Avoid error message when destroying key w/o secdiscardable file
Since commit 08f4bdfe98
("Don't use a secdiscardable file for keys
encrypted by SP") (https://r.android.com/2242561), some keys don't use a
secdiscardable file. Currently if such a key is destroyed, an ERROR
message like the following is logged:
E secdiscard: Secure discard open failed for: /data/misc/vold/user_keys/ce/14/current/secdiscardable
This case is expected, so it should not be an ERROR. Fix this by only
passing the secdiscardable file to the secdiscard program if it exists.
Bug: 232452368
Change-Id: I490289dfdaf0db6c3f4fb507509095e0033e2f69
This commit is contained in:
parent
826eef6b33
commit
73e2936fc2
1 changed files with 4 additions and 1 deletions
|
@ -660,8 +660,11 @@ bool destroyKey(const std::string& dir) {
|
||||||
kSecdiscardPath,
|
kSecdiscardPath,
|
||||||
"--",
|
"--",
|
||||||
dir + "/" + kFn_encrypted_key,
|
dir + "/" + kFn_encrypted_key,
|
||||||
dir + "/" + kFn_secdiscardable,
|
|
||||||
};
|
};
|
||||||
|
auto secdiscardable = dir + "/" + kFn_secdiscardable;
|
||||||
|
if (pathExists(secdiscardable)) {
|
||||||
|
secdiscard_cmd.push_back(secdiscardable);
|
||||||
|
}
|
||||||
// Try each thing, even if previous things failed.
|
// Try each thing, even if previous things failed.
|
||||||
|
|
||||||
for (auto& fn : {kFn_keymaster_key_blob, kFn_keymaster_key_blob_upgraded}) {
|
for (auto& fn : {kFn_keymaster_key_blob, kFn_keymaster_key_blob_upgraded}) {
|
||||||
|
|
Loading…
Reference in a new issue