Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f9c2ffc authored by Rubin Xu's avatar Rubin Xu
Browse files

Clean up exception usage in LockSettingsService (part 2) 

Replace RuntimeException which cannot propagate across binder
to binder-compatible IllegalStateException/IllegalArgumentException

Bug: 128831839
Test: atest frameworks/base/services/tests/servicestests/src/com/android/server/locksettings
Change-Id: I2e88997acb27a7b97eafa7a7de441ac641544ddd
parent 1b902222

services/core/java/com/android/server/locksettings/LockSettingsService.java

+4 −4
Original line number Diff line number Diff line
@@ -1614,17 +1614,17 @@ public class LockSettingsService extends ILockSettings.Stub { 
        } catch (CertificateException | UnrecoverableKeyException

                | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException

                | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) {

            throw new RuntimeException("Failed to encrypt key", e);

            throw new IllegalStateException("Failed to encrypt key", e);

        }

        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();

        try {

            if (iv.length != PROFILE_KEY_IV_SIZE) {

                throw new RuntimeException("Invalid iv length: " + iv.length);

                throw new IllegalArgumentException("Invalid iv length: " + iv.length);

            }

            outputStream.write(iv);

            outputStream.write(encryptionResult);

        } catch (IOException e) {

            throw new RuntimeException("Failed to concatenate byte arrays", e);

            throw new IllegalStateException("Failed to concatenate byte arrays", e);

        }

        mStorage.writeChildProfileLock(userId, outputStream.toByteArray());

    }
@@ -1692,7 +1692,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            digest.update(credential);

            return digest.digest();

        } catch (NoSuchAlgorithmException e) {

            throw new RuntimeException("NoSuchAlgorithmException for SHA-512");

            throw new IllegalStateException("NoSuchAlgorithmException for SHA-512");

        }

    }

services/core/java/com/android/server/locksettings/LockSettingsStorage.java

+3 −3
Original line number Diff line number Diff line
@@ -140,7 +140,7 @@ class LockSettingsStorage { 
                dos.close();

                return os.toByteArray();

            } catch (IOException e) {

                throw new RuntimeException(e);

                throw new IllegalStateException("Fail to serialze credential hash", e);

            }

        }
@@ -157,7 +157,7 @@ class LockSettingsStorage { 
                }

                return new CredentialHash(hash, type);

            } catch (IOException e) {

                throw new RuntimeException(e);

                throw new IllegalStateException("Fail to deserialze credential hash", e);

            }

        }

    }
@@ -666,7 +666,7 @@ class LockSettingsStorage { 
                dos.writeInt(qualityForUi);

                dos.write(payload);

            } catch (IOException e) {

                throw new RuntimeException("ByteArrayOutputStream cannot throw IOException");

                throw new IllegalStateException("ByteArrayOutputStream cannot throw IOException");

            }

            return os.toByteArray();

        }

services/core/java/com/android/server/locksettings/PasswordSlotManager.java

+2 −2
Original line number Diff line number Diff line
@@ -109,7 +109,7 @@ public class PasswordSlotManager { 
    public void markSlotInUse(int slot) throws RuntimeException {

        ensureSlotMapLoaded();

        if (mSlotMap.containsKey(slot) && !mSlotMap.get(slot).equals(getMode())) {

            throw new RuntimeException("password slot " + slot + " is not available");

            throw new IllegalStateException("password slot " + slot + " is not available");

        }

        mSlotMap.put(slot, getMode());

        saveSlotMap();
@@ -123,7 +123,7 @@ public class PasswordSlotManager { 
    public void markSlotDeleted(int slot) throws RuntimeException {

        ensureSlotMapLoaded();

        if (mSlotMap.containsKey(slot) && !mSlotMap.get(slot).equals(getMode())) {

            throw new RuntimeException("password slot " + slot + " cannot be deleted");

            throw new IllegalStateException("password slot " + slot + " cannot be deleted");

