Remove HardwareAuthToken parameter from clearUserKeyAuth

Due to the migration to synthetic passwords, the 'token' parameter to clearUserKeyAuth() is no longer needed. Remove it. Test: atest com.android.server.locksettings Bug: 184723544 Change-Id: I739b519b0e91293acbf018020891d68b3090c175 (cherry picked from commit 2a8ab4778297852738f94ea5dd3f1e6ff9ab9416) Merged-In: I739b519b0e91293acbf018020891d68b3090c175
author: Eric Biggers <ebiggers@google.com> 2022-01-26 01:59:17 +0000
committer: Eric Biggers <ebiggers@google.com> 2022-03-15 01:25:57 +0000
commit: d04de5ce97e56555edc6fbbd1d9292a959071488 (patch)
tree: bfaa1b577c3e5990ca0e3dddfb8e8a4f1887ab60
parent: 5eb0659999abf740f1a0077a7c703347debb84c9 (diff)
4 files changed, 13 insertions, 12 deletions
diff --git a/core/java/android/os/storage/IStorageManager.aidl b/core/java/android/os/storage/IStorageManager.aidl
index c86221c26fa3..09bdf198315c 100644
--- a/core/java/android/os/storage/IStorageManager.aidl
+++ b/core/java/android/os/storage/IStorageManager.aidl
@@ -195,7 +195,7 @@ interface IStorageManager {
     void startCheckpoint(int numTries) = 85;
     boolean needsCheckpoint() = 86;
     void abortChanges(in String message, boolean retry) = 87;
-    void clearUserKeyAuth(int userId, int serialNumber, in byte[] token, in byte[] secret) = 88;
+    void clearUserKeyAuth(int userId, int serialNumber, in byte[] secret) = 88;
     void fixupAppDir(in String path) = 89;
     void disableAppDataIsolation(in String pkgName, int pid, int userId) = 90;
     void notifyAppIoBlocked(in String volumeUuid, int uid, int tid, int reason) = 91;
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index bfa310f2b0ed..eb2721da5e8a 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -3427,25 +3427,26 @@ class StorageManagerService extends IStorageManager.Stub
     }
 
     /*
-     * Clear disk encryption key bound to the associated token / secret pair. Removing the user
-     * binding of the Disk encryption key is done in two phases: first, this call will retrieve
-     * the disk encryption key using the provided token / secret pair and store it by
-     * encrypting it with a keymaster key not bound to the user, then fixateNewestUserKeyAuth
-     * is called to delete all other bindings of the disk encryption key.
+     * Store a user's disk encryption key without secret binding.  Removing the
+     * secret for a disk encryption key is done in two phases.  First, this
+     * method is called to retrieve the key using the provided secret and store
+     * it encrypted with a keystore key not bound to the user.  Second,
+     * fixateNewestUserKeyAuth is called to delete the key's other bindings.
      */
     @Override
-    public void clearUserKeyAuth(int userId, int serialNumber, byte[] token, byte[] secret) {
+    public void clearUserKeyAuth(int userId, int serialNumber, byte[] secret) {
         enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);
 
         try {
-            mVold.clearUserKeyAuth(userId, serialNumber, encodeBytes(token), encodeBytes(secret));
+            mVold.clearUserKeyAuth(userId, serialNumber, encodeBytes(secret));
         } catch (Exception e) {
             Slog.wtf(TAG, e);
         }
     }
 
     /*
-     * Delete all disk encryption token/secret pairs except the most recently added one
+     * Delete all bindings of a user's disk encryption key except the most
+     * recently added one.
      */
     @Override
     public void fixateNewestUserKeyAuth(int userId) {
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 31083601b15c..56078d5c72d6 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -1901,7 +1901,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         final UserInfo userInfo = mUserManager.getUserInfo(userId);
         final long callingId = Binder.clearCallingIdentity();
         try {
-            mStorageManager.clearUserKeyAuth(userId, userInfo.serialNumber, null, secret);
+            mStorageManager.clearUserKeyAuth(userId, userInfo.serialNumber, secret);
         } catch (RemoteException e) {
             throw new IllegalStateException("clearUserKeyAuth failed user=" + userId);
         } finally {
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java
index 2bd42fa26d65..e220841a3816 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java
@@ -232,10 +232,10 @@ public abstract class BaseLockSettingsServiceTests {
                 Object[] args = invocation.getArguments();
                 mStorageManager.clearUserKeyAuth((int) args[0] /* userId */,
                         (int) args[1] /* serialNumber */,
-                        (byte[]) args[3] /* secret */);
+                        (byte[]) args[2] /* secret */);
                 return null;
             }
-        }).when(sm).clearUserKeyAuth(anyInt(), anyInt(), any(), any());
+        }).when(sm).clearUserKeyAuth(anyInt(), anyInt(), any());
 
         doAnswer(
                 new Answer<Void>() {
author	Eric Biggers <ebiggers@google.com>	2022-01-26 01:59:17 +0000
committer	Eric Biggers <ebiggers@google.com>	2022-03-15 01:25:57 +0000
commit	d04de5ce97e56555edc6fbbd1d9292a959071488 (patch)
tree	bfaa1b577c3e5990ca0e3dddfb8e8a4f1887ab60
parent	5eb0659999abf740f1a0077a7c703347debb84c9 (diff)