commit 7b76f334ab85efbce4a52ad0776078da71f4ecd0
author Rubin Xu <rubinxu@google.com> Fri Nov 08 12:10:12 2019 +0000
committer Rubin Xu <rubinxu@google.com> Fri Nov 08 12:22:38 2019 +0000
tree f66a1937c410ef468024ed4fc73f7ffaaa13116b
parent 98e9bbdb06d340d966f177173748c87ec93b3e11

No need to remove profile encryption key on boot

PROFILE_KEY_NAME_ENCRYPT is a temporary encryption key used during
profile challenge unification to encrypt the profile password. It's
deleted right after the unification process so there is no need to
keep trying deleting it during each boot. Also add a log when profile
decryption key is removed.

Both of these changes are speculative fixes for a reported issue
where profile unification is broken midway.

Bug: 143946738
Test: builds
Change-Id: I382010150ddbab49c8c9971a1d0a97dff5c86271

services/core/java/com/android/server/locksettings/LockSettingsService.java

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index d665001..a4e7ac4 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -873,28 +873,12 @@
             Slog.i(TAG, "Migrated lockscreen disabled flag");
         }
 
-        final List<UserInfo> users = mUserManager.getUsers();
-        for (int i = 0; i < users.size(); i++) {
-            final UserInfo userInfo = users.get(i);
-            try {
-                final String alias = LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userInfo.id;
-                java.security.KeyStore keyStore =
-                        java.security.KeyStore.getInstance("AndroidKeyStore");
-                keyStore.load(null);
-                if (keyStore.containsAlias(alias)) {
-                    keyStore.deleteEntry(alias);
-                }
-            } catch (KeyStoreException | NoSuchAlgorithmException |
-                    CertificateException | IOException e) {
-                Slog.e(TAG, "Unable to remove tied profile key", e);
-            }
-        }
-
         boolean isWatch = mContext.getPackageManager().hasSystemFeature(
                 PackageManager.FEATURE_WATCH);
         // Wear used to set DISABLE_LOCKSCREEN to 'true', but because Wear now allows accounts
         // and device management the lockscreen must be re-enabled now for users that upgrade.
         if (isWatch && getString("migrated_wear_lockscreen_disabled", null, 0) == null) {
+            final List<UserInfo> users = mUserManager.getUsers();
             final int userCount = users.size();
             for (int i = 0; i < userCount; i++) {
                 int id = users.get(i).id;
@@ -2202,7 +2186,7 @@
     }
 
     private void removeKeystoreProfileKey(int targetUserId) {
-        if (DEBUG) Slog.v(TAG, "Remove keystore profile key for user: " + targetUserId);
+        Slog.i(TAG, "Remove keystore profile key for user: " + targetUserId);
         try {
             java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
             keyStore.load(null);