resolve merge conflicts of 4ad7784 to stage-aosp-master
Test: Build seems to be unrelatedly broken
Change-Id: I2df307aa1c7134f217c558495e1438412480f324
Merged-In: I6ccfe0894551ba068de9bf5e23fe4fd1e10e36b1
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 2d4ae89..74617ec 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -134,9 +134,16 @@
return true;
}
-static std::string keyname(const std::string& raw_ref) {
+static char const* const NAME_PREFIXES[] = {
+ "ext4",
+ "f2fs",
+ "fscrypt",
+ nullptr
+};
+
+static std::string keyname(const std::string& prefix, const std::string& raw_ref) {
std::ostringstream o;
- o << "ext4:";
+ o << prefix << ":";
for (unsigned char i : raw_ref) {
o << std::hex << std::setw(2) << std::setfill('0') << (int)i;
}
@@ -159,18 +166,19 @@
ext4_encryption_key ext4_key;
if (!fill_key(key, &ext4_key)) return false;
*raw_ref = generate_key_ref(ext4_key.raw, ext4_key.size);
- auto ref = keyname(*raw_ref);
key_serial_t device_keyring;
if (!e4crypt_keyring(&device_keyring)) return false;
- key_serial_t key_id =
- add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring);
- if (key_id == -1) {
- PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring;
- return false;
+ for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
+ auto ref = keyname(*name_prefix, *raw_ref);
+ key_serial_t key_id =
+ add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring);
+ if (key_id == -1) {
+ PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring;
+ return false;
+ }
+ LOG(DEBUG) << "Added key " << key_id << " (" << ref << ") to keyring " << device_keyring
+ << " in process " << getpid();
}
- LOG(DEBUG) << "Added key " << key_id << " (" << ref << ") to keyring " << device_keyring
- << " in process " << getpid();
-
return true;
}
@@ -527,21 +535,25 @@
}
static bool evict_key(const std::string &raw_ref) {
- auto ref = keyname(raw_ref);
key_serial_t device_keyring;
if (!e4crypt_keyring(&device_keyring)) return false;
- auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0);
+ bool success = true;
+ for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
+ auto ref = keyname(*name_prefix, raw_ref);
+ auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0);
- // Unlink the key from the keyring. Prefer unlinking to revoking or
- // invalidating, since unlinking is actually no less secure currently, and
- // it avoids bugs in certain kernel versions where the keyring key is
- // referenced from places it shouldn't be.
- if (keyctl_unlink(key_serial, device_keyring) != 0) {
- PLOG(ERROR) << "Failed to unlink key with serial " << key_serial << " ref " << ref;
- return false;
+ // Unlink the key from the keyring. Prefer unlinking to revoking or
+ // invalidating, since unlinking is actually no less secure currently, and
+ // it avoids bugs in certain kernel versions where the keyring key is
+ // referenced from places it shouldn't be.
+ if (keyctl_unlink(key_serial, device_keyring) != 0) {
+ PLOG(ERROR) << "Failed to unlink key with serial " << key_serial << " ref " << ref;
+ success = false;
+ } else {
+ LOG(DEBUG) << "Unlinked key with serial " << key_serial << " ref " << ref;
+ }
}
- LOG(DEBUG) << "Unlinked key with serial " << key_serial << " ref " << ref;
- return true;
+ return success;
}
static bool evict_ce_key(userid_t user_id) {