Detect factory reset and deleteAllKeys am: 0f74bd4811

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: I3ac68496357b62e0887b41780299166d01d8fe29
This commit is contained in:
Paul Crowley 2021-08-11 22:01:51 +00:00 committed by Automerger Merge Worker
commit e00101c162
3 changed files with 27 additions and 0 deletions

View file

@ -230,5 +230,18 @@ void Keymaster::earlyBootEnded() {
logKeystore2ExceptionIfPresent(rc, "earlyBootEnded"); logKeystore2ExceptionIfPresent(rc, "earlyBootEnded");
} }
void Keymaster::deleteAllKeys() {
::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
if (!maint_service) {
LOG(ERROR) << "Unable to connect to keystore2 maintenance service for deleteAllKeys";
return;
}
auto rc = maint_service->deleteAllKeys();
logKeystore2ExceptionIfPresent(rc, "deleteAllKeys");
}
} // namespace vold } // namespace vold
} // namespace android } // namespace android

View file

@ -127,6 +127,9 @@ class Keymaster {
// be created or used. // be created or used.
static void earlyBootEnded(); static void earlyBootEnded();
// Tell all Keymint devices to delete all rollback-protected keys.
static void deleteAllKeys();
private: private:
std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel; std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel;
DISALLOW_COPY_AND_ASSIGN(Keymaster); DISALLOW_COPY_AND_ASSIGN(Keymaster);

View file

@ -112,6 +112,17 @@ static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& g
auto dir = metadata_key_dir + "/key"; auto dir = metadata_key_dir + "/key";
LOG(DEBUG) << "metadata_key_dir/key: " << dir; LOG(DEBUG) << "metadata_key_dir/key: " << dir;
if (!MkdirsSync(dir, 0700)) return false; if (!MkdirsSync(dir, 0700)) return false;
if (!pathExists(dir)) {
auto delete_all = android::base::GetBoolProperty(
"ro.crypto.metadata_init_delete_all_keys.enabled", false);
if (delete_all) {
LOG(INFO) << "Metadata key does not exist, calling deleteAllKeys";
Keymaster::deleteAllKeys();
} else {
LOG(DEBUG) << "Metadata key does not exist but "
"ro.crypto.metadata_init_delete_all_keys.enabled is false";
}
}
auto temp = metadata_key_dir + "/tmp"; auto temp = metadata_key_dir + "/tmp";
return retrieveOrGenerateKey(dir, temp, kEmptyAuthentication, gen, key); return retrieveOrGenerateKey(dir, temp, kEmptyAuthentication, gen, key);
} }