Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / apps / KeyChain / 8847b12978fb2dc4e33599e28f163aa1d213146d / . / src / com / android / keychain / KeyChainService.java
blob: ee19e50266f63a888f6bbe0bea96c7edd3c18f72 [file] [log] [blame]
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]1/*
2 * Copyright (C) 2011 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.keychain;
18
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]19import android.app.IntentService;
20import android.content.ContentValues;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]21import android.content.Context;
22import android.content.Intent;
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]23import android.content.pm.PackageManager;
Zoltan Szatmary-Ban3d25b312014-08-18 10:54:19 +0100[diff] [blame]24import android.content.pm.ParceledListSlice;
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]25import android.database.Cursor;
26import android.database.DatabaseUtils;
27import android.database.sqlite.SQLiteDatabase;
28import android.database.sqlite.SQLiteOpenHelper;
Kenny Root6f1f03b2012-03-08 10:30:39 -0800[diff] [blame]29import android.os.Binder;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]30import android.os.IBinder;
Kenny Root6f1f03b2012-03-08 10:30:39 -0800[diff] [blame]31import android.os.Process;
Robin Lee93772c32014-09-02 14:53:50 +0100[diff] [blame]32import android.os.UserHandle;
Julia Reynolds3fb74492014-06-30 16:54:50 -0400[diff] [blame]33import android.os.UserManager;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]34import android.security.Credentials;
35import android.security.IKeyChainService;
Selim Gurun39e36e52012-02-14 10:50:42 -0800[diff] [blame]36import android.security.KeyChain;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]37import android.security.KeyStore;
38import android.util.Log;
Zoltan Szatmary-Ban3d25b312014-08-18 10:54:19 +0100[diff] [blame]39import com.android.internal.util.ParcelableString;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]40import java.io.ByteArrayInputStream;
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]41import java.io.IOException;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]42import java.security.cert.CertificateException;
Zoltan Szatmary-Ban3d25b312014-08-18 10:54:19 +0100[diff] [blame]43import java.security.cert.CertificateEncodingException;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]44import java.security.cert.CertificateFactory;
45import java.security.cert.X509Certificate;
Zoltan Szatmary-Ban3d25b312014-08-18 10:54:19 +0100[diff] [blame]46import java.util.Set;
47import java.util.List;
48import java.util.ArrayList;
49import java.util.Collections;
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]50
Kenny Root3048b6c2013-04-23 22:38:11 -0700[diff] [blame]51import com.android.org.conscrypt.TrustedCertificateStore;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]52
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]53public class KeyChainService extends IntentService {
Selim Gurun39e36e52012-02-14 10:50:42 -0800[diff] [blame]54
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]55 private static final String TAG = "KeyChain";
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]56
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]57 private static final String DATABASE_NAME = "grants.db";
58 private static final int DATABASE_VERSION = 1;
59 private static final String TABLE_GRANTS = "grants";
60 private static final String GRANTS_ALIAS = "alias";
61 private static final String GRANTS_GRANTEE_UID = "uid";
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]62
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]63 /** created in onCreate(), closed in onDestroy() */
64 public DatabaseHelper mDatabaseHelper;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]65
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]66 private static final String SELECTION_COUNT_OF_MATCHING_GRANTS =
67 "SELECT COUNT(*) FROM " + TABLE_GRANTS
68 + " WHERE " + GRANTS_GRANTEE_UID + "=? AND " + GRANTS_ALIAS + "=?";
69
