Loading src/com/android/settings/UserCredentialsSettings.java +38 −9 Original line number Diff line number Diff line Loading @@ -154,12 +154,16 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment dialog.dismiss(); } }; if (item.isSystem()) { // TODO: a safe means of clearing wifi certificates. Configs refer to aliases // TODO: b/127865361 // a safe means of clearing wifi certificates. Configs refer to aliases // directly so deleting certs will break dependent access points. // However, Wi-Fi used to remove this certificate from storage if the network // was removed, regardless if it is used in more than one network. // It has been decided to allow removing certificates from this menu, as we // assume that the user who manually adds certificates must have a way to // manually remove them. builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener); } } return builder.create(); } Loading @@ -172,7 +176,8 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment * Deletes all certificates and keys under a given alias. * * If the {@link Credential} is for a system alias, all active grants to the alias will be * removed using {@link KeyChain}. * removed using {@link KeyChain}. If the {@link Credential} is for Wi-Fi alias, all * credentials and keys will be removed using {@link KeyStore}. */ private class RemoveCredentialsTask extends AsyncTask<Credential, Void, Credential[]> { private Context context; Loading @@ -188,14 +193,32 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment for (final Credential credential : credentials) { if (credential.isSystem()) { removeGrantsAndDelete(credential); continue; } else { deleteWifiCredential(credential); } throw new UnsupportedOperationException( "Not implemented for wifi certificates. This should not be reachable."); } return credentials; } private void deleteWifiCredential(final Credential credential) { final KeyStore keyStore = KeyStore.getInstance(); final EnumSet<Credential.Type> storedTypes = credential.getStoredTypes(); // Remove all Wi-Fi credentials if (storedTypes.contains(Credential.Type.USER_KEY)) { keyStore.delete(Credentials.USER_PRIVATE_KEY + credential.getAlias(), Process.WIFI_UID); } if (storedTypes.contains(Credential.Type.USER_CERTIFICATE)) { keyStore.delete(Credentials.USER_CERTIFICATE + credential.getAlias(), Process.WIFI_UID); } if (storedTypes.contains(Credential.Type.CA_CERTIFICATE)) { keyStore.delete(Credentials.CA_CERTIFICATE + credential.getAlias(), Process.WIFI_UID); } } private void removeGrantsAndDelete(final Credential credential) { final KeyChainConnection conn; try { Loading Loading @@ -488,5 +511,11 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment public boolean isSystem() { return UserHandle.getAppId(uid) == Process.SYSTEM_UID; } public String getAlias() { return alias; } public EnumSet<Type> getStoredTypes() { return storedTypes; } } } Loading
src/com/android/settings/UserCredentialsSettings.java +38 −9 Original line number Diff line number Diff line Loading @@ -154,12 +154,16 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment dialog.dismiss(); } }; if (item.isSystem()) { // TODO: a safe means of clearing wifi certificates. Configs refer to aliases // TODO: b/127865361 // a safe means of clearing wifi certificates. Configs refer to aliases // directly so deleting certs will break dependent access points. // However, Wi-Fi used to remove this certificate from storage if the network // was removed, regardless if it is used in more than one network. // It has been decided to allow removing certificates from this menu, as we // assume that the user who manually adds certificates must have a way to // manually remove them. builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener); } } return builder.create(); } Loading @@ -172,7 +176,8 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment * Deletes all certificates and keys under a given alias. * * If the {@link Credential} is for a system alias, all active grants to the alias will be * removed using {@link KeyChain}. * removed using {@link KeyChain}. If the {@link Credential} is for Wi-Fi alias, all * credentials and keys will be removed using {@link KeyStore}. */ private class RemoveCredentialsTask extends AsyncTask<Credential, Void, Credential[]> { private Context context; Loading @@ -188,14 +193,32 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment for (final Credential credential : credentials) { if (credential.isSystem()) { removeGrantsAndDelete(credential); continue; } else { deleteWifiCredential(credential); } throw new UnsupportedOperationException( "Not implemented for wifi certificates. This should not be reachable."); } return credentials; } private void deleteWifiCredential(final Credential credential) { final KeyStore keyStore = KeyStore.getInstance(); final EnumSet<Credential.Type> storedTypes = credential.getStoredTypes(); // Remove all Wi-Fi credentials if (storedTypes.contains(Credential.Type.USER_KEY)) { keyStore.delete(Credentials.USER_PRIVATE_KEY + credential.getAlias(), Process.WIFI_UID); } if (storedTypes.contains(Credential.Type.USER_CERTIFICATE)) { keyStore.delete(Credentials.USER_CERTIFICATE + credential.getAlias(), Process.WIFI_UID); } if (storedTypes.contains(Credential.Type.CA_CERTIFICATE)) { keyStore.delete(Credentials.CA_CERTIFICATE + credential.getAlias(), Process.WIFI_UID); } } private void removeGrantsAndDelete(final Credential credential) { final KeyChainConnection conn; try { Loading Loading @@ -488,5 +511,11 @@ public class UserCredentialsSettings extends SettingsPreferenceFragment public boolean isSystem() { return UserHandle.getAppId(uid) == Process.SYSTEM_UID; } public String getAlias() { return alias; } public EnumSet<Type> getStoredTypes() { return storedTypes; } } }
