vold: add support for clear key Add support for clearing key in trustzone and ICE when a user is deleted. CRs-Fixed: 2334473 Change-Id: I5fd75aaa3b35145b744bed384dc3c842185ff267

commit: a8ae0120a247eccd3d4f7776dc8ab23adf99243a [log] [tgz]
author: Shivaprasad Hongal <shongal@codeaurora.org> Wed Oct 10 16:05:33 2018 -0700
committer: Shivaprasad Hongal <shongal@codeaurora.org> Fri Oct 19 11:38:00 2018 -0700
tree: a549d804e5b82f46a67aed021452cc3f28c7eec0
parent: a84cd3d6e7538084ec2061068ac02b36a9688446 [diff] [blame]
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 4b3aeb3..6b5c74d 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp

@@ -483,7 +483,6 @@
 }
 
 static bool evict_ce_key(userid_t user_id) {
-    s_ce_keys.erase(user_id);
     bool success = true;
     std::string raw_ref;
     // If we haven't loaded the CE key, no need to evict it.
@@ -491,6 +490,23 @@
         success &= android::vold::evictKey(raw_ref);
         drop_caches();
     }
+
+    if(is_wrapped_key_supported()) {
+        KeyBuffer key;
+        key = s_ce_keys[user_id];
+
+        std::string keystr(key.data(), key.size());
+        Keymaster keymaster;
+
+        if (!keymaster) {
+            s_ce_keys.erase(user_id);
+            s_ce_key_raw_refs.erase(user_id);
+            return false;
+        }
+        keymaster.deleteKey(keystr);
+    }
+
+    s_ce_keys.erase(user_id);
     s_ce_key_raw_refs.erase(user_id);
     return success;
 }
commit	a8ae0120a247eccd3d4f7776dc8ab23adf99243a	[log] [tgz]
author	Shivaprasad Hongal <shongal@codeaurora.org>	Wed Oct 10 16:05:33 2018 -0700
committer	Shivaprasad Hongal <shongal@codeaurora.org>	Fri Oct 19 11:38:00 2018 -0700
tree	a549d804e5b82f46a67aed021452cc3f28c7eec0
parent	a84cd3d6e7538084ec2061068ac02b36a9688446 [diff] [blame]