Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / e13617100d40079b79863ed504c79e7ef22b084e^! / . / VoldNativeService.cpp
commite13617100d40079b79863ed504c79e7ef22b084e[log] [tgz]
authorSatya Tangirala <satyat@google.com>Mon Mar 15 15:33:08 2021 -0700
committerSatya Tangirala <satyat@google.com>Wed Apr 07 02:05:35 2021 -0700
tree8054c412b93eb34e8edabd4d57580317d697e6d9
parent159a11f600e31eb287600b653fbfe9e8a2283462 [diff] [blame]
Remove HardwareAuthToken support from vold::Keymaster

HardwareAuthTokens are no longer used by vold since Android P. So remove
the auth token parameter from vold. This patch doesn't remove the token
from IVold.aidl, and the methods in VoldNativeService.cpp return an
error if a non-empty auth token is passed to them.

Bug: 181910578
Test: cuttlefish and bramble boot with patch
Change-Id: I1a9f54e10f9efdda9973906afd0a5de5a699ada5

diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index b6224da..938e7db 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp

@@ -724,13 +724,22 @@
     return translateBool(fscrypt_destroy_user_key(userId));
 }
 
+static bool token_empty(const std::string& token) {
+    return token.size() == 0 || token == "!";
+}
+
 binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
                                                  const std::string& token,
                                                  const std::string& secret) {
     ENFORCE_SYSTEM_OR_ROOT;
     ACQUIRE_CRYPT_LOCK;
 
-    return translateBool(fscrypt_add_user_key_auth(userId, userSerial, token, secret));
+    if (!token_empty(token)) {
+        LOG(ERROR) << "Vold doesn't use auth tokens, but non-empty token passed to addUserKeyAuth.";
+        return binder::Status::fromServiceSpecificError(-EINVAL);
+    }
+
+    return translateBool(fscrypt_add_user_key_auth(userId, userSerial, secret));
 }
 
 binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
@@ -739,7 +748,13 @@
     ENFORCE_SYSTEM_OR_ROOT;
     ACQUIRE_CRYPT_LOCK;
 
-    return translateBool(fscrypt_clear_user_key_auth(userId, userSerial, token, secret));
+    if (!token_empty(token)) {
+        LOG(ERROR)
+                << "Vold doesn't use auth tokens, but non-empty token passed to clearUserKeyAuth.";
+        return binder::Status::fromServiceSpecificError(-EINVAL);
+    }
+
+    return translateBool(fscrypt_clear_user_key_auth(userId, userSerial, secret));
 }
 
 binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
@@ -755,7 +770,12 @@
     ENFORCE_SYSTEM_OR_ROOT;
     ACQUIRE_CRYPT_LOCK;
 
-    return translateBool(fscrypt_unlock_user_key(userId, userSerial, token, secret));
+    if (!token_empty(token)) {
+        LOG(ERROR) << "Vold doesn't use auth tokens, but non-empty token passed to unlockUserKey.";
+        return binder::Status::fromServiceSpecificError(-EINVAL);
+    }
+
+    return translateBool(fscrypt_unlock_user_key(userId, userSerial, secret));
 }
 
 binder::Status VoldNativeService::lockUserKey(int32_t userId) {