Revert "Detect factory reset and deleteAllKeys"
Revert "Add deleteAllKeys to IKeystoreMaintenance" Revert "Enable deleteAllKeys from vold" Revert "Allow vold to deleteAllKeys in Keystore" Revert submission 15521094-vold-deleteAllKeys Reason for revert: Causes infinite loop in Trusty KeyMint Reverted Changes: I9c5c54714:Detect factory reset and deleteAllKeys I2fb0e94db:Allow vold to deleteAllKeys in Keystore Id23f25c69:Add deleteAllKeys to IKeystoreMaintenance Ife779307d:Enable deleteAllKeys from vold I4312b9a11:Enable deleteAllKeys from vold Bug: 187105270 Change-Id: I8e2621bef234d0a59be422b8d1d8d52a91378a5e
This commit is contained in:
Shawn Willden
parent
0f74bd4811
commit
2bab97c368
3 changed files with 0 additions and 27 deletions
|
|
@ -230,18 +230,5 @@ void Keymaster::earlyBootEnded() {
|
||||||
logKeystore2ExceptionIfPresent(rc, "earlyBootEnded");
|
logKeystore2ExceptionIfPresent(rc, "earlyBootEnded");
|
||||||
}
|
}
|
||||||
|
|
||||||
void Keymaster::deleteAllKeys() {
|
|
||||||
::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
|
|
||||||
auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
|
|
||||||
|
|
||||||
if (!maint_service) {
|
|
||||||
LOG(ERROR) << "Unable to connect to keystore2 maintenance service for deleteAllKeys";
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
auto rc = maint_service->deleteAllKeys();
|
|
||||||
logKeystore2ExceptionIfPresent(rc, "deleteAllKeys");
|
|
||||||
}
|
|
||||||
|
|
||||||
} // namespace vold
|
} // namespace vold
|
||||||
} // namespace android
|
} // namespace android
|
||||||
|
|
|
||||||
|
|
@ -127,9 +127,6 @@ class Keymaster {
|
||||||
// be created or used.
|
// be created or used.
|
||||||
static void earlyBootEnded();
|
static void earlyBootEnded();
|
||||||
|
|
||||||
// Tell all Keymint devices to delete all rollback-protected keys.
|
|
||||||
static void deleteAllKeys();
|
|
||||||
|
|
||||||
private:
|
private:
|
||||||
std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel;
|
std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel;
|
||||||
DISALLOW_COPY_AND_ASSIGN(Keymaster);
|
DISALLOW_COPY_AND_ASSIGN(Keymaster);
|
||||||
|
|
|
||||||
|
|
@ -112,17 +112,6 @@ static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& g
|
||||||
auto dir = metadata_key_dir + "/key";
|
auto dir = metadata_key_dir + "/key";
|
||||||
LOG(DEBUG) << "metadata_key_dir/key: " << dir;
|
LOG(DEBUG) << "metadata_key_dir/key: " << dir;
|
||||||
if (!MkdirsSync(dir, 0700)) return false;
|
if (!MkdirsSync(dir, 0700)) return false;
|
||||||
if (!pathExists(dir)) {
|
|
||||||
auto delete_all = android::base::GetBoolProperty(
|
|
||||||
"ro.crypto.metadata_init_delete_all_keys.enabled", false);
|
|
||||||
if (delete_all) {
|
|
||||||
LOG(INFO) << "Metadata key does not exist, calling deleteAllKeys";
|
|
||||||
Keymaster::deleteAllKeys();
|
|
||||||
} else {
|
|
||||||
LOG(DEBUG) << "Metadata key does not exist but "
|
|
||||||
"ro.crypto.metadata_init_delete_all_keys.enabled is false";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
auto temp = metadata_key_dir + "/tmp";
|
auto temp = metadata_key_dir + "/tmp";
|
||||||
return retrieveOrGenerateKey(dir, temp, kEmptyAuthentication, gen, key);
|
return retrieveOrGenerateKey(dir, temp, kEmptyAuthentication, gen, key);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue