patches: Bliss GSI v11.4 Release
Signed-off-by: Jackeagle <jackeagle102@gmail.com>
Change-Id: I372e872292ed19dde130635da2882309751f59dd
diff --git a/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch b/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch
new file mode 100644
index 0000000..8aea5a8
--- /dev/null
+++ b/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch
@@ -0,0 +1,590 @@
+From e053b4937154462cd42435631291f9d676c7d942 Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:02:02 +0100
+Subject: [PATCH 5/8] Revert "vold: Wrapped key support for FBE"
+
+This reverts commit 659c9ec24095a9a6925157c83f961840f5df807d.
+---
+ Ext4Crypt.cpp | 164 +++--------------------------------
+ Ext4Crypt.h | 4 -
+ KeyStorage.cpp | 42 ---------
+ KeyStorage.h | 11 +--
+ KeyUtil.cpp | 31 +------
+ KeyUtil.h | 4 +-
+ Keymaster.cpp | 26 ------
+ Keymaster.h | 3 -
+ VoldNativeService.cpp | 8 --
+ VoldNativeService.h | 2 -
+ binder/android/os/IVold.aidl | 1 -
+ 11 files changed, 20 insertions(+), 276 deletions(-)
+
+diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
+index 56650fe..6b60796 100644
+--- a/Ext4Crypt.cpp
++++ b/Ext4Crypt.cpp
+@@ -16,7 +16,6 @@
+
+ #include "Ext4Crypt.h"
+
+-#include "Keymaster.h"
+ #include "KeyStorage.h"
+ #include "KeyUtil.h"
+ #include "Utils.h"
+@@ -63,8 +62,6 @@ using android::base::StringPrintf;
+ using android::base::WriteStringToFile;
+ using android::vold::kEmptyAuthentication;
+ using android::vold::KeyBuffer;
+-using android::vold::Keymaster;
+-using android::hardware::keymaster::V4_0::KeyFormat;
+
+ namespace {
+
+@@ -199,46 +196,12 @@ static bool read_and_fixate_user_ce_key(userid_t user_id,
+ return false;
+ }
+
+-static bool is_wrapped_key_supported_common(const std::string& mount_point) {
+- struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, mount_point);
+- char const* contents_mode = NULL;
+- char const* filenames_mode = NULL;
+-
+- fs_mgr_get_file_encryption_modes(rec, &contents_mode, &filenames_mode);
+- if (!contents_mode || !filenames_mode) {
+- LOG(ERROR) << "Couldn't read file or contents mode, returning false";
+- return false;
+- }
+-
+- if (strcmp(contents_mode, "ice_wrapped_key_supported") == 0)
+- return true;
+- else
+- return false;
+-}
+-
+-bool is_wrapped_key_supported() {
+- return is_wrapped_key_supported_common(DATA_MNT_POINT);
+-}
+-
+-bool is_wrapped_key_supported_external() {
+- return false;
+-}
+-
+ static bool read_and_install_user_ce_key(userid_t user_id,
+ const android::vold::KeyAuthentication& auth) {
+ if (s_ce_key_raw_refs.count(user_id) != 0) return true;
+ KeyBuffer ce_key;
+ if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false;
+ std::string ce_raw_ref;
+-
+- if (is_wrapped_key_supported()) {
+- KeyBuffer ephemeral_wrapped_key;
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_key)) {
+- LOG(ERROR) << "Failed to export ce key";
+- return false;
+- }
+- ce_key = std::move(ephemeral_wrapped_key);
+- }
+ if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
+ s_ce_keys[user_id] = std::move(ce_key);
+ s_ce_key_raw_refs[user_id] = ce_raw_ref;
+@@ -269,15 +232,8 @@ static bool destroy_dir(const std::string& dir) {
+ // it creates keys in a fixed location.
+ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral) {
+ KeyBuffer de_key, ce_key;
+-
+- if(is_wrapped_key_supported()) {
+- if (!generateWrappedKey(user_id, android::vold::KeyType::DE_USER, &de_key)) return false;
+- if (!generateWrappedKey(user_id, android::vold::KeyType::CE_USER, &ce_key)) return false;
+- } else {
+- if (!android::vold::randomKey(&de_key)) return false;
+- if (!android::vold::randomKey(&ce_key)) return false;
+- }
+-
++ if (!android::vold::randomKey(&de_key)) return false;
++ if (!android::vold::randomKey(&ce_key)) return false;
+ if (create_ephemeral) {
+ // If the key should be created as ephemeral, don't store it.
