FscryptInstallKeyring: don't re-create keyring if it's already created

nioffe · nioffe · commit 1f40c94a1ffa · 2019-12-04T17:47:37.000Z
During userspace reboot FscryptInstallKeyring will be called again, this
CL will make it second call a no-op, which IMHO is better than having a
special logic in init to conditionally call FscryptInstallKeyring
depending on whenever it's normal boot, or userspace reboot.

Test: adb reboot userspace
Test: checked in kernel logs that new keyring is not created
Bug: 135984674
Change-Id: I4ad5aee6887b7318fb1cd02bf1c7be8da6ece599
diff --git a/init/builtins.cpp b/init/builtins.cpp
@@ -583,7 +583,7 @@ static Result<void> queue_fs_event(int code, bool userdata_remount) {
         return reboot_into_recovery(options);
         /* If reboot worked, there is no return. */
     } else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED) {
-        if (!userdata_remount && !FscryptInstallKeyring()) {
+        if (!FscryptInstallKeyring()) {
             return Error() << "FscryptInstallKeyring() failed";
         }
         property_set("ro.crypto.state", "encrypted");
@@ -594,7 +594,7 @@ static Result<void> queue_fs_event(int code, bool userdata_remount) {
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
         return {};
     } else if (code == FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED) {
-        if (!userdata_remount && !FscryptInstallKeyring()) {
+        if (!FscryptInstallKeyring()) {
             return Error() << "FscryptInstallKeyring() failed";
         }
         property_set("ro.crypto.state", "encrypted");
@@ -605,7 +605,7 @@ static Result<void> queue_fs_event(int code, bool userdata_remount) {
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
         return {};
     } else if (code == FS_MGR_MNTALL_DEV_NEEDS_METADATA_ENCRYPTION) {
-        if (!userdata_remount && !FscryptInstallKeyring()) {
+        if (!FscryptInstallKeyring()) {
             return Error() << "FscryptInstallKeyring() failed";
         }
         property_set("ro.crypto.state", "encrypted");
diff --git a/init/fscrypt_init_extensions.cpp b/init/fscrypt_init_extensions.cpp
@@ -42,6 +42,10 @@
 using namespace android::fscrypt;
 
 bool FscryptInstallKeyring() {
+    if (keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0) != -1) {
+        LOG(INFO) << "Keyring is already created";
+        return true;
+    }
     key_serial_t device_keyring = add_key("keyring", "fscrypt", 0, 0, KEY_SPEC_SESSION_KEYRING);
 
     if (device_keyring == -1) {
