This is used by LockSettingsService to delete sensitive credential files.
Bug:
34600579
Test: manual - change device lock under synthetic password, verify
old data on disk is erased.
Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
return sendGenericOkFailOnBool(cli,
e4crypt_destroy_user_storage(parseNull(argv[2]), atoi(argv[3]), atoi(argv[4])));
+ } else if (subcommand == "secdiscard") {
+ if (!check_argc(cli, subcommand, argc, 3, "<path>")) return 0;
+ return sendGenericOkFailOnBool(cli,
+ e4crypt_secdiscard(parseNull(argv[2])));
+
} else {
dumpArgs(argc, argv, -1);
cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs subcommand", false);
return res;
}
+
+bool e4crypt_secdiscard(const char* path) {
+ return android::vold::runSecdiscardSingle(std::string(path));
+}
bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int serial, int flags);
bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int flags);
+bool e4crypt_secdiscard(const char* path);
__END_DECLS
return true;
}
+bool runSecdiscardSingle(const std::string& file) {
+ if (ForkExecvp(
+ std::vector<std::string>{kSecdiscardPath, "--",
+ file}) != 0) {
+ LOG(ERROR) << "secdiscard failed";
+ return false;
+ }
+ return true;
+}
+
static bool recursiveDeleteKey(const std::string& dir) {
if (ForkExecvp(std::vector<std::string>{kRmPath, "-rf", dir}) != 0) {
LOG(ERROR) << "recursive delete failed";
// Securely destroy the key stored in the named directory and delete the directory.
bool destroyKey(const std::string& dir);
+bool runSecdiscardSingle(const std::string& file);
} // namespace vold
} // namespace android