Remove keystore entries when package removed

Add a hook into PackageManagerService so that when app IDs are
completely removed, we erase all entries from keystore for those UIDs
that have gone away.

(cherry picked from commit 95e3ee3971)

Bug: 3020069
Change-Id: I374258ccc103f8cb3e238f2bf0d1afda0659db94

core/java/android/security/IKeystoreService.java

@@ -444,6 +444,24 @@ public interface IKeystoreService extends IInterface {
                 }
                 return _result;
             }
+
+            @Override
+            public int clear_uid(long uid) throws RemoteException {
+                Parcel _data = Parcel.obtain();
+                Parcel _reply = Parcel.obtain();
+                int _result;
+                try {
+                    _data.writeInterfaceToken(DESCRIPTOR);
+                    _data.writeLong(uid);
+                    mRemote.transact(Stub.TRANSACTION_clear_uid, _data, _reply, 0);
+                    _reply.readException();
+                    _result = _reply.readInt();
+                } finally {
+                    _reply.recycle();
+                    _data.recycle();
+                }
+                return _result;
+            }
         }
 
         private static final String DESCRIPTOR = "android.security.keystore";
@@ -470,6 +488,7 @@ public interface IKeystoreService extends IInterface {
         static final int TRANSACTION_getmtime = IBinder.FIRST_CALL_TRANSACTION + 19;
         static final int TRANSACTION_duplicate = IBinder.FIRST_CALL_TRANSACTION + 20;
         static final int TRANSACTION_is_hardware_backed = IBinder.FIRST_CALL_TRANSACTION + 21;
+        static final int TRANSACTION_clear_uid = IBinder.FIRST_CALL_TRANSACTION + 22;
 
         /**
          * Cast an IBinder object into an IKeystoreService interface, generating
@@ -559,4 +578,6 @@ public interface IKeystoreService extends IInterface {
             throws RemoteException;
 
     public int is_hardware_backed() throws RemoteException;
+
+    public int clear_uid(long uid) throws RemoteException;
 }

keystore/java/android/security/KeyStore.java

@@ -305,6 +305,15 @@ public class KeyStore {
         }
     }
 
+    public boolean clearUid(int uid) {
+        try {
+            return mBinder.clear_uid(uid) == NO_ERROR;
+        } catch (RemoteException e) {
+            Log.w(TAG, "Cannot connect to keystore", e);
+            return false;
+        }
+    }
+
     public int getLastError() {
         return mError;
     }

services/java/com/android/server/pm/PackageManagerService.java

@@ -110,8 +110,10 @@ import android.os.ServiceManager;
 import android.os.SystemClock;
 import android.os.SystemProperties;
 import android.os.UserHandle;
-import android.os.UserManager;
 import android.os.Environment.UserEnvironment;
+import android.os.UserManager;
+import android.provider.Settings.Secure;
+import android.security.KeyStore;
 import android.security.SystemKeyStore;
 import android.util.DisplayMetrics;
 import android.util.EventLog;
@@ -8634,6 +8636,17 @@ public class PackageManagerService extends IPackageManager.Stub {
                 mSettings.writeLPr();
             }
         }
+        // A user ID was deleted here. Go through all users and remove it from
+        // KeyStore.
+        final int appId = outInfo.removedAppId;
+        if (appId != -1) {
+            final KeyStore keyStore = KeyStore.getInstance();
+            if (keyStore != null) {
+                for (final int userId : sUserManager.getUserIds()) {
+                    keyStore.clearUid(UserHandle.getUid(userId, appId));
+                }
+            }
+        }
     }
 
     /*