Do not throw an exception if there's no application key to be decrypted (ae0682df) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -655,7 +655,7 @@ public class RecoverableKeyStoreManager {
		// Ignore the exception to continue to recover the other application keys.
		}
		}
		if (keyMaterialByAlias.isEmpty()) {
		if (!applicationKeys.isEmpty() && keyMaterialByAlias.isEmpty()) {
		Log.e(TAG, "Failed to recover any of the application keys.");
		throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED,
		"Failed to recover any of the application keys.");

+24 −0

Original line number	Diff line number	Diff line
		@@ -502,6 +502,30 @@ public class RecoverableKeyStoreManagerTest {
		}
		}

		@Test
		public void recoverKeys_doesNotThrowIfNoApplicationKeysToBeDecrypted() throws Exception {
		mRecoverableKeyStoreManager.startRecoverySession(
		TEST_SESSION_ID,
		TEST_PUBLIC_KEY,
		TEST_VAULT_PARAMS,
		TEST_VAULT_CHALLENGE,
		ImmutableList.of(new KeyChainProtectionParams(
		TYPE_LOCKSCREEN,
		UI_FORMAT_PASSWORD,
		KeyDerivationParams.createSha256Params(TEST_SALT),
		TEST_SECRET)));
		byte[] keyClaimant = mRecoverySessionStorage.get(Binder.getCallingUid(), TEST_SESSION_ID)
		.getKeyClaimant();
		SecretKey recoveryKey = randomRecoveryKey();
		byte[] encryptedClaimResponse = encryptClaimResponse(
		keyClaimant, TEST_SECRET, TEST_VAULT_PARAMS, recoveryKey);

		mRecoverableKeyStoreManager.recoverKeys(
		TEST_SESSION_ID,
		/encryptedRecoveryKey=/ encryptedClaimResponse,
		/applicationKeys=/ ImmutableList.of());
		}

		@Test
		public void recoverKeys_returnsDecryptedKeys() throws Exception {
		mRecoverableKeyStoreManager.startRecoverySession(