fbd818957 100644
--- a/init/fscrypt_init_extensions.cpp
+++ b/init/fscrypt_init_extensions.cpp
@@ -42,6 +42,10 @@
 using namespace android::fscrypt;
 
 bool FscryptInstallKeyring() {
+    if (keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0) != -1) {
+        LOG(INFO) << "Keyring is already created";
+        return true;
+    }
     key_serial_t device_keyring = add_key("keyring", "fscrypt", 0, 0, KEY_SPEC_SESSION_KEYRING);
 
     if (device_keyring == -1) {