am d72317ab: Remove keystore entries when package removed

* commit 'd72317abd79ddf95d48c8f35bf1070900ff55b5e': Remove keystore entries when package removed
2013-04-03 12:35:43 -07:00
parent b5d6b3fec0 d72317abd7
commit 6812059b2d
3 changed files with 44 additions and 1 deletions
--- a/core/java/android/security/IKeystoreService.java
+++ b/core/java/android/security/IKeystoreService.java
@@ -444,6 +444,24 @@ public interface IKeystoreService extends IInterface {
                }
                return _result;
            }
+
+            @Override
+            public int clear_uid(long uid) throws RemoteException {
+                Parcel _data = Parcel.obtain();
+                Parcel _reply = Parcel.obtain();
+                int _result;
+                try {
+                    _data.writeInterfaceToken(DESCRIPTOR);
+                    _data.writeLong(uid);
+                    mRemote.transact(Stub.TRANSACTION_clear_uid, _data, _reply, 0);
+                    _reply.readException();
+                    _result = _reply.readInt();
+                } finally {
+                    _reply.recycle();
+                    _data.recycle();
+                }
+                return _result;
+            }
        }

        private static final String DESCRIPTOR = "android.security.keystore";
@@ -470,6 +488,7 @@ public interface IKeystoreService extends IInterface {
        static final int TRANSACTION_getmtime = IBinder.FIRST_CALL_TRANSACTION + 19;
        static final int TRANSACTION_duplicate = IBinder.FIRST_CALL_TRANSACTION + 20;
        static final int TRANSACTION_is_hardware_backed = IBinder.FIRST_CALL_TRANSACTION + 21;
+        static final int TRANSACTION_clear_uid = IBinder.FIRST_CALL_TRANSACTION + 22;

        /**
         * Cast an IBinder object into an IKeystoreService interface, generating
@@ -559,4 +578,6 @@ public interface IKeystoreService extends IInterface {
            throws RemoteException;

    public int is_hardware_backed() throws RemoteException;
+
+    public int clear_uid(long uid) throws RemoteException;
 }
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -305,6 +305,15 @@ public class KeyStore {
        }
    }

+    public boolean clearUid(int uid) {
+        try {
+            return mBinder.clear_uid(uid) == NO_ERROR;
+        } catch (RemoteException e) {
+            Log.w(TAG, "Cannot connect to keystore", e);
+            return false;
+        }
+    }
+
    public int getLastError() {
        return mError;
    }
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -110,8 +110,10 @@ import android.os.ServiceManager;
 import android.os.SystemClock;
 import android.os.SystemProperties;
 import android.os.UserHandle;
-import android.os.UserManager;
 import android.os.Environment.UserEnvironment;
+import android.os.UserManager;
+import android.provider.Settings.Secure;
+import android.security.KeyStore;
 import android.security.SystemKeyStore;
 import android.util.DisplayMetrics;
 import android.util.EventLog;
@@ -8634,6 +8636,17 @@ public class PackageManagerService extends IPackageManager.Stub {
                mSettings.writeLPr();
            }
        }
+        // A user ID was deleted here. Go through all users and remove it from
+        // KeyStore.
+        final int appId = outInfo.removedAppId;
+        if (appId != -1) {
+            final KeyStore keyStore = KeyStore.getInstance();
+            if (keyStore != null) {
+                for (final int userId : sUserManager.getUserIds()) {
+                    keyStore.clearUid(UserHandle.getUid(userId, appId));
+                }
+            }
+        }
    }

    /*