Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Catch KeyStoreException for setting profile lock" am: e61672ab08 am: fe3b0b2cc1

Browse Source 
am: f516131a38

Change-Id: Ica7d8825fb973e288270e21345066a675818836e
This commit is contained in:
Zach Jang
2016-11-22 18:08:35 +00:00
committed by android-build-merger
parent d42b1d01ca f516131a38
commit af98d20dc6
1 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
services/core/java/com/android/server/LockSettingsService.java
View File

@@ -245,16 +245,13 @@ public class LockSettingsService extends ILockSettings.Stub {
try { try {
randomLockSeed = SecureRandom.getInstance("SHA1PRNG").generateSeed(40); randomLockSeed = SecureRandom.getInstance("SHA1PRNG").generateSeed(40);
String newPassword = String.valueOf(HexEncoding.encode(randomLockSeed)); String newPassword = String.valueOf(HexEncoding.encode(randomLockSeed));
tieProfileLockToParent(managedUserId, newPassword);
setLockPasswordInternal(newPassword, managedUserPassword, managedUserId); setLockPasswordInternal(newPassword, managedUserPassword, managedUserId);
// We store a private credential for the managed user that's unlocked by the primary // We store a private credential for the managed user that's unlocked by the primary
// account holder's credential. As such, the user will never be prompted to enter this // account holder's credential. As such, the user will never be prompted to enter this
// password directly, so we always store a password. // password directly, so we always store a password.
setLong(LockPatternUtils.PASSWORD_TYPE_KEY, setLong(LockPatternUtils.PASSWORD_TYPE_KEY,
DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC, managedUserId); DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC, managedUserId);
} catch (KeyStoreException e) { tieProfileLockToParent(managedUserId, newPassword);
// Bug: 32490092
Slog.e(TAG, "Not able to set keys to keystore", e);
} catch (NoSuchAlgorithmException | RemoteException e) { } catch (NoSuchAlgorithmException | RemoteException e) {
Slog.e(TAG, "Fail to tie managed profile", e); Slog.e(TAG, "Fail to tie managed profile", e);
// Nothing client can do to fix this issue, so we do not throw exception out // Nothing client can do to fix this issue, so we do not throw exception out
@@ -775,7 +772,6 @@ public class LockSettingsService extends ILockSettings.Stub {
} }
private void unlockChildProfile(int profileHandle) throws RemoteException { private void unlockChildProfile(int profileHandle) throws RemoteException {
if (DEBUG) Slog.v(TAG, "Unlock child profile");
try { try {
doVerifyPassword(getDecryptedPasswordForTiedProfile(profileHandle), false, doVerifyPassword(getDecryptedPasswordForTiedProfile(profileHandle), false,
0 /* no challenge */, profileHandle, null /* progressCallback */); 0 /* no challenge */, profileHandle, null /* progressCallback */);
@@ -1035,7 +1031,7 @@ public class LockSettingsService extends ILockSettings.Stub {
} }
} }
private void tieProfileLockToParent(int userId, String password) throws KeyStoreException { private void tieProfileLockToParent(int userId, String password) {
if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId); if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId);
byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8); byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8);
byte[] encryptionResult; byte[] encryptionResult;
@@ -1077,7 +1073,7 @@ public class LockSettingsService extends ILockSettings.Stub {
keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId); keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId);
} }
} catch (CertificateException | UnrecoverableKeyException } catch (CertificateException | UnrecoverableKeyException
| IOException | BadPaddingException | IllegalBlockSizeException | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException
| NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) {
throw new RuntimeException("Failed to encrypt key", e); throw new RuntimeException("Failed to encrypt key", e);
} }
@@ -1219,11 +1215,7 @@ public class LockSettingsService extends ILockSettings.Stub {
} finally { } finally {
if (managedUserId != -1 && managedUserDecryptedPassword != null) { if (managedUserId != -1 && managedUserDecryptedPassword != null) {
if (DEBUG) Slog.v(TAG, "Restore tied profile lock"); if (DEBUG) Slog.v(TAG, "Restore tied profile lock");
try { tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
} catch (KeyStoreException e) {
throw new RuntimeException("Failed to tie profile lock", e);
}
} }
} }
} }