Add --no-unlink option to secdiscard for testing.
Also allow deletion of multiple files in one invocation.
Change-Id: I5011bf45f2d3b91964bc68fd8e61ec037e1de2ca
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index c337dbb..c8415d6 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -660,6 +660,7 @@
SLOGD("Forked for secdiscard");
execl("/system/bin/secdiscard",
"/system/bin/secdiscard",
+ "--",
key_path.c_str(),
NULL);
SLOGE("Unable to launch secdiscard on %s: %s\n", key_path.c_str(),
diff --git a/secdiscard.cpp b/secdiscard.cpp
index a750043..9215993 100644
--- a/secdiscard.cpp
+++ b/secdiscard.cpp
@@ -15,6 +15,7 @@
*/
#include <string>
+#include <vector>
#include <stdio.h>
#include <stdlib.h>
@@ -32,35 +33,64 @@
#include <AutoCloseFD.h>
namespace {
+
+struct Options {
+ std::vector<std::string> targets;
+ bool unlink{true};
+};
+
// Deliberately limit ourselves to wiping small files.
constexpr uint64_t max_wipe_length = 4096;
+bool read_command_line(int argc, const char * const argv[], Options &options);
void usage(const char *progname);
int secdiscard_path(const std::string &path);
int path_device_range(const std::string &path, uint64_t range[2]);
std::string block_device_for_path(const std::string &path);
+
}
int main(int argc, const char * const argv[]) {
- if (argc != 2 || argv[1][0] != '/') {
+ Options options;
+ if (!read_command_line(argc, argv, options)) {
usage(argv[0]);
return -1;
}
- SLOGD("Running: %s %s", argv[0], argv[1]);
- secdiscard_path(argv[1]);
- if (unlink(argv[1]) != 0 && errno != ENOENT) {
- SLOGE("Unable to delete %s: %s",
- argv[1], strerror(errno));
- return -1;
+ for (auto target: options.targets) {
+ SLOGD("Securely discarding '%s' unlink=%d", target.c_str(), options.unlink);
+ secdiscard_path(target);
+ if (options.unlink) {
+ if (unlink(target.c_str()) != 0 && errno != ENOENT) {
+ SLOGE("Unable to unlink %s: %s",
+ target.c_str(), strerror(errno));
+ }
+ }
+ SLOGD("Discarded %s", target.c_str());
}
- SLOGD("Discarded %s", argv[1]);
return 0;
}
namespace {
+bool read_command_line(int argc, const char * const argv[], Options &options) {
+ for (int i = 1; i < argc; i++) {
+ if (!strcmp("--no-unlink", argv[i])) {
+ options.unlink = false;
+ } else if (!strcmp("--", argv[i])) {
+ for (int j = i+1; j < argc; j++) {
+ if (argv[j][0] != '/') return false; // Must be absolute path
+ options.targets.emplace_back(argv[j]);
+ }
+ return options.targets.size() > 0;
+ } else {
+ return false; // Unknown option
+ }
+ }
+ return false; // "--" not found
+}
+
void usage(const char *progname) {
- fprintf(stderr, "Usage: %s <absolute path>\n", progname);
+ fprintf(stderr, "Usage: %s [--no-unlink] -- <absolute path> ...\n", progname);
}
// BLKSECDISCARD all content in "path", if it's small enough.