Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / d651359c9f8d99fc505a7fb4c747cd00339e72ab^! / . / FsCrypt.cpp
commitd651359c9f8d99fc505a7fb4c747cd00339e72ab[log] [tgz]
authorEric Biggers <ebiggers@google.com>Wed Oct 30 22:49:06 2024 +0000
committerEric Biggers <ebiggers@google.com>Thu Oct 31 03:42:15 2024 +0000
treee9875d60280aa2efb7d2156f1b75ff19b1c1a177
parent5502a557c106e0892b28009007809cbf37c5c47c [diff] [blame]
Improve log messages when CE key is already protected by secret

This is a bit of a hack, since ideally we should avoid logging errors in
the first place.  But this CL is an improvement.

The following shows what the log looks like after this CL when
setCeStorageProtection() is called when the CE key is already protected:

    I LockSettingsService: Encrypting CE key of user 0 with synthetic password
    D vold    : fscrypt_set_ce_key_protection 0
    D vold    : CE key already exists on-disk; re-protecting it with the given secret
    D vold    : Trying user CE key /data/misc/vold/user_keys/ce/0/current
    E vold    : Failed to read from /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob: No such file or directory
    E vold    : decryptWithKeystoreKey failed
    E vold    : Failed to find working ce key for user 0
    D vold    : Trying user CE key /data/misc/vold/user_keys/ce/0/current
    D vold    : Successfully retrieved key
    I vold    : CE key is already protected by given secret.  Nothing to do.
    I vold    : Errors above are for the attempt with empty auth and can be ignored.

Test: Upgraded a device from UQ1A to main with this CL. Checked the log.
Flag: EXEMPT just changes log messages
Change-Id: I5cf4bd0a1fcac80e9c192628fb7d112c0d320376

diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 4f42dd8..563dd4f 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp

@@ -810,15 +810,14 @@
         // kEmptyAuthentication are encrypted by the user's synthetic password.
         LOG(DEBUG) << "CE key already exists on-disk; re-protecting it with the given secret";
         if (!read_and_fixate_user_ce_key(user_id, kEmptyAuthentication, &ce_key)) {
-            LOG(ERROR) << "Failed to retrieve CE key for user " << user_id << " using empty auth";
             // Before failing, also check whether the key is already protected
-            // with the given secret.  This isn't expected, but in theory it
-            // could happen if an upgrade is requested for a user more than once
-            // due to a power-off or other interruption.
+            // with the given secret.
             if (read_and_fixate_user_ce_key(user_id, auth, &ce_key)) {
-                LOG(WARNING) << "CE key is already protected by given secret";
+                LOG(INFO) << "CE key is already protected by given secret.  Nothing to do.";
+                LOG(INFO) << "Errors above are for the attempt with empty auth and can be ignored.";
                 return true;
             }
+            LOG(ERROR) << "Failed to retrieve CE key for user " << user_id;
             // The key isn't protected by either kEmptyAuthentication or by
             // |auth|.  This should never happen, and there's nothing we can do
             // besides return an error.