From 841fd43338d17d730c3464f33536e424d63b6578 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Thu, 1 Mar 2018 16:40:04 +0000 Subject: [PATCH] Stop invoking secdiscard when deleting password data secdiscard never works on recent devices; stop calling it to reduce the false SELinux denials messages. Just logically zeroize the data before unlinking it. Bug: 62140539 Test: flash device; change PIN; observe no SELinux error messages. Change-Id: I5f47fc81735a7d9995c2da9e52a25ae903db3ced --- core/java/android/os/storage/IStorageManager.aidl | 5 ++--- core/java/android/os/storage/StorageManager.java | 10 ---------- .../com/android/server/StorageManagerService.java | 11 ----------- .../server/locksettings/LockSettingsStorage.java | 7 ++++--- 4 files changed, 6 insertions(+), 27 deletions(-) diff --git a/core/java/android/os/storage/IStorageManager.aidl b/core/java/android/os/storage/IStorageManager.aidl index 3b53260e5dd76..55a202fd3a66f 100644 --- a/core/java/android/os/storage/IStorageManager.aidl +++ b/core/java/android/os/storage/IStorageManager.aidl @@ -185,7 +185,6 @@ interface IStorageManager { long getCacheSizeBytes(String volumeUuid, int uid) = 76; long getAllocatableBytes(String volumeUuid, int flags, String callingPackage) = 77; void allocateBytes(String volumeUuid, long bytes, int flags, String callingPackage) = 78; - void secdiscard(in String path) = 79; - void runIdleMaintenance() = 80; - void abortIdleMaintenance() = 81; + void runIdleMaintenance() = 79; + void abortIdleMaintenance() = 80; } diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java index f593e8056db95..bf20e6a829623 100644 --- a/core/java/android/os/storage/StorageManager.java +++ b/core/java/android/os/storage/StorageManager.java @@ -50,7 +50,6 @@ import android.os.RemoteException; import android.os.ServiceManager; import android.os.ServiceManager.ServiceNotFoundException; import android.os.SystemProperties; -import android.os.UserHandle; import android.provider.Settings; import android.system.ErrnoException; import android.system.Os; @@ -1322,15 +1321,6 @@ public class StorageManager { } } - /** {@hide} */ - public void secdiscard(String path) { - try { - mStorageManager.secdiscard(path); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } - } - /** {@hide} */ public static boolean isUserKeyUnlocked(int userId) { if (sStorageManager == null) { diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index 7c109d5af0783..3d7b21dbc3c29 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -2583,17 +2583,6 @@ class StorageManagerService extends IStorageManager.Stub } } - @Override - public void secdiscard(String path) { - enforcePermission(android.Manifest.permission.STORAGE_INTERNAL); - - try { - mVold.secdiscard(path); - } catch (Exception e) { - Slog.wtf(TAG, e); - } - } - class AppFuseMountScope extends AppFuseBridge.MountScope { boolean opened = false; diff --git a/services/core/java/com/android/server/locksettings/LockSettingsStorage.java b/services/core/java/com/android/server/locksettings/LockSettingsStorage.java index f62e8a9bc4d9b..8b3a1a6a09f90 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsStorage.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsStorage.java @@ -495,10 +495,11 @@ class LockSettingsStorage { String path = getSynthenticPasswordStateFilePathForUser(userId, handle, name); File file = new File(path); if (file.exists()) { - try { - mContext.getSystemService(StorageManager.class).secdiscard(file.getAbsolutePath()); + try (RandomAccessFile raf = new RandomAccessFile(path, "rws")) { + final int fileSize = (int) raf.length(); + raf.write(new byte[fileSize]); } catch (Exception e) { - Slog.w(TAG, "Failed to secdiscard " + path, e); + Slog.w(TAG, "Failed to zeroize " + path, e); } finally { file.delete(); }