From 144b057c2644978cd27c8b96d45dd2ef238a0597 Mon Sep 17 00:00:00 2001
From: Rubin Xu <rubinxu@google.com>
Date: Thu, 20 Feb 2020 15:53:06 +0000
Subject: [PATCH] Ensure user is unlocked before binding to KeyChain service

This stops KeyChain from throwing AssertionError when binding to
service fails due to user being locked, which would have crashed
the entire system server.

Bug: 149912024
Test: atest KeyChainTests
Change-Id: Ie110a4210e157cc9b111d845478bdf21e948ba4f
---
 keystore/java/android/security/KeyChain.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index a7e17d13c9e10..acd90a7f10cf0 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -34,6 +34,7 @@ import android.os.Looper;
 import android.os.Process;
 import android.os.RemoteException;
 import android.os.UserHandle;
+import android.os.UserManager;
 import android.security.keystore.AndroidKeyStoreProvider;
 import android.security.keystore.KeyPermanentlyInvalidatedException;
 import android.security.keystore.KeyProperties;
@@ -811,6 +812,10 @@ public final class KeyChain {
             throw new NullPointerException("context == null");
         }
         ensureNotOnMainThread(context);
+        if (!UserManager.get(context).isUserUnlocked(user)) {
+            throw new IllegalStateException("User must be unlocked");
+        }
+
         final CountDownLatch countDownLatch = new CountDownLatch(1);
         final AtomicReference<IKeyChainService> keyChainService = new AtomicReference<>();
         ServiceConnection keyChainServiceConnection = new ServiceConnection() {