Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2b56254 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "LockSettingsService: remove ensureProfileKeystoreUnlocked()"

parents 3f8026ee c0676da2

services/core/java/com/android/server/locksettings/LockSettingsService.java

+2 −24
Original line number Diff line number Diff line
@@ -103,7 +103,6 @@ import android.security.Authorization; 
import android.security.KeyStore;

import android.security.keystore.KeyProperties;

import android.security.keystore.KeyProtection;

import android.security.keystore.UserNotAuthenticatedException;

import android.security.keystore.recovery.KeyChainProtectionParams;

import android.security.keystore.recovery.KeyChainSnapshot;

import android.security.keystore.recovery.RecoveryCertPath;
@@ -788,31 +787,12 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }

    }



    /**

     * Check if profile got unlocked but the keystore is still locked. This happens on full disk

     * encryption devices since the profile may not yet be running when we consider unlocking it

     * during the normal flow. In this case unlock the keystore for the profile.

     */

    private void ensureProfileKeystoreUnlocked(int userId) {

        final KeyStore ks = KeyStore.getInstance();

        if (ks.state(userId) == KeyStore.State.LOCKED

                && isCredentialSharableWithParent(userId)

                && hasUnifiedChallenge(userId)) {

            Slog.i(TAG, "Profile got unlocked, will unlock its keystore");

            // If boot took too long and the password in vold got expired, parent keystore will

            // be still locked, we ignore this case since the user will be prompted to unlock

            // the device after boot.

            unlockChildProfile(userId, true /* ignoreUserNotAuthenticated */);

        }

    }



    private void onUnlockUser(final int userId) {

        // Perform tasks which require locks in LSS on a handler, as we are callbacks from

        // ActivityManager.unlockUser()

        mHandler.post(new Runnable() {

            @Override

            public void run() {

                ensureProfileKeystoreUnlocked(userId);

                // Hide notification first, as tie managed profile lock takes time

                hideEncryptionNotification(new UserHandle(userId));
@@ -1335,7 +1315,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
        return credential;

    }



    private void unlockChildProfile(int profileHandle, boolean ignoreUserNotAuthenticated) {

    private void unlockChildProfile(int profileHandle) {

        try {

            doVerifyCredential(getDecryptedPasswordForTiedProfile(profileHandle),

                    profileHandle, null /* progressCallback */, 0 /* flags */);
@@ -1345,8 +1325,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
                | BadPaddingException | CertificateException | IOException e) {

            if (e instanceof FileNotFoundException) {

                Slog.i(TAG, "Child profile key not found");

            } else if (ignoreUserNotAuthenticated && e instanceof UserNotAuthenticatedException) {

                Slog.i(TAG, "Parent keystore seems locked, ignoring");

            } else {

                Slog.e(TAG, "Failed to decrypt child profile key", e);

            }
@@ -1410,7 +1388,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            if (hasUnifiedChallenge(profile.id)) {

                if (mUserManager.isUserRunning(profile.id)) {

                    // Unlock profile with unified lock

                    unlockChildProfile(profile.id, false /* ignoreUserNotAuthenticated */);

                    unlockChildProfile(profile.id);

                } else {

                    try {

                        // Profile not ready for unlock yet, but decrypt the unified challenge now