From 906147cdb3663b1aa5f6ebdc4a8ce2ce509ffa27 Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Tue, 6 Nov 2018 14:14:05 -0800
Subject: Fix deleting legacy key blobs

Since the keystore alias prefix USERSKEY was deprecated
Credentials.deleteUserKeyTypeForAlias tried to delete key the
remaining prefix first and if that failed tried to delete the
legacy prefix.
However, KeyStore.delete returns true if the key was deleted or
did not exist. So the first call to delete would return true
whether the key existed or not and the legacy alias would never be
deleted.

This patch introduces a new flavor of KeyStore.delete, that returns an
error code instead of a boolean. The caller can now distinguish
the nature of the failure. Credentials.deleteUserKeyTypeForAlias now
checks this return code and attempts to delete the legacy variant if
KEY_NOT_FOUND was returned.

Bug: 117818447
Change-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4
---
 keystore/java/android/security/KeyStore.java | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'keystore/java/android/security/KeyStore.java')

diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index e1c1138fe52d..6ac52d109032 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -255,16 +255,20 @@ public class KeyStore {
         }
     }
 
-    public boolean delete(String key, int uid) {
+    int delete2(String key, int uid) {
         try {
-            int ret = mBinder.del(key, uid);
-            return (ret == NO_ERROR || ret == KEY_NOT_FOUND);
+            return mBinder.del(key, uid);
         } catch (RemoteException e) {
             Log.w(TAG, "Cannot connect to keystore", e);
-            return false;
+            return SYSTEM_ERROR;
         }
     }
 
+    public boolean delete(String key, int uid) {
+        int ret = delete2(key, uid);
+        return ret == NO_ERROR || ret == KEY_NOT_FOUND;
+    }
+
     @UnsupportedAppUsage
     public boolean delete(String key) {
         return delete(key, UID_SELF);
-- 
cgit v1.2.3