Add "cryptfs deleteuserkey" command to vold.
Bug: 19706593
(cherry-picked from commit eebf44563bf9c6f2795442e8d2bc886e4eb3bbbe)
Change-Id: I50dc4c39595c06bf0016d6a490130bbbc25de91b
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 7470ff9..cbbea0a 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -493,12 +493,9 @@
.Set(fieldname, std::string(value)) ? 0 : -1;
}
-// ext4enc:TODO this can't be the only place keys are read from /dev/urandom
-// we should unite those places.
-static std::string e4crypt_get_user_key(
+static std::string get_key_path(
const char *mount_path,
- const char *user_handle,
- bool create_if_absent)
+ const char *user_handle)
{
// ext4enc:TODO get the path properly
auto key_dir = android::base::StringPrintf("%s/misc/vold/user_keys",
@@ -507,7 +504,17 @@
SLOGE("Unable to create %s (%s)", key_dir.c_str(), strerror(errno));
return "";
}
- auto key_path = key_dir + "/" + user_handle;
+ return key_dir + "/" + user_handle;
+}
+
+// ext4enc:TODO this can't be the only place keys are read from /dev/urandom
+// we should unite those places.
+static std::string e4crypt_get_user_key(
+ const char *mount_path,
+ const char *user_handle,
+ bool create_if_absent)
+{
+ auto key_path = get_key_path(mount_path, user_handle);
std::string content;
if (android::base::ReadFileToString(key_path, &content)) {
if (content.size() != key_length/8) {
@@ -612,3 +619,16 @@
}
return 0;
}
+
+int e4crypt_delete_user_key(const char *user_handle) {
+ SLOGD("e4crypt_delete_user_key(\"%s\")", user_handle);
+ auto key_path = get_key_path(DATA_MNT_POINT, user_handle);
+ // ext4enc:TODO delete it securely.
+ // ext4enc:TODO evict the key from the keyring.
+ if (unlink(key_path.c_str()) != 0 && errno != ENOENT) {
+ SLOGE("Unable to delete user key %s: %s\n",
+ key_path.c_str(), strerror(errno));
+ return -1;
+ }
+ return 0;
+}