Rename "user key" methods in vold
Rename methods that refer to "user key" to be more precise about what
they mean. For more details, see the corresponding frameworks/base
changes (I202ebbfd2b4f79fedb3ed120a8ad81500c126894 and
I5894beb97823dced5954e405d779fada49c79e8d).
No change in behavior except for some changed log messages.
Flag: exempt, mechanical refactoring only
Test: presubmit
Change-Id: I9edcb557172395f4f6cf8e837efcc06fcfefb37d
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 45b062d..9f6403c 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -421,7 +421,7 @@
return false;
// We don't store the CE key on disk here, since here we don't have the
// secret needed to do so securely. Instead, we cache it in memory for
- // now, and we store it later in fscrypt_set_user_key_protection().
+ // now, and we store it later in fscrypt_set_ce_key_protection().
s_new_ce_keys.insert({user_id, ce_key});
}
EncryptionPolicy ce_policy;
@@ -614,15 +614,15 @@
return true;
}
-bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) {
- LOG(DEBUG) << "fscrypt_vold_create_user_key for " << user_id << " serial " << serial;
+// Creates the CE and DE keys for a new user.
+bool fscrypt_create_user_keys(userid_t user_id, int serial, bool ephemeral) {
+ LOG(DEBUG) << "fscrypt_create_user_keys for " << user_id << " serial " << serial;
if (!IsFbeEnabled()) {
return true;
}
// FIXME test for existence of key that is not loaded yet
if (s_ce_policies.count(user_id) != 0) {
- LOG(ERROR) << "Already exists, can't fscrypt_vold_create_user_key for " << user_id
- << " serial " << serial;
+ LOG(ERROR) << "Already exists, can't create keys for " << user_id << " serial " << serial;
// FIXME should we fail the command?
return true;
}
@@ -671,8 +671,8 @@
}
// Evicts and destroys all CE and DE keys for a user. This is called when the user is removed.
-bool fscrypt_destroy_user_key(userid_t user_id) {
- LOG(DEBUG) << "fscrypt_destroy_user_key(" << user_id << ")";
+bool fscrypt_destroy_user_keys(userid_t user_id) {
+ LOG(DEBUG) << "fscrypt_destroy_user_keys(" << user_id << ")";
if (!IsFbeEnabled()) {
return true;
}
@@ -769,13 +769,13 @@
// re-encrypting the CE key upon upgrade from an Android version where the CE
// key was stored with kEmptyAuthentication when the user didn't have an LSKF.
// See the comments below for the different cases handled.
-bool fscrypt_set_user_key_protection(userid_t user_id, const std::string& secret_hex) {
- LOG(DEBUG) << "fscrypt_set_user_key_protection " << user_id;
+bool fscrypt_set_ce_key_protection(userid_t user_id, const std::string& secret_hex) {
+ LOG(DEBUG) << "fscrypt_set_ce_key_protection " << user_id;
if (!IsFbeEnabled()) return true;
auto auth = authentication_from_hex(secret_hex);
if (!auth) return false;
if (auth->secret.empty()) {
- LOG(ERROR) << "fscrypt_set_user_key_protection: secret must be nonempty";
+ LOG(ERROR) << "fscrypt_set_ce_key_protection: secret must be nonempty";
return false;
}
// We shouldn't store any keys for ephemeral users.
@@ -871,11 +871,11 @@
// Unlocks internal CE storage for the given user. This only unlocks internal storage, since
// fscrypt_prepare_user_storage() has to be called for each adoptable storage volume anyway (since
// the volume might have been absent when the user was created), and that handles the unlocking.
-bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret_hex) {
- LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial;
+bool fscrypt_unlock_ce_storage(userid_t user_id, int serial, const std::string& secret_hex) {
+ LOG(DEBUG) << "fscrypt_unlock_ce_storage " << user_id << " serial=" << serial;
if (!IsFbeEnabled()) return true;
if (s_ce_policies.count(user_id) != 0) {
- LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
+ LOG(WARNING) << "CE storage for user " << user_id << " is already unlocked";
return true;
}
auto auth = authentication_from_hex(secret_hex);
@@ -885,13 +885,13 @@
EncryptionPolicy ce_policy;
if (!install_storage_key(DATA_MNT_POINT, s_data_options, ce_key, &ce_policy)) return false;
s_ce_policies[user_id].internal = ce_policy;
- LOG(DEBUG) << "Installed ce key for user " << user_id;
+ LOG(DEBUG) << "Installed CE key for user " << user_id;
return true;
}
// Locks CE storage for the given user. This locks both internal and adoptable storage.
