From 73e2936fc25a0098d59205457bf48c721492f429 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 3 Mar 2023 19:39:24 +0000 Subject: [PATCH] Avoid error message when destroying key w/o secdiscardable file Since commit 08f4bdfe9836 ("Don't use a secdiscardable file for keys encrypted by SP") (https://r.android.com/2242561), some keys don't use a secdiscardable file. Currently if such a key is destroyed, an ERROR message like the following is logged: E secdiscard: Secure discard open failed for: /data/misc/vold/user_keys/ce/14/current/secdiscardable This case is expected, so it should not be an ERROR. Fix this by only passing the secdiscardable file to the secdiscard program if it exists. Bug: 232452368 Change-Id: I490289dfdaf0db6c3f4fb507509095e0033e2f69 --- KeyStorage.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/KeyStorage.cpp b/KeyStorage.cpp index 55c1709..837bb1a 100644 --- a/KeyStorage.cpp +++ b/KeyStorage.cpp @@ -660,8 +660,11 @@ bool destroyKey(const std::string& dir) { kSecdiscardPath, "--", dir + "/" + kFn_encrypted_key, - dir + "/" + kFn_secdiscardable, }; + auto secdiscardable = dir + "/" + kFn_secdiscardable; + if (pathExists(secdiscardable)) { + secdiscard_cmd.push_back(secdiscardable); + } // Try each thing, even if previous things failed. for (auto& fn : {kFn_keymaster_key_blob, kFn_keymaster_key_blob_upgraded}) {