Unbind Attestation keys when freeing up namespace. am: d337c77271

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18638770 Change-Id: Ib5d142635e9f7ae2197a3652c7a3bbadca5c3737 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Vikram Gaur <vikramgaur@google.com> 2022-05-28 01:20:37 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-05-28 01:20:37 +0000
commit: 86d796e7e0c09d28023e617b093bab9c6a0fe286 (patch)
tree: 9194ea173d28ec1e64a3791bb6b5351c8664eccf
parent: 529c3e01cc9cf1dcae1a3b65faa7ea7021a49bac (diff)
parent: d337c7727196f42af70aa93ab84f7c8b48cd9486 (diff)
download: security-86d796e7e0c09d28023e617b093bab9c6a0fe286.tar.gz
1 files changed, 8 insertions, 8 deletions
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 6b74e3c8..a3979bd5 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -2893,33 +2893,33 @@ impl KeystoreDB {
                 "DELETE FROM persistent.keymetadata
                 WHERE keyentryid IN (
                     SELECT id FROM persistent.keyentry
-                    WHERE domain = ? AND namespace = ? AND key_type = ?
+                    WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?)
                 );",
-                params![domain.0, namespace, KeyType::Client],
+                params![domain.0, namespace, KeyType::Client, KeyType::Attestation],
             )
             .context("Trying to delete keymetadata.")?;
             tx.execute(
                 "DELETE FROM persistent.keyparameter
                 WHERE keyentryid IN (
                     SELECT id FROM persistent.keyentry
-                    WHERE domain = ? AND namespace = ? AND key_type = ?
+                    WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?)
                 );",
-                params![domain.0, namespace, KeyType::Client],
+                params![domain.0, namespace, KeyType::Client, KeyType::Attestation],
             )
             .context("Trying to delete keyparameters.")?;
             tx.execute(
                 "DELETE FROM persistent.grant
                 WHERE keyentryid IN (
                     SELECT id FROM persistent.keyentry
-                    WHERE domain = ? AND namespace = ? AND key_type = ?
+                    WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?)
                 );",
-                params![domain.0, namespace, KeyType::Client],
+                params![domain.0, namespace, KeyType::Client, KeyType::Attestation],
             )
             .context("Trying to delete grants.")?;
             tx.execute(
                 "DELETE FROM persistent.keyentry
-                 WHERE domain = ? AND namespace = ? AND key_type = ?;",
-                params![domain.0, namespace, KeyType::Client],
+                 WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?);",
+                params![domain.0, namespace, KeyType::Client, KeyType::Attestation],
             )
             .context("Trying to delete keyentry.")?;
             Ok(()).need_gc()
author	Vikram Gaur <vikramgaur@google.com>	2022-05-28 01:20:37 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-28 01:20:37 +0000
commit	86d796e7e0c09d28023e617b093bab9c6a0fe286 (patch)
tree	9194ea173d28ec1e64a3791bb6b5351c8664eccf
parent	529c3e01cc9cf1dcae1a3b65faa7ea7021a49bac (diff)
parent	d337c7727196f42af70aa93ab84f7c8b48cd9486 (diff)
download	security-86d796e7e0c09d28023e617b093bab9c6a0fe286.tar.gz