init: remove session keyring workaround for old kernels
The android-4.14-stable and later kernels support the
FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY ioctls. This
has superseded the old way of adding fscrypt keys to the kernel, which
was to use the add_key() syscall to add keys to the "session" keyring.
On kernels that support the ioctls, Android doesn't use the obsolete
way. Since upgrading even just to Android 14 requires at minimum a
android-4.14-stable kernel (according to
https://source.android.com/docs/core/architecture/kernel/android-common#compatibility-matrix),
there is no need to support the obsolete way anymore.
Therefore, this commit removes the code from init that created a keyring
named "fscrypt" in the session keyring. It also removes the code that
created the session keyring itself, since the only reason that Android
even created a session keyring was just to hold the "fscrypt" keyring.
Flag: N/A for the following reasons:
- Removing obsolete code, which is fairly safe
- Very early code, so runtime flag cannot be used
- Even a build-time flag cannot be used, since init needs
recovery_available, which aconfig libraries do not support
Bug: 311736104
Test: Build and boot Cuttlefish
Change-Id: Id9a184c68cf16d5c4b1d889444cf637c95a91413
6 files changed