Loading services/core/java/com/android/server/locksettings/RebootEscrowManager.java +9 −6 Original line number Diff line number Diff line Loading @@ -150,6 +150,7 @@ class RebootEscrowManager { private RebootEscrowKey getAndClearRebootEscrowKey() { IRebootEscrow rebootEscrow = mInjector.getRebootEscrow(); if (rebootEscrow == null) { Slog.w(TAG, "Had reboot escrow data for users, but RebootEscrow HAL is unavailable"); return null; } Loading Loading @@ -197,12 +198,13 @@ class RebootEscrowManager { mCallbacks.onRebootEscrowRestored(escrowData.getSpVersion(), escrowData.getSyntheticPassword(), userId); Slog.i(TAG, "Restored reboot escrow data for user " + userId); return true; } catch (IOException e) { Slog.w(TAG, "Could not load reboot escrow data for user " + userId, e); } return false; } } void callToRebootEscrowIfNeeded(@UserIdInt int userId, byte spVersion, byte[] syntheticPassword) { Loading @@ -212,16 +214,13 @@ class RebootEscrowManager { IRebootEscrow rebootEscrow = mInjector.getRebootEscrow(); if (rebootEscrow == null) { mRebootEscrowWanted = false; setRebootEscrowReady(false); Slog.w(TAG, "Reboot escrow requested, but RebootEscrow HAL is unavailable"); return; } RebootEscrowKey escrowKey = generateEscrowKeyIfNeeded(); if (escrowKey == null) { Slog.e(TAG, "Could not generate escrow key"); mRebootEscrowWanted = false; setRebootEscrowReady(false); return; } Loading Loading @@ -250,6 +249,7 @@ class RebootEscrowManager { try { key = RebootEscrowKey.generate(); } catch (IOException e) { Slog.w(TAG, "Could not generate reboot escrow key"); return null; } Loading Loading @@ -286,6 +286,7 @@ class RebootEscrowManager { IRebootEscrow rebootEscrow = mInjector.getRebootEscrow(); if (rebootEscrow == null) { Slog.w(TAG, "Escrow marked as ready, but RebootEscrow HAL is unavailable"); return false; } Loading @@ -295,6 +296,7 @@ class RebootEscrowManager { } if (escrowKey == null) { Slog.e(TAG, "Escrow key is null, but escrow was marked as ready"); return false; } Loading @@ -302,8 +304,9 @@ class RebootEscrowManager { try { rebootEscrow.storeKey(escrowKey.getKeyBytes()); armedRebootEscrow = true; Slog.i(TAG, "Reboot escrow key stored with RebootEscrow HAL"); } catch (RemoteException e) { Slog.w(TAG, "Failed escrow secret to RebootEscrow HAL", e); Slog.e(TAG, "Failed escrow secret to RebootEscrow HAL", e); } return armedRebootEscrow; } Loading services/core/java/com/android/server/recoverysystem/RecoverySystemService.java +11 −8 Original line number Diff line number Diff line Loading @@ -359,11 +359,17 @@ public class RecoverySystemService extends IRecoverySystem.Stub implements Reboo mContext.enforceCallingOrSelfPermission(android.Manifest.permission.RECOVERY, null); if (!mPreparedForReboot) { Slog.i(TAG, "Reboot requested before prepare completed"); return false; } if (updateToken != null && !updateToken.equals(mUnattendedRebootToken)) { Slog.i(TAG, "Reboot requested after preparation, but with mismatching token"); return false; } if (updateToken != null && updateToken.equals(mUnattendedRebootToken)) { if (!mInjector.getLockSettingsService().armRebootEscrow()) { Slog.w(TAG, "Failure to escrow key for reboot"); return false; } Loading @@ -372,9 +378,6 @@ public class RecoverySystemService extends IRecoverySystem.Stub implements Reboo return true; } return false; } /** * Check if any of the init services is still running. If so, we cannot * start a new uncrypt/setup-bcb/clear-bcb service right away; otherwise Loading Loading
