Add keystore onUserAdded/Removed methods
(cherry-picked from commit 31c2897105e6d71f8e6edeab312d2147bbdbaeb1)
Change-Id: I73fe9344ec5660e58425d5c85d14381820533d57
diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl
index 4809050..b0779c0 100644
--- a/core/java/android/security/IKeystoreService.aidl
+++ b/core/java/android/security/IKeystoreService.aidl
@@ -75,4 +75,6 @@
int abort(IBinder handle);
boolean isOperationAuthorized(IBinder token);
int addAuthToken(in byte[] authToken);
+ int onUserAdded(int userId, int parentId);
+ int onUserRemoved(int userId);
}
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 7e3193d..caa4fec 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -581,6 +581,44 @@
}
}
+ /**
+ * Notify keystore that a user was added.
+ *
+ * @param userId the new user.
+ * @param parentId the parent of the new user, or -1 if the user has no parent. If parentId is
+ * specified then the new user's keystore will be intialized with the same secure lockscreen
+ * password as the parent.
+ */
+ public void onUserAdded(int userId, int parentId) {
+ try {
+ mBinder.onUserAdded(userId, parentId);
+ } catch (RemoteException e) {
+ Log.w(TAG, "Cannot connect to keystore", e);
+ }
+ }
+
+ /**
+ * Notify keystore that a user was added.
+ *
+ * @param userId the new user.
+ */
+ public void onUserAdded(int userId) {
+ onUserAdded(userId, -1);
+ }
+
+ /**
+ * Notify keystore that a user was removed.
+ *
+ * @param userId the removed user.
+ */
+ public void onUserRemoved(int userId) {
+ try {
+ mBinder.onUserRemoved(userId);
+ } catch (RemoteException e) {
+ Log.w(TAG, "Cannot connect to keystore", e);
+ }
+ }
+
public boolean onUserPasswordChanged(String newPassword) {
return onUserPasswordChanged(UserHandle.getUserId(Process.myUid()), newPassword);
}
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index ed2de4a..2df7f79 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -106,20 +106,13 @@
@Override
public void onReceive(Context context, Intent intent) {
if (Intent.ACTION_USER_ADDED.equals(intent.getAction())) {
+ // Notify keystore that a new user was added.
final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, 0);
- final int userSysUid = UserHandle.getUid(userHandle, Process.SYSTEM_UID);
final KeyStore ks = KeyStore.getInstance();
-
- // Clear up keystore in case anything was left behind by previous users
- ks.resetUid(userSysUid);
-
- // If this user has a parent, sync with its keystore password
final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE);
final UserInfo parentInfo = um.getProfileParent(userHandle);
- if (parentInfo != null) {
- final int parentSysUid = UserHandle.getUid(parentInfo.id, Process.SYSTEM_UID);
- ks.syncUid(parentSysUid, userSysUid);
- }
+ final int parentHandle = parentInfo != null ? parentInfo.id : -1;
+ ks.onUserAdded(userHandle, parentHandle);
} else if (Intent.ACTION_USER_STARTING.equals(intent.getAction())) {
final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, 0);
mStorage.prefetchUser(userHandle);
@@ -674,8 +667,7 @@
mStorage.removeUser(userId);
final KeyStore ks = KeyStore.getInstance();
- final int userUid = UserHandle.getUid(userId, Process.SYSTEM_UID);
- ks.resetUid(userUid);
+ ks.onUserRemoved(userId);
}
private static final String[] VALID_SETTINGS = new String[] {