commit 894e55e55fb1f1849bc6c9c7695839b2bfaade37
author Yo Chiang <yochiang@google.com> Mon Oct 26 06:37:08 2020 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Oct 26 06:37:08 2020 +0000
tree 153ce2c337e497c748dd9b400410fcacea21064c
parent 5a973e97778009929367de604eee13a965a2e8fd
parent b57eb6c4e519414919d6f8f473d095fc6054f099

Merge "Destroy DSU metadata encryption key when wiping an installation" am: 5dc456a684 am: 14a42ed03a am: b57eb6c4e5

Original change: https://android-review.googlesource.com/c/platform/system/gsid/+/1452417

Change-Id: I55247ad1f06ff53423e767f603b96fe57c102e9d

Android.bp

diff --git a/Android.bp b/Android.bp
index 1e9d3a6..8e3acaa 100644
--- a/Android.bp
+++ b/Android.bp
@@ -99,6 +99,7 @@
         "liblp",
         "libutils",
         "libc++fs",
+        "libvold_binder",
     ],
     target: {
         android: {

gsi_service.cpp

diff --git a/gsi_service.cpp b/gsi_service.cpp
index 3c875f8..41b8811 100644
--- a/gsi_service.cpp
+++ b/gsi_service.cpp
@@ -32,6 +32,8 @@
 #include <android-base/strings.h>
 #include <android/gsi/BnImageService.h>
 #include <android/gsi/IGsiService.h>
+#include <android/os/IVold.h>
+#include <binder/IServiceManager.h>
 #include <binder/LazyServiceRegistrar.h>
 #include <ext4_utils/ext4_utils.h>
 #include <fs_mgr.h>
@@ -171,6 +173,18 @@
     if (size == 0 && name == "userdata") {
         size = kDefaultUserdataSize;
     }
+
+    if (name == "userdata") {
+        auto dsu_slot = GetDsuSlot(install_dir_);
+        auto key_dir = DefaultDsuMetadataKeyDir(dsu_slot);
+        auto key_dir_file = DsuMetadataKeyDirFile(dsu_slot);
+        if (!android::base::WriteStringToFile(key_dir, key_dir_file)) {
+            PLOG(ERROR) << "write failed: " << key_dir_file;
+            *_aidl_return = INSTALL_ERROR_GENERIC;
+            return binder::Status::ok();
+        }
+    }
+
     installer_ = std::make_unique<PartitionInstaller>(this, install_dir_, name,
                                                       GetDsuSlot(install_dir_), size, readOnly);
     progress_ = {};
@@ -891,6 +905,10 @@
     return IGsiService::INSTALL_OK;
 }
 
+static android::sp<android::os::IVold> GetVoldService() {
+    return android::waitForService<android::os::IVold>(android::String16("vold"));
+}
+
 bool GsiService::RemoveGsiFiles(const std::string& install_dir) {
     bool ok = true;
     auto active_dsu = GetDsuSlot(install_dir);
@@ -920,6 +938,22 @@
             ok = false;
         }
     }
+    if (auto vold = GetVoldService()) {
+        auto status = vold->destroyDsuMetadataKey(dsu_slot);
+        if (status.isOk()) {
+            std::string message;
+            if (!RemoveFileIfExists(DsuMetadataKeyDirFile(dsu_slot), &message)) {
+                LOG(ERROR) << message;
+                ok = false;
+            }
+        } else {
+            LOG(ERROR) << "Failed to destroy DSU metadata encryption key.";
+            ok = false;
+        }
+    } else {
+        LOG(ERROR) << "Failed to retrieve vold service.";
+        ok = false;
+    }
     if (ok) {
         SetProperty(kGsiInstalledProp, "0");
     }