From 1a04e5234aa372061f26ce602995814c2fb5dfc4 Mon Sep 17 00:00:00 2001 From: Tianjie Date: Fri, 19 Mar 2021 23:45:59 -0700 Subject: Add a specific error code for keystore failure Because of the keystore 2.0 migration, we expect to see one time RoR failures in S build. Add an error code to distinguish the case. Bug: 183140900 Test: atest FrameworksServicesTests:RebootEscrowManagerTests Change-Id: Ieeb0ebef570cb7392f6ac47d2ad918da64869712 --- .../com/android/server/locksettings/RebootEscrowManager.java | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'services') diff --git a/services/core/java/com/android/server/locksettings/RebootEscrowManager.java b/services/core/java/com/android/server/locksettings/RebootEscrowManager.java index 6ffcb811ae1d..76ecc1acc7ac 100644 --- a/services/core/java/com/android/server/locksettings/RebootEscrowManager.java +++ b/services/core/java/com/android/server/locksettings/RebootEscrowManager.java @@ -115,6 +115,7 @@ class RebootEscrowManager { ERROR_RETRY_COUNT_EXHAUSTED, ERROR_UNLOCK_ALL_USERS, ERROR_PROVIDER_MISMATCH, + ERROR_KEYSTORE_FAILURE, }) @Retention(RetentionPolicy.SOURCE) @interface RebootEscrowErrorCode { @@ -127,6 +128,7 @@ class RebootEscrowManager { static final int ERROR_RETRY_COUNT_EXHAUSTED = 4; static final int ERROR_UNLOCK_ALL_USERS = 5; static final int ERROR_PROVIDER_MISMATCH = 6; + static final int ERROR_KEYSTORE_FAILURE = 7; private @RebootEscrowErrorCode int mLoadEscrowDataErrorCode = ERROR_NONE; @@ -474,6 +476,13 @@ class RebootEscrowManager { return null; } + // Server based RoR always need the decryption key from keystore. + if (rebootEscrowProvider.getType() == RebootEscrowProviderInterface.TYPE_SERVER_BASED + && kk == null) { + mLoadEscrowDataErrorCode = ERROR_KEYSTORE_FAILURE; + return null; + } + // The K_s blob maybe encrypted by K_k as well. RebootEscrowKey key = rebootEscrowProvider.getAndClearRebootEscrowKey(kk); if (key != null) { -- cgit v1.2.3