From 7b76f334ab85efbce4a52ad0776078da71f4ecd0 Mon Sep 17 00:00:00 2001
From: Rubin Xu <rubinxu@google.com>
Date: Fri, 8 Nov 2019 12:10:12 +0000
Subject: No need to remove profile encryption key on boot

PROFILE_KEY_NAME_ENCRYPT is a temporary encryption key used during
profile challenge unification to encrypt the profile password. It's
deleted right after the unification process so there is no need to
keep trying deleting it during each boot. Also add a log when profile
decryption key is removed.

Both of these changes are speculative fixes for a reported issue
where profile unification is broken midway.

Bug: 143946738
Test: builds
Change-Id: I382010150ddbab49c8c9971a1d0a97dff5c86271
---
 .../server/locksettings/LockSettingsService.java     | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index d6650017e18d..a4e7ac4d272b 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -873,28 +873,12 @@ public class LockSettingsService extends ILockSettings.Stub {
             Slog.i(TAG, "Migrated lockscreen disabled flag");
         }
 
-        final List<UserInfo> users = mUserManager.getUsers();
-        for (int i = 0; i < users.size(); i++) {
-            final UserInfo userInfo = users.get(i);
-            try {
-                final String alias = LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userInfo.id;
-                java.security.KeyStore keyStore =
-                        java.security.KeyStore.getInstance("AndroidKeyStore");
-                keyStore.load(null);
-                if (keyStore.containsAlias(alias)) {
-                    keyStore.deleteEntry(alias);
-                }
-            } catch (KeyStoreException | NoSuchAlgorithmException |
-                    CertificateException | IOException e) {
-                Slog.e(TAG, "Unable to remove tied profile key", e);
-            }
-        }
-
         boolean isWatch = mContext.getPackageManager().hasSystemFeature(
                 PackageManager.FEATURE_WATCH);
         // Wear used to set DISABLE_LOCKSCREEN to 'true', but because Wear now allows accounts
         // and device management the lockscreen must be re-enabled now for users that upgrade.
         if (isWatch && getString("migrated_wear_lockscreen_disabled", null, 0) == null) {
+            final List<UserInfo> users = mUserManager.getUsers();
             final int userCount = users.size();
             for (int i = 0; i < userCount; i++) {
                 int id = users.get(i).id;
@@ -2202,7 +2186,7 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     private void removeKeystoreProfileKey(int targetUserId) {
-        if (DEBUG) Slog.v(TAG, "Remove keystore profile key for user: " + targetUserId);
+        Slog.i(TAG, "Remove keystore profile key for user: " + targetUserId);
         try {
             java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
             keyStore.load(null);
-- 
cgit v1.2.3-59-g8ed1b