Fix errors on non-keymaster keys
If it's not a keymaster key, don't try to invalidate or delete the key
blob.
Bug: 25861755
Test: Create and forget a volume, check logs and files.
Change-Id: If8bfb1a9ab41e6c7e46bc311eb296242e56d264f
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 9d61555..143272d 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -499,19 +499,6 @@
return true;
}
-static bool runSecdiscard(const std::string& dir) {
- if (ForkExecvp(
- std::vector<std::string>{kSecdiscardPath, "--",
- dir + "/" + kFn_encrypted_key,
- dir + "/" + kFn_keymaster_key_blob,
- dir + "/" + kFn_secdiscardable,
- }) != 0) {
- LOG(ERROR) << "secdiscard failed";
- return false;
- }
- return true;
-}
-
bool runSecdiscardSingle(const std::string& file) {
if (ForkExecvp(
std::vector<std::string>{kSecdiscardPath, "--",
@@ -533,8 +520,20 @@
bool destroyKey(const std::string& dir) {
bool success = true;
// Try each thing, even if previous things failed.
- success &= deleteKey(dir);
- success &= runSecdiscard(dir);
+ bool uses_km = pathExists(dir + "/" + kFn_keymaster_key_blob);
+ if (uses_km) {
+ success &= deleteKey(dir);
+ }
+ auto secdiscard_cmd = std::vector<std::string>{
+ kSecdiscardPath, "--", dir + "/" + kFn_encrypted_key, dir + "/" + kFn_secdiscardable,
+ };
+ if (uses_km) {
+ secdiscard_cmd.emplace_back(dir + "/" + kFn_keymaster_key_blob);
+ }
+ if (ForkExecvp(secdiscard_cmd) != 0) {
+ LOG(ERROR) << "secdiscard failed";
+ success = false;
+ }
success &= recursiveDeleteKey(dir);
return success;
}