-bool fscrypt_lock_user_key(userid_t user_id) {
- LOG(DEBUG) << "fscrypt_lock_user_key " << user_id;
+bool fscrypt_lock_ce_storage(userid_t user_id) {
+ LOG(DEBUG) << "fscrypt_lock_ce_storage " << user_id;
if (!IsFbeEnabled()) return true;
return evict_user_keys(s_ce_policies, user_id);
}
diff --git a/FsCrypt.h b/FsCrypt.h
index 8d84bdc..f5c367c 100644
--- a/FsCrypt.h
+++ b/FsCrypt.h
@@ -23,14 +23,14 @@
bool fscrypt_init_user0();
extern bool fscrypt_init_user0_done;
-bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
-bool fscrypt_destroy_user_key(userid_t user_id);
-bool fscrypt_set_user_key_protection(userid_t user_id, const std::string& secret);
+bool fscrypt_create_user_keys(userid_t user_id, int serial, bool ephemeral);
+bool fscrypt_destroy_user_keys(userid_t user_id);
+bool fscrypt_set_ce_key_protection(userid_t user_id, const std::string& secret);
void fscrypt_deferred_fixate_ce_keys();
std::vector<int> fscrypt_get_unlocked_users();
-bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret);
-bool fscrypt_lock_user_key(userid_t user_id);
+bool fscrypt_unlock_ce_storage(userid_t user_id, int serial, const std::string& secret);
+bool fscrypt_lock_ce_storage(userid_t user_id);
bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial,
int flags);
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index d51652b..c39604b 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -607,26 +607,27 @@
return translateBool(setKeyStorageBindingSeed(seed));
}
-binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,
- bool ephemeral) {
+binder::Status VoldNativeService::createUserStorageKeys(int32_t userId, int32_t userSerial,
+ bool ephemeral) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
- return translateBool(fscrypt_vold_create_user_key(userId, userSerial, ephemeral));
+ return translateBool(fscrypt_create_user_keys(userId, userSerial, ephemeral));
}
-binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
+binder::Status VoldNativeService::destroyUserStorageKeys(int32_t userId) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
- return translateBool(fscrypt_destroy_user_key(userId));
+ return translateBool(fscrypt_destroy_user_keys(userId));
}
-binder::Status VoldNativeService::setUserKeyProtection(int32_t userId, const std::string& secret) {
+binder::Status VoldNativeService::setCeStorageProtection(int32_t userId,
+ const std::string& secret) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
- return translateBool(fscrypt_set_user_key_protection(userId, secret));
+ return translateBool(fscrypt_set_ce_key_protection(userId, secret));
}
binder::Status VoldNativeService::getUnlockedUsers(std::vector<int>* _aidl_return) {
@@ -637,19 +638,19 @@
return Ok();
}
-binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
- const std::string& secret) {
+binder::Status VoldNativeService::unlockCeStorage(int32_t userId, int32_t userSerial,
+ const std::string& secret) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
- return translateBool(fscrypt_unlock_user_key(userId, userSerial, secret));
+ return translateBool(fscrypt_unlock_ce_storage(userId, userSerial, secret));
}
-binder::Status VoldNativeService::lockUserKey(int32_t userId) {
+binder::Status VoldNativeService::lockCeStorage(int32_t userId) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
- return translateBool(fscrypt_lock_user_key(userId));
+ return translateBool(fscrypt_lock_ce_storage(userId));
}
binder::Status VoldNativeService::prepareUserStorage(const std::optional<std::string>& uuid,
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 6debe77..e98aea8 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -112,14 +112,14 @@
binder::Status setStorageBindingSeed(const std::vector<uint8_t>& seed);
- binder::Status createUserKey(int32_t userId, int32_t userSerial, bool ephemeral);
- binder::Status destroyUserKey(int32_t userId);
+ binder::Status createUserStorageKeys(int32_t userId, int32_t userSerial, bool ephemeral);
+ binder::Status destroyUserStorageKeys(int32_t userId);
- binder::Status setUserKeyProtection(int32_t userId, const std::string& secret);
+ binder::Status setCeStorageProtection(int32_t userId, const std::string& secret);
binder::Status getUnlockedUsers(std::vector<int>* _aidl_return);
- binder::Status unlockUserKey(int32_t userId, int32_t userSerial, const std::string& secret);
- binder::Status lockUserKey(int32_t userId);
+ binder::Status unlockCeStorage(int32_t userId, int32_t userSerial, const std::string& secret);
+ binder::Status lockCeStorage(int32_t userId);
binder::Status prepareUserStorage(const std::optional<std::string>& uuid, int32_t userId,
int32_t userSerial, int32_t flags);
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index 19e8e91..852e8af 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -85,14 +85,14 @@
void setStorageBindingSeed(in byte[] seed);
- void createUserKey(int userId, int userSerial, boolean ephemeral);
- void destroyUserKey(int userId);
+ void createUserStorageKeys(int userId, int userSerial, boolean ephemeral);
+ void destroyUserStorageKeys(int userId);
- void setUserKeyProtection(int userId, @utf8InCpp String secret);
+ void setCeStorageProtection(int userId, @utf8InCpp String secret);
int[] getUnlockedUsers();
- void unlockUserKey(int userId, int userSerial, @utf8InCpp String secret);
- void lockUserKey(int userId);
+ void unlockCeStorage(int userId, int userSerial, @utf8InCpp String secret);
+ void lockCeStorage(int userId);
void prepareUserStorage(@nullable @utf8InCpp String uuid, int userId, int userSerial,
int storageFlags);