Add a specific error code for provider mismatches

If the device used HAL based RoR to arm the escrow key, the recovery will fail if we switch to server based RoR after reboot. Set a specific error for metrics purpose. Bug: 183140900 Test: atest FrameworksServicesTests:RebootEscrowManagerTests Change-Id: I1f33a8c6cf111d868a2b96a155f5a0926a7c788a
author: Tianjie <xunchang@google.com> 2021-03-18 18:05:35 -0700
committer: Tianjie <xunchang@google.com> 2021-03-22 16:14:15 -0700
commit: 00c3f598809d5048936bafab7a54362a3e6795b2 (patch)
tree: 6918ab8baf392f0af734e80dc70821d9211e4879 /services/core/java
parent: aec4f406dfe00f1c456db4fc3bba55628fda0b26 (diff)
4 files changed, 47 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/locksettings/RebootEscrowManager.java b/services/core/java/com/android/server/locksettings/RebootEscrowManager.java
index 62156a89392e..6ffcb811ae1d 100644
--- a/services/core/java/com/android/server/locksettings/RebootEscrowManager.java
+++ b/services/core/java/com/android/server/locksettings/RebootEscrowManager.java
@@ -70,6 +70,7 @@ class RebootEscrowManager {
     public static final String REBOOT_ESCROW_ARMED_KEY = "reboot_escrow_armed_count";
 
     static final String REBOOT_ESCROW_KEY_ARMED_TIMESTAMP = "reboot_escrow_key_stored_timestamp";
+    static final String REBOOT_ESCROW_KEY_PROVIDER = "reboot_escrow_key_provider";
 
     /**
      * The verified boot 2.0 vbmeta digest of the current slot, the property value is always
@@ -113,6 +114,7 @@ class RebootEscrowManager {
             ERROR_LOAD_ESCROW_KEY,
             ERROR_RETRY_COUNT_EXHAUSTED,
             ERROR_UNLOCK_ALL_USERS,
+            ERROR_PROVIDER_MISMATCH,
     })
     @Retention(RetentionPolicy.SOURCE)
     @interface RebootEscrowErrorCode {
@@ -124,6 +126,7 @@ class RebootEscrowManager {
     static final int ERROR_LOAD_ESCROW_KEY = 3;
     static final int ERROR_RETRY_COUNT_EXHAUSTED = 4;
     static final int ERROR_UNLOCK_ALL_USERS = 5;
+    static final int ERROR_PROVIDER_MISMATCH = 6;
 
     private @RebootEscrowErrorCode int mLoadEscrowDataErrorCode = ERROR_NONE;
 
@@ -360,7 +363,15 @@ class RebootEscrowManager {
 
         if (escrowKey == null) {
             if (mLoadEscrowDataErrorCode == ERROR_NONE) {
-                mLoadEscrowDataErrorCode = ERROR_LOAD_ESCROW_KEY;
+                // Specifically check if the RoR provider has changed after reboot.
+                int providerType = mInjector.serverBasedResumeOnReboot()
+                        ? RebootEscrowProviderInterface.TYPE_SERVER_BASED
+                        : RebootEscrowProviderInterface.TYPE_HAL;
+                if (providerType != mStorage.getInt(REBOOT_ESCROW_KEY_PROVIDER, -1, USER_SYSTEM)) {
+                    mLoadEscrowDataErrorCode = ERROR_PROVIDER_MISMATCH;
+                } else {
+                    mLoadEscrowDataErrorCode = ERROR_LOAD_ESCROW_KEY;
+                }
             }
             onGetRebootEscrowKeyFailed(users, attemptNumber + 1);
             return;
@@ -387,6 +398,7 @@ class RebootEscrowManager {
         mStorage.removeKey(REBOOT_ESCROW_KEY_ARMED_TIMESTAMP, USER_SYSTEM);
         mStorage.removeKey(REBOOT_ESCROW_KEY_VBMETA_DIGEST, USER_SYSTEM);
         mStorage.removeKey(REBOOT_ESCROW_KEY_OTHER_VBMETA_DIGEST, USER_SYSTEM);
+        mStorage.removeKey(REBOOT_ESCROW_KEY_PROVIDER, USER_SYSTEM);
     }
 
     private int getVbmetaDigestStatusOnRestoreComplete() {
@@ -435,6 +447,7 @@ class RebootEscrowManager {
         if (!success && mLoadEscrowDataErrorCode == ERROR_NONE) {
             mLoadEscrowDataErrorCode = ERROR_UNKNOWN;
         }
+
         // TODO(179105110) report the duration since boot complete.
         mInjector.reportMetric(success, mLoadEscrowDataErrorCode, serviceType, attemptCount,
                 escrowDurationInSeconds, vbmetaDigestStatus, -1);
@@ -586,6 +599,9 @@ class RebootEscrowManager {
             return false;
         }
 
