From cd307b7c6301593727892d1fa9bb92aadb5fdaca Mon Sep 17 00:00:00 2001
From: Paul Crowley <paulcrowley@google.com>
Date: Tue, 19 May 2015 17:31:39 +0100
Subject: [PATCH] Scrub the key from the disk with BLKSECDISCARD.

Bug: 19706593

(cherry-picked from commit 8d0cd7ffd903a753c6bb5c6f33987a7a66621cef)

Change-Id: Ieea73da233fe53767b5adcdb4d49f9bb00fedac1
---
 Ext4Crypt.cpp | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index cbbea0a..751a4eb 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -623,12 +623,22 @@ int e4crypt_set_user_crypto_policies(const char *dir)
 int e4crypt_delete_user_key(const char *user_handle) {
     SLOGD("e4crypt_delete_user_key(\"%s\")", user_handle);
     auto key_path = get_key_path(DATA_MNT_POINT, user_handle);
-    // ext4enc:TODO delete it securely.
     // ext4enc:TODO evict the key from the keyring.
-    if (unlink(key_path.c_str()) != 0 && errno != ENOENT) {
-        SLOGE("Unable to delete user key %s: %s\n",
-            key_path.c_str(), strerror(errno));
+    int pid = fork();
+    if (pid < 0) {
+        SLOGE("Unable to fork: %s", strerror(errno));
         return -1;
     }
+    if (pid == 0) {
+        SLOGD("Forked for secdiscard");
+        execl("/system/bin/secdiscard",
+            "/system/bin/secdiscard",
+            key_path.c_str(),
+            NULL);
+        SLOGE("Unable to launch secdiscard on %s: %s\n", key_path.c_str(),
+            strerror(errno));
+        exit(-1);
+    }
+    // ext4enc:TODO reap the zombie
     return 0;
 }
-- 
2.11.0