commit 7ec733fad39ff9e439a67c9cf51b88bc84cdfda0
author Paul Crowley <paulcrowley@google.com> Tue May 19 12:42:00 2015 +0100
committer Paul Crowley <paulcrowley@google.com> Thu Jul 09 17:58:49 2015 +0100
tree e61af161ce949fb4beb4b4ab4f54f7616a4aa6e8
parent bcf48ed2262d655ebf59153dea645ca761b73db5

Delete the user key when deleting a user.

Bug: 19706593

(cherry-picked from commit 85e4e818d83dbc65b1e6e3ed9d39c656188acaec)

Change-Id: Icc6d53a99558317b2ec154f931e481ad9fe64aa3

core/java/android/os/storage/IMountService.java

diff --git a/core/java/android/os/storage/IMountService.java b/core/java/android/os/storage/IMountService.java
index c9f050d..bce5f17 100644
--- a/core/java/android/os/storage/IMountService.java
+++ b/core/java/android/os/storage/IMountService.java
@@ -1208,6 +1208,21 @@
                     _data.recycle();
                 }
             }
+
+            @Override
+            public void deleteUserKey(int userHandle) throws RemoteException {
+                Parcel _data = Parcel.obtain();
+                Parcel _reply = Parcel.obtain();
+                try {
+                    _data.writeInterfaceToken(DESCRIPTOR);
+                    _data.writeInt(userHandle);
+                    mRemote.transact(Stub.TRANSACTION_deleteUserKey, _data, _reply, 0);
+                    _reply.readException();
+                } finally {
+                    _reply.recycle();
+                    _data.recycle();
+                }
+            }
         }
 
         private static final String DESCRIPTOR = "IMountService";
@@ -1326,6 +1341,7 @@
         static final int TRANSACTION_remountUid = IBinder.FIRST_CALL_TRANSACTION + 61;
 
         static final int TRANSACTION_createNewUserDir = IBinder.FIRST_CALL_TRANSACTION + 62;
+        static final int TRANSACTION_deleteUserKey = IBinder.FIRST_CALL_TRANSACTION + 63;
 
         /**
          * Cast an IBinder object into an IMountService interface, generating a
@@ -1895,6 +1911,13 @@
                     reply.writeNoException();
                     return true;
                 }
+                case TRANSACTION_deleteUserKey: {
+                    data.enforceInterface(DESCRIPTOR);
+                    int userHandle = data.readInt();
+                    deleteUserKey(userHandle);
+                    reply.writeNoException();
+                    return true;
+                }
             }
             return super.onTransact(code, data, reply, flags);
         }
@@ -2214,4 +2237,11 @@
      */
     public void createNewUserDir(int userHandle, String path)
         throws RemoteException;
+
+    /**
+     * Securely delete the user's encryption key
+     * @param userHandle Handle of the user whose key we are deleting
+     */
+    public void deleteUserKey(int userHandle)
+        throws RemoteException;
 }

core/java/android/os/storage/StorageManager.java

diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java
index 5088159..f58ae00 100644
--- a/core/java/android/os/storage/StorageManager.java
+++ b/core/java/android/os/storage/StorageManager.java
@@ -955,6 +955,15 @@
     }
 
     /** {@hide} */
+    public void deleteUserKey(int userHandle) {
+        try {
+            mMountService.deleteUserKey(userHandle);
+        } catch (RemoteException e) {
+            throw e.rethrowAsRuntimeException();
+        }
+    }
+
+    /** {@hide} */
     public static File maybeTranslateEmulatedPathToInternal(File path) {
         final IMountService mountService = IMountService.Stub.asInterface(
                 ServiceManager.getService("mount"));