Defer deleteKey in KeyStorage in Checkpointing mode
Don't delete keys in checkpointing mode. Instead wait until the
checkpoint has been committed.
Bug: 134631661
Test: Flash A with a working build. Flash B with a broken build. Test
that the device rolls back to A without getting sent to recovery.
Merged-In: Ie5fc2d098355e2d095c53e9a95a6a8c7ab7ed051
Change-Id: Ie5fc2d098355e2d095c53e9a95a6a8c7ab7ed051
This commit is contained in:
Daniel Rosenberg
parent
94f300295d
commit
a48730a0fd
1 changed files with 26 additions and 1 deletions
|
|
@ -19,7 +19,9 @@
|
|||
#include "Keymaster.h"
|
||||
#include "ScryptParameters.h"
|
||||
#include "Utils.h"
|
||||
#include "Checkpoint.h"
|
||||
|
||||
#include <thread>
|
||||
#include <vector>
|
||||
|
||||
#include <errno.h>
|
||||
|
|
@ -36,6 +38,7 @@
|
|||
#include <android-base/file.h>
|
||||
#include <android-base/logging.h>
|
||||
#include <android-base/unique_fd.h>
|
||||
#include <android-base/properties.h>
|
||||
|
||||
#include <cutils/properties.h>
|
||||
|
||||
|
|
@ -171,6 +174,28 @@ bool readSecdiscardable(const std::string& filename, std::string* hash) {
|
|||
return true;
|
||||
}
|
||||
|
||||
static void deferedKmDeleteKey(const std::string& kmkey) {
|
||||
while (!android::base::WaitForProperty("vold.checkpoint_committed", "1")) {
|
||||
LOG(ERROR) << "Wait for boot timed out";
|
||||
}
|
||||
Keymaster keymaster;
|
||||
if (!keymaster || !keymaster.deleteKey(kmkey)) {
|
||||
LOG(ERROR) << "Defered Key deletion failed during upgrade";
|
||||
}
|
||||
}
|
||||
|
||||
bool kmDeleteKey(Keymaster& keymaster, const std::string& kmKey) {
|
||||
bool needs_cp = cp_needsCheckpoint();
|
||||
|
||||
if (needs_cp) {
|
||||
std::thread(deferedKmDeleteKey, kmKey).detach();
|
||||
LOG(INFO) << "Deferring Key deletion during upgrade";
|
||||
return true;
|
||||
} else {
|
||||
return keymaster.deleteKey(kmKey);
|
||||
}
|
||||
}
|
||||
|
||||
static KeymasterOperation begin(Keymaster& keymaster, const std::string& dir,
|
||||
km::KeyPurpose purpose, const km::AuthorizationSet& keyParams,
|
||||
const km::AuthorizationSet& opParams,
|
||||
|
|
@ -201,7 +226,7 @@ static KeymasterOperation begin(Keymaster& keymaster, const std::string& dir,
|
|||
LOG(ERROR) << "Key dir sync failed: " << dir;
|
||||
return KeymasterOperation();
|
||||
}
|
||||
if (!keymaster.deleteKey(kmKey)) {
|
||||
if (!kmDeleteKey(keymaster, kmKey)) {
|
||||
LOG(ERROR) << "Key deletion failed during upgrade, continuing anyway: " << dir;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue