Fix some spots where targetUid was missed

Some of the targetUid arguments weren't used where they should have
been.

Change-Id: Ief5df897440ddfb572feb57026a6057d64c7c09b
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 23d51c4..61f95dd 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -1509,7 +1509,7 @@
         String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
 
         Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC);
-        return mKeyStore->put(filename.string(), &keyBlob, callingUid);
+        return mKeyStore->put(filename.string(), &keyBlob, targetUid);
     }
 
     int32_t del(const String16& name, int targetUid) {
@@ -1530,7 +1530,7 @@
 
         Blob keyBlob;
         ResponseCode responseCode = mKeyStore->get(filename.string(), &keyBlob, TYPE_GENERIC,
-                callingUid);
+                targetUid);
         if (responseCode != ::NO_ERROR) {
             return responseCode;
         }
@@ -1884,7 +1884,7 @@
             return ::PERMISSION_DENIED;
         }
 
-        State state = mKeyStore->getState(callingUid);
+        State state = mKeyStore->getState(targetUid);
         if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) {
             ALOGD("calling import in state: %d", state);
             return state;
@@ -1893,7 +1893,7 @@
         String8 name8(name);
         String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
 
-        return mKeyStore->importKey(data, length, filename.string(), callingUid, flags);
+        return mKeyStore->importKey(data, length, filename.string(), targetUid, flags);
     }
 
     int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out,
@@ -2065,11 +2065,11 @@
         }
 
         String8 name8(name);
-        String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid));
+        String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
 
         Blob keyBlob;
         ResponseCode responseCode = mKeyStore->get(filename.string(), &keyBlob, ::TYPE_KEY_PAIR,
-                callingUid);
+                targetUid);
         if (responseCode != ::NO_ERROR) {
             return responseCode;
         }
@@ -2216,7 +2216,7 @@
         String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid));
 
         String8 target8(destKey);
-        String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, srcUid));
+        String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid));
 
         if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) {
             ALOGD("destination already exists: %s", targetFile.string());
@@ -2225,19 +2225,20 @@
 
         Blob keyBlob;
         ResponseCode responseCode = mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY,
-                callingUid);
+                srcUid);
         if (responseCode != ::NO_ERROR) {
             return responseCode;
         }
 
-        return mKeyStore->put(targetFile.string(), &keyBlob, callingUid);
+        return mKeyStore->put(targetFile.string(), &keyBlob, destUid);
     }
 
     int32_t is_hardware_backed(const String16& keyType) {
         return mKeyStore->isHardwareBacked(keyType) ? 1 : 0;
     }
 
-    int32_t clear_uid(int64_t targetUid) {
+    int32_t clear_uid(int64_t targetUid64) {
+        uid_t targetUid = static_cast<uid_t>(targetUid64);
         uid_t callingUid = IPCThreadState::self()->getCallingUid();
         if (!has_permission(callingUid, P_CLEAR_UID)) {
             ALOGW("permission denied for %d: clear_uid", callingUid);
@@ -2250,13 +2251,19 @@
             return state;
         }
 
+        if (targetUid64 == -1) {
+            targetUid = callingUid;
+        } else if (!is_granted_to(callingUid, targetUid)) {
+            return ::PERMISSION_DENIED;
+        }
+
         const keymaster_device_t* device = mKeyStore->getDevice();
         if (device == NULL) {
             ALOGW("can't get keymaster device");
             return ::SYSTEM_ERROR;
         }
 
-        UserState* userState = mKeyStore->getUserState(callingUid);
+        UserState* userState = mKeyStore->getUserState(targetUid);
         DIR* dir = opendir(userState->getUserDirName());
         if (!dir) {
             ALOGW("can't open user directory: %s", strerror(errno));
@@ -2264,7 +2271,7 @@
         }
 
         char prefix[NAME_MAX];
-        int n = snprintf(prefix, NAME_MAX, "%u_", static_cast<uid_t>(targetUid));
+        int n = snprintf(prefix, NAME_MAX, "%u_", targetUid);
 
         ResponseCode rc = ::NO_ERROR;
 
@@ -2286,7 +2293,7 @@
 
             String8 filename(String8::format("%s/%s", userState->getUserDirName(), file->d_name));
             Blob keyBlob;
-            if (mKeyStore->get(filename.string(), &keyBlob, ::TYPE_ANY, callingUid)
+            if (mKeyStore->get(filename.string(), &keyBlob, ::TYPE_ANY, targetUid)
                     != ::NO_ERROR) {
                 ALOGW("couldn't open %s", filename.string());
                 continue;