service, homedirs: Add a new DBus call: RemoveKeyEx
RemoveKeyEx allows a single key to be removed by label.
The caller must use a key that is authorized (KeyPrivileges)
to remove keys and may remove itself.
Initially, cryptohome only allowed mass key removal by account
removal or migration to avoid orphaned keys. This is still a
legitimate concern, but as richer semantics for creating and
managing keys have been added, it is not possible to maintain
that approach.
The addition of a call that lists keys (ListKeysEx) will allow
Chrome or other clients to actively manage the keys and help avoid
orphans or unexpected keys (e.g., attacker persisted backdoor).
TEST=compile, auto, unit, manual with action=remove_key_ex
BUG=chromium:316189
CQ-DEPEND=CL:191027
Change-Id: I77ab8e2e904ff2d7ddf4f27583b8907398fd6620
Reviewed-on: https://chromium-review.googlesource.com/191050
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
12 files changed