Merge "Do not delete all keys after creating a first crypt device" am: 9e3f17a57e
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2390132 Change-Id: I09055f2d3cf6e76017fe3c4616f610044a7add6e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
8e90f934f7
1 changed files with 4 additions and 4 deletions
|
@ -118,7 +118,7 @@ static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device, bo
|
|||
return true;
|
||||
}
|
||||
|
||||
static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& gen,
|
||||
static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& gen, bool first_key,
|
||||
KeyBuffer* key) {
|
||||
if (metadata_key_dir.empty()) {
|
||||
LOG(ERROR) << "Failed to get metadata_key_dir";
|
||||
|
@ -130,7 +130,7 @@ static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& g
|
|||
if (!MkdirsSync(dir, 0700)) return false;
|
||||
auto in_dsu = android::base::GetBoolProperty("ro.gsid.image_running", false);
|
||||
// !pathExists(dir) does not imply there's a factory reset when in DSU mode.
|
||||
if (!pathExists(dir) && !in_dsu) {
|
||||
if (!pathExists(dir) && !in_dsu && first_key) {
|
||||
auto delete_all = android::base::GetBoolProperty(
|
||||
"ro.crypto.metadata_init_delete_all_keys.enabled", false);
|
||||
if (delete_all) {
|
||||
|
@ -290,7 +290,7 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
|
|||
}
|
||||
auto gen = needs_encrypt ? makeGen(options) : neverGen();
|
||||
KeyBuffer key;
|
||||
if (!read_key(default_metadata_key_dir, gen, &key)) {
|
||||
if (!read_key(default_metadata_key_dir, gen, true, &key)) {
|
||||
LOG(ERROR) << "read_key failed in mountFstab";
|
||||
return false;
|
||||
}
|
||||
|
@ -308,7 +308,7 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
|
|||
if (!zoned_device.empty()) {
|
||||
auto zoned_metadata_key_dir = data_rec->metadata_key_dir + "/zoned";
|
||||
|
||||
if (!read_key(zoned_metadata_key_dir, gen, &key)) {
|
||||
if (!read_key(zoned_metadata_key_dir, gen, false, &key)) {
|
||||
LOG(ERROR) << "read_key failed with zoned device: " << zoned_device;
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue