From ff19b05e8ecf5349aa2fb0939446c1de760d8c87 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Thu, 26 Oct 2017 11:28:55 -0700 Subject: [PATCH] Fix errors on non-keymaster keys If it's not a keymaster key, don't try to invalidate or delete the key blob. Bug: 25861755 Test: Create and forget a volume, check logs and files. Change-Id: If8bfb1a9ab41e6c7e46bc311eb296242e56d264f --- KeyStorage.cpp | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/KeyStorage.cpp b/KeyStorage.cpp index 9d61555..143272d 100644 --- a/KeyStorage.cpp +++ b/KeyStorage.cpp @@ -499,19 +499,6 @@ static bool deleteKey(const std::string& dir) { return true; } -static bool runSecdiscard(const std::string& dir) { - if (ForkExecvp( - std::vector{kSecdiscardPath, "--", - dir + "/" + kFn_encrypted_key, - dir + "/" + kFn_keymaster_key_blob, - dir + "/" + kFn_secdiscardable, - }) != 0) { - LOG(ERROR) << "secdiscard failed"; - return false; - } - return true; -} - bool runSecdiscardSingle(const std::string& file) { if (ForkExecvp( std::vector{kSecdiscardPath, "--", @@ -533,8 +520,20 @@ static bool recursiveDeleteKey(const std::string& dir) { bool destroyKey(const std::string& dir) { bool success = true; // Try each thing, even if previous things failed. - success &= deleteKey(dir); - success &= runSecdiscard(dir); + bool uses_km = pathExists(dir + "/" + kFn_keymaster_key_blob); + if (uses_km) { + success &= deleteKey(dir); + } + auto secdiscard_cmd = std::vector{ + kSecdiscardPath, "--", dir + "/" + kFn_encrypted_key, dir + "/" + kFn_secdiscardable, + }; + if (uses_km) { + secdiscard_cmd.emplace_back(dir + "/" + kFn_keymaster_key_blob); + } + if (ForkExecvp(secdiscard_cmd) != 0) { + LOG(ERROR) << "secdiscard failed"; + success = false; + } success &= recursiveDeleteKey(dir); return success; }