services/core/java/com/android/server/locksettings/RebootEscrowManager.java +9 −6 Original line number Diff line number Diff line Loading @@ -150,6 +150,7 @@ class RebootEscrowManager { private RebootEscrowKey getAndClearRebootEscrowKey() { IRebootEscrow rebootEscrow = mInjector.getRebootEscrow(); if (rebootEscrow == null) { Slog.w(TAG, "Had reboot escrow data for users, but RebootEscrow HAL is unavailable"); return null; } Loading Loading @@ -197,12 +198,13 @@ class RebootEscrowManager { mCallbacks.onRebootEscrowRestored(escrowData.getSpVersion(), escrowData.getSyntheticPassword(), userId); Slog.i(TAG, "Restored reboot escrow data for user " + userId); return true; } catch (IOException e) { Slog.w(TAG, "Could not load reboot escrow data for user " + userId, e); } return false; } } void callToRebootEscrowIfNeeded(@UserIdInt int userId, byte spVersion, byte[] syntheticPassword) { Loading @@ -212,16 +214,13 @@ class RebootEscrowManager { IRebootEscrow rebootEscrow = mInjector.getRebootEscrow(); if (rebootEscrow == null) { mRebootEscrowWanted = false; setRebootEscrowReady(false); Slog.w(TAG, "Reboot escrow requested, but RebootEscrow HAL is unavailable"); return; } RebootEscrowKey escrowKey = generateEscrowKeyIfNeeded(); if (escrowKey == null) { Slog.e(TAG, "Could not generate escrow key"); mRebootEscrowWanted = false; setRebootEscrowReady(false); return; } Loading Loading @@ -250,6 +249,7 @@ class RebootEscrowManager { try { key = RebootEscrowKey.generate(); } catch (IOException e) { Slog.w(TAG, "Could not generate reboot escrow key"); return null; } Loading Loading @@ -286,6 +286,7 @@ class RebootEscrowManager { IRebootEscrow rebootEscrow = mInjector.getRebootEscrow(); if (rebootEscrow == null) { Slog.w(TAG, "Escrow marked as ready, but RebootEscrow HAL is unavailable"); return false; } Loading @@ -295,6 +296,7 @@ class RebootEscrowManager { } if (escrowKey == null) { Slog.e(TAG, "Escrow key is null, but escrow was marked as ready"); return false; } Loading @@ -302,8 +304,9 @@ class RebootEscrowManager { try { rebootEscrow.storeKey(escrowKey.getKeyBytes()); armedRebootEscrow = true; Slog.i(TAG, "Reboot escrow key stored with RebootEscrow HAL"); } catch (RemoteException e) { Slog.w(TAG, "Failed escrow secret to RebootEscrow HAL", e); Slog.e(TAG, "Failed escrow secret to RebootEscrow HAL", e); } return armedRebootEscrow; } Loading
services/core/java/com/android/server/recoverysystem/RecoverySystemService.java +11 −8 Original line number Diff line number Diff line Loading @@ -359,11 +359,17 @@ public class RecoverySystemService extends IRecoverySystem.Stub implements Reboo mContext.enforceCallingOrSelfPermission(android.Manifest.permission.RECOVERY, null); if (!mPreparedForReboot) { Slog.i(TAG, "Reboot requested before prepare completed"); return false; } if (updateToken != null && !updateToken.equals(mUnattendedRebootToken)) { Slog.i(TAG, "Reboot requested after preparation, but with mismatching token"); return false; } if (updateToken != null && updateToken.equals(mUnattendedRebootToken)) { if (!mInjector.getLockSettingsService().armRebootEscrow()) { Slog.w(TAG, "Failure to escrow key for reboot"); return false; } Loading @@ -372,9 +378,6 @@ public class RecoverySystemService extends IRecoverySystem.Stub implements Reboo return true; } return false; } /** * Check if any of the init services is still running. If so, we cannot * start a new uncrypt/setup-bcb/clear-bcb service right away; otherwise Loading
