Google Git
Sign in
android / platform / system / vold / 351a4af^! / .
commit351a4af7169c68385caa3f69ba801018131089ab[log] [tgz]
authorSatya Tangirala <satyat@google.com>Tue Jun 08 12:55:37 2021 -0700
committerEric Biggers <ebiggers@google.com>Tue Jun 08 15:57:31 2021 -0700
treee8316a9f0bed9955cacde3a7dbf2eb0cc2c1a631
parent0f890a93e191777f885590384c33139646ea26b8 [diff]
Don't export storeKey(), and update comments

storeKey() is no longer used outside KeyStorage.cpp, so make it a static
function.  Also fix the documentation for storeKey() (e.g. it's no
longer safe to directly move/rename directories created by storeKey() --
one must use RenameKeyDir() instead).

No functional changes.

[ebiggers@ - cleaned up slightly from satyat@'s original change]

Bug: 190398249
Change-Id: I85918359e77bef414dfddfe5ded30fcde6514013

diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 4893c2f..64b413a 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp

@@ -575,7 +575,12 @@
     return true;
 }
 
-bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key) {
+// Creates a directory at the given path |dir| and stores |key| in it, in such a
+// way that it can only be retrieved via Keymaster (if no secret is given in
+// |auth|) or with the given secret (if a secret is given in |auth|), and can be
+// securely deleted.  If a storage binding seed has been set, then the storage
+// binding seed will be required to retrieve the key as well.
+static bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key) {
     if (TEMP_FAILURE_RETRY(mkdir(dir.c_str(), 0700)) == -1) {
         PLOG(ERROR) << "key mkdir " << dir;
         return false;

diff --git a/KeyStorage.h b/KeyStorage.h
index de719e9..a7e694e 100644
--- a/KeyStorage.h
+++ b/KeyStorage.h

@@ -45,12 +45,6 @@
 // This method should be used whenever a key directory needs to be moved/renamed.
 bool RenameKeyDir(const std::string& old_name, const std::string& new_name);
 
-// Create a directory at the named path, and store "key" in it,
-// in such a way that it can only be retrieved via Keymaster and
-// can be securely deleted.
-// It's safe to move/rename the directory after creation.
-bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key);
-
 // Create a directory at the named path, and store "key" in it as storeKey
 // This version creates the key in "tmp_path" then atomically renames "tmp_path"
 // to "key_path" thereby ensuring that the key is either stored entirely or