70 private static final String SELECT_GRANTS_BY_UID_AND_ALIAS =
71 GRANTS_GRANTEE_UID + "=? AND " + GRANTS_ALIAS + "=?";
72
73 private static final String SELECTION_GRANTS_BY_UID = GRANTS_GRANTEE_UID + "=?";
74
75 public KeyChainService() {
76 super(KeyChainService.class.getSimpleName());
77 }
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]78
79 @Override public void onCreate() {
80 super.onCreate();
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]81 mDatabaseHelper = new DatabaseHelper(this);
82 }
83
84 @Override
85 public void onDestroy() {
86 super.onDestroy();
87 mDatabaseHelper.close();
88 mDatabaseHelper = null;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]89 }
90
91 private final IKeyChainService.Stub mIKeyChainService = new IKeyChainService.Stub() {
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]92 private final KeyStore mKeyStore = KeyStore.getInstance();
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]93 private final TrustedCertificateStore mTrustedCertificateStore
94 = new TrustedCertificateStore();
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]95
Kenny Root6f1f03b2012-03-08 10:30:39 -0800[diff] [blame]96 @Override
97 public String requestPrivateKey(String alias) {
98 checkArgs(alias);
99
100 final String keystoreAlias = Credentials.USER_PRIVATE_KEY + alias;
101 final int uid = Binder.getCallingUid();
102 if (!mKeyStore.grant(keystoreAlias, uid)) {
103 return null;
104 }
Robin Lee93772c32014-09-02 14:53:50 +0100[diff] [blame]105 final int userHandle = UserHandle.getUserId(uid);
106 final int systemUidForUser = UserHandle.getUid(userHandle, Process.SYSTEM_UID);
Kenny Root6f1f03b2012-03-08 10:30:39 -0800[diff] [blame]107
108 final StringBuilder sb = new StringBuilder();
Robin Lee93772c32014-09-02 14:53:50 +0100[diff] [blame]109 sb.append(systemUidForUser);
Kenny Root6f1f03b2012-03-08 10:30:39 -0800[diff] [blame]110 sb.append('_');
111 sb.append(keystoreAlias);
112
113 return sb.toString();
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]114 }
115
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]116 @Override public byte[] getCertificate(String alias) {
Kenny Root6f1f03b2012-03-08 10:30:39 -0800[diff] [blame]117 checkArgs(alias);
118 return mKeyStore.get(Credentials.USER_CERTIFICATE + alias);
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]119 }
120
Kenny Root6f1f03b2012-03-08 10:30:39 -0800[diff] [blame]121 private void checkArgs(String alias) {
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]122 if (alias == null) {
123 throw new NullPointerException("alias == null");
124 }
Kenny Root4ff22962013-02-14 10:17:06 -0800[diff] [blame]125 if (!mKeyStore.isUnlocked()) {
Nick Kralevichc8b04632012-05-21 15:13:07 -0700[diff] [blame]126 throw new IllegalStateException("keystore is "
127 + mKeyStore.state().toString());
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]128 }
Nick Kralevichc8b04632012-05-21 15:13:07 -0700[diff] [blame]129
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]130 final int callingUid = getCallingUid();
131 if (!hasGrantInternal(mDatabaseHelper.getReadableDatabase(), callingUid, alias)) {
132 throw new IllegalStateException("uid " + callingUid
133 + " doesn't have permission to access the requested alias");
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]134 }
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]135 }
136
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]137 @Override public void installCaCertificate(byte[] caCertificate) {
Brian Carlstrom43f5b772011-06-27 02:27:16 -0700[diff] [blame]138 checkCertInstallerOrSystemCaller();
Julia Reynolds3fb74492014-06-30 16:54:50 -0400[diff] [blame]139 checkUserRestriction();
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]140 try {
141 synchronized (mTrustedCertificateStore) {
142 mTrustedCertificateStore.installCertificate(parseCertificate(caCertificate));
143 }
144 } catch (IOException e) {
145 throw new IllegalStateException(e);
146 } catch (CertificateException e) {
147 throw new IllegalStateException(e);
148 }
Selim Gurun39e36e52012-02-14 10:50:42 -0800[diff] [blame]149 broadcastStorageChange();
