diff options
| author | 2016-11-22 17:51:57 +0000 | |
|---|---|---|
| committer | 2016-11-22 17:51:59 +0000 | |
| commit | d427da8a2427a2ff7bb8f653f8b69647a5e1e940 (patch) | |
| tree | ba6914f80af2c4d8889d23aeee73e163a8fb38a9 | |
| parent | 97be8864e5b2029e96da47db5893aaafbeb5f0cd (diff) | |
| parent | e61672ab087df4857a4f0923258b945800046589 (diff) | |
Merge "Revert "Catch KeyStoreException for setting profile lock"" into nyc-mr1-dev
| -rw-r--r-- | services/core/java/com/android/server/LockSettingsService.java | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index 846551f7f119..a91e2053c01d 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -245,16 +245,13 @@ public class LockSettingsService extends ILockSettings.Stub { try { randomLockSeed = SecureRandom.getInstance("SHA1PRNG").generateSeed(40); String newPassword = String.valueOf(HexEncoding.encode(randomLockSeed)); - tieProfileLockToParent(managedUserId, newPassword); setLockPasswordInternal(newPassword, managedUserPassword, managedUserId); // We store a private credential for the managed user that's unlocked by the primary // account holder's credential. As such, the user will never be prompted to enter this // password directly, so we always store a password. setLong(LockPatternUtils.PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC, managedUserId); - } catch (KeyStoreException e) { - // Bug: 32490092 - Slog.e(TAG, "Not able to set keys to keystore", e); + tieProfileLockToParent(managedUserId, newPassword); } catch (NoSuchAlgorithmException | RemoteException e) { Slog.e(TAG, "Fail to tie managed profile", e); // Nothing client can do to fix this issue, so we do not throw exception out @@ -761,7 +758,6 @@ public class LockSettingsService extends ILockSettings.Stub { } private void unlockChildProfile(int profileHandle) throws RemoteException { - if (DEBUG) Slog.v(TAG, "Unlock child profile"); try { doVerifyPassword(getDecryptedPasswordForTiedProfile(profileHandle), false, 0 /* no challenge */, profileHandle, null /* progressCallback */); @@ -1021,7 +1017,7 @@ public class LockSettingsService extends ILockSettings.Stub { } } - private void tieProfileLockToParent(int userId, String password) throws KeyStoreException { + private void tieProfileLockToParent(int userId, String password) { if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId); byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8); byte[] encryptionResult; @@ -1063,7 +1059,7 @@ public class LockSettingsService extends ILockSettings.Stub { keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId); } } catch (CertificateException | UnrecoverableKeyException - | IOException | BadPaddingException | IllegalBlockSizeException + | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { throw new RuntimeException("Failed to encrypt key", e); } @@ -1205,11 +1201,7 @@ public class LockSettingsService extends ILockSettings.Stub { } finally { if (managedUserId != -1 && managedUserDecryptedPassword != null) { if (DEBUG) Slog.v(TAG, "Restore tied profile lock"); - try { - tieProfileLockToParent(managedUserId, managedUserDecryptedPassword); - } catch (KeyStoreException e) { - throw new RuntimeException("Failed to tie profile lock", e); - } + tieProfileLockToParent(managedUserId, managedUserDecryptedPassword); } } } |