diff options
author | Vikram Gaur <vikramgaur@google.com> | 2022-05-28 01:21:23 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-05-28 01:21:23 +0000 |
commit | 2feb0d0801b690b1b12ff22ba21c602d4dceaa3b (patch) | |
tree | 9194ea173d28ec1e64a3791bb6b5351c8664eccf | |
parent | fed9c4818d14f5e1fd33d2bd5907a6ecc498c69b (diff) | |
parent | d337c7727196f42af70aa93ab84f7c8b48cd9486 (diff) | |
download | security-2feb0d0801b690b1b12ff22ba21c602d4dceaa3b.tar.gz |
Unbind Attestation keys when freeing up namespace. am: d337c77271
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18638770
Change-Id: Ic15ad66faf5a55a93e4cada08e1a55623c9a510d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | keystore2/src/database.rs | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs index 6b74e3c8..a3979bd5 100644 --- a/keystore2/src/database.rs +++ b/keystore2/src/database.rs @@ -2893,33 +2893,33 @@ impl KeystoreDB { "DELETE FROM persistent.keymetadata WHERE keyentryid IN ( SELECT id FROM persistent.keyentry - WHERE domain = ? AND namespace = ? AND key_type = ? + WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?) );", - params![domain.0, namespace, KeyType::Client], + params![domain.0, namespace, KeyType::Client, KeyType::Attestation], ) .context("Trying to delete keymetadata.")?; tx.execute( "DELETE FROM persistent.keyparameter WHERE keyentryid IN ( SELECT id FROM persistent.keyentry - WHERE domain = ? AND namespace = ? AND key_type = ? + WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?) );", - params![domain.0, namespace, KeyType::Client], + params![domain.0, namespace, KeyType::Client, KeyType::Attestation], ) .context("Trying to delete keyparameters.")?; tx.execute( "DELETE FROM persistent.grant WHERE keyentryid IN ( SELECT id FROM persistent.keyentry - WHERE domain = ? AND namespace = ? AND key_type = ? + WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?) );", - params![domain.0, namespace, KeyType::Client], + params![domain.0, namespace, KeyType::Client, KeyType::Attestation], ) .context("Trying to delete grants.")?; tx.execute( "DELETE FROM persistent.keyentry - WHERE domain = ? AND namespace = ? AND key_type = ?;", - params![domain.0, namespace, KeyType::Client], + WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?);", + params![domain.0, namespace, KeyType::Client, KeyType::Attestation], ) .context("Trying to delete keyentry.")?; Ok(()).need_gc() |