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]150 }
Brian Carlstrom5aeadd92011-05-17 00:40:33 -0700[diff] [blame]151
Bernhard Bauerd300fc52014-07-21 15:32:30 +0100[diff] [blame]152 @Override public boolean installKeyPair(byte[] privateKey, byte[] userCertificate,
153 String alias) {
154 checkCertInstallerOrSystemCaller();
Robin Lee8847b122015-07-27 12:50:28 +0100[diff] [blame^]155 if (!mKeyStore.isUnlocked()) {
156 Log.e(TAG, "Keystore is " + mKeyStore.state().toString() + ". Credentials cannot"
157 + " be installed until device is unlocked");
158 return false;
159 }
Bernhard Bauerd300fc52014-07-21 15:32:30 +0100[diff] [blame]160 if (!mKeyStore.importKey(Credentials.USER_PRIVATE_KEY + alias, privateKey, -1,
161 KeyStore.FLAG_ENCRYPTED)) {
162 Log.e(TAG, "Failed to import private key " + alias);
163 return false;
164 }
165 if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, userCertificate, -1,
166 KeyStore.FLAG_ENCRYPTED)) {
167 Log.e(TAG, "Failed to import user certificate " + userCertificate);
Alex Klyubin44c777b2015-06-08 09:46:15 -0700[diff] [blame]168 if (!mKeyStore.delete(Credentials.USER_PRIVATE_KEY + alias)) {
Bernhard Bauerd300fc52014-07-21 15:32:30 +0100[diff] [blame]169 Log.e(TAG, "Failed to delete private key after certificate importing failed");
170 }
171 return false;
172 }
173 broadcastStorageChange();
174 return true;
175 }
176
Brian Carlstrom5aeadd92011-05-17 00:40:33 -0700[diff] [blame]177 private X509Certificate parseCertificate(byte[] bytes) throws CertificateException {
178 CertificateFactory cf = CertificateFactory.getInstance("X.509");
179 return (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(bytes));
180 }
181
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]182 @Override public boolean reset() {
183 // only Settings should be able to reset
Brian Carlstrom43f5b772011-06-27 02:27:16 -0700[diff] [blame]184 checkSystemCaller();
Julia Reynolds3fb74492014-06-30 16:54:50 -0400[diff] [blame]185 checkUserRestriction();
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]186 removeAllGrants(mDatabaseHelper.getWritableDatabase());
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]187 boolean ok = true;
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]188 synchronized (mTrustedCertificateStore) {
189 // delete user-installed CA certs
190 for (String alias : mTrustedCertificateStore.aliases()) {
191 if (TrustedCertificateStore.isUser(alias)) {
Brian Carlstrom43f5b772011-06-27 02:27:16 -0700[diff] [blame]192 if (!deleteCertificateEntry(alias)) {
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]193 ok = false;
194 }
195 }
196 }
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]197 }
Selim Gurun39e36e52012-02-14 10:50:42 -0800[diff] [blame]198 broadcastStorageChange();
199 return ok;
Brian Carlstroma58db542011-05-11 23:02:20 -0700[diff] [blame]200 }
Brian Carlstrom43f5b772011-06-27 02:27:16 -0700[diff] [blame]201
202 @Override public boolean deleteCaCertificate(String alias) {
203 // only Settings should be able to delete
204 checkSystemCaller();
Julia Reynolds3fb74492014-06-30 16:54:50 -0400[diff] [blame]205 checkUserRestriction();
Selim Gurun39e36e52012-02-14 10:50:42 -0800[diff] [blame]206 boolean ok = true;
207 synchronized (mTrustedCertificateStore) {
208 ok = deleteCertificateEntry(alias);
209 }
210 broadcastStorageChange();
211 return ok;
Brian Carlstrom43f5b772011-06-27 02:27:16 -0700[diff] [blame]212 }
213
214 private boolean deleteCertificateEntry(String alias) {
215 try {
216 mTrustedCertificateStore.deleteCertificateEntry(alias);
217 return true;
218 } catch (IOException e) {
219 Log.w(TAG, "Problem removing CA certificate " + alias, e);
220 return false;
221 } catch (CertificateException e) {
222 Log.w(TAG, "Problem removing CA certificate " + alias, e);
223 return false;
224 }
225 }
226
227 private void checkCertInstallerOrSystemCaller() {
228 String actual = checkCaller("com.android.certinstaller");
229 if (actual == null) {
230 return;
231 }
232 checkSystemCaller();
233 }
234 private void checkSystemCaller() {