+ s_ephemeral_users.insert(user_id);
+@@ -294,36 +250,13 @@ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral
+ if (!android::vold::storeKeyAtomically(get_de_key_path(user_id), user_key_temp,
+ kEmptyAuthentication, de_key)) return false;
+ }
+-
+- /* Install the DE keys */
+ std::string de_raw_ref;
+- std::string ce_raw_ref;
+-
+- if (is_wrapped_key_supported()) {
+- KeyBuffer ephemeral_wrapped_de_key;
+- KeyBuffer ephemeral_wrapped_ce_key;
+-
+- /* Export and install the DE keys */
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, de_key, &ephemeral_wrapped_de_key)) {
+- LOG(ERROR) << "Failed to export de_key";
+- return false;
+- }
+- /* Export and install the CE keys */
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_ce_key)) {
+- LOG(ERROR) << "Failed to export de_key";
+- return false;
+- }
+-
+- de_key = std::move(ephemeral_wrapped_de_key);
+- ce_key = std::move(ephemeral_wrapped_ce_key);
+- }
+ if (!android::vold::installKey(de_key, &de_raw_ref)) return false;
+- if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
+- s_ce_keys[user_id] = std::move(ce_key);
+-
+ s_de_key_raw_refs[user_id] = de_raw_ref;
++ std::string ce_raw_ref;
++ if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
++ s_ce_keys[user_id] = ce_key;
+ s_ce_key_raw_refs[user_id] = ce_raw_ref;
+-
+ LOG(DEBUG) << "Created keys for user " << user_id;
+ return true;
+ }
+@@ -388,14 +321,6 @@ static bool load_all_de_keys() {
+ KeyBuffer key;
+ if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
+ std::string raw_ref;
+- if (is_wrapped_key_supported()) {
+- KeyBuffer ephemeral_wrapped_key;
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
+- LOG(ERROR) << "Failed to export de_key in create_and_install_user_keys";
+- return false;
+- }
+- key = std::move(ephemeral_wrapped_key);
+- }
+ if (!android::vold::installKey(key, &raw_ref)) return false;
+ s_de_key_raw_refs[user_id] = raw_ref;
+ LOG(DEBUG) << "Installed de key for user " << user_id;
+@@ -408,7 +333,6 @@ static bool load_all_de_keys() {
+
+ bool e4crypt_initialize_global_de() {
+ LOG(INFO) << "e4crypt_initialize_global_de";
+- bool wrapped_key_supported = false;
+
+ if (s_global_de_initialized) {
+ LOG(INFO) << "Already initialized";
+@@ -416,11 +340,8 @@ bool e4crypt_initialize_global_de() {
+ }
+
+ PolicyKeyRef device_ref;
+- wrapped_key_supported = is_wrapped_key_supported();
+-
+- if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication,
+- device_key_path, device_key_temp,
+- &device_ref.key_raw_ref, wrapped_key_supported))
++ if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication, device_key_path,
++ device_key_temp, &device_ref.key_raw_ref))
+ return false;
+ get_data_file_encryption_modes(&device_ref);
+
+@@ -594,7 +515,6 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin
+ PolicyKeyRef* key_ref) {
+ auto secdiscardable_path = volume_secdiscardable_path(volume_uuid);
+ std::string secdiscardable_hash;
+- bool wrapped_key_supported = false;
+ if (android::vold::pathExists(secdiscardable_path)) {
+ if (!android::vold::readSecdiscardable(secdiscardable_path, &secdiscardable_hash))
+ return false;
+@@ -612,10 +532,8 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin
+ return false;
+ }
+ android::vold::KeyAuthentication auth("", secdiscardable_hash);
+- wrapped_key_supported = is_wrapped_key_supported_external();
+-
+ if (!android::vold::retrieveAndInstallKey(true, auth, key_path, key_path + "_tmp",
+- &key_ref->key_raw_ref, wrapped_key_supported))
++ &key_ref->key_raw_ref))
+ return false;
+ key_ref->contents_mode =
+ android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts");
+@@ -641,74 +559,20 @@ bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string&
+ if (!parse_hex(secret_hex, &secret)) return false;
+ auto auth = secret.empty() ? kEmptyAuthentication
+ : android::vold::KeyAuthentication(token, secret);
++ auto it = s_ce_keys.find(user_id);
++ if (it == s_ce_keys.end()) {
++ LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
++ return false;
++ }
++ const auto &ce_key = it->second;
+ auto const directory_path = get_ce_key_directory_path(user_id);
+ auto const paths = get_ce_key_paths(directory_path);
+-
+- KeyBuffer ce_key;
+- if(is_wrapped_key_supported()) {
+- std::string ce_key_current_path = get_ce_key_current_path(directory_path);
