commit 2bab97c36830a568083ab60767817ef037c5367d
author Shawn Willden <swillden@google.com> Thu Aug 12 01:03:12 2021 +0000
committer Shawn Willden <swillden@google.com> Thu Aug 12 01:07:00 2021 +0000
tree 5b94cddbafa38e172cc578729b912acc71fe6d64
parent 0f74bd4811c506269c2139a40af1f66e75871cd8

Revert "Detect factory reset and deleteAllKeys"

Revert "Add deleteAllKeys to IKeystoreMaintenance"

Revert "Enable deleteAllKeys from vold"

Revert "Allow vold to deleteAllKeys in Keystore"

Revert submission 15521094-vold-deleteAllKeys

Reason for revert: Causes infinite loop in Trusty KeyMint
Reverted Changes:
I9c5c54714:Detect factory reset and deleteAllKeys
I2fb0e94db:Allow vold to deleteAllKeys in Keystore
Id23f25c69:Add deleteAllKeys to IKeystoreMaintenance
Ife779307d:Enable deleteAllKeys from vold
I4312b9a11:Enable deleteAllKeys from vold

Bug: 187105270
Change-Id: I8e2621bef234d0a59be422b8d1d8d52a91378a5e

Keymaster.cpp

diff --git a/Keymaster.cpp b/Keymaster.cpp
index 2314550..8038681 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -230,18 +230,5 @@
     logKeystore2ExceptionIfPresent(rc, "earlyBootEnded");
 }
 
-void Keymaster::deleteAllKeys() {
-    ::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
-    auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
-
-    if (!maint_service) {
-        LOG(ERROR) << "Unable to connect to keystore2 maintenance service for deleteAllKeys";
-        return;
-    }
-
-    auto rc = maint_service->deleteAllKeys();
-    logKeystore2ExceptionIfPresent(rc, "deleteAllKeys");
-}
-
 }  // namespace vold
 }  // namespace android

Keymaster.h

diff --git a/Keymaster.h b/Keymaster.h
index 47bf4a2..1100840 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -127,9 +127,6 @@
     // be created or used.
     static void earlyBootEnded();
 
-    // Tell all Keymint devices to delete all rollback-protected keys.
-    static void deleteAllKeys();
-
   private:
     std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel;
     DISALLOW_COPY_AND_ASSIGN(Keymaster);

MetadataCrypt.cpp

diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 9038e8d..dc50679 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -112,17 +112,6 @@
     auto dir = metadata_key_dir + "/key";
     LOG(DEBUG) << "metadata_key_dir/key: " << dir;
     if (!MkdirsSync(dir, 0700)) return false;
-    if (!pathExists(dir)) {
-        auto delete_all = android::base::GetBoolProperty(
-                "ro.crypto.metadata_init_delete_all_keys.enabled", false);
-        if (delete_all) {
-            LOG(INFO) << "Metadata key does not exist, calling deleteAllKeys";
-            Keymaster::deleteAllKeys();
-        } else {
-            LOG(DEBUG) << "Metadata key does not exist but "
-                          "ro.crypto.metadata_init_delete_all_keys.enabled is false";
-        }
-    }
     auto temp = metadata_key_dir + "/tmp";
     return retrieveOrGenerateKey(dir, temp, kEmptyAuthentication, gen, key);
 }