Add keymaster delete_all call on reset
To allow efficient deletion by hardware keymaster modules, add a direct
delete_all call when keystore is reset. This will also probably fix
problems where the hardware keymaster gets more keys than keystore knows
about and fills up its storage.
Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 6dfbff2..af1a296 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -805,7 +805,25 @@
}
static ResponseCode reset(KeyStore* keyStore, int sock, uid_t uid, Value*, Value*, Value*) {
- return keyStore->reset() ? NO_ERROR : SYSTEM_ERROR;
+ ResponseCode rc = keyStore->reset() ? NO_ERROR : SYSTEM_ERROR;
+
+ const keymaster_device_t* device = keyStore->getDevice();
+ if (device == NULL) {
+ ALOGE("No keymaster device!");
+ return SYSTEM_ERROR;
+ }
+
+ if (device->delete_all == NULL) {
+ ALOGV("keymaster device doesn't implement delete_all");
+ return rc;
+ }
+
+ if (device->delete_all(device)) {
+ ALOGE("Problem calling keymaster's delete_all");
+ return SYSTEM_ERROR;
+ }
+
+ return rc;
}
/* Here is the history. To improve the security, the parameters to generate the