Check for secdiscardable file missing

When trying to unlock a synthetic password protector whose
"secdiscardable" file has gone missing, return an error instead of
throwing a NullPointerException that crashes system_server.

Note, this scenario is not supposed to ever happen, and if it does there
is still no way to unlock the protector.  This change is merely a
robustness improvement to avoid unnecessarily crashing system_server,
not a fix for any actual underlying issue.

Bug: 269567270
Change-Id: If80fef0292d98ac3d53f7c4685afcaf742bbff2e
Merged-In: If80fef0292d98ac3d53f7c4685afcaf742bbff2e
(cherry picked from commit be9e388172d5bf1d90b968f561c05c1e32e4e991)

1 files changed, 12 insertions, 2 deletions

diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
index dee26e382cec..e592a2207095 100644
--- a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
+++ b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
@@ -1245,8 +1245,13 @@ class SyntheticPasswordManager {
                 }
                 sid = sidFromPasswordHandle(pwd.passwordHandle);
             }
-            protectorSecret = transformUnderSecdiscardable(stretchedLskf,
-                    loadSecdiscardable(protectorId, userId));
+            byte[] secdiscardable = loadSecdiscardable(protectorId, userId);
+            if (secdiscardable == null) {
+                Slog.e(TAG, "secdiscardable file not found");
+                result.gkResponse = VerifyCredentialResponse.ERROR;
+                return result;
+            }
+            protectorSecret = transformUnderSecdiscardable(stretchedLskf, secdiscardable);
         }
         // Supplied credential passes first stage weaver/gatekeeper check so it should be correct.
         // Notify the callback so the keyguard UI can proceed immediately.
@@ -1311,6 +1316,11 @@ class SyntheticPasswordManager {
             byte[] token, int userId) {
         AuthenticationResult result = new AuthenticationResult();
         byte[] secdiscardable = loadSecdiscardable(protectorId, userId);
+        if (secdiscardable == null) {
+            Slog.e(TAG, "secdiscardable file not found");
+            result.gkResponse = VerifyCredentialResponse.ERROR;
+            return result;
+        }
         int slotId = loadWeaverSlot(protectorId, userId);
         if (slotId != INVALID_WEAVER_SLOT) {
             if (!isWeaverAvailable()) {