        }

        mSlotMap.remove(slot);

        saveSlotMap();

services/core/java/com/android/server/locksettings/SyntheticPasswordCrypto.java

+15 −13
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ package com.android.server.locksettings; 


import android.security.keystore.KeyProperties;

import android.security.keystore.KeyProtection;

import android.util.Slog;



import java.io.ByteArrayOutputStream;

import java.io.IOException;
@@ -43,6 +44,7 @@ import javax.crypto.spec.GCMParameterSpec; 
import javax.crypto.spec.SecretKeySpec;



public class SyntheticPasswordCrypto {

    private static final String TAG = "SyntheticPasswordCrypto";

    private static final int PROFILE_KEY_IV_SIZE = 12;

    private static final int DEFAULT_TAG_LENGTH_BITS = 128;

    private static final int AES_KEY_LENGTH = 32; // 256-bit AES key
@@ -80,12 +82,12 @@ public class SyntheticPasswordCrypto { 
        byte[] ciphertext = cipher.doFinal(blob);

        byte[] iv = cipher.getIV();

        if (iv.length != PROFILE_KEY_IV_SIZE) {

            throw new RuntimeException("Invalid iv length: " + iv.length);

            throw new IllegalArgumentException("Invalid iv length: " + iv.length);

        }

        final GCMParameterSpec spec = cipher.getParameters().getParameterSpec(

                GCMParameterSpec.class);

        if (spec.getTLen() != DEFAULT_TAG_LENGTH_BITS) {

            throw new RuntimeException("Invalid tag length: " + spec.getTLen());

            throw new IllegalArgumentException("Invalid tag length: " + spec.getTLen());

        }

        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();

        outputStream.write(iv);
@@ -102,7 +104,7 @@ public class SyntheticPasswordCrypto { 
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException

                | IllegalBlockSizeException | BadPaddingException | IOException

                | InvalidParameterSpecException e) {

            e.printStackTrace();

            Slog.e(TAG, "Failed to encrypt", e);

            return null;

        }

    }
@@ -116,7 +118,7 @@ public class SyntheticPasswordCrypto { 
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException

                | IllegalBlockSizeException | BadPaddingException

                | InvalidAlgorithmParameterException e) {

            e.printStackTrace();

            Slog.e(TAG, "Failed to decrypt", e);

            return null;

        }

    }
@@ -130,8 +132,8 @@ public class SyntheticPasswordCrypto { 
            byte[] intermediate = decrypt(applicationId, APPLICATION_ID_PERSONALIZATION, blob);

            return decrypt(decryptionKey, intermediate);

        } catch (Exception e) {

            e.printStackTrace();

            throw new RuntimeException("Failed to decrypt blob", e);

            Slog.e(TAG, "Failed to decrypt V1 blob", e);

            throw new IllegalStateException("Failed to decrypt blob", e);

        }

    }
@@ -148,8 +150,8 @@ public class SyntheticPasswordCrypto { 
                | KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException

                | InvalidKeyException | UnrecoverableKeyException

                | InvalidAlgorithmParameterException e) {

            e.printStackTrace();

            throw new RuntimeException("Failed to decrypt blob", e);

            Slog.e(TAG, "Failed to decrypt blob", e);

            throw new IllegalStateException("Failed to decrypt blob", e);

        }

    }
@@ -180,8 +182,8 @@ public class SyntheticPasswordCrypto { 
                | KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException

                | InvalidKeyException

                | InvalidParameterSpecException e) {

            e.printStackTrace();

            throw new RuntimeException("Failed to encrypt blob", e);

            Slog.e(TAG, "Failed to create blob", e);

            throw new IllegalStateException("Failed to encrypt blob", e);

        }

    }
@@ -193,7 +195,7 @@ public class SyntheticPasswordCrypto { 
            keyStore.deleteEntry(keyAlias);

        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException

                | IOException e) {

            e.printStackTrace();

