diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2017-04-27 15:09:47 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2017-04-27 15:09:47 +0000 |
commit | 48dc4ad3b9205db912b27eaed662e6f0c2ecf838 (patch) | |
tree | cdd83eae0510a035684b0ff1ca283d1ef6f62151 | |
parent | 5aa93e08a8715cfcec5f52fb4ffe41ba1a9bad50 (diff) | |
parent | 85c85e9840b9546a1919eeb23b7e9d3e2dadef69 (diff) | |
download | security-oreo-dev.tar.gz |
Merge "Do not clear critical keys in clear_uid()" into oc-devandroid-vts-8.0_r2android-vts-8.0_r1oreo-dev
-rw-r--r-- | keystore/key_store_service.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 95c01092..248fa00f 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -662,6 +662,17 @@ KeyStoreServiceReturnCode KeyStoreService::clear_uid(int64_t targetUid64) { for (uint32_t i = 0; i < aliases.size(); i++) { String8 name8(aliases[i]); String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY)); + + if (get_app_id(targetUid) == AID_SYSTEM) { + Blob keyBlob; + ResponseCode responseCode = + mKeyStore->get(filename.string(), &keyBlob, ::TYPE_ANY, get_user_id(targetUid)); + if (responseCode == ResponseCode::NO_ERROR && keyBlob.isCriticalToDeviceEncryption()) { + // Do not clear keys critical to device encryption under system uid. + continue; + } + } + mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid)); // del() will fail silently if no cached characteristics are present for this alias. |