Merge "Create misc_ce and misc_de directories on /mnt/expand"

commit: fda93c9f31d474b58bfa61a448e58dbbdd5d2c79 [log] [tgz]
author: Samiul Islam <samiul@google.com> Mon Mar 21 12:01:54 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Mar 21 12:01:54 2022 +0000
tree: 7120f9d5b7a3e5cd99a354bb9add719a16b31129
parent: 10ca7def20084d7666f354ee61edbdf69f3ee4e2 [diff]
parent: e833630eb73dd1a50da65a6d65ca9fe67b52091b [diff]
diff --git a/Keystore.cpp b/Keystore.cpp
index a017d68..d993b0d 100644
--- a/Keystore.cpp
+++ b/Keystore.cpp

@@ -166,7 +166,13 @@
         *key = std::string(ephemeral_key_response.ephemeralKey.begin(),
                            ephemeral_key_response.ephemeralKey.end());
 
-    // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
+    // vold intentionally ignores ephemeral_key_response.upgradedBlob, since the
+    // concept of "upgrading" doesn't make sense for TAG_STORAGE_KEY keys
+    // (hardware-wrapped inline encryption keys).  These keys are only meant as
+    // a substitute for raw keys; they still go through vold's usual layer of
+    // key wrapping, which already handles version binding.  So, vold just keeps
+    // using the original blobs for TAG_STORAGE_KEY keys.  If KeyMint "upgrades"
+    // them anyway, then they'll just get re-upgraded before each use.
 
     ret = true;
 out:

diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index bd3c0ef..5c9e644 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp

@@ -261,7 +261,7 @@
 
     CryptoOptions options;
     if (options_format_version == 1) {
-        if (!data_rec->metadata_encryption.empty()) {
+        if (!data_rec->metadata_encryption_options.empty()) {
             LOG(ERROR) << "metadata_encryption options cannot be set in legacy mode";
             return false;
         }
@@ -274,7 +274,7 @@
             return false;
         }
     } else if (options_format_version == 2) {
-        if (!parse_options(data_rec->metadata_encryption, &options)) return false;
+        if (!parse_options(data_rec->metadata_encryption_options, &options)) return false;
     } else {
         LOG(ERROR) << "Unknown options_format_version: " << options_format_version;
         return false;

diff --git a/main.cpp b/main.cpp
index 978db66..42789c9 100644
--- a/main.cpp
+++ b/main.cpp

@@ -251,7 +251,7 @@
             PLOG(FATAL) << "could not find logical partition " << entry.blk_device;
         }
 
-        if (entry.mount_point == "/data" && !entry.metadata_encryption.empty()) {
+        if (entry.mount_point == "/data" && !entry.metadata_key_dir.empty()) {
             // Pre-populate userdata dm-devices since the uevents are asynchronous (b/198405417).
             android::vold::defaultkey_precreate_dm_device();
         }
commit	fda93c9f31d474b58bfa61a448e58dbbdd5d2c79	[log] [tgz]
author	Samiul Islam <samiul@google.com>	Mon Mar 21 12:01:54 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Mar 21 12:01:54 2022 +0000
tree	7120f9d5b7a3e5cd99a354bb9add719a16b31129
parent	10ca7def20084d7666f354ee61edbdf69f3ee4e2 [diff]
parent	e833630eb73dd1a50da65a6d65ca9fe67b52091b [diff]