Merge \\"Run secdiscard on encrypted key and key blob too\\" into nyc-mr1-dev am: ec813c4e35
am: c79c92ad09
Change-Id: Iac921cc46b197cf7ec3b2b26ec6c393ce69226bd
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 5234c56..986f403 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -314,9 +314,13 @@
return true;
}
-static bool secdiscardSecdiscardable(const std::string& dir) {
+static bool runSecdiscard(const std::string& dir) {
if (ForkExecvp(
- std::vector<std::string>{kSecdiscardPath, "--", dir + "/" + kFn_secdiscardable}) != 0) {
+ std::vector<std::string>{kSecdiscardPath, "--",
+ dir + "/" + kFn_encrypted_key,
+ dir + "/" + kFn_keymaster_key_blob,
+ dir + "/" + kFn_secdiscardable,
+ }) != 0) {
LOG(ERROR) << "secdiscard failed";
return false;
}
@@ -335,7 +339,7 @@
bool success = true;
// Try each thing, even if previous things failed.
success &= deleteKey(dir);
- success &= secdiscardSecdiscardable(dir);
+ success &= runSecdiscard(dir);
success &= recursiveDeleteKey(dir);
return success;
}