+- if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
+- LOG(DEBUG) << "Successfully retrieved key";
+- } else {
+- if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) {
+- LOG(DEBUG) << "Successfully retrieved key";
+- }
+- }
+- } else {
+- auto it = s_ce_keys.find(user_id);
+- if (it == s_ce_keys.end()) {
+- LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
+- return false;
+- }
+- ce_key = it->second;
+- }
+-
+ std::string ce_key_path;
+ if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
+ if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, auth, ce_key)) return false;
+ return true;
+ }
+
+-bool e4crypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
+- const std::string& secret_hex) {
+- LOG(DEBUG) << "e4crypt_clear_user_key_auth " << user_id << " serial=" << serial
+- << " token_present=" << (token_hex != "!");
+- if (!e4crypt_is_native()) return true;
+- if (s_ephemeral_users.count(user_id) != 0) return true;
+- std::string token, secret;
+-
+- if (!parse_hex(token_hex, &token)) return false;
+- if (!parse_hex(secret_hex, &secret)) return false;
+-
+- if (is_wrapped_key_supported()) {
+- auto const directory_path = get_ce_key_directory_path(user_id);
+- auto const paths = get_ce_key_paths(directory_path);
+-
+- KeyBuffer ce_key;
+- std::string ce_key_current_path = get_ce_key_current_path(directory_path);
+-
+- auto auth = android::vold::KeyAuthentication(token, secret);
+- /* Retrieve key while removing a pin. A secret is needed */
+- if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) {
+- LOG(DEBUG) << "Successfully retrieved key";
+- } else {
+- /* Retrieve key when going None to swipe and vice versa when a
+- synthetic password is present */
+- if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
+- LOG(DEBUG) << "Successfully retrieved key";
+- }
+- }
+-
+- std::string ce_key_path;
+- if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
+- if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, kEmptyAuthentication, ce_key))
+- return false;
+- } else {
+- if(!e4crypt_add_user_key_auth(user_id, serial, "!", "!")) return false;
+- }
+- return true;
+-}
+-
+ bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) {
+ LOG(DEBUG) << "e4crypt_fixate_newest_user_key_auth " << user_id;
+ if (!e4crypt_is_native()) return true;
+diff --git a/Ext4Crypt.h b/Ext4Crypt.h
+index 5101bf6..a43a68a 100644
+--- a/Ext4Crypt.h
++++ b/Ext4Crypt.h
+@@ -25,8 +25,6 @@ bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
+ bool e4crypt_destroy_user_key(userid_t user_id);
+ bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token,
+ const std::string& secret);
+-bool e4crypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
+- const std::string& secret_hex);
+ bool e4crypt_fixate_newest_user_key_auth(userid_t user_id);
+
+ bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token,
+@@ -38,5 +36,3 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
+ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags);
+
+ bool e4crypt_destroy_volume_keys(const std::string& volume_uuid);
+-bool is_wrapped_key_supported();
+-bool is_wrapped_key_supported_external();
+diff --git a/KeyStorage.cpp b/KeyStorage.cpp
+index 69cd41c..0518930 100644
+--- a/KeyStorage.cpp
++++ b/KeyStorage.cpp
+@@ -61,7 +61,6 @@ static constexpr size_t SECDISCARDABLE_BYTES = 1 << 14;
+ static constexpr size_t STRETCHED_BYTES = 1 << 6;
+
+ static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds
+-constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64;
+
+ static const char* kCurrentVersion = "1";
+ static const char* kRmPath = "/system/bin/rm";
+@@ -127,47 +126,6 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication&
+ return keymaster.generateKey(paramBuilder, key);
+ }
+
+-bool generateWrappedKey(userid_t user_id, KeyType key_type,
+- KeyBuffer* key) {
+- Keymaster keymaster;
+- if (!keymaster) return false;
+- *key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE);
+- std::string key_temp;
+- auto paramBuilder = km::AuthorizationSetBuilder()
+- .AesEncryptionKey(AES_KEY_BYTES * 8)
+- .GcmModeMinMacLen(GCM_MAC_BYTES * 8)
+- .Authorization(km::TAG_USER_ID, user_id);
+- km::KeyParameter param1;
+- param1.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_FBE_ICE);
+- param1.f.boolValue = true;
+- paramBuilder.push_back(param1);
+-
+- km::KeyParameter param2;
