Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Catch KeyStoreException for setting profile lock am: c8fa5ed8f2

Browse Source 
am: 3b546019dc

Change-Id: Id668766a96473ae2f68e83dae1ecb547b26de6fc
This commit is contained in:
Ricky Wai
2016-11-18 01:43:01 +00:00
committed by android-build-merger
parent 77ad3429a6 3b546019dc
commit c40b9a8ee2
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
services/core/java/com/android/server/LockSettingsService.java
View File

@@ -245,13 +245,16 @@ public class LockSettingsService extends ILockSettings.Stub {
try {
randomLockSeed = SecureRandom.getInstance("SHA1PRNG").generateSeed(40);
String newPassword = String.valueOf(HexEncoding.encode(randomLockSeed));
tieProfileLockToParent(managedUserId, newPassword);
setLockPasswordInternal(newPassword, managedUserPassword, managedUserId);
// We store a private credential for the managed user that's unlocked by the primary
// account holder's credential. As such, the user will never be prompted to enter this
// password directly, so we always store a password.
setLong(LockPatternUtils.PASSWORD_TYPE_KEY,
DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC, managedUserId);
tieProfileLockToParent(managedUserId, newPassword);
} catch (KeyStoreException e) {
// Bug: 32490092
Slog.e(TAG, "Not able to set keys to keystore", e);
} catch (NoSuchAlgorithmException | RemoteException e) {
Slog.e(TAG, "Fail to tie managed profile", e);
// Nothing client can do to fix this issue, so we do not throw exception out
@@ -772,6 +775,7 @@ public class LockSettingsService extends ILockSettings.Stub {
}
private void unlockChildProfile(int profileHandle) throws RemoteException {
if (DEBUG) Slog.v(TAG, "Unlock child profile");
try {
doVerifyPassword(getDecryptedPasswordForTiedProfile(profileHandle), false,
0 /* no challenge */, profileHandle, null /* progressCallback */);
@@ -1031,7 +1035,7 @@ public class LockSettingsService extends ILockSettings.Stub {
}
}
private void tieProfileLockToParent(int userId, String password) {
private void tieProfileLockToParent(int userId, String password) throws KeyStoreException {
if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId);
byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8);
byte[] encryptionResult;
@@ -1073,7 +1077,7 @@ public class LockSettingsService extends ILockSettings.Stub {
keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId);
}
} catch (CertificateException | UnrecoverableKeyException
| IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException
| IOException | BadPaddingException | IllegalBlockSizeException
| NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) {
throw new RuntimeException("Failed to encrypt key", e);
}
@@ -1215,7 +1219,11 @@ public class LockSettingsService extends ILockSettings.Stub {
} finally {
if (managedUserId != -1 && managedUserDecryptedPassword != null) {
if (DEBUG) Slog.v(TAG, "Restore tied profile lock");
tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
try {
tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
} catch (KeyStoreException e) {
throw new RuntimeException("Failed to tie profile lock", e);
}
}
}
}