Keystore 2.0: Clear Uid/Namesapce

Implement uid/namespace clearing for Keystore 2.0. Test: Verified that keys get deleted when an app gets uninstalled. Change-Id: I1b0b65e977177a6e34c500b00b5070ec18be2671
2021-02-22 21:39:34 -08:00
parent ae6583b34f
commit d5dd5ebaed
2 changed files with 26 additions and 3 deletions
--- a/keystore/java/android/security/AndroidKeyStoreMaintenance.java
+++ b/keystore/java/android/security/AndroidKeyStoreMaintenance.java
@@ -21,6 +21,7 @@ import android.annotation.Nullable;
 import android.os.ServiceManager;
 import android.os.ServiceSpecificException;
 import android.security.usermanager.IKeystoreUserManager;
+import android.system.keystore2.Domain;
 import android.system.keystore2.ResponseCode;
 import android.util.Log;

@@ -39,7 +40,7 @@ public class AndroidKeyStoreMaintenance {
    }

    /**
-     * Informs keystore2 about adding a user
+     * Informs Keystore 2.0 about adding a user
     *
     * @param userId - Android user id of the user being added
     * @return 0 if successful or a {@code ResponseCode}
@@ -60,7 +61,7 @@ public class AndroidKeyStoreMaintenance {
    }

    /**
-     * Informs keystore2 about removing a usergit mer
+     * Informs Keystore 2.0 about removing a usergit mer
     *
     * @param userId - Android user id of the user being removed
     * @return 0 if successful or a {@code ResponseCode}
@@ -81,7 +82,7 @@ public class AndroidKeyStoreMaintenance {
    }

    /**
-     * Informs keystore2 about changing user's password
+     * Informs Keystore 2.0 about changing user's password
     *
     * @param userId   - Android user id of the user
     * @param password - a secret derived from the synthetic password provided by the
@@ -102,4 +103,22 @@ public class AndroidKeyStoreMaintenance {
            return SYSTEM_ERROR;
        }
    }
+
+    /**
+     * Informs Keystore 2.0 that an app was uninstalled and the corresponding namspace is to
+     * be cleared.
+     */
+    public static int clearNamespace(@Domain int domain, long namespace) {
+        if (!android.security.keystore2.AndroidKeyStoreProvider.isInstalled()) return 0;
+        try {
+            getService().clearNamespace(domain, namespace);
+            return 0;
+        } catch (ServiceSpecificException e) {
+            Log.e(TAG, "clearNamespace failed", e);
+            return e.errorCode;
+        } catch (Exception e) {
+            Log.e(TAG, "Can not connect to keystore", e);
+            return SYSTEM_ERROR;
+        }
+    }
 }