commit 00256b54f20182e00f9752b8bf28795ef220018e
author Paul Crowley <paulcrowley@google.com> Wed Jul 20 04:13:49 2016 +0000
committer android-build-merger <android-build-merger@google.com> Wed Jul 20 04:13:49 2016 +0000
tree 52fad9fdc079729430607eb13870586ef2df74e0
parent e30c22a65b616fa56af4ab3a1a92b7270fad2427
parent abc253884fbd846c5a08122e16e7957cb9be738f

Don\'t evict keys when we delete users
am: abc253884f

Change-Id: I2628957c50469948e78a5f1f626c3ace44eccbc0

Ext4Crypt.cpp

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 472ffc8..09c33a0 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -517,19 +517,6 @@
     return true;
 }
 
-static bool evict_key(const std::string& raw_ref) {
-    auto ref = keyname(raw_ref);
-    key_serial_t device_keyring;
-    if (!e4crypt_keyring(&device_keyring)) return false;
-    auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0);
-    if (keyctl_revoke(key_serial) != 0) {
-        PLOG(ERROR) << "Failed to revoke key with serial " << key_serial << " ref " << ref;
-        return false;
-    }
-    LOG(DEBUG) << "Revoked key with serial " << key_serial << " ref " << ref;
-    return true;
-}
-
 bool e4crypt_destroy_user_key(userid_t user_id) {
     LOG(DEBUG) << "e4crypt_destroy_user_key(" << user_id << ")";
     if (!e4crypt_is_native()) {
@@ -538,12 +525,7 @@
     bool success = true;
     s_ce_keys.erase(user_id);
     std::string raw_ref;
-    // If we haven't loaded the CE key, no need to evict it.
-    if (lookup_key_ref(s_ce_key_raw_refs, user_id, &raw_ref)) {
-        success &= evict_key(raw_ref);
-    }
     s_ce_key_raw_refs.erase(user_id);
-    success &= lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref) && evict_key(raw_ref);
     s_de_key_raw_refs.erase(user_id);
     auto it = s_ephemeral_users.find(user_id);
     if (it != s_ephemeral_users.end()) {