Add secdiscard command for secure deletion of files This is used by LockSettingsService to delete sensitive credential files. Bug: 34600579 Test: manual - change device lock under synthetic password, verify old data on disk is erased. Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555

commit: 2436e27717180a43425c6d2b46df3f8868f120c1 [log] [tgz]
author: Rubin Xu <rubinxu@google.com> Thu Apr 27 20:43:10 2017 +0100
committer: Rubin Xu <rubinxu@google.com> Tue May 16 12:44:02 2017 +0100
tree: 459cea75563efa400ec51acf22428115078c917b
parent: e437bad8073c34176016ed90350bc037933ebff4 [diff] [blame]
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index ddecbb8..b4f85f4 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp

@@ -512,6 +512,16 @@
     return true;
 }
 
+bool runSecdiscardSingle(const std::string& file) {
+    if (ForkExecvp(
+            std::vector<std::string>{kSecdiscardPath, "--",
+                file}) != 0) {
+        LOG(ERROR) << "secdiscard failed";
+        return false;
+    }
+    return true;
+}
+
 static bool recursiveDeleteKey(const std::string& dir) {
     if (ForkExecvp(std::vector<std::string>{kRmPath, "-rf", dir}) != 0) {
         LOG(ERROR) << "recursive delete failed";
commit	2436e27717180a43425c6d2b46df3f8868f120c1	[log] [tgz]
author	Rubin Xu <rubinxu@google.com>	Thu Apr 27 20:43:10 2017 +0100
committer	Rubin Xu <rubinxu@google.com>	Tue May 16 12:44:02 2017 +0100
tree	459cea75563efa400ec51acf22428115078c917b
parent	e437bad8073c34176016ed90350bc037933ebff4 [diff] [blame]