+- if ((key_type == KeyType::DE_USER) || (key_type == KeyType::DE_SYS)) {
+- param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE);
+- param2.f.integer = 0;
+- } else if (key_type == KeyType::CE_USER) {
+- param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE);
+- param2.f.integer = 1;
+- }
+- paramBuilder.push_back(param2);
+-
+- if (!keymaster.generateKey(paramBuilder, &key_temp)) return false;
+- *key = KeyBuffer(key_temp.size());
+- memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
+- return true;
+-}
+-
+-bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key) {
+- std::string key_temp;
+- Keymaster keymaster;
+- if (!keymaster) return false;
+- if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false;
+- *key = KeyBuffer(key_temp.size());
+- memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
+- return true;
+-}
+-
+ static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(
+ const KeyAuthentication& auth, const std::string& appId) {
+ auto paramBuilder = km::AuthorizationSetBuilder()
+diff --git a/KeyStorage.h b/KeyStorage.h
+index 0c2609e..786e5b4 100644
+--- a/KeyStorage.h
++++ b/KeyStorage.h
+@@ -17,9 +17,8 @@
+ #ifndef ANDROID_VOLD_KEYSTORAGE_H
+ #define ANDROID_VOLD_KEYSTORAGE_H
+
+-#include "Keymaster.h"
+ #include "KeyBuffer.h"
+-#include <ext4_utils/ext4_crypt.h>
++
+ #include <string>
+
+ namespace android {
+@@ -40,12 +39,6 @@ class KeyAuthentication {
+ const std::string secret;
+ };
+
+-enum class KeyType {
+- DE_SYS,
+- DE_USER,
+- CE_USER
+-};
+-
+ extern const KeyAuthentication kEmptyAuthentication;
+
+ // Checks if path "path" exists.
+@@ -74,8 +67,6 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe
+ bool destroyKey(const std::string& dir);
+
+ bool runSecdiscardSingle(const std::string& file);
+-bool generateWrappedKey(userid_t user_id, KeyType key_type, KeyBuffer* key);
+-bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key);
+ } // namespace vold
+ } // namespace android
+
+diff --git a/KeyUtil.cpp b/KeyUtil.cpp
+index e8c366f..9885440 100644
+--- a/KeyUtil.cpp
++++ b/KeyUtil.cpp
+@@ -27,13 +27,8 @@
+ #include <keyutils.h>
+
+ #include "KeyStorage.h"
+-#include "Ext4Crypt.h"
+ #include "Utils.h"
+
+-#define MAX_USER_ID 0xFFFFFFFF
+-
+-using android::hardware::keymaster::V4_0::KeyFormat;
+-using android::vold::KeyType;
+ namespace android {
+ namespace vold {
+
+@@ -127,14 +122,7 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref) {
+ ext4_encryption_key &ext4_key = *reinterpret_cast<ext4_encryption_key*>(ext4KeyBuffer.data());
+
+ if (!fillKey(key, &ext4_key)) return false;
+- if (is_wrapped_key_supported()) {
+- /* When wrapped key is supported, only the first 32 bytes are
+- the same per boot. The second 32 bytes can change as the ephemeral
+- key is different. */
+- *raw_ref = generateKeyRef(ext4_key.raw, (ext4_key.size)/2);
+- } else {
+- *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+- }
++ *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+ key_serial_t device_keyring;
+ if (!e4cryptKeyring(&device_keyring)) return false;
+ for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
+@@ -175,7 +163,7 @@ bool evictKey(const std::string& raw_ref) {
+
+ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
+ const std::string& key_path, const std::string& tmp_path,
+- std::string* key_ref, bool wrapped_key_supported) {
++ std::string* key_ref) {
+ KeyBuffer key;
+ if (pathExists(key_path)) {
+ LOG(DEBUG) << "Key exists, using: " << key_path;
+@@ -186,23 +174,10 @@ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_a
+ return false;
+ }
+ LOG(INFO) << "Creating new key in " << key_path;
+- if (wrapped_key_supported) {
+- if(!generateWrappedKey(MAX_USER_ID, KeyType::DE_SYS, &key)) return false;
+- } else {
+- if (!randomKey(&key)) return false;
+- }
++ if (!randomKey(&key)) return false;
+ if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false;
+ }
+
+- if (wrapped_key_supported) {
+- KeyBuffer ephemeral_wrapped_key;
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
+- LOG(ERROR) << "Failed to export key in retrieveAndInstallKey";
+- return false;
+- }
+- key = std::move(ephemeral_wrapped_key);
+- }
+-
+ if (!installKey(key, key_ref)) {
+ LOG(ERROR) << "Failed to install key in " << key_path;
+ return false;
+diff --git a/KeyUtil.h b/KeyUtil.h
+index e73c065..a85eca1 100644
