Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 986c5022 authored by Eric Biggers's avatar Eric Biggers
Browse files

SyntheticPasswordCrypto: be less picky about Keystore error codes 

Don't assume that the error code for rollback resistance being
unavailable is actually KM_ERROR_ROLLBACK_RESISTANCE_UNAVAILABLE, as
devices that still use the reference implementation of Keymaster 3 don't
use this error code.

Bug: 232452368
Bug: 239632930
Bug: 251043073
Change-Id: I0574a376a97a204504614ea01b3d197faade8b78
parent 70fea19d

services/core/java/com/android/server/locksettings/SyntheticPasswordCrypto.java

+0 −8
Original line number Diff line number Diff line
@@ -17,7 +17,6 @@ 
package com.android.server.locksettings;



import android.security.AndroidKeyStoreMaintenance;

import android.security.keymaster.KeymasterDefs;

import android.security.keystore.KeyProperties;

import android.security.keystore.KeyProtection;

import android.security.keystore2.AndroidKeyStoreLoadStoreParameter;
@@ -223,13 +222,6 @@ public class SyntheticPasswordCrypto { 
                keyStore.setEntry(protectorKeyAlias, entry, protRollbackResistant);

                Slog.i(TAG, "Using rollback-resistant key");

            } catch (KeyStoreException e) {

                if (!(e.getCause() instanceof android.security.KeyStoreException)) {

                    throw e;

                }

                int errorCode = ((android.security.KeyStoreException) e.getCause()).getErrorCode();

                if (errorCode != KeymasterDefs.KM_ERROR_ROLLBACK_RESISTANCE_UNAVAILABLE) {

                    throw e;

                }

                Slog.w(TAG, "Rollback-resistant keys unavailable.  Falling back to "

                        + "non-rollback-resistant key");

                keyStore.setEntry(protectorKeyAlias, entry, protNonRollbackResistant);