Keystore 2.0: Clear Uid/Namesapce

Implement uid/namespace clearing for Keystore 2.0. Test: Verified that keys get deleted when an app gets uninstalled. Change-Id: I1b0b65e977177a6e34c500b00b5070ec18be2671
author: Janis Danisevskis <jdanis@google.com> 2021-02-22 21:39:34 -0800
committer: Janis Danisevskis <jdanis@google.com> 2021-02-25 09:30:44 -0800
commit: d5dd5ebaedb530e928f82dfbd7db557200dd0d5e (patch)
tree: 8e98fdb8e07501f4f5d294ff21dab0fa11d71b49 /keystore/java/android/security/AndroidKeyStoreMaintenance.java
parent: ae6583b34f2ed0dce49ab5784940093ecd3b3c86 (diff)
1 files changed, 22 insertions, 3 deletions
diff --git a/keystore/java/android/security/AndroidKeyStoreMaintenance.java b/keystore/java/android/security/AndroidKeyStoreMaintenance.java
index c81c8c54d88a..ed789f03f9ba 100644
--- a/keystore/java/android/security/AndroidKeyStoreMaintenance.java
+++ b/keystore/java/android/security/AndroidKeyStoreMaintenance.java
@@ -21,6 +21,7 @@ import android.annotation.Nullable;
 import android.os.ServiceManager;
 import android.os.ServiceSpecificException;
 import android.security.usermanager.IKeystoreUserManager;
+import android.system.keystore2.Domain;
 import android.system.keystore2.ResponseCode;
 import android.util.Log;
 
@@ -39,7 +40,7 @@ public class AndroidKeyStoreMaintenance {
     }
 
     /**
-     * Informs keystore2 about adding a user
+     * Informs Keystore 2.0 about adding a user
      *
      * @param userId - Android user id of the user being added
      * @return 0 if successful or a {@code ResponseCode}
@@ -60,7 +61,7 @@ public class AndroidKeyStoreMaintenance {
     }
 
     /**
-     * Informs keystore2 about removing a usergit mer
+     * Informs Keystore 2.0 about removing a usergit mer
      *
      * @param userId - Android user id of the user being removed
      * @return 0 if successful or a {@code ResponseCode}
@@ -81,7 +82,7 @@ public class AndroidKeyStoreMaintenance {
     }
 
     /**
-     * Informs keystore2 about changing user's password
+     * Informs Keystore 2.0 about changing user's password
      *
      * @param userId   - Android user id of the user
      * @param password - a secret derived from the synthetic password provided by the
@@ -102,4 +103,22 @@ public class AndroidKeyStoreMaintenance {
             return SYSTEM_ERROR;
         }
     }
+
+    /**
+     * Informs Keystore 2.0 that an app was uninstalled and the corresponding namspace is to
+     * be cleared.
+     */
+    public static int clearNamespace(@Domain int domain, long namespace) {
+        if (!android.security.keystore2.AndroidKeyStoreProvider.isInstalled()) return 0;
+        try {
+            getService().clearNamespace(domain, namespace);
+            return 0;
+        } catch (ServiceSpecificException e) {
+            Log.e(TAG, "clearNamespace failed", e);
+            return e.errorCode;
+        } catch (Exception e) {
+            Log.e(TAG, "Can not connect to keystore", e);
+            return SYSTEM_ERROR;
+        }
+    }
 }
author	Janis Danisevskis <jdanis@google.com>	2021-02-22 21:39:34 -0800
committer	Janis Danisevskis <jdanis@google.com>	2021-02-25 09:30:44 -0800
commit	d5dd5ebaedb530e928f82dfbd7db557200dd0d5e (patch)
tree	8e98fdb8e07501f4f5d294ff21dab0fa11d71b49 /keystore/java/android/security/AndroidKeyStoreMaintenance.java
parent	ae6583b34f2ed0dce49ab5784940093ecd3b3c86 (diff)