Merge changes from topic "vold-use-keystore2" am: 08873d0d7d am: 54460f0635 am: 10912a295f

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1649730

Change-Id: I3f8ea815c5c3de2678c11815ddaf41776d470552

Keymaster.cpp

@@ -219,10 +219,6 @@ KeymasterOperation Keymaster::begin(const std::string& key, const km::Authorizat
     return KeymasterOperation(cor.iOperation, cor.upgradedBlob);
 }
 
-bool Keymaster::isSecure() {
-    return true;
-}
-
 void Keymaster::earlyBootEnded() {
     ::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
     auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
@@ -238,14 +234,3 @@ void Keymaster::earlyBootEnded() {
 
 }  // namespace vold
 }  // namespace android
-
-// TODO: This always returns true right now since we hardcode the security level.
-// If it's alright to hardcode it, we should remove this function and simplify the callers.
-int keymaster_compatibility_cryptfs_scrypt() {
-    android::vold::Keymaster dev;
-    if (!dev) {
-        LOG(ERROR) << "Failed to initiate keymaster session";
-        return -1;
-    }
-    return dev.isSecure();
-}

Keymaster.h

@@ -122,7 +122,6 @@ class Keymaster {
     // also stores the upgraded key blob.
     KeymasterOperation begin(const std::string& key, const km::AuthorizationSet& inParams,
                              km::AuthorizationSet* outParams);
-    bool isSecure();
 
     // Tell all Keymint devices that early boot has ended and early boot-only keys can no longer
     // be created or used.
@@ -136,6 +135,4 @@ class Keymaster {
 }  // namespace vold
 }  // namespace android
 
-int keymaster_compatibility_cryptfs_scrypt();
-
 #endif

cryptfs.cpp

@@ -328,11 +328,6 @@ const KeyGeneration cryptfs_get_keygen() {
     return KeyGeneration{get_crypto_type().get_keysize(), true, false};
 }
 
-/* Should we use keymaster? */
-static int keymaster_check_compatibility() {
-    return keymaster_compatibility_cryptfs_scrypt();
-}
-
 static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
                                 uint32_t* out_size) {
     if (!buffer || !out_size) {
@@ -1834,7 +1829,6 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
     char tmp_mount_point[64];
     unsigned int orig_failed_decrypt_count;
     int rc;
-    int use_keymaster = 0;
     int upgrade = 0;
     unsigned char* intermediate_key = 0;
     size_t intermediate_key_size = 0;
@@ -1916,15 +1910,9 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
         rc = 0;
 
         // Upgrade if we're not using the latest KDF.
-        use_keymaster = keymaster_check_compatibility();
-        if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
-            // Don't allow downgrade
-        } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
+        if (crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
             crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
             upgrade = 1;
-        } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
-            crypt_ftr->kdf_type = KDF_SCRYPT;
-            upgrade = 1;
         }
 
         if (upgrade) {
@@ -2128,20 +2116,7 @@ static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr* ftr) {
     ftr->minor_version = CURRENT_MINOR_VERSION;
     ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
     ftr->keysize = get_crypto_type().get_keysize();
-
-    switch (keymaster_check_compatibility()) {
-        case 1:
-            ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
-            break;
-
-        case 0:
-            ftr->kdf_type = KDF_SCRYPT;
-            break;
-
-        default:
-            SLOGE("keymaster_check_compatibility failed");
-            return -1;
-    }
+    ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
 
     get_device_scrypt_params(ftr);