vold: Do not cache CE keys in vold CE keys were cached in vold to support untrusted reset by a device admin, this is now supported by Locksettingservice using synthetic password. This change requires a secret to be provided to retrieve the CE key and re-wrap without the secret when user removes the credential. Test: Set credential, remove credential, swipe to none and vice-versa. Bug: 26948053 Change-Id: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5

commit: 9ad51adeb987ed0d3260267075fcfe6925de654a [log] [tgz]
author: Barani Muthukumaran <quic_bmuthuku@quicinc.com> Thu Oct 31 22:59:34 2019 -0700
committer: Paul Crowley <paulcrowley@google.com> Thu Jan 16 12:16:25 2020 -0800
tree: 154750b7bf9ebb96dc68a3f429725b9dee2f88fa
parent: e3102990ca50ea1711653fbca15e9c6ff5e5cf3e [diff] [blame]
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 78d7ed3..f8ed61c 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp

@@ -768,6 +768,15 @@
     return translateBool(fscrypt_add_user_key_auth(userId, userSerial, token, secret));
 }
 
+binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
+                                                   const std::string& token,
+                                                   const std::string& secret) {
+    ENFORCE_SYSTEM_OR_ROOT;
+    ACQUIRE_CRYPT_LOCK;
+
+    return translateBool(fscrypt_clear_user_key_auth(userId, userSerial, token, secret));
+}
+
 binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
     ENFORCE_SYSTEM_OR_ROOT;
     ACQUIRE_CRYPT_LOCK;
commit	9ad51adeb987ed0d3260267075fcfe6925de654a	[log] [tgz]
author	Barani Muthukumaran <quic_bmuthuku@quicinc.com>	Thu Oct 31 22:59:34 2019 -0700
committer	Paul Crowley <paulcrowley@google.com>	Thu Jan 16 12:16:25 2020 -0800
tree	154750b7bf9ebb96dc68a3f429725b9dee2f88fa
parent	e3102990ca50ea1711653fbca15e9c6ff5e5cf3e [diff] [blame]