Add a hook into PackageManagerService so that when app IDs are
completely removed, we erase all entries from keystore for those UIDs
that have gone away.
Bug:
3020069
Change-Id: Id4b1d51a5fa4c418865055635a84bebcf5b65ec8
}
return _result;
}
+
+ @Override
+ public int clear_uid(long uid) throws RemoteException {
+ Parcel _data = Parcel.obtain();
+ Parcel _reply = Parcel.obtain();
+ int _result;
+ try {
+ _data.writeInterfaceToken(DESCRIPTOR);
+ _data.writeLong(uid);
+ mRemote.transact(Stub.TRANSACTION_clear_uid, _data, _reply, 0);
+ _reply.readException();
+ _result = _reply.readInt();
+ } finally {
+ _reply.recycle();
+ _data.recycle();
+ }
+ return _result;
+ }
}
private static final String DESCRIPTOR = "android.security.keystore";
static final int TRANSACTION_getmtime = IBinder.FIRST_CALL_TRANSACTION + 19;
static final int TRANSACTION_duplicate = IBinder.FIRST_CALL_TRANSACTION + 20;
static final int TRANSACTION_is_hardware_backed = IBinder.FIRST_CALL_TRANSACTION + 21;
+ static final int TRANSACTION_clear_uid = IBinder.FIRST_CALL_TRANSACTION + 22;
/**
* Cast an IBinder object into an IKeystoreService interface, generating
throws RemoteException;
public int is_hardware_backed() throws RemoteException;
+
+ public int clear_uid(long uid) throws RemoteException;
}
}
}
+ public boolean clearUid(int uid) {
+ try {
+ return mBinder.clear_uid(uid) == NO_ERROR;
+ } catch (RemoteException e) {
+ Log.w(TAG, "Cannot connect to keystore", e);
+ return false;
+ }
+ }
+
public int getLastError() {
return mError;
}
import android.os.SystemProperties;
import android.os.UserHandle;
import android.os.Environment.UserEnvironment;
+import android.os.UserManager;
import android.provider.Settings.Secure;
+import android.security.KeyStore;
import android.security.SystemKeyStore;
import android.util.DisplayMetrics;
import android.util.EventLog;
mSettings.writeLPr();
}
}
+ // A user ID was deleted here. Go through all users and remove it from
+ // KeyStore.
+ final int appId = outInfo.removedAppId;
+ if (appId != -1) {
+ final KeyStore keyStore = KeyStore.getInstance();
+ if (keyStore != null) {
+ for (final int userId : sUserManager.getUserIds()) {
+ keyStore.clearUid(UserHandle.getUid(userId, appId));
+ }
+ }
+ }
}
/*