Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / a53a66caed83255c8c80efbdb10f299447ee88ac^! / . / FsCrypt.cpp
commita53a66caed83255c8c80efbdb10f299447ee88ac[log] [tgz]
authorEric Biggers <ebiggers@google.com>Thu Oct 19 19:47:20 2023 +0000
committerEric Biggers <ebiggers@google.com>Thu Oct 19 19:58:46 2023 +0000
treed27dd6e3f98d76941137d04f67476713d1cc2a55
parentf15785a54d96ff307dd12c33fc5fef6cb295ef5a [diff] [blame]
Rename "user key" methods in vold

Rename methods that refer to "user key" to be more precise about what
they mean.  For more details, see the corresponding frameworks/base
changes (I202ebbfd2b4f79fedb3ed120a8ad81500c126894 and
I5894beb97823dced5954e405d779fada49c79e8d).

No change in behavior except for some changed log messages.

Flag: exempt, mechanical refactoring only
Test: presubmit
Change-Id: I9edcb557172395f4f6cf8e837efcc06fcfefb37d

diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 45b062d..9f6403c 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp

@@ -421,7 +421,7 @@
             return false;
         // We don't store the CE key on disk here, since here we don't have the
         // secret needed to do so securely.  Instead, we cache it in memory for
-        // now, and we store it later in fscrypt_set_user_key_protection().
+        // now, and we store it later in fscrypt_set_ce_key_protection().
         s_new_ce_keys.insert({user_id, ce_key});
     }
     EncryptionPolicy ce_policy;
@@ -614,15 +614,15 @@
     return true;
 }
 
-bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) {
-    LOG(DEBUG) << "fscrypt_vold_create_user_key for " << user_id << " serial " << serial;
+// Creates the CE and DE keys for a new user.
+bool fscrypt_create_user_keys(userid_t user_id, int serial, bool ephemeral) {
+    LOG(DEBUG) << "fscrypt_create_user_keys for " << user_id << " serial " << serial;
     if (!IsFbeEnabled()) {
         return true;
     }
     // FIXME test for existence of key that is not loaded yet
     if (s_ce_policies.count(user_id) != 0) {
-        LOG(ERROR) << "Already exists, can't fscrypt_vold_create_user_key for " << user_id
-                   << " serial " << serial;
+        LOG(ERROR) << "Already exists, can't create keys for " << user_id << " serial " << serial;
         // FIXME should we fail the command?
         return true;
     }
@@ -671,8 +671,8 @@
 }
 
 // Evicts and destroys all CE and DE keys for a user.  This is called when the user is removed.
-bool fscrypt_destroy_user_key(userid_t user_id) {
-    LOG(DEBUG) << "fscrypt_destroy_user_key(" << user_id << ")";
+bool fscrypt_destroy_user_keys(userid_t user_id) {
+    LOG(DEBUG) << "fscrypt_destroy_user_keys(" << user_id << ")";
     if (!IsFbeEnabled()) {
         return true;
     }
@@ -769,13 +769,13 @@
 // re-encrypting the CE key upon upgrade from an Android version where the CE
 // key was stored with kEmptyAuthentication when the user didn't have an LSKF.
 // See the comments below for the different cases handled.
-bool fscrypt_set_user_key_protection(userid_t user_id, const std::string& secret_hex) {
-    LOG(DEBUG) << "fscrypt_set_user_key_protection " << user_id;
+bool fscrypt_set_ce_key_protection(userid_t user_id, const std::string& secret_hex) {
+    LOG(DEBUG) << "fscrypt_set_ce_key_protection " << user_id;
     if (!IsFbeEnabled()) return true;
     auto auth = authentication_from_hex(secret_hex);
     if (!auth) return false;
     if (auth->secret.empty()) {
-        LOG(ERROR) << "fscrypt_set_user_key_protection: secret must be nonempty";
+        LOG(ERROR) << "fscrypt_set_ce_key_protection: secret must be nonempty";
         return false;
     }
     // We shouldn't store any keys for ephemeral users.
@@ -871,11 +871,11 @@
 // Unlocks internal CE storage for the given user.  This only unlocks internal storage, since
 // fscrypt_prepare_user_storage() has to be called for each adoptable storage volume anyway (since
 // the volume might have been absent when the user was created), and that handles the unlocking.
-bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret_hex) {
-    LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial;
+bool fscrypt_unlock_ce_storage(userid_t user_id, int serial, const std::string& secret_hex) {
+    LOG(DEBUG) << "fscrypt_unlock_ce_storage " << user_id << " serial=" << serial;
     if (!IsFbeEnabled()) return true;
     if (s_ce_policies.count(user_id) != 0) {
-        LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
+        LOG(WARNING) << "CE storage for user " << user_id << " is already unlocked";
         return true;
     }
     auto auth = authentication_from_hex(secret_hex);
@@ -885,13 +885,13 @@
     EncryptionPolicy ce_policy;
     if (!install_storage_key(DATA_MNT_POINT, s_data_options, ce_key, &ce_policy)) return false;
     s_ce_policies[user_id].internal = ce_policy;
-    LOG(DEBUG) << "Installed ce key for user " << user_id;
+    LOG(DEBUG) << "Installed CE key for user " << user_id;
     return true;
 }
 
 // Locks CE storage for the given user.  This locks both internal and adoptable storage.
-bool fscrypt_lock_user_key(userid_t user_id) {
-    LOG(DEBUG) << "fscrypt_lock_user_key " << user_id;
+bool fscrypt_lock_ce_storage(userid_t user_id) {
+    LOG(DEBUG) << "fscrypt_lock_ce_storage " << user_id;
     if (!IsFbeEnabled()) return true;
     return evict_user_keys(s_ce_policies, user_id);
 }