locksettings: Don't use AIDL V1 weaver
V1 and V2 reports IWeaver.read() errors differently.
V1 throws ServiceSpecificException wrapping an error code.
V2 returns the error code in the output parcel.
The current client code expects the weaver HAL to be V2 or newer,
however it doesn't check if the actual service version is V2 or not.
If the service is V1, then IWeaver.read() errors would become
unhandled exception, crashing the system_server.
Since Weaver AIDL V1 is broken and should never be used, don't use
Weaver AIDL V1 services. This fixes a regression in Android 14 where
AIDL V1 started being used when available.
Bug: 296984182
Bug: 296512452
Test: Boot on old (tm) vendor
Change-Id: I32306fb8473c655e68d89d63a1e4f00c8bb5d61f
diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
index d700c6a..8e9c21f 100644
--- a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
+++ b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
@@ -77,7 +77,6 @@
import java.util.Objects;
import java.util.Set;
-
/**
* A class that manages a user's synthetic password (SP) ({@link #SyntheticPassword}), along with a
* set of SP protectors that are independent ways that the SP is protected.
@@ -552,22 +551,48 @@
}
}
- private @Nullable IWeaver getWeaverServiceInternal() {
- // Try to get the AIDL service first
+ private @Nullable IWeaver getWeaverAidlService() {
+ final IWeaver aidlWeaver;
try {
- IWeaver aidlWeaver = IWeaver.Stub.asInterface(
- ServiceManager.waitForDeclaredService(IWeaver.DESCRIPTOR + "/default"));
- if (aidlWeaver != null) {
- Slog.i(TAG, "Using AIDL weaver service");
- try {
- aidlWeaver.asBinder().linkToDeath(new WeaverDiedRecipient(), 0);
- } catch (RemoteException e) {
- Slog.w(TAG, "Unable to register Weaver death recipient", e);
- }
- return aidlWeaver;
- }
+ aidlWeaver =
+ IWeaver.Stub.asInterface(
+ ServiceManager.waitForDeclaredService(IWeaver.DESCRIPTOR + "/default"));
} catch (SecurityException e) {
Slog.w(TAG, "Does not have permissions to get AIDL weaver service");
+ return null;
+ }
+ if (aidlWeaver == null) {
+ return null;
+ }
+ final int aidlVersion;
+ try {
+ aidlVersion = aidlWeaver.getInterfaceVersion();
+ } catch (RemoteException e) {
+ Slog.e(TAG, "Cannot get AIDL weaver service version", e);
+ return null;
+ }
+ if (aidlVersion < 2) {
+ Slog.w(TAG,
+ "Ignoring AIDL weaver service v"
+ + aidlVersion
+ + " because only v2 and later are supported");
+ return null;
+ }
+ Slog.i(TAG, "Found AIDL weaver service v" + aidlVersion);
+ return aidlWeaver;
+ }
+
+ private @Nullable IWeaver getWeaverServiceInternal() {
+ // Try to get the AIDL service first
+ IWeaver aidlWeaver = getWeaverAidlService();
+ if (aidlWeaver != null) {
+ Slog.i(TAG, "Using AIDL weaver service");
+ try {
+ aidlWeaver.asBinder().linkToDeath(new WeaverDiedRecipient(), 0);
+ } catch (RemoteException e) {
+ Slog.w(TAG, "Unable to register Weaver death recipient", e);
+ }
+ return aidlWeaver;
}
// If the AIDL service can't be found, look for the HIDL service