Merge "Do not delete all keys after creating a first crypt device"
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 0396138..a0f7b8b 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -118,7 +118,7 @@
return true;
}
-static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& gen,
+static bool read_key(const std::string& metadata_key_dir, const KeyGeneration& gen, bool first_key,
KeyBuffer* key) {
if (metadata_key_dir.empty()) {
LOG(ERROR) << "Failed to get metadata_key_dir";
@@ -130,7 +130,7 @@
if (!MkdirsSync(dir, 0700)) return false;
auto in_dsu = android::base::GetBoolProperty("ro.gsid.image_running", false);
// !pathExists(dir) does not imply there's a factory reset when in DSU mode.
- if (!pathExists(dir) && !in_dsu) {
+ if (!pathExists(dir) && !in_dsu && first_key) {
auto delete_all = android::base::GetBoolProperty(
"ro.crypto.metadata_init_delete_all_keys.enabled", false);
if (delete_all) {
@@ -290,7 +290,7 @@
}
auto gen = needs_encrypt ? makeGen(options) : neverGen();
KeyBuffer key;
- if (!read_key(default_metadata_key_dir, gen, &key)) {
+ if (!read_key(default_metadata_key_dir, gen, true, &key)) {
LOG(ERROR) << "read_key failed in mountFstab";
return false;
}
@@ -308,7 +308,7 @@
if (!zoned_device.empty()) {
auto zoned_metadata_key_dir = data_rec->metadata_key_dir + "/zoned";
- if (!read_key(zoned_metadata_key_dir, gen, &key)) {
+ if (!read_key(zoned_metadata_key_dir, gen, false, &key)) {
LOG(ERROR) << "read_key failed with zoned device: " << zoned_device;
return false;
}
