Merge "[Wi-Fi] Do not delete certs when forgetting network"

This commit is contained in:
Hai Shalom
2019-03-18 22:38:47 +00:00
committed by Android (Google) Code Review

View File

@@ -154,11 +154,15 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
dialog.dismiss(); dialog.dismiss();
} }
}; };
if (item.isSystem()) { // TODO: b/127865361
// TODO: a safe means of clearing wifi certificates. Configs refer to aliases // a safe means of clearing wifi certificates. Configs refer to aliases
// directly so deleting certs will break dependent access points. // directly so deleting certs will break dependent access points.
builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener); // However, Wi-Fi used to remove this certificate from storage if the network
} // was removed, regardless if it is used in more than one network.
// It has been decided to allow removing certificates from this menu, as we
// assume that the user who manually adds certificates must have a way to
// manually remove them.
builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener);
} }
return builder.create(); return builder.create();
} }
@@ -172,7 +176,8 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
* Deletes all certificates and keys under a given alias. * Deletes all certificates and keys under a given alias.
* *
* If the {@link Credential} is for a system alias, all active grants to the alias will be * If the {@link Credential} is for a system alias, all active grants to the alias will be
* removed using {@link KeyChain}. * removed using {@link KeyChain}. If the {@link Credential} is for Wi-Fi alias, all
* credentials and keys will be removed using {@link KeyStore}.
*/ */
private class RemoveCredentialsTask extends AsyncTask<Credential, Void, Credential[]> { private class RemoveCredentialsTask extends AsyncTask<Credential, Void, Credential[]> {
private Context context; private Context context;
@@ -188,14 +193,32 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
for (final Credential credential : credentials) { for (final Credential credential : credentials) {
if (credential.isSystem()) { if (credential.isSystem()) {
removeGrantsAndDelete(credential); removeGrantsAndDelete(credential);
continue; } else {
deleteWifiCredential(credential);
} }
throw new UnsupportedOperationException(
"Not implemented for wifi certificates. This should not be reachable.");
} }
return credentials; return credentials;
} }
private void deleteWifiCredential(final Credential credential) {
final KeyStore keyStore = KeyStore.getInstance();
final EnumSet<Credential.Type> storedTypes = credential.getStoredTypes();
// Remove all Wi-Fi credentials
if (storedTypes.contains(Credential.Type.USER_KEY)) {
keyStore.delete(Credentials.USER_PRIVATE_KEY + credential.getAlias(),
Process.WIFI_UID);
}
if (storedTypes.contains(Credential.Type.USER_CERTIFICATE)) {
keyStore.delete(Credentials.USER_CERTIFICATE + credential.getAlias(),
Process.WIFI_UID);
}
if (storedTypes.contains(Credential.Type.CA_CERTIFICATE)) {
keyStore.delete(Credentials.CA_CERTIFICATE + credential.getAlias(),
Process.WIFI_UID);
}
}
private void removeGrantsAndDelete(final Credential credential) { private void removeGrantsAndDelete(final Credential credential) {
final KeyChainConnection conn; final KeyChainConnection conn;
try { try {
@@ -488,5 +511,11 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment
public boolean isSystem() { public boolean isSystem() {
return UserHandle.getAppId(uid) == Process.SYSTEM_UID; return UserHandle.getAppId(uid) == Process.SYSTEM_UID;
} }
public String getAlias() { return alias; }
public EnumSet<Type> getStoredTypes() {
return storedTypes;
}
} }
} }