Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / 6a88ae18913cfd989583e2fa093e631a5fbae351^1..6a88ae18913cfd989583e2fa093e631a5fbae351 / .
commit6a88ae18913cfd989583e2fa093e631a5fbae351[log] [tgz]
authorSatya Tangirala <satyat@google.com>Thu Apr 08 02:21:37 2021 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Apr 08 02:21:37 2021 +0000
tree8830959880358d3edadd6589741aaa793edaa374
parentbcf02854e174b06fbf86df30a5a204fafd7386a7 [diff]
parent10912a295fe24e046eb3373188aa18f7de9d7c62 [diff]
Merge changes from topic "vold-use-keystore2" am: 08873d0d7d am: 54460f0635 am: 10912a295f

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1649730

Change-Id: I3f8ea815c5c3de2678c11815ddaf41776d470552

diff --git a/Keymaster.cpp b/Keymaster.cpp
index 5a68630..bb26b64 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp

@@ -219,10 +219,6 @@
     return KeymasterOperation(cor.iOperation, cor.upgradedBlob);
 }
 
-bool Keymaster::isSecure() {
-    return true;
-}
-
 void Keymaster::earlyBootEnded() {
     ::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
     auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
@@ -238,14 +234,3 @@
 
 }  // namespace vold
 }  // namespace android
-
-// TODO: This always returns true right now since we hardcode the security level.
-// If it's alright to hardcode it, we should remove this function and simplify the callers.
-int keymaster_compatibility_cryptfs_scrypt() {
-    android::vold::Keymaster dev;
-    if (!dev) {
-        LOG(ERROR) << "Failed to initiate keymaster session";
-        return -1;
-    }
-    return dev.isSecure();
-}

diff --git a/Keymaster.h b/Keymaster.h
index 84b473e..1100840 100644
--- a/Keymaster.h
+++ b/Keymaster.h

@@ -122,7 +122,6 @@
     // also stores the upgraded key blob.
     KeymasterOperation begin(const std::string& key, const km::AuthorizationSet& inParams,
                              km::AuthorizationSet* outParams);
-    bool isSecure();
 
     // Tell all Keymint devices that early boot has ended and early boot-only keys can no longer
     // be created or used.
@@ -136,6 +135,4 @@
 }  // namespace vold
 }  // namespace android
 
-int keymaster_compatibility_cryptfs_scrypt();
-
 #endif

diff --git a/cryptfs.cpp b/cryptfs.cpp
index deba6da..5764b5d 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp

@@ -328,11 +328,6 @@
     return KeyGeneration{get_crypto_type().get_keysize(), true, false};
 }
 
-/* Should we use keymaster? */
-static int keymaster_check_compatibility() {
-    return keymaster_compatibility_cryptfs_scrypt();
-}
-
 static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
                                 uint32_t* out_size) {
     if (!buffer || !out_size) {
@@ -1834,7 +1829,6 @@
     char tmp_mount_point[64];
     unsigned int orig_failed_decrypt_count;
     int rc;
-    int use_keymaster = 0;
     int upgrade = 0;
     unsigned char* intermediate_key = 0;
     size_t intermediate_key_size = 0;
@@ -1916,15 +1910,9 @@
         rc = 0;
 
         // Upgrade if we're not using the latest KDF.
-        use_keymaster = keymaster_check_compatibility();
-        if (crypt_ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
-            // Don't allow downgrade
-        } else if (use_keymaster == 1 && crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
+        if (crypt_ftr->kdf_type != KDF_SCRYPT_KEYMASTER) {
             crypt_ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
             upgrade = 1;
-        } else if (use_keymaster == 0 && crypt_ftr->kdf_type != KDF_SCRYPT) {
-            crypt_ftr->kdf_type = KDF_SCRYPT;
-            upgrade = 1;
         }
 
         if (upgrade) {
@@ -2128,20 +2116,7 @@
     ftr->minor_version = CURRENT_MINOR_VERSION;
     ftr->ftr_size = sizeof(struct crypt_mnt_ftr);
     ftr->keysize = get_crypto_type().get_keysize();
-
-    switch (keymaster_check_compatibility()) {
-        case 1:
-            ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
-            break;
-
-        case 0:
-            ftr->kdf_type = KDF_SCRYPT;
-            break;
-
-        default:
-            SLOGE("keymaster_check_compatibility failed");
-            return -1;
-    }
+    ftr->kdf_type = KDF_SCRYPT_KEYMASTER;
 
     get_device_scrypt_params(ftr);