Mark 0 length files as corrupt
Files created by keystore should never be 0 length however a vendor ran
into such a case when testing their keymaster and a side effect of how
keystore parses files leads to these keys being considered encrypted and
ulitmately undeletable.
Now mark 0 length files as corrupt in readKey and when deleting a key if
the key fails to read in because it was corrupt simply rm the file since
it is not possible to feed the key blob to keymaster's delete method.
Bug: 22561219
Change-Id: Ie8c1ffe97d1d89c202cdab7a6b4b5efc914cbbff
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index cb948fd..af2d301 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -669,6 +669,10 @@
return SYSTEM_ERROR;
}
+ if (fileLength == 0) {
+ return VALUE_CORRUPTED;
+ }
+
if (isEncrypted() && (state != STATE_NO_ERROR)) {
return LOCKED;
}
@@ -1208,6 +1212,10 @@
ResponseCode del(const char *filename, const BlobType type, uid_t userId) {
Blob keyBlob;
ResponseCode rc = get(filename, &keyBlob, type, userId);
+ if (rc == ::VALUE_CORRUPTED) {
+ // The file is corrupt, the best we can do is rm it.
+ return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR;
+ }
if (rc != ::NO_ERROR) {
return rc;
}
@@ -1710,7 +1718,6 @@
ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid,
TYPE_GENERIC);
if (responseCode != ::NO_ERROR) {
- ALOGW("Could not read %s", name8.string());
*item = NULL;
*itemLength = 0;
return responseCode;