diff options
author | Ricky Wai <rickywai@google.com> | 2016-11-17 18:49:17 +0000 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-11-17 18:04:23 -0800 |
commit | 84e380e93c1bc7001edc2af9b4c01ad49606aa5e (patch) | |
tree | 166bf9b8ae459522fef809c683080025607ebe3f | |
parent | aca11d8bea9c9c00482f72957b5e025dd91243dd (diff) | |
download | base-84e380e93c1bc7001edc2af9b4c01ad49606aa5e.tar.gz |
Catch KeyStoreException for setting profile lock
When device upgrades from L->N, sid(in gatekeeper) could be 0
even primary profile screenlock is set.
We are now trying to catch the exception so when sid==0 happens,
it will try to tie profile lock again when primary profile is unlocked.
Bug: 32490092
Change-Id: I73011d872ac15e7e09be9bda0165cf7f6a75493a
(cherry picked from commit c8fa5ed8f2d492aa5e005fcdb5991c3f980de045)
-rw-r--r-- | services/core/java/com/android/server/LockSettingsService.java | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index a91e2053c01d..846551f7f119 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -245,13 +245,16 @@ public class LockSettingsService extends ILockSettings.Stub { try { randomLockSeed = SecureRandom.getInstance("SHA1PRNG").generateSeed(40); String newPassword = String.valueOf(HexEncoding.encode(randomLockSeed)); + tieProfileLockToParent(managedUserId, newPassword); setLockPasswordInternal(newPassword, managedUserPassword, managedUserId); // We store a private credential for the managed user that's unlocked by the primary // account holder's credential. As such, the user will never be prompted to enter this // password directly, so we always store a password. setLong(LockPatternUtils.PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC, managedUserId); - tieProfileLockToParent(managedUserId, newPassword); + } catch (KeyStoreException e) { + // Bug: 32490092 + Slog.e(TAG, "Not able to set keys to keystore", e); } catch (NoSuchAlgorithmException | RemoteException e) { Slog.e(TAG, "Fail to tie managed profile", e); // Nothing client can do to fix this issue, so we do not throw exception out @@ -758,6 +761,7 @@ public class LockSettingsService extends ILockSettings.Stub { } private void unlockChildProfile(int profileHandle) throws RemoteException { + if (DEBUG) Slog.v(TAG, "Unlock child profile"); try { doVerifyPassword(getDecryptedPasswordForTiedProfile(profileHandle), false, 0 /* no challenge */, profileHandle, null /* progressCallback */); @@ -1017,7 +1021,7 @@ public class LockSettingsService extends ILockSettings.Stub { } } - private void tieProfileLockToParent(int userId, String password) { + private void tieProfileLockToParent(int userId, String password) throws KeyStoreException { if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId); byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8); byte[] encryptionResult; @@ -1059,7 +1063,7 @@ public class LockSettingsService extends ILockSettings.Stub { keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId); } } catch (CertificateException | UnrecoverableKeyException - | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException + | IOException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { throw new RuntimeException("Failed to encrypt key", e); } @@ -1201,7 +1205,11 @@ public class LockSettingsService extends ILockSettings.Stub { } finally { if (managedUserId != -1 && managedUserDecryptedPassword != null) { if (DEBUG) Slog.v(TAG, "Restore tied profile lock"); - tieProfileLockToParent(managedUserId, managedUserDecryptedPassword); + try { + tieProfileLockToParent(managedUserId, managedUserDecryptedPassword); + } catch (KeyStoreException e) { + throw new RuntimeException("Failed to tie profile lock", e); + } } } } |