            Slog.e(TAG, "Failed to destroy blob", e);

        }

    }
@@ -202,7 +204,7 @@ public class SyntheticPasswordCrypto { 
            final int PADDING_LENGTH = 128;

            MessageDigest digest = MessageDigest.getInstance("SHA-512");

            if (personalisation.length > PADDING_LENGTH) {

                throw new RuntimeException("Personalisation too long");

                throw new IllegalArgumentException("Personalisation too long");

            }

            // Personalize the hash

            // Pad it to the block size of the hash function
@@ -213,7 +215,7 @@ public class SyntheticPasswordCrypto { 
            }

            return digest.digest();

        } catch (NoSuchAlgorithmException e) {

            throw new RuntimeException("NoSuchAlgorithmException for SHA-512", e);

            throw new IllegalStateException("NoSuchAlgorithmException for SHA-512", e);

        }

    }

}

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+8 −8
Original line number Diff line number Diff line
@@ -353,12 +353,12 @@ public class SyntheticPasswordManager { 
     */

    private byte[] weaverEnroll(int slot, byte[] key, @Nullable byte[] value) {

        if (slot == INVALID_WEAVER_SLOT || slot >= mWeaverConfig.slots) {

            throw new RuntimeException("Invalid slot for weaver");

            throw new IllegalArgumentException("Invalid slot for weaver");

        }

        if (key == null) {

            key = new byte[mWeaverConfig.keySize];

        } else if (key.length != mWeaverConfig.keySize) {

            throw new RuntimeException("Invalid key size for weaver");

            throw new IllegalArgumentException("Invalid key size for weaver");

        }

        if (value == null) {

            value = secureRandom(mWeaverConfig.valueSize);
@@ -383,12 +383,12 @@ public class SyntheticPasswordManager { 
     */

    private VerifyCredentialResponse weaverVerify(int slot, byte[] key) {

        if (slot == INVALID_WEAVER_SLOT || slot >= mWeaverConfig.slots) {

            throw new RuntimeException("Invalid slot for weaver");

            throw new IllegalArgumentException("Invalid slot for weaver");

        }

        if (key == null) {

            key = new byte[mWeaverConfig.keySize];

        } else if (key.length != mWeaverConfig.keySize) {

            throw new RuntimeException("Invalid key size for weaver");

            throw new IllegalArgumentException("Invalid key size for weaver");

        }

        final VerifyCredentialResponse[] response = new VerifyCredentialResponse[1];

        try {
@@ -620,7 +620,7 @@ public class SyntheticPasswordManager { 
                return i;

            }

        }

        throw new RuntimeException("Run out of weaver slots.");

        throw new IllegalStateException("Run out of weaver slots.");

    }



    /**
@@ -1029,10 +1029,10 @@ public class SyntheticPasswordManager { 
        if (version != SYNTHETIC_PASSWORD_VERSION_V3

                && version != SYNTHETIC_PASSWORD_VERSION_V2

                && version != SYNTHETIC_PASSWORD_VERSION_V1) {

            throw new RuntimeException("Unknown blob version");

            throw new IllegalArgumentException("Unknown blob version");

        }

        if (blob[1] != type) {

            throw new RuntimeException("Invalid blob type");

            throw new IllegalArgumentException("Invalid blob type");

        }

        final byte[] secret;

        if (version == SYNTHETIC_PASSWORD_VERSION_V1) {
@@ -1237,7 +1237,7 @@ public class SyntheticPasswordManager { 
    private byte[] passwordTokenToWeaverKey(byte[] token) {

        byte[] key = SyntheticPasswordCrypto.personalisedHash(PERSONALISATION_WEAVER_KEY, token);

        if (key.length < mWeaverConfig.keySize) {

            throw new RuntimeException("weaver key length too small");

            throw new IllegalArgumentException("weaver key length too small");

        }

        return Arrays.copyOf(key, mWeaverConfig.keySize);

    }