Ensure user is unlocked before binding to KeyChain service

This stops KeyChain from throwing AssertionError when binding to
service fails due to user being locked, which would have crashed
the entire system server.

Bug: 149912024
Test: atest KeyChainTests
Change-Id: Ie110a4210e157cc9b111d845478bdf21e948ba4f

1 files changed, 5 insertions, 0 deletions

diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index a7e17d13c9e1..acd90a7f10cf 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -34,6 +34,7 @@ import android.os.Looper;
 import android.os.Process;
 import android.os.RemoteException;
 import android.os.UserHandle;
+import android.os.UserManager;
 import android.security.keystore.AndroidKeyStoreProvider;
 import android.security.keystore.KeyPermanentlyInvalidatedException;
 import android.security.keystore.KeyProperties;
@@ -811,6 +812,10 @@ public final class KeyChain {
             throw new NullPointerException("context == null");
         }
         ensureNotOnMainThread(context);
+        if (!UserManager.get(context).isUserUnlocked(user)) {
+            throw new IllegalStateException("User must be unlocked");
+        }
+
         final CountDownLatch countDownLatch = new CountDownLatch(1);
         final AtomicReference<IKeyChainService> keyChainService = new AtomicReference<>();
         ServiceConnection keyChainServiceConnection = new ServiceConnection() {