keystore: allow system to clear keys even while encrypted
Since we can store keys that are unencrypted, we should allow the
clearing of data for apps when the keystore is still in a LOCKED state.
Also allow the system user to delete keys since this is necessary for
system maintenance when application data is cleared or the application
is uninstalled.
Bug: 15751553
Change-Id: Id02bc9992bd529e79be7a09d2bce208942d42b84
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index d8e4686..50dac74 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -298,6 +298,15 @@
return false;
}
+/**
+ * Allow the system to perform some privileged tasks that have to do with
+ * system maintenance. This should not be used for any function that uses
+ * the keys in any way (e.g., signing).
+ */
+static bool is_self_or_system(uid_t callingUid, uid_t targetUid) {
+ return callingUid == targetUid || callingUid == AID_SYSTEM;
+}
+
/* Here is the encoding of keys. This is necessary in order to allow arbitrary
* characters in keys. Characters in [0-~] are not encoded. Others are encoded
* into two bytes. The first byte is one of [+-.] which represents the first
@@ -2317,15 +2326,10 @@
return ::PERMISSION_DENIED;
}
- State state = mKeyStore->getState(callingUid);
- if (!isKeystoreUnlocked(state)) {
- ALOGD("calling clear_uid in state: %d", state);
- return state;
- }
-
if (targetUid64 == -1) {
targetUid = callingUid;
- } else if (!is_granted_to(callingUid, targetUid)) {
+ } else if (!is_self_or_system(callingUid, targetUid)) {
+ ALOGW("permission denied for %d: clear_uid %d", callingUid, targetUid);
return ::PERMISSION_DENIED;
}