Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / fc1df0eae05eebd2ee992185090b77766b63f2ae^! / . / FsCrypt.cpp
commitfc1df0eae05eebd2ee992185090b77766b63f2ae[log] [tgz]
authorEric Biggers <ebiggers@google.com>Tue Aug 01 19:34:53 2023 +0000
committerEric Biggers <ebiggers@google.com>Fri Oct 06 15:30:09 2023 +0000
tree96619e150a6e83cea6760d3c34958d49a4aafaba
parentab9fe7e68a3f41371a6cda5e69985a07c2161e0c [diff] [blame]
Fold read_and_install_user_ce_key() into fscrypt_unlock_user_key()

No change in behavior, except for removing a redundant check of
's_ce_policies.count(user_id)' and removing an extra ERROR message.

Test: see I7f11a135d8550618cd96013f834cebd54be5ef84
Change-Id: If221e23991e8e04138ae7dbdafe8160b00893655
Merged-In: If221e23991e8e04138ae7dbdafe8160b00893655
(cherry picked from commit 92428b247f86807f96d60d4fa99dae350a7a5237)

diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 9d25740..7ba3162 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp

@@ -316,18 +316,6 @@
     return true;
 }
 
-static bool read_and_install_user_ce_key(userid_t user_id,
-                                         const android::vold::KeyAuthentication& auth) {
-    if (s_ce_policies.count(user_id) != 0) return true;
-    KeyBuffer ce_key;
-    if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false;
-    EncryptionPolicy ce_policy;
-    if (!install_storage_key(DATA_MNT_POINT, s_data_options, ce_key, &ce_policy)) return false;
-    s_ce_policies[user_id] = ce_policy;
-    LOG(DEBUG) << "Installed ce key for user " << user_id;
-    return true;
-}
-
 // Prepare a directory without assigning it an encryption policy.  The directory
 // will inherit the encryption policy of its parent directory, or will be
 // unencrypted if the parent directory is unencrypted.
@@ -896,18 +884,19 @@
 // TODO: rename to 'install' for consistency, and take flags to know which keys to install
 bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret_hex) {
     LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial;
-    if (IsFbeEnabled()) {
-        if (s_ce_policies.count(user_id) != 0) {
-            LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
-            return true;
-        }
-        auto auth = authentication_from_hex(secret_hex);
-        if (!auth) return false;
-        if (!read_and_install_user_ce_key(user_id, *auth)) {
-            LOG(ERROR) << "Couldn't read key for " << user_id;
-            return false;
-        }
+    if (!IsFbeEnabled()) return true;
+    if (s_ce_policies.count(user_id) != 0) {
+        LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
+        return true;
     }
+    auto auth = authentication_from_hex(secret_hex);
+    if (!auth) return false;
+    KeyBuffer ce_key;
+    if (!read_and_fixate_user_ce_key(user_id, *auth, &ce_key)) return false;
+    EncryptionPolicy ce_policy;
+    if (!install_storage_key(DATA_MNT_POINT, s_data_options, ce_key, &ce_policy)) return false;
+    s_ce_policies[user_id] = ce_policy;
+    LOG(DEBUG) << "Installed ce key for user " << user_id;
     return true;
 }