Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 96d6d7868303ad87f1f408c40d3c44bcb39f561e^! / . / keystore / IKeystoreService.cpp
commit96d6d7868303ad87f1f408c40d3c44bcb39f561e[log] [tgz]
authorChad Brubaker <cbrubaker@google.com>Thu May 07 10:19:40 2015 -0700
committerChad Brubaker <cbrubaker@google.com>Thu May 07 16:57:14 2015 -0700
tree8557c54d69bf2b2a6076b9be6d29bc3814bb5c18
parentb37a52337f001f8a43f7cbb64203dba78560ee6b [diff] [blame]
Cleanup password change and removal logic.

Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.

When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.

Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8

diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp
index df1c5dd..64530f5 100644
--- a/keystore/IKeystoreService.cpp
+++ b/keystore/IKeystoreService.cpp

@@ -555,20 +555,22 @@
         return ret;
     }
 
-    virtual int32_t password(const String16& password)
+    virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
     {
         Parcel data, reply;
         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
+        data.writeInt32(userId);
         data.writeString16(password);
-        status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
+        status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
+                                             &reply);
         if (status != NO_ERROR) {
-            ALOGD("password() could not contact remote: %d\n", status);
+            ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
             return -1;
         }
         int32_t err = reply.readExceptionCode();
         int32_t ret = reply.readInt32();
         if (err < 0) {
-            ALOGD("password() caught exception %d\n", err);
+            ALOGD("onUserPasswordChanged() caught exception %d\n", err);
             return -1;
         }
         return ret;
@@ -592,10 +594,11 @@
         return ret;
     }
 
-    virtual int32_t unlock(const String16& password)
+    virtual int32_t unlock(int32_t userId, const String16& password)
     {
         Parcel data, reply;
         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
+        data.writeInt32(userId);
         data.writeString16(password);
         status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
         if (status != NO_ERROR) {
@@ -1380,10 +1383,11 @@
             reply->writeInt32(ret);
             return NO_ERROR;
         } break;
-        case PASSWORD: {
+        case ON_USER_PASSWORD_CHANGED: {
             CHECK_INTERFACE(IKeystoreService, data, reply);
+            int32_t userId = data.readInt32();
             String16 pass = data.readString16();
-            int32_t ret = password(pass);
+            int32_t ret = onUserPasswordChanged(userId, pass);
             reply->writeNoException();
             reply->writeInt32(ret);
             return NO_ERROR;
@@ -1397,8 +1401,9 @@
         } break;
         case UNLOCK: {
             CHECK_INTERFACE(IKeystoreService, data, reply);
+            int32_t userId = data.readInt32();
             String16 pass = data.readString16();
-            int32_t ret = unlock(pass);
+            int32_t ret = unlock(userId, pass);
             reply->writeNoException();
             reply->writeInt32(ret);
             return NO_ERROR;