keystore: command to clear all keys for UID
Add ability for system UID to clear all entries for a different UID.
Bug: 3020069
Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4
diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp
index 520d266..e899c12 100644
--- a/keystore/IKeystoreService.cpp
+++ b/keystore/IKeystoreService.cpp
@@ -528,6 +528,25 @@
}
return ret;
}
+
+ virtual int32_t clear_uid(int64_t uid)
+ {
+ Parcel data, reply;
+ data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
+ data.writeInt64(uid);
+ status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
+ if (status != NO_ERROR) {
+ ALOGD("clear_uid() could not contact remote: %d\n", status);
+ return -1;
+ }
+ int32_t err = reply.readExceptionCode();
+ int32_t ret = reply.readInt32();
+ if (err < 0) {
+ ALOGD("clear_uid() caught exception %d\n", err);
+ return -1;
+ }
+ return ret;
+ }
};
IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.keystore");
@@ -797,6 +816,14 @@
reply->writeInt32(ret);
return NO_ERROR;
}
+ case CLEAR_UID: {
+ CHECK_INTERFACE(IKeystoreService, data, reply);
+ int64_t uid = data.readInt64();
+ int32_t ret = clear_uid(uid);
+ reply->writeNoException();
+ reply->writeInt32(ret);
+ return NO_ERROR;
+ }
default:
return BBinder::onTransact(code, data, reply, flags);
}