diff options
| -rw-r--r-- | services/core/java/com/android/server/locksettings/RebootEscrowManager.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/locksettings/RebootEscrowManager.java b/services/core/java/com/android/server/locksettings/RebootEscrowManager.java index 6ffcb811ae1d..76ecc1acc7ac 100644 --- a/services/core/java/com/android/server/locksettings/RebootEscrowManager.java +++ b/services/core/java/com/android/server/locksettings/RebootEscrowManager.java @@ -115,6 +115,7 @@ class RebootEscrowManager { ERROR_RETRY_COUNT_EXHAUSTED, ERROR_UNLOCK_ALL_USERS, ERROR_PROVIDER_MISMATCH, + ERROR_KEYSTORE_FAILURE, }) @Retention(RetentionPolicy.SOURCE) @interface RebootEscrowErrorCode { @@ -127,6 +128,7 @@ class RebootEscrowManager { static final int ERROR_RETRY_COUNT_EXHAUSTED = 4; static final int ERROR_UNLOCK_ALL_USERS = 5; static final int ERROR_PROVIDER_MISMATCH = 6; + static final int ERROR_KEYSTORE_FAILURE = 7; private @RebootEscrowErrorCode int mLoadEscrowDataErrorCode = ERROR_NONE; @@ -474,6 +476,13 @@ class RebootEscrowManager { return null; } + // Server based RoR always need the decryption key from keystore. + if (rebootEscrowProvider.getType() == RebootEscrowProviderInterface.TYPE_SERVER_BASED + && kk == null) { + mLoadEscrowDataErrorCode = ERROR_KEYSTORE_FAILURE; + return null; + } + // The K_s blob maybe encrypted by K_k as well. RebootEscrowKey key = rebootEscrowProvider.getAndClearRebootEscrowKey(kk); if (key != null) { |