Use default key permissions for ext4enc

As per discussion default permissions are the correct ones.
Note that since we use logon keys, they cannot be read outside
the kernel.

Note also that we limit who can read/write keys in selinux policy.

Bug: 18151196
Change-Id: Icc916f430a70eff22e6b74c20ec361c8f3789c1c

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 61edfeb..9c79098 100644 (file)
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -359,13 +359,6 @@ int e4crypt_check_passwd(const char* path, const char* password)
     SLOGI("Added key %d (%s) to keyring %d in process %d",
           key_id, ref.c_str(), device_keyring, getpid());
 
-    // ext4enc:TODO set correct permissions
-    long result = keyctl_setperm(key_id, 0x3f3f3f3f);
-    if (result) {
-        SLOGE("KEYCTL_SETPERM failed with error %ld", result);
-        return -1;
-    }
-
     // Save reference to key so we can set policy later
     if (!props.Set(properties::ref, raw_ref)) {
         SLOGE("Cannot save key reference");