Merge \"Run secdiscard on encrypted key and key blob too\" into nyc-mr1-dev

am: ec813c4e35

Change-Id: I8507fdc7e183a53d3bb129ed346cb649eddffff5
This commit is contained in:
Paul Crowley 2016-07-13 19:54:02 +00:00 committed by android-build-merger
commit c79c92ad09

View file

@ -314,9 +314,13 @@ static bool deleteKey(const std::string& dir) {
return true; return true;
} }
static bool secdiscardSecdiscardable(const std::string& dir) { static bool runSecdiscard(const std::string& dir) {
if (ForkExecvp( if (ForkExecvp(
std::vector<std::string>{kSecdiscardPath, "--", dir + "/" + kFn_secdiscardable}) != 0) { std::vector<std::string>{kSecdiscardPath, "--",
dir + "/" + kFn_encrypted_key,
dir + "/" + kFn_keymaster_key_blob,
dir + "/" + kFn_secdiscardable,
}) != 0) {
LOG(ERROR) << "secdiscard failed"; LOG(ERROR) << "secdiscard failed";
return false; return false;
} }
@ -335,7 +339,7 @@ bool destroyKey(const std::string& dir) {
bool success = true; bool success = true;
// Try each thing, even if previous things failed. // Try each thing, even if previous things failed.
success &= deleteKey(dir); success &= deleteKey(dir);
success &= secdiscardSecdiscardable(dir); success &= runSecdiscard(dir);
success &= recursiveDeleteKey(dir); success &= recursiveDeleteKey(dir);
return success; return success;
} }