From 95e3ee3971915b323e5c13dcfe3b12a4180850cd Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Mon, 1 Apr 2013 15:59:59 -0700 Subject: [PATCH] Remove keystore entries when package removed Add a hook into PackageManagerService so that when app IDs are completely removed, we erase all entries from keystore for those UIDs that have gone away. Bug: 3020069 Change-Id: Id4b1d51a5fa4c418865055635a84bebcf5b65ec8 --- core/java/android/security/IKeystoreService.java | 21 +++++++++++++++++++++ keystore/java/android/security/KeyStore.java | 9 +++++++++ .../android/server/pm/PackageManagerService.java | 13 +++++++++++++ 3 files changed, 43 insertions(+) diff --git a/core/java/android/security/IKeystoreService.java b/core/java/android/security/IKeystoreService.java index c36564373853..e1cc90e80cf0 100644 --- a/core/java/android/security/IKeystoreService.java +++ b/core/java/android/security/IKeystoreService.java @@ -444,6 +444,24 @@ public interface IKeystoreService extends IInterface { } return _result; } + + @Override + public int clear_uid(long uid) throws RemoteException { + Parcel _data = Parcel.obtain(); + Parcel _reply = Parcel.obtain(); + int _result; + try { + _data.writeInterfaceToken(DESCRIPTOR); + _data.writeLong(uid); + mRemote.transact(Stub.TRANSACTION_clear_uid, _data, _reply, 0); + _reply.readException(); + _result = _reply.readInt(); + } finally { + _reply.recycle(); + _data.recycle(); + } + return _result; + } } private static final String DESCRIPTOR = "android.security.keystore"; @@ -470,6 +488,7 @@ public interface IKeystoreService extends IInterface { static final int TRANSACTION_getmtime = IBinder.FIRST_CALL_TRANSACTION + 19; static final int TRANSACTION_duplicate = IBinder.FIRST_CALL_TRANSACTION + 20; static final int TRANSACTION_is_hardware_backed = IBinder.FIRST_CALL_TRANSACTION + 21; + static final int TRANSACTION_clear_uid = IBinder.FIRST_CALL_TRANSACTION + 22; /** * Cast an IBinder object into an IKeystoreService interface, generating @@ -559,4 +578,6 @@ public interface IKeystoreService extends IInterface { throws RemoteException; public int is_hardware_backed() throws RemoteException; + + public int clear_uid(long uid) throws RemoteException; } diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 20374724dd24..852f0bb4ea65 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -305,6 +305,15 @@ public class KeyStore { } } + public boolean clearUid(int uid) { + try { + return mBinder.clear_uid(uid) == NO_ERROR; + } catch (RemoteException e) { + Log.w(TAG, "Cannot connect to keystore", e); + return false; + } + } + public int getLastError() { return mError; } diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index b8324eeb2b60..c16f0eebe956 100644 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -111,7 +111,9 @@ import android.os.SystemClock; import android.os.SystemProperties; import android.os.UserHandle; import android.os.Environment.UserEnvironment; +import android.os.UserManager; import android.provider.Settings.Secure; +import android.security.KeyStore; import android.security.SystemKeyStore; import android.util.DisplayMetrics; import android.util.EventLog; @@ -8219,6 +8221,17 @@ public class PackageManagerService extends IPackageManager.Stub { mSettings.writeLPr(); } } + // A user ID was deleted here. Go through all users and remove it from + // KeyStore. + final int appId = outInfo.removedAppId; + if (appId != -1) { + final KeyStore keyStore = KeyStore.getInstance(); + if (keyStore != null) { + for (final int userId : sUserManager.getUserIds()) { + keyStore.clearUid(UserHandle.getUid(userId, appId)); + } + } + } } /* -- 2.11.0