From 01c3c2fbac33654187e440dd454f90a55de94d1d Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Wed, 10 Oct 2018 09:32:39 -0700
Subject: [PATCH 1/2] KeyguardStateMonitor looses connection with keystore if
 keystore dies

When keystore dies it no longer gets information about the lock screen
visibility state. This state is vital to enforcing the "unlocked
device required" authorization of keymaster keys.

With this patch KeyguardStateMonitor tries to reestablish the connection
to keystore if communication fails.

Test: run atest android.keystore.cts.CipherTest#testKeyguardLockAndUnlock
      after killing keystore
Bug: 117552147

Change-Id: I8346e53c342bdba0f5960b1feba7c26db5cef33e
---
 .../policy/keyguard/KeyguardStateMonitor.java | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java b/services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java
index 1cba1c7bed1b1..a55b49fe028d4 100644
--- a/services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java
+++ b/services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java
@@ -95,10 +95,22 @@ public class KeyguardStateMonitor extends IKeyguardStateCallback.Stub {
         mIsShowing = showing;
 
         mCallback.onShowingChanged();
-        try {
-            mKeystoreService.onKeyguardVisibilityChanged(showing, mCurrentUserId);
-        } catch (RemoteException e) {
-            Slog.e(TAG, "Error informing keystore of screen lock", e);
+        int retry = 2;
+        while (retry > 0) {
+            try {
+                mKeystoreService.onKeyguardVisibilityChanged(showing, mCurrentUserId);
+                break;
+            } catch (RemoteException e) {
+                if (retry == 2) {
+                    Slog.w(TAG, "Error informing keystore of screen lock. Keystore may have died"
+                            + " -> refreshing service token and retrying");
+                    mKeystoreService = IKeystoreService.Stub.asInterface(ServiceManager
+                            .getService("android.security.keystore"));
+                } else {
+                    Slog.e(TAG, "Error informing keystore of screen lock after retrying once", e);
+                }
+                --retry;
+            }
         }
     }
 

From 569055dd608c21b2c763f896e73761007f125a50 Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Thu, 11 Oct 2018 09:19:41 -0700
Subject: [PATCH 2/2] Add OWNERS file to AndroidKeystoreSPI implementation

Change-Id: I7070326d680c6bff00839d847f8fadbbe2b16fa7
---
 keystore/OWNERS | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 keystore/OWNERS

diff --git a/keystore/OWNERS b/keystore/OWNERS
new file mode 100644
index 0000000000000..a63ca46df2a6e
--- /dev/null
+++ b/keystore/OWNERS
@@ -0,0 +1,4 @@
+jbires@google.com
+jdanis@google.com
+robbarnes@google.com
+swillden@google.com