commit fe3b0b2cc171b9278ca41b4544daae7b81e3e8b3
author Zach Jang <zachjang@google.com> Tue Nov 22 17:58:58 2016 +0000
committer android-build-merger <android-build-merger@google.com> Tue Nov 22 17:58:58 2016 +0000
tree faf96a0f1d32a77f1a3fade89e3854bb31b063f0
parent f9154e923b35fe95a3a982555a269a50124ebbcd
parent e61672ab087df4857a4f0923258b945800046589

Revert "Catch KeyStoreException for setting profile lock"
am: e61672ab08

Change-Id: Ie1a720181bf542bbf213af8b6b83eff0ecd84a98

services/core/java/com/android/server/LockSettingsService.java

diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index a4430ea..ae5ed6b 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -245,16 +245,13 @@
         try {
             randomLockSeed = SecureRandom.getInstance("SHA1PRNG").generateSeed(40);
             String newPassword = String.valueOf(HexEncoding.encode(randomLockSeed));
-            tieProfileLockToParent(managedUserId, newPassword);
             setLockPasswordInternal(newPassword, managedUserPassword, managedUserId);
             // We store a private credential for the managed user that's unlocked by the primary
             // account holder's credential. As such, the user will never be prompted to enter this
             // password directly, so we always store a password.
             setLong(LockPatternUtils.PASSWORD_TYPE_KEY,
                     DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC, managedUserId);
-        } catch (KeyStoreException e) {
-            // Bug: 32490092
-            Slog.e(TAG, "Not able to set keys to keystore", e);
+            tieProfileLockToParent(managedUserId, newPassword);
         } catch (NoSuchAlgorithmException | RemoteException e) {
             Slog.e(TAG, "Fail to tie managed profile", e);
             // Nothing client can do to fix this issue, so we do not throw exception out
@@ -775,7 +772,6 @@
     }
 
     private void unlockChildProfile(int profileHandle) throws RemoteException {
-        if (DEBUG) Slog.v(TAG, "Unlock child profile");
         try {
             doVerifyPassword(getDecryptedPasswordForTiedProfile(profileHandle), false,
                     0 /* no challenge */, profileHandle, null /* progressCallback */);
@@ -1035,7 +1031,7 @@
         }
     }
 
-    private void tieProfileLockToParent(int userId, String password) throws KeyStoreException {
+    private void tieProfileLockToParent(int userId, String password) {
         if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId);
         byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8);
         byte[] encryptionResult;
@@ -1077,7 +1073,7 @@
                 keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId);
             }
         } catch (CertificateException | UnrecoverableKeyException
-                | IOException | BadPaddingException | IllegalBlockSizeException
+                | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException
                 | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) {
             throw new RuntimeException("Failed to encrypt key", e);
         }
@@ -1219,11 +1215,7 @@
         } finally {
             if (managedUserId != -1 && managedUserDecryptedPassword != null) {
                 if (DEBUG) Slog.v(TAG, "Restore tied profile lock");
-                try {
-                    tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
-                } catch (KeyStoreException e) {
-                    throw new RuntimeException("Failed to tie profile lock", e);
-                }
+                tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
             }
         }
     }