Don't drop as many caches when evicting CE key

When a user's CE key is removed, write "2" to /proc/sys/vm/drop_caches
rather than "3".  This avoids unnecessarily evicting the pagecache of
in-use inodes.  It's only necessary to evict the inodes of the relevant
encrypted files, and these are already sync'ed and no longer in-use.
For this mode "2" suffices, as this evicts "reclaimable slab objects",
including inodes; and evicting an inode implies evicting its pagecache.

This matches the recommendation I've made in the documentation for the
fscrypt kernel feature at
https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html#online-attacks

Test: Sanity check that directories are still "locked" properly:
      Unlock device with PIN.  Then in adb shell: 'stop; start;
      sleep 10; ls /data/data/' still shows filenames in ciphertext form.
Change-Id: I1bdf3c420ebf63e98cc314498211061ea36f2942

FsCrypt.cpp

@@ -411,11 +411,18 @@ bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral)
     return true;
 }
 
+// "Lock" all encrypted directories whose key has been removed.  This is needed
+// because merely removing the keyring key doesn't affect inodes in the kernel's
+// inode cache whose per-file key was already set up.  So to remove the per-file
+// keys and make the files "appear encrypted", these inodes must be evicted.
+//
+// To do this, sync() to clean all dirty inodes, then drop all reclaimable slab
+// objects systemwide.  This is overkill, but it's the best available method
+// currently.  Don't use drop_caches mode "3" because that also evicts pagecache
+// for in-use files; all files relevant here are already closed and sync'ed.
 static void drop_caches() {
-    // Clean any dirty pages (otherwise they won't be dropped).
     sync();
-    // Drop inode and page caches.
-    if (!writeStringToFile("3", "/proc/sys/vm/drop_caches")) {
+    if (!writeStringToFile("2", "/proc/sys/vm/drop_caches")) {
         PLOG(ERROR) << "Failed to drop caches during key eviction";
     }
 }