Always use RenameKeyDir() when moving/renaming key directories Make fixate_user_ce_key() use RenameKeyDir() to rename key directories so that any deferred commits for these directories are also updated appropriately. This fixes a potential lost Keymaster key upgrade if a key were to be re-wrapped while a user data checkpoint is pending. This isn't a huge issue as the key will just get upgraded again, but this should be fixed. [ebiggers@ - cleaned up slightly from satyat@'s original change] Bug: 190398249 Change-Id: Ic6c5b4468d07ab335368e3d373916145d096af01

commit: 0f890a93e191777f885590384c33139646ea26b8 [log] [tgz]
author: Satya Tangirala <satyat@google.com> Tue Jun 08 12:55:24 2021 -0700
committer: Eric Biggers <ebiggers@google.com> Tue Jun 08 15:57:31 2021 -0700
tree: 82135d195b8cffe9d5209343e1f8b6065b4ffda1
parent: 107d21d4842ff8764decd4575d69c8d9d2144aee [diff] [blame]
diff --git a/KeyStorage.h b/KeyStorage.h
index e318959..de719e9 100644
--- a/KeyStorage.h
+++ b/KeyStorage.h

@@ -41,6 +41,10 @@
 bool createSecdiscardable(const std::string& path, std::string* hash);
 bool readSecdiscardable(const std::string& path, std::string* hash);
 
+// Renames a key directory while also managing deferred commits appropriately.
+// This method should be used whenever a key directory needs to be moved/renamed.
+bool RenameKeyDir(const std::string& old_name, const std::string& new_name);
+
 // Create a directory at the named path, and store "key" in it,
 // in such a way that it can only be retrieved via Keymaster and
 // can be securely deleted.
commit	0f890a93e191777f885590384c33139646ea26b8	[log] [tgz]
author	Satya Tangirala <satyat@google.com>	Tue Jun 08 12:55:24 2021 -0700
committer	Eric Biggers <ebiggers@google.com>	Tue Jun 08 15:57:31 2021 -0700
tree	82135d195b8cffe9d5209343e1f8b6065b4ffda1
parent	107d21d4842ff8764decd4575d69c8d9d2144aee [diff] [blame]