Remove keystore entries when package removed

Add a hook into PackageManagerService so that when app IDs are completely removed, we erase all entries from keystore for those UIDs that have gone away. (cherry picked from commit 95e3ee3971915b323e5c13dcfe3b12a4180850cd) Bug: 3020069 Change-Id: I374258ccc103f8cb3e238f2bf0d1afda0659db94
author: Kenny Root <kroot@google.com> 2013-04-01 15:59:59 -0700
committer: Kenny Root <kroot@google.com> 2013-04-03 11:32:52 -0700
commit: d72317abd79ddf95d48c8f35bf1070900ff55b5e (patch)
tree: d07ab26ca8e840bd98811223315bc2ad773e0418
parent: 688c33448572fa3879b1486d8fa1bf16cd946211 (diff)
download: frameworks_base-d72317abd79ddf95d48c8f35bf1070900ff55b5e.zip
frameworks_base-d72317abd79ddf95d48c8f35bf1070900ff55b5e.tar.gz
frameworks_base-d72317abd79ddf95d48c8f35bf1070900ff55b5e.tar.bz2
3 files changed, 44 insertions, 1 deletions
diff --git a/core/java/android/security/IKeystoreService.java b/core/java/android/security/IKeystoreService.java
index c365643..e1cc90e 100644
--- a/core/java/android/security/IKeystoreService.java
+++ b/core/java/android/security/IKeystoreService.java
@@ -444,6 +444,24 @@ public interface IKeystoreService extends IInterface {
                 }
                 return _result;
             }
+
+            @Override
+            public int clear_uid(long uid) throws RemoteException {
+                Parcel _data = Parcel.obtain();
+                Parcel _reply = Parcel.obtain();
+                int _result;
+                try {
+                    _data.writeInterfaceToken(DESCRIPTOR);
+                    _data.writeLong(uid);
+                    mRemote.transact(Stub.TRANSACTION_clear_uid, _data, _reply, 0);
+                    _reply.readException();
+                    _result = _reply.readInt();
+                } finally {
+                    _reply.recycle();
+                    _data.recycle();
+                }
+                return _result;
+            }
         }
 
         private static final String DESCRIPTOR = "android.security.keystore";
@@ -470,6 +488,7 @@ public interface IKeystoreService extends IInterface {
         static final int TRANSACTION_getmtime = IBinder.FIRST_CALL_TRANSACTION + 19;
         static final int TRANSACTION_duplicate = IBinder.FIRST_CALL_TRANSACTION + 20;
         static final int TRANSACTION_is_hardware_backed = IBinder.FIRST_CALL_TRANSACTION + 21;
+        static final int TRANSACTION_clear_uid = IBinder.FIRST_CALL_TRANSACTION + 22;
 
         /**
          * Cast an IBinder object into an IKeystoreService interface, generating
@@ -559,4 +578,6 @@ public interface IKeystoreService extends IInterface {
             throws RemoteException;
 
     public int is_hardware_backed() throws RemoteException;
+
+    public int clear_uid(long uid) throws RemoteException;
 }
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 2037472..852f0bb 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -305,6 +305,15 @@ public class KeyStore {
         }
     }
 
+    public boolean clearUid(int uid) {
+        try {
+            return mBinder.clear_uid(uid) == NO_ERROR;
+        } catch (RemoteException e) {
+            Log.w(TAG, "Cannot connect to keystore", e);
+            return false;
+        }
+    }
+
     public int getLastError() {
         return mError;
     }
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index ae9260a..a3ab431 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -110,8 +110,10 @@ import android.os.ServiceManager;
 import android.os.SystemClock;
 import android.os.SystemProperties;
 import android.os.UserHandle;
-import android.os.UserManager;
 import android.os.Environment.UserEnvironment;
+import android.os.UserManager;
+import android.provider.Settings.Secure;
+import android.security.KeyStore;
 import android.security.SystemKeyStore;
 import android.util.DisplayMetrics;
 import android.util.EventLog;
@@ -8634,6 +8636,17 @@ public class PackageManagerService extends IPackageManager.Stub {
                 mSettings.writeLPr();
             }
         }
+        // A user ID was deleted here. Go through all users and remove it from
+        // KeyStore.
+        final int appId = outInfo.removedAppId;
+        if (appId != -1) {
+            final KeyStore keyStore = KeyStore.getInstance();
+            if (keyStore != null) {
+                for (final int userId : sUserManager.getUserIds()) {
+                    keyStore.clearUid(UserHandle.getUid(userId, appId));
+                }
+            }
+        }
     }
 
     /*
author	Kenny Root <kroot@google.com>	2013-04-01 15:59:59 -0700
committer	Kenny Root <kroot@google.com>	2013-04-03 11:32:52 -0700
commit	d72317abd79ddf95d48c8f35bf1070900ff55b5e (patch)
tree	d07ab26ca8e840bd98811223315bc2ad773e0418
parent	688c33448572fa3879b1486d8fa1bf16cd946211 (diff)
download	frameworks_base-d72317abd79ddf95d48c8f35bf1070900ff55b5e.zip frameworks_base-d72317abd79ddf95d48c8f35bf1070900ff55b5e.tar.gz frameworks_base-d72317abd79ddf95d48c8f35bf1070900ff55b5e.tar.bz2