|
|
|
@ -411,11 +411,18 @@ bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral)
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// "Lock" all encrypted directories whose key has been removed. This is needed
|
|
|
|
|
// because merely removing the keyring key doesn't affect inodes in the kernel's
|
|
|
|
|
// inode cache whose per-file key was already set up. So to remove the per-file
|
|
|
|
|
// keys and make the files "appear encrypted", these inodes must be evicted.
|
|
|
|
|
//
|
|
|
|
|
// To do this, sync() to clean all dirty inodes, then drop all reclaimable slab
|
|
|
|
|
// objects systemwide. This is overkill, but it's the best available method
|
|
|
|
|
// currently. Don't use drop_caches mode "3" because that also evicts pagecache
|
|
|
|
|
// for in-use files; all files relevant here are already closed and sync'ed.
|
|
|
|
|
static void drop_caches() {
|
|
|
|
|
// Clean any dirty pages (otherwise they won't be dropped).
|
|
|
|
|
sync();
|
|
|
|
|
// Drop inode and page caches.
|
|
|
|
|
if (!writeStringToFile("3", "/proc/sys/vm/drop_caches")) {
|
|
|
|
|
if (!writeStringToFile("2", "/proc/sys/vm/drop_caches")) {
|
|
|
|
|
PLOG(ERROR) << "Failed to drop caches during key eviction";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|