Merge "RebootEscrowManager: service-specific exceptions" into rvc-dev am: 26bc02ad4d am: 4ec759369e (2d9c53ea) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/RebootEscrowManager.java

+6 −2

Original line number	Diff line number	Diff line
		@@ -26,6 +26,7 @@ import android.content.pm.UserInfo;
		import android.hardware.rebootescrow.IRebootEscrow;
		import android.os.RemoteException;
		import android.os.ServiceManager;
		import android.os.ServiceSpecificException;
		import android.os.SystemClock;
		import android.os.UserManager;
		import android.provider.Settings;
		@@ -244,6 +245,9 @@ class RebootEscrowManager {
		} catch (RemoteException e) {
		Slog.w(TAG, "Could not retrieve escrow data");
		return null;
		} catch (ServiceSpecificException e) {
		Slog.w(TAG, "Got service-specific exception: " + e.errorCode);
		return null;
		}
		}

		@@ -335,7 +339,7 @@ class RebootEscrowManager {

		try {
		rebootEscrow.storeKey(new byte[32]);
		} catch (RemoteException e) {
		} catch (RemoteException \| ServiceSpecificException e) {
		Slog.w(TAG, "Could not call RebootEscrow HAL to shred key");
		}

		@@ -373,7 +377,7 @@ class RebootEscrowManager {
		rebootEscrow.storeKey(escrowKey.getKeyBytes());
		armedRebootEscrow = true;
		Slog.i(TAG, "Reboot escrow key stored with RebootEscrow HAL");
		} catch (RemoteException e) {
		} catch (RemoteException \| ServiceSpecificException e) {
		Slog.e(TAG, "Failed escrow secret to RebootEscrow HAL", e);
		}

services/tests/servicestests/src/com/android/server/locksettings/RebootEscrowManagerTests.java

+26 −0

Original line number	Diff line number	Diff line
		@@ -43,6 +43,7 @@ import android.content.ContextWrapper;
		import android.content.pm.UserInfo;
		import android.hardware.rebootescrow.IRebootEscrow;
		import android.os.RemoteException;
		import android.os.ServiceSpecificException;
		import android.os.UserManager;
		import android.platform.test.annotations.Presubmit;

		@@ -177,6 +178,13 @@ public class RebootEscrowManagerTests {
		verify(mRebootEscrow).storeKey(eq(new byte[32]));
		}

		@Test
		public void clearCredentials_HalFailure_NonFatal() throws Exception {
		doThrow(ServiceSpecificException.class).when(mRebootEscrow).storeKey(any());
		mService.clearRebootEscrow();
		verify(mRebootEscrow).storeKey(eq(new byte[32]));
		}

		@Test
		public void armService_Success() throws Exception {
		RebootEscrowListener mockListener = mock(RebootEscrowListener.class);
		@@ -199,6 +207,24 @@ public class RebootEscrowManagerTests {
		assertFalse(mStorage.hasRebootEscrow(NONSECURE_SECONDARY_USER_ID));
		}

		@Test
		public void armService_HalFailure_NonFatal() throws Exception {
		RebootEscrowListener mockListener = mock(RebootEscrowListener.class);
		mService.setRebootEscrowListener(mockListener);
		mService.prepareRebootEscrow();

		clearInvocations(mRebootEscrow);
		mService.callToRebootEscrowIfNeeded(PRIMARY_USER_ID, FAKE_SP_VERSION, FAKE_AUTH_TOKEN);
		verify(mockListener).onPreparedForReboot(eq(true));
		verify(mRebootEscrow, never()).storeKey(any());

		assertNull(
		mStorage.getString(RebootEscrowManager.REBOOT_ESCROW_ARMED_KEY, null, USER_SYSTEM));
		doThrow(ServiceSpecificException.class).when(mRebootEscrow).storeKey(any());
		assertFalse(mService.armRebootEscrowIfNeeded());
		verify(mRebootEscrow).storeKey(any());
		}

		@Test
		public void armService_MultipleUsers_Success() throws Exception {
		RebootEscrowListener mockListener = mock(RebootEscrowListener.class);