235 String actual = checkCaller("android.uid.system:1000");
236 if (actual != null) {
237 throw new IllegalStateException(actual);
238 }
239 }
Julia Reynolds3fb74492014-06-30 16:54:50 -0400[diff] [blame]240 private void checkUserRestriction() {
241 UserManager um = (UserManager) getSystemService(USER_SERVICE);
242 if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
243 throw new SecurityException("User cannot modify credentials");
244 }
245 }
Brian Carlstrom43f5b772011-06-27 02:27:16 -0700[diff] [blame]246 /**
247 * Returns null if actually caller is expected, otherwise return bad package to report
248 */
249 private String checkCaller(String expectedPackage) {
250 String actualPackage = getPackageManager().getNameForUid(getCallingUid());
251 return (!expectedPackage.equals(actualPackage)) ? actualPackage : null;
252 }
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]253
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]254 @Override public boolean hasGrant(int uid, String alias) {
255 checkSystemCaller();
256 return hasGrantInternal(mDatabaseHelper.getReadableDatabase(), uid, alias);
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]257 }
258
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]259 @Override public void setGrant(int uid, String alias, boolean value) {
260 checkSystemCaller();
261 setGrantInternal(mDatabaseHelper.getWritableDatabase(), uid, alias, value);
Selim Gurun39e36e52012-02-14 10:50:42 -0800[diff] [blame]262 broadcastStorageChange();
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]263 }
Zoltan Szatmary-Ban3d25b312014-08-18 10:54:19 +0100[diff] [blame]264
265 private ParceledListSlice<ParcelableString> makeAliasesParcelableSynchronised(
266 Set<String> aliasSet) {
267 List<ParcelableString> aliases = new ArrayList<ParcelableString>(aliasSet.size());
268 for (String alias : aliasSet) {
269 ParcelableString parcelableString = new ParcelableString();
270 parcelableString.string = alias;
271 aliases.add(parcelableString);
272 }
273 return new ParceledListSlice<ParcelableString>(aliases);
274 }
275
276 @Override
277 public ParceledListSlice<ParcelableString> getUserCaAliases() {
278 synchronized (mTrustedCertificateStore) {
279 Set<String> aliasSet = mTrustedCertificateStore.userAliases();
280 return makeAliasesParcelableSynchronised(aliasSet);
281 }
282 }
283
284 @Override
285 public ParceledListSlice<ParcelableString> getSystemCaAliases() {
286 synchronized (mTrustedCertificateStore) {
287 Set<String> aliasSet = mTrustedCertificateStore.allSystemAliases();
288 return makeAliasesParcelableSynchronised(aliasSet);
289 }
290 }
291
292 @Override
293 public boolean containsCaAlias(String alias) {
294 return mTrustedCertificateStore.containsAlias(alias);
295 }
296
297 @Override
298 public byte[] getEncodedCaCertificate(String alias, boolean includeDeletedSystem) {
299 synchronized (mTrustedCertificateStore) {
300 X509Certificate certificate = (X509Certificate) mTrustedCertificateStore
301 .getCertificate(alias, includeDeletedSystem);
302 if (certificate == null) {
303 Log.w(TAG, "Could not find CA certificate " + alias);
304 return null;
305 }
306 try {
307 return certificate.getEncoded();
308 } catch (CertificateEncodingException e) {
309 Log.w(TAG, "Error while encoding CA certificate " + alias);
310 return null;
311 }
312 }
313 }
314
315 @Override
316 public List<String> getCaCertificateChainAliases(String rootAlias,
317 boolean includeDeletedSystem) {
318 synchronized (mTrustedCertificateStore) {
319 X509Certificate root = (X509Certificate) mTrustedCertificateStore.getCertificate(
320 rootAlias, includeDeletedSystem);
321 try {
322 List<X509Certificate> chain = mTrustedCertificateStore.getCertificateChain(
323 root);
324 List<String> aliases = new ArrayList<String>(chain.size());
325 final int n = chain.size();
326 for (int i = 0; i < n; ++i) {
327 String alias = mTrustedCertificateStore.getCertificateAlias(chain.get(i),
328 true);
329 if (alias != null) {
330 aliases.add(alias);
331 }
332 }
333 return aliases;
334 } catch (CertificateException e) {
335 Log.w(TAG, "Error retrieving cert chain for root " + rootAlias);
