keyring/user_keyring: switch to KEYCTL_UNLINK

KEYCTL_INVALIDATE has complicated semantics: it doesn't remove the key from the keyring right away but rather marks it as being invalidated, and then removes it asynchronously. This nondeterministically breaks the heuristic I'm implementing to detect v1-encrypted directories being incompletely locked. Instead, switch to KEYCTL_UNLINK, which has simpler semantics. Note that Android uses KEYCTL_UNLINK too.
author: Eric Biggers <ebiggers@google.com> 2020-05-09 14:17:17 -0700
committer: Eric Biggers <ebiggers@google.com> 2020-05-09 15:16:13 -0700
commit: fb99b37a05696db4ceabb793e5f16727ec854ed1 (patch)
tree: 13a1aa887af5aad0c79cdc4668072dc0fc1d64b0 /keyring/keyring.go
parent: 338347ac4766f899fdc471d57f293798ff0e6c29 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/keyring/keyring.go b/keyring/keyring.go
index 6623943..fb9cc0e 100644
--- a/keyring/keyring.go
+++ b/keyring/keyring.go
@@ -173,7 +173,7 @@ func GetEncryptionKeyStatus(descriptor string, options *Options) (KeyStatus, err
 	if useFsKeyring {
 		return fsGetEncryptionKeyStatus(descriptor, options.Mount, options.User)
 	}
-	_, err = userFindKey(buildKeyDescription(options, descriptor), options.User)
+	_, _, err = userFindKey(buildKeyDescription(options, descriptor), options.User)
 	if err != nil {
 		return KeyAbsent, nil
 	}
author	Eric Biggers <ebiggers@google.com>	2020-05-09 14:17:17 -0700
committer	Eric Biggers <ebiggers@google.com>	2020-05-09 15:16:13 -0700
commit	fb99b37a05696db4ceabb793e5f16727ec854ed1 (patch)
tree	13a1aa887af5aad0c79cdc4668072dc0fc1d64b0 /keyring/keyring.go
parent	338347ac4766f899fdc471d57f293798ff0e6c29 (diff)