List apps affected by secure user ID
Add a method to the Keystore maintenance interface to list the UIDs of
apps that are affected by a given secure user ID.
With this method, it would be possible to tell if removing a given
user's LSKF or enrolling new biometrics will invalidate Keystore keys,
thus affecting some apps.
Bug: 302109605
Test: atest keystore2_test
Change-Id: If5888506e0c72a56eca3339778889c7d8038acc5
diff --git a/keystore2/src/maintenance.rs b/keystore2/src/maintenance.rs
index 74858de..8c0ac48 100644
--- a/keystore2/src/maintenance.rs
+++ b/keystore2/src/maintenance.rs
@@ -286,6 +286,17 @@
Maintenance::call_on_all_security_levels("deleteAllKeys", |dev| dev.deleteAllKeys())
}
+
+ fn get_app_uids_affected_by_sid(
+ user_id: i32,
+ secure_user_id: i64,
+ ) -> Result<std::vec::Vec<i64>> {
+ // This method is intended to be called by Settings and discloses a list of apps
+ // associated with a user, so it requires the ChangeUser permission.
+ check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;
+ DB.with(|db| db.borrow_mut().get_app_uids_affected_by_sid(user_id, secure_user_id))
+ .context(ks_err!("Failed to get app UIDs affected by SID"))
+ }
}
impl Interface for Maintenance {}
@@ -363,4 +374,14 @@
let _wp = wd::watch_millis("IKeystoreMaintenance::deleteAllKeys", 500);
map_or_log_err(Self::delete_all_keys(), Ok)
}
+
+ fn getAppUidsAffectedBySid(
+ &self,
+ user_id: i32,
+ secure_user_id: i64,
+ ) -> BinderResult<std::vec::Vec<i64>> {
+ log::info!("getAppUidsAffectedBySid(secure_user_id={secure_user_id:?})");
+ let _wp = wd::watch_millis("IKeystoreMaintenance::getAppUidsAffectedBySid", 500);
+ map_or_log_err(Self::get_app_uids_affected_by_sid(user_id, secure_user_id), Ok)
+ }
}