+--- a/KeyUtil.h
++++ b/KeyUtil.h
+@@ -19,7 +19,6 @@
+
+ #include "KeyBuffer.h"
+ #include "KeyStorage.h"
+-#include "Keymaster.h"
+
+ #include <string>
+ #include <memory>
+@@ -32,9 +31,10 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref);
+ bool evictKey(const std::string& raw_ref);
+ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
+ const std::string& key_path, const std::string& tmp_path,
+- std::string* key_ref, bool wrapped_key_supported);
++ std::string* key_ref);
+ bool retrieveKey(bool create_if_absent, const std::string& key_path,
+ const std::string& tmp_path, KeyBuffer* key);
++
+ } // namespace vold
+ } // namespace android
+
+diff --git a/Keymaster.cpp b/Keymaster.cpp
+index ab39ef8..aad4387 100644
+--- a/Keymaster.cpp
++++ b/Keymaster.cpp
+@@ -138,32 +138,6 @@ bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* k
+ return true;
+ }
+
+-bool Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
+- const std::string& appData, std::string* key) {
+- auto kmKeyBlob = km::support::blob2hidlVec(std::string(kmKey.data(), kmKey.size()));
+- auto emptyAssign = NULL;
+- auto kmClientId = (clientId == "!") ? emptyAssign: km::support::blob2hidlVec(clientId);
+- auto kmAppData = (appData == "!") ? emptyAssign: km::support::blob2hidlVec(appData);
+- km::ErrorCode km_error;
+- auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& exportedKeyBlob) {
+- km_error = ret;
+- if (km_error != km::ErrorCode::OK) return;
+- if(key)
+- key->assign(reinterpret_cast<const char*>(&exportedKeyBlob[0]),
+- exportedKeyBlob.size());
+- };
+- auto error = mDevice->exportKey(format, kmKeyBlob, kmClientId, kmAppData, hidlCb);
+- if (!error.isOk()) {
+- LOG(ERROR) << "export_key failed: " << error.description();
+- return false;
+- }
+- if (km_error != km::ErrorCode::OK) {
+- LOG(ERROR) << "export_key failed, code " << int32_t(km_error);
+- return false;
+- }
+- return true;
+-}
+-
+ bool Keymaster::deleteKey(const std::string& key) {
+ auto keyBlob = km::support::blob2hidlVec(key);
+ auto error = mDevice->deleteKey(keyBlob);
+diff --git a/Keymaster.h b/Keymaster.h
+index c0ec4d3..fabe0f4 100644
+--- a/Keymaster.h
++++ b/Keymaster.h
+@@ -102,9 +102,6 @@ class Keymaster {
+ explicit operator bool() { return mDevice.get() != nullptr; }
+ // Generate a key in the keymaster from the given params.
+ bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
+- // Export a key from keymaster.
+- bool exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
+- const std::string& appData, std::string* key);
+ // If the keymaster supports it, permanently delete a key.
+ bool deleteKey(const std::string& key);
+ // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.
+diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
+index 6bd506a..6d6c6ec 100644
+--- a/VoldNativeService.cpp
++++ b/VoldNativeService.cpp
+@@ -715,14 +715,6 @@ binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSer
+ return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token, secret));
+ }
+
+-binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
+- const std::string& token, const std::string& secret) {
+- ENFORCE_UID(AID_SYSTEM);
+- ACQUIRE_CRYPT_LOCK;
+-
+- return translateBool(e4crypt_clear_user_key_auth(userId, userSerial, token, secret));
+-}
+-
+ binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+diff --git a/VoldNativeService.h b/VoldNativeService.h
+index 2403678..da8c660 100644
+--- a/VoldNativeService.h
++++ b/VoldNativeService.h
+@@ -103,8 +103,6 @@ public:
+
+ binder::Status addUserKeyAuth(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret);
+- binder::Status clearUserKeyAuth(int32_t userId, int32_t userSerial,
+- const std::string& token, const std::string& secret);
+ binder::Status fixateNewestUserKeyAuth(int32_t userId);
+
+ binder::Status unlockUserKey(int32_t userId, int32_t userSerial,
+diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
+index 3a54390..9f5b21a 100644
+--- a/binder/android/os/IVold.aidl
++++ b/binder/android/os/IVold.aidl
+@@ -85,7 +85,6 @@ interface IVold {
+ void destroyUserKey(int userId);
+
+ void addUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+- void clearUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+ void fixateNewestUserKeyAuth(int userId);
+
+ void unlockUserKey(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+--
+2.17.1
+