Do not delete all keys after creating a first crypt device

We should not delete keys, once the first one was created.

Bug: 197782466
Change-Id: Ia895c140aa16553b422748531b01931737a0ea94
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
This commit is contained in:
Jaegeuk Kim 2023-01-13 08:22:11 -08:00
parent 45a3d47fd5
commit fb9aadaf48

View file

@ -118,7 +118,7 @@ static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device, bo
return true;
}
static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& gen,
static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& gen, bool first_key,
KeyBuffer* key) {
if (metadata_key_dir.empty()) {
LOG(ERROR) << "Failed to get metadata_key_dir";
@ -130,7 +130,7 @@ static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& g
if (!MkdirsSync(dir, 0700)) return false;
auto in_dsu = android::base::GetBoolProperty("ro.gsid.image_running", false);
// !pathExists(dir) does not imply there's a factory reset when in DSU mode.
if (!pathExists(dir) && !in_dsu) {
if (!pathExists(dir) && !in_dsu && first_key) {
auto delete_all = android::base::GetBoolProperty(
"ro.crypto.metadata_init_delete_all_keys.enabled", false);
if (delete_all) {
@ -290,7 +290,7 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
}
auto gen = needs_encrypt ? makeGen(options) : neverGen();
KeyBuffer key;
if (!read_key(default_metadata_key_dir, gen, &key)) {
if (!read_key(default_metadata_key_dir, gen, true, &key)) {
LOG(ERROR) << "read_key failed in mountFstab";
return false;
}
@ -308,7 +308,7 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
if (!zoned_device.empty()) {
auto zoned_metadata_key_dir = data_rec->metadata_key_dir + "/zoned";
if (!read_key(zoned_metadata_key_dir, gen, &key)) {
if (!read_key(zoned_metadata_key_dir, gen, false, &key)) {
LOG(ERROR) << "read_key failed with zoned device: " << zoned_device;
return false;
}