diff options
author | Vikram Gaur <vikramgaur@google.com> | 2022-05-28 01:20:37 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-05-28 01:20:37 +0000 |
commit | 86d796e7e0c09d28023e617b093bab9c6a0fe286 (patch) | |
tree | 9194ea173d28ec1e64a3791bb6b5351c8664eccf | |
parent | 529c3e01cc9cf1dcae1a3b65faa7ea7021a49bac (diff) | |
parent | d337c7727196f42af70aa93ab84f7c8b48cd9486 (diff) | |
download | security-86d796e7e0c09d28023e617b093bab9c6a0fe286.tar.gz |
Unbind Attestation keys when freeing up namespace. am: d337c77271
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18638770
Change-Id: Ib5d142635e9f7ae2197a3652c7a3bbadca5c3737
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | keystore2/src/database.rs | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs index 6b74e3c8..a3979bd5 100644 --- a/keystore2/src/database.rs +++ b/keystore2/src/database.rs @@ -2893,33 +2893,33 @@ impl KeystoreDB { "DELETE FROM persistent.keymetadata WHERE keyentryid IN ( SELECT id FROM persistent.keyentry - WHERE domain = ? AND namespace = ? AND key_type = ? + WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?) );", - params![domain.0, namespace, KeyType::Client], + params![domain.0, namespace, KeyType::Client, KeyType::Attestation], ) .context("Trying to delete keymetadata.")?; tx.execute( "DELETE FROM persistent.keyparameter WHERE keyentryid IN ( SELECT id FROM persistent.keyentry - WHERE domain = ? AND namespace = ? AND key_type = ? + WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?) );", - params![domain.0, namespace, KeyType::Client], + params![domain.0, namespace, KeyType::Client, KeyType::Attestation], ) .context("Trying to delete keyparameters.")?; tx.execute( "DELETE FROM persistent.grant WHERE keyentryid IN ( SELECT id FROM persistent.keyentry - WHERE domain = ? AND namespace = ? AND key_type = ? + WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?) );", - params![domain.0, namespace, KeyType::Client], + params![domain.0, namespace, KeyType::Client, KeyType::Attestation], ) .context("Trying to delete grants.")?; tx.execute( "DELETE FROM persistent.keyentry - WHERE domain = ? AND namespace = ? AND key_type = ?;", - params![domain.0, namespace, KeyType::Client], + WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?);", + params![domain.0, namespace, KeyType::Client, KeyType::Attestation], ) .context("Trying to delete keyentry.")?; Ok(()).need_gc() |