diff options
author | JP Abgrall <jpa@google.com> | 2015-02-11 13:44:32 -0800 |
---|---|---|
committer | JP Abgrall <jpa@google.com> | 2015-02-11 13:44:32 -0800 |
commit | 933216c8861b6b3f0e65cd27812ce2e3c26721c4 (patch) | |
tree | d39889f24469054d890e4d70e01e7cd5ebb6791e /cryptfs.c | |
parent | d32b75e6dc329fc8b15d0ae48cf932f091ed6299 (diff) | |
download | android_system_vold-933216c8861b6b3f0e65cd27812ce2e3c26721c4.tar.gz android_system_vold-933216c8861b6b3f0e65cd27812ce2e3c26721c4.tar.bz2 android_system_vold-933216c8861b6b3f0e65cd27812ce2e3c26721c4.zip |
crytpfs: fix clobbering of crypto info on keymaster failure
Changing the device lock (even from swipe to none) will cause the
master key to be re-encrypted.
If at that point keymaster fails (e.g. due to an incompatible keymaster update)
cryptfs will write back the now-incomplete crypto metadata.
Upon next reboot, userdata can't be decrypted.
Now we don't bother writing on keymaster failure.
Bug: 19301883
Change-Id: I2b9a1278f8b4d333ac8d567e17e2263005e99409
Diffstat (limited to 'cryptfs.c')
-rw-r--r-- | cryptfs.c | 11 |
1 files changed, 7 insertions, 4 deletions
@@ -3285,6 +3285,7 @@ int cryptfs_enable_default(char *howarg, int allow_reboot) int cryptfs_changepw(int crypt_type, const char *newpw) { struct crypt_mnt_ftr crypt_ftr; + int rc; /* This is only allowed after we've successfully decrypted the master key */ if (!master_key_saved) { @@ -3310,18 +3311,20 @@ int cryptfs_changepw(int crypt_type, const char *newpw) newpw = adjusted_passwd; } - encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD + rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD : newpw, crypt_ftr.salt, saved_master_key, crypt_ftr.master_key, &crypt_ftr); - + free(adjusted_passwd); + if (rc) { + SLOGE("Encrypt master key failed: %d", rc); + return -1; + } /* save the key */ put_crypt_ftr_and_key(&crypt_ftr); - free(adjusted_passwd); - #ifdef CONFIG_HW_DISK_ENCRYPTION if (!strcmp((char *)crypt_ftr.crypto_type_name, "aes-xts")) { if (crypt_type == CRYPT_TYPE_DEFAULT) { |