+        int actualProviderType = rebootEscrowProvider.getType();
+        // TODO(b/183140900) Fail the reboot if provider type mismatches.
+
         RebootEscrowKey escrowKey;
         synchronized (mKeyGenerationLock) {
             escrowKey = mPendingRebootEscrowKey;
@@ -612,6 +628,7 @@ class RebootEscrowManager {
                     USER_SYSTEM);
             mStorage.setString(REBOOT_ESCROW_KEY_OTHER_VBMETA_DIGEST,
                     mInjector.getVbmetaDigest(true), USER_SYSTEM);
+            mStorage.setInt(REBOOT_ESCROW_KEY_PROVIDER, actualProviderType, USER_SYSTEM);
             mEventLog.addEntry(RebootEscrowEvent.SET_ARMED_STATUS);
         }
 
diff --git a/services/core/java/com/android/server/locksettings/RebootEscrowProviderHalImpl.java b/services/core/java/com/android/server/locksettings/RebootEscrowProviderHalImpl.java
index 4b00772088f2..e8f6f4abd030 100644
--- a/services/core/java/com/android/server/locksettings/RebootEscrowProviderHalImpl.java
+++ b/services/core/java/com/android/server/locksettings/RebootEscrowProviderHalImpl.java
@@ -60,6 +60,11 @@ class RebootEscrowProviderHalImpl implements RebootEscrowProviderInterface {
     }
 
     @Override
+    public int getType() {
+        return TYPE_HAL;
+    }
+
+    @Override
     public boolean hasRebootEscrowSupport() {
         return mInjector.getRebootEscrow() != null;
     }
diff --git a/services/core/java/com/android/server/locksettings/RebootEscrowProviderInterface.java b/services/core/java/com/android/server/locksettings/RebootEscrowProviderInterface.java
index af6faad3c76e..e106d817c533 100644
--- a/services/core/java/com/android/server/locksettings/RebootEscrowProviderInterface.java
+++ b/services/core/java/com/android/server/locksettings/RebootEscrowProviderInterface.java
@@ -16,7 +16,11 @@
 
 package com.android.server.locksettings;
 
+import android.annotation.IntDef;
+
 import java.io.IOException;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
 
 import javax.crypto.SecretKey;
 
@@ -28,6 +32,21 @@ import javax.crypto.SecretKey;
  * @hide
  */
 public interface RebootEscrowProviderInterface {
+    @IntDef(prefix = {"TYPE_"}, value = {
+            TYPE_HAL,
+            TYPE_SERVER_BASED,
+    })
+    @Retention(RetentionPolicy.SOURCE)
+    @interface RebootEscrowProviderType {
+    }
+    int TYPE_HAL = 0;
+    int TYPE_SERVER_BASED = 1;
+
+    /**
+     * Returns the reboot escrow provider type.
+     */
+    @RebootEscrowProviderType int getType();
+
     /**
      * Returns true if the secure store/discard of reboot escrow key is supported.
      */
diff --git a/services/core/java/com/android/server/locksettings/RebootEscrowProviderServerBasedImpl.java b/services/core/java/com/android/server/locksettings/RebootEscrowProviderServerBasedImpl.java
index 697bf08a232e..28669875f1cd 100644
--- a/services/core/java/com/android/server/locksettings/RebootEscrowProviderServerBasedImpl.java
+++ b/services/core/java/com/android/server/locksettings/RebootEscrowProviderServerBasedImpl.java
@@ -95,6 +95,11 @@ class RebootEscrowProviderServerBasedImpl implements RebootEscrowProviderInterfa
     }
 
     @Override
+    public int getType() {
+        return TYPE_SERVER_BASED;
+    }
+
+    @Override
     public boolean hasRebootEscrowSupport() {
         return mInjector.getServiceConnection() != null;
     }
author	Tianjie <xunchang@google.com>	2021-03-18 18:05:35 -0700
committer	Tianjie <xunchang@google.com>	2021-03-22 16:14:15 -0700
commit	00c3f598809d5048936bafab7a54362a3e6795b2 (patch)
tree	6918ab8baf392f0af734e80dc70821d9211e4879 /services/core/java
parent	aec4f406dfe00f1c456db4fc3bba55628fda0b26 (diff)