diff options
| author | Chad Brubaker <cbrubaker@google.com> | 2015-05-21 15:57:24 -0700 |
|---|---|---|
| committer | Chad Brubaker <cbrubaker@google.com> | 2015-05-22 11:31:19 -0700 |
| commit | ce10b5edf0ba19b2bf74423c45d6640ab345ced4 (patch) | |
| tree | 6a406924dd99d7365854feb118661c07356e0d67 /src/com/android/settings/CredentialStorage.java | |
| parent | a0e052b17b0c730dcd61ad2787c041c75107f106 (diff) | |
| download | packages_apps_Settings-ce10b5edf0ba19b2bf74423c45d6640ab345ced4.zip packages_apps_Settings-ce10b5edf0ba19b2bf74423c45d6640ab345ced4.tar.gz packages_apps_Settings-ce10b5edf0ba19b2bf74423c45d6640ab345ced4.tar.bz2 | |
Clear only keystore credential entires
Instead of reseting the whole user only clear the uids that are used
for credential storage. These are limited to only WIFI, VPN, ROOT and
System. This prevents applications that use keystore for crypto keys
from losing their keys when the user clears credentials.
Previously when reset was called the next time the user unlocked the
keystore it would be reinitialized with the user's password however this
behavior was removed from keystore causing a loop of unlock prompts from
CredentialStorage when trying to install a new certificate after clearing
the storage.
Additionally this makes clear credentials clear any managed profiles as
well, previously it only cleared the current user.
Bug:21373935
Change-Id: Id86ec0bc66a4f6c0d5e649bead007007e2fc8268
Diffstat (limited to 'src/com/android/settings/CredentialStorage.java')
| -rw-r--r-- | src/com/android/settings/CredentialStorage.java | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java index 5415ccf..90efd58 100644 --- a/src/com/android/settings/CredentialStorage.java +++ b/src/com/android/settings/CredentialStorage.java @@ -105,6 +105,12 @@ public final class CredentialStorage extends Activity { private final KeyStore mKeyStore = KeyStore.getInstance(); /** + * The UIDs that are used for system credential storage in keystore. + */ + private static final int[] SYSTEM_CREDENTIAL_UIDS = {Process.WIFI_UID, Process.VPN_UID, + Process.ROOT_UID, Process.SYSTEM_UID}; + + /** * When non-null, the bundle containing credentials to install. */ private Bundle mInstallBundle; @@ -333,7 +339,14 @@ public final class CredentialStorage extends Activity { @Override protected Boolean doInBackground(Void... unused) { - mKeyStore.reset(); + // Clear all the users credentials could have been installed in for this user. + final UserManager um = (UserManager) getSystemService(USER_SERVICE); + for (UserInfo pi : um.getProfiles(UserHandle.getUserId(Process.myUid()))) { + for (int uid : SYSTEM_CREDENTIAL_UIDS) { + mKeyStore.clearUid(UserHandle.getUid(pi.id, uid)); + } + } + try { KeyChainConnection keyChainConnection = KeyChain.bind(CredentialStorage.this); |