Add secdiscard command for secure deletion of files

This is used by LockSettingsService to delete sensitive credential files.

Bug: 34600579
Test: manual - change device lock under synthetic password, verify
      old data on disk is erased.

Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555

diff --git a/CryptCommandListener.cpp b/CryptCommandListener.cpp
index 5c2ac84..779338f 100644 (file)
--- a/CryptCommandListener.cpp
+++ b/CryptCommandListener.cpp
@@ -427,6 +427,11 @@ int CryptCommandListener::CryptfsCmd::runCommand(SocketClient *cli,
         return sendGenericOkFailOnBool(cli,
                 e4crypt_destroy_user_storage(parseNull(argv[2]), atoi(argv[3]), atoi(argv[4])));
 
+    } else if (subcommand == "secdiscard") {
+        if (!check_argc(cli, subcommand, argc, 3, "<path>")) return 0;
+        return sendGenericOkFailOnBool(cli,
+                e4crypt_secdiscard(parseNull(argv[2])));
+
     } else {
         dumpArgs(argc, argv, -1);
         cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs subcommand", false);

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index dd8922c..c3e0cc3 100644 (file)
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -686,3 +686,7 @@ bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int
 
     return res;
 }
+
+bool e4crypt_secdiscard(const char* path) {
+    return android::vold::runSecdiscardSingle(std::string(path));
+}

diff --git a/Ext4Crypt.h b/Ext4Crypt.h
index 2dcc197..e90167b 100644 (file)
--- a/Ext4Crypt.h
+++ b/Ext4Crypt.h
@@ -38,4 +38,5 @@ bool e4crypt_lock_user_key(userid_t user_id);
 bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int serial, int flags);
 bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int flags);
 
+bool e4crypt_secdiscard(const char* path);
 __END_DECLS

diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index ddecbb8..b4f85f4 100644 (file)
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -512,6 +512,16 @@ static bool runSecdiscard(const std::string& dir) {
     return true;
 }
 
+bool runSecdiscardSingle(const std::string& file) {
+    if (ForkExecvp(
+            std::vector<std::string>{kSecdiscardPath, "--",
+                file}) != 0) {
+        LOG(ERROR) << "secdiscard failed";
+        return false;
+    }
+    return true;
+}
+
 static bool recursiveDeleteKey(const std::string& dir) {
     if (ForkExecvp(std::vector<std::string>{kRmPath, "-rf", dir}) != 0) {
         LOG(ERROR) << "recursive delete failed";

diff --git a/KeyStorage.h b/KeyStorage.h
index 6186d19..63345f4 100644 (file)
--- a/KeyStorage.h
+++ b/KeyStorage.h
@@ -61,6 +61,7 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, std::str
 // Securely destroy the key stored in the named directory and delete the directory.
 bool destroyKey(const std::string& dir);
 
+bool runSecdiscardSingle(const std::string& file);
 }  // namespace vold
 }  // namespace android