Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 09540157 authored by Eric Biggers's avatar Eric Biggers
Browse files

Fix locksettings state removal on user removal 

http://ag/19542373 (commit 78e245a2) made locksettings state removal
happen later during user removal than it did before.  Unfortunately,
this made it stop working properly, since by the time it runs, the
/data/system_de/$userId/spblob/ directory has been locked by
StorageManager.destroyUserKey().  As a result, resources used by
synthetic password protectors, e.g. Weaver slots, stopped being freed.

Fix this by cleaning up the lock settings state *before* destroying the
user keys.

Bug: 232452368
Bug: 253631183
Test: 'pm create-user 10 && pm remove-user 10', then checked log to
      verify that the Weaver slot was removed.
Change-Id: Ib3e7586bfde37632b77c7655bc91692ee6daad86
parent d5d106ae

services/core/java/com/android/server/pm/UserManagerService.java

+7 −3
Original line number Diff line number Diff line
@@ -5495,6 +5495,13 @@ public class UserManagerService extends IUserManager.Stub { 


    private void removeUserState(final @UserIdInt int userId) {

        Slog.i(LOG_TAG, "Removing user state of user " + userId);



        // Cleanup lock settings.  This must happen before destroyUserKey(), since the user's DE

        // storage must still be accessible for the lock settings state to be properly cleaned up.

        mLockPatternUtils.removeUser(userId);



        // Evict and destroy the user's CE and DE encryption keys.  At this point, the user's CE and

        // DE storage is made inaccessible, except to delete its contents.

        try {

            mContext.getSystemService(StorageManager.class).destroyUserKey(userId);

        } catch (IllegalStateException e) {
@@ -5502,9 +5509,6 @@ public class UserManagerService extends IUserManager.Stub { 
            Slog.i(LOG_TAG, "Destroying key for user " + userId + " failed, continuing anyway", e);

        }



        // Cleanup lock settings

        mLockPatternUtils.removeUser(userId);



        // Cleanup package manager settings

        mPm.cleanUpUser(this, userId);