Add keystore onUserAdded/Removed methods

(cherry-picked from commit 31c2897105e6d71f8e6edeab312d2147bbdbaeb1)

Change-Id: I73fe9344ec5660e58425d5c85d14381820533d57

3 files changed, 44 insertions, 12 deletions

diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl
index 4809050..b0779c0 100644
--- a/core/java/android/security/IKeystoreService.aidl
+++ b/core/java/android/security/IKeystoreService.aidl
@@ -75,4 +75,6 @@ interface IKeystoreService {
     int abort(IBinder handle);
     boolean isOperationAuthorized(IBinder token);
     int addAuthToken(in byte[] authToken);
+    int onUserAdded(int userId, int parentId);
+    int onUserRemoved(int userId);
 }
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 7e3193d..caa4fec 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -581,6 +581,44 @@ public class KeyStore {
         }
     }
 
+    /**
+     * Notify keystore that a user was added.
+     *
+     * @param userId the new user.
+     * @param parentId the parent of the new user, or -1 if the user has no parent. If parentId is
+     * specified then the new user's keystore will be intialized with the same secure lockscreen
+     * password as the parent.
+     */
+    public void onUserAdded(int userId, int parentId) {
+        try {
+            mBinder.onUserAdded(userId, parentId);
+        } catch (RemoteException e) {
+            Log.w(TAG, "Cannot connect to keystore", e);
+        }
+    }
+
+    /**
+     * Notify keystore that a user was added.
+     *
+     * @param userId the new user.
+     */
+    public void onUserAdded(int userId) {
+        onUserAdded(userId, -1);
+    }
+
+    /**
+     * Notify keystore that a user was removed.
+     *
+     * @param userId the removed user.
+     */
+    public void onUserRemoved(int userId) {
+        try {
+            mBinder.onUserRemoved(userId);
+        } catch (RemoteException e) {
+            Log.w(TAG, "Cannot connect to keystore", e);
+        }
+    }
+
     public boolean onUserPasswordChanged(String newPassword) {
         return onUserPasswordChanged(UserHandle.getUserId(Process.myUid()), newPassword);
     }
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index ed2de4a..2df7f79 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -106,20 +106,13 @@ public class LockSettingsService extends ILockSettings.Stub {
         @Override
         public void onReceive(Context context, Intent intent) {
             if (Intent.ACTION_USER_ADDED.equals(intent.getAction())) {
+                // Notify keystore that a new user was added.
                 final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, 0);
-                final int userSysUid = UserHandle.getUid(userHandle, Process.SYSTEM_UID);
                 final KeyStore ks = KeyStore.getInstance();
-
-                // Clear up keystore in case anything was left behind by previous users
-                ks.resetUid(userSysUid);
-
-                // If this user has a parent, sync with its keystore password
                 final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE);
                 final UserInfo parentInfo = um.getProfileParent(userHandle);
-                if (parentInfo != null) {
-                    final int parentSysUid = UserHandle.getUid(parentInfo.id, Process.SYSTEM_UID);
-                    ks.syncUid(parentSysUid, userSysUid);
-                }
+                final int parentHandle = parentInfo != null ? parentInfo.id : -1;
+                ks.onUserAdded(userHandle, parentHandle);
             } else if (Intent.ACTION_USER_STARTING.equals(intent.getAction())) {
                 final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, 0);
                 mStorage.prefetchUser(userHandle);
@@ -674,8 +667,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         mStorage.removeUser(userId);
 
         final KeyStore ks = KeyStore.getInstance();
-        final int userUid = UserHandle.getUid(userId, Process.SYSTEM_UID);
-        ks.resetUid(userUid);
+        ks.onUserRemoved(userId);
     }
 
     private static final String[] VALID_SETTINGS = new String[] {