From: Paul Crowley Date: Tue, 19 May 2015 11:34:09 +0000 (+0100) Subject: Add "cryptfs deleteuserkey" command to vold. X-Git-Tag: android-x86-6.0-r1~2^2~21 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=b33e8873ea78b92e536aa33f48130a91ca150f0c;p=android-x86%2Fsystem-vold.git Add "cryptfs deleteuserkey" command to vold. Bug: 19706593 (cherry-picked from commit eebf44563bf9c6f2795442e8d2bc886e4eb3bbbe) Change-Id: I50dc4c39595c06bf0016d6a490130bbbc25de91b --- diff --git a/CryptCommandListener.cpp b/CryptCommandListener.cpp index adc2ec6..173be63 100644 --- a/CryptCommandListener.cpp +++ b/CryptCommandListener.cpp @@ -308,6 +308,16 @@ int CryptCommandListener::CryptfsCmd::runCommand(SocketClient *cli, SLOGD("cryptfs createnewuserdir"); dumpArgs(argc, argv, -1); rc = e4crypt_create_new_user_dir(argv[2], argv[3]); + } else if (!strcmp(argv[1], "deleteuserkey")) { + if (argc != 3) { + cli->sendMsg(ResponseCode::CommandSyntaxError, + "Usage: cryptfs deleteuserkey ", false); + return 0; + } + // ext4enc:TODO: send a CommandSyntaxError if argv[2] not an integer + SLOGD("cryptfs deleteuserkey"); + dumpArgs(argc, argv, -1); + rc = e4crypt_delete_user_key(argv[2]); } else { dumpArgs(argc, argv, -1); cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false); diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp index 7470ff9..cbbea0a 100644 --- a/Ext4Crypt.cpp +++ b/Ext4Crypt.cpp @@ -493,12 +493,9 @@ int e4crypt_set_field(const char* path, const char* fieldname, .Set(fieldname, std::string(value)) ? 0 : -1; } -// ext4enc:TODO this can't be the only place keys are read from /dev/urandom -// we should unite those places. -static std::string e4crypt_get_user_key( +static std::string get_key_path( const char *mount_path, - const char *user_handle, - bool create_if_absent) + const char *user_handle) { // ext4enc:TODO get the path properly auto key_dir = android::base::StringPrintf("%s/misc/vold/user_keys", @@ -507,7 +504,17 @@ static std::string e4crypt_get_user_key( SLOGE("Unable to create %s (%s)", key_dir.c_str(), strerror(errno)); return ""; } - auto key_path = key_dir + "/" + user_handle; + return key_dir + "/" + user_handle; +} + +// ext4enc:TODO this can't be the only place keys are read from /dev/urandom +// we should unite those places. +static std::string e4crypt_get_user_key( + const char *mount_path, + const char *user_handle, + bool create_if_absent) +{ + auto key_path = get_key_path(mount_path, user_handle); std::string content; if (android::base::ReadFileToString(key_path, &content)) { if (content.size() != key_length/8) { @@ -612,3 +619,16 @@ int e4crypt_set_user_crypto_policies(const char *dir) } return 0; } + +int e4crypt_delete_user_key(const char *user_handle) { + SLOGD("e4crypt_delete_user_key(\"%s\")", user_handle); + auto key_path = get_key_path(DATA_MNT_POINT, user_handle); + // ext4enc:TODO delete it securely. + // ext4enc:TODO evict the key from the keyring. + if (unlink(key_path.c_str()) != 0 && errno != ENOENT) { + SLOGE("Unable to delete user key %s: %s\n", + key_path.c_str(), strerror(errno)); + return -1; + } + return 0; +} diff --git a/Ext4Crypt.h b/Ext4Crypt.h index c502b62..f5c2871 100644 --- a/Ext4Crypt.h +++ b/Ext4Crypt.h @@ -20,5 +20,6 @@ int e4crypt_set_field(const char* path, const char* fieldname, const char* value); int e4crypt_set_user_crypto_policies(const char *path); int e4crypt_create_new_user_dir(const char *user_handle, const char *path); +int e4crypt_delete_user_key(const char *user_handle); __END_DECLS