Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 2feb0d0801b690b1b12ff22ba21c602d4dceaa3b^1..2feb0d0801b690b1b12ff22ba21c602d4dceaa3b / .
commit2feb0d0801b690b1b12ff22ba21c602d4dceaa3b[log] [tgz]
authorVikram Gaur <vikramgaur@google.com>Sat May 28 01:21:23 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Sat May 28 01:21:23 2022 +0000
tree9194ea173d28ec1e64a3791bb6b5351c8664eccf
parentfed9c4818d14f5e1fd33d2bd5907a6ecc498c69b [diff]
parentd337c7727196f42af70aa93ab84f7c8b48cd9486 [diff]
Unbind Attestation keys when freeing up namespace. am: d337c77271

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18638770

Change-Id: Ic15ad66faf5a55a93e4cada08e1a55623c9a510d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 6b74e3c..a3979bd 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs

@@ -2893,33 +2893,33 @@
                 "DELETE FROM persistent.keymetadata
                 WHERE keyentryid IN (
                     SELECT id FROM persistent.keyentry
-                    WHERE domain = ? AND namespace = ? AND key_type = ?
+                    WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?)
                 );",
-                params![domain.0, namespace, KeyType::Client],
+                params![domain.0, namespace, KeyType::Client, KeyType::Attestation],
             )
             .context("Trying to delete keymetadata.")?;
             tx.execute(
                 "DELETE FROM persistent.keyparameter
                 WHERE keyentryid IN (
                     SELECT id FROM persistent.keyentry
-                    WHERE domain = ? AND namespace = ? AND key_type = ?
+                    WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?)
                 );",
-                params![domain.0, namespace, KeyType::Client],
+                params![domain.0, namespace, KeyType::Client, KeyType::Attestation],
             )
             .context("Trying to delete keyparameters.")?;
             tx.execute(
                 "DELETE FROM persistent.grant
                 WHERE keyentryid IN (
                     SELECT id FROM persistent.keyentry
-                    WHERE domain = ? AND namespace = ? AND key_type = ?
+                    WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?)
                 );",
-                params![domain.0, namespace, KeyType::Client],
+                params![domain.0, namespace, KeyType::Client, KeyType::Attestation],
             )
             .context("Trying to delete grants.")?;
             tx.execute(
                 "DELETE FROM persistent.keyentry
-                 WHERE domain = ? AND namespace = ? AND key_type = ?;",
-                params![domain.0, namespace, KeyType::Client],
+                 WHERE domain = ? AND namespace = ? AND (key_type = ? OR key_type = ?);",
+                params![domain.0, namespace, KeyType::Client, KeyType::Attestation],
             )
             .context("Trying to delete keyentry.")?;
             Ok(()).need_gc()