Merge "Do not delete all keys after creating a first crypt device" am: 9e3f17a57e am: 8e90f934f7 am: 70021209ae

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2390132

Change-Id: Ib7dbca93667e69e0633f2609cdc26a41124f883e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2023-01-19 02:34:24 +00:00 committed by Automerger Merge Worker
commit 482f121ed5

View file

@ -118,7 +118,7 @@ static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device, bo
return true;
}
static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& gen,
static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& gen, bool first_key,
KeyBuffer* key) {
if (metadata_key_dir.empty()) {
LOG(ERROR) << "Failed to get metadata_key_dir";
@ -130,7 +130,7 @@ static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& g
if (!MkdirsSync(dir, 0700)) return false;
auto in_dsu = android::base::GetBoolProperty("ro.gsid.image_running", false);
// !pathExists(dir) does not imply there's a factory reset when in DSU mode.
if (!pathExists(dir) && !in_dsu) {
if (!pathExists(dir) && !in_dsu && first_key) {
auto delete_all = android::base::GetBoolProperty(
"ro.crypto.metadata_init_delete_all_keys.enabled", false);
if (delete_all) {
@ -290,7 +290,7 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
}
auto gen = needs_encrypt ? makeGen(options) : neverGen();
KeyBuffer key;
if (!read_key(default_metadata_key_dir, gen, &key)) {
if (!read_key(default_metadata_key_dir, gen, true, &key)) {
LOG(ERROR) << "read_key failed in mountFstab";
return false;
}
@ -308,7 +308,7 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
if (!zoned_device.empty()) {
auto zoned_metadata_key_dir = data_rec->metadata_key_dir + "/zoned";
if (!read_key(zoned_metadata_key_dir, gen, &key)) {
if (!read_key(zoned_metadata_key_dir, gen, false, &key)) {
LOG(ERROR) << "read_key failed with zoned device: " << zoned_device;
return false;
}