336 return Collections.emptyList();
337 }
338 }
339 }
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]340 };
341
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]342 private boolean hasGrantInternal(final SQLiteDatabase db, final int uid, final String alias) {
343 final long numMatches = DatabaseUtils.longForQuery(db, SELECTION_COUNT_OF_MATCHING_GRANTS,
344 new String[]{String.valueOf(uid), alias});
345 return numMatches > 0;
346 }
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]347
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]348 private void setGrantInternal(final SQLiteDatabase db,
349 final int uid, final String alias, final boolean value) {
350 if (value) {
351 if (!hasGrantInternal(db, uid, alias)) {
352 final ContentValues values = new ContentValues();
353 values.put(GRANTS_ALIAS, alias);
354 values.put(GRANTS_GRANTEE_UID, uid);
355 db.insert(TABLE_GRANTS, GRANTS_ALIAS, values);
356 }
357 } else {
358 db.delete(TABLE_GRANTS, SELECT_GRANTS_BY_UID_AND_ALIAS,
359 new String[]{String.valueOf(uid), alias});
360 }
361 }
362
363 private void removeAllGrants(final SQLiteDatabase db) {
364 db.delete(TABLE_GRANTS, null /* whereClause */, null /* whereArgs */);
365 }
366
367 private class DatabaseHelper extends SQLiteOpenHelper {
368 public DatabaseHelper(Context context) {
369 super(context, DATABASE_NAME, null /* CursorFactory */, DATABASE_VERSION);
370 }
371
372 @Override
373 public void onCreate(final SQLiteDatabase db) {
374 db.execSQL("CREATE TABLE " + TABLE_GRANTS + " ( "
375 + GRANTS_ALIAS + " STRING NOT NULL, "
376 + GRANTS_GRANTEE_UID + " INTEGER NOT NULL, "
377 + "UNIQUE (" + GRANTS_ALIAS + "," + GRANTS_GRANTEE_UID + "))");
378 }
379
380 @Override
381 public void onUpgrade(final SQLiteDatabase db, int oldVersion, final int newVersion) {
382 Log.e(TAG, "upgrade from version " + oldVersion + " to version " + newVersion);
383
384 if (oldVersion == 1) {
385 // the first upgrade step goes here
386 oldVersion++;
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]387 }
Brian Carlstrom7037b732011-06-30 15:04:49 -0700[diff] [blame]388 }
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]389 }
390
391 @Override public IBinder onBind(Intent intent) {
Brian Carlstrom7037b732011-06-30 15:04:49 -0700[diff] [blame]392 if (IKeyChainService.class.getName().equals(intent.getAction())) {
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]393 return mIKeyChainService;
394 }
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]395 return null;
396 }
Fred Quintanafb2e18e2011-07-13 14:54:05 -0700[diff] [blame]397
398 @Override
399 protected void onHandleIntent(final Intent intent) {
400 if (Intent.ACTION_PACKAGE_REMOVED.equals(intent.getAction())) {
401 purgeOldGrants();
402 }
403 }
404
405 private void purgeOldGrants() {
406 final PackageManager packageManager = getPackageManager();
407 final SQLiteDatabase db = mDatabaseHelper.getWritableDatabase();
408 Cursor cursor = null;
409 db.beginTransaction();
410 try {
411 cursor = db.query(TABLE_GRANTS,
412 new String[]{GRANTS_GRANTEE_UID}, null, null, GRANTS_GRANTEE_UID, null, null);
413 while (cursor.moveToNext()) {
414 final int uid = cursor.getInt(0);
415 final boolean packageExists = packageManager.getPackagesForUid(uid) != null;
416 if (packageExists) {
417 continue;
418 }
419 Log.d(TAG, "deleting grants for UID " + uid
420 + " because its package is no longer installed");
421 db.delete(TABLE_GRANTS, SELECTION_GRANTS_BY_UID,
422 new String[]{Integer.toString(uid)});
423 }
424 db.setTransactionSuccessful();
425 } finally {
426 if (cursor != null) {
427 cursor.close();
428 }
429 db.endTransaction();
430 }
431 }
Selim Gurun39e36e52012-02-14 10:50:42 -0800[diff] [blame]432
433 private void broadcastStorageChange() {
434 Intent intent = new Intent(KeyChain.ACTION_STORAGE_CHANGED);
Robin Lee1f00eaf2014-10-16 16:27:02 +0100[diff] [blame]435 sendBroadcastAsUser(intent, new UserHandle(UserHandle.myUserId()));
Selim Gurun39e36e52012-02-14 10:50:42 -0800[diff] [blame]436 }
437
Brian Carlstrom3e6251d2011-04-11 09:05:06 -0700[diff] [blame]438}