Remove keystore entries when package removed

Add a hook into PackageManagerService so that when app IDs are
completely removed, we erase all entries from keystore for those UIDs
that have gone away.

Bug: 3020069
Change-Id: Id4b1d51a5fa4c418865055635a84bebcf5b65ec8

1 files changed, 13 insertions, 0 deletions

diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index b8324ee..c16f0ee 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -111,7 +111,9 @@ import android.os.SystemClock;
 import android.os.SystemProperties;
 import android.os.UserHandle;
 import android.os.Environment.UserEnvironment;
+import android.os.UserManager;
 import android.provider.Settings.Secure;
+import android.security.KeyStore;
 import android.security.SystemKeyStore;
 import android.util.DisplayMetrics;
 import android.util.EventLog;
@@ -8219,6 +8221,17 @@ public class PackageManagerService extends IPackageManager.Stub {
                 mSettings.writeLPr();
             }
         }
+        // A user ID was deleted here. Go through all users and remove it from
+        // KeyStore.
+        final int appId = outInfo.removedAppId;
+        if (appId != -1) {
+            final KeyStore keyStore = KeyStore.getInstance();
+            if (keyStore != null) {
+                for (final int userId : sUserManager.getUserIds()) {
+                    keyStore.clearUid(UserHandle.getUid(userId, appId));
+                }
+            }
+        }
     }
 
     /*