Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / 3e7585ed184e3e21f0b96b8f3149fa07d1657691^1..3e7585ed184e3e21f0b96b8f3149fa07d1657691 / .
commit3e7585ed184e3e21f0b96b8f3149fa07d1657691[log] [tgz]
authorEric Biggers <ebiggers@google.com>Thu Feb 23 18:24:21 2023 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Thu Feb 23 18:24:21 2023 +0000
treea9f5cd04a1fc25673cb0d929f5f71ba32a8e740a
parent697a395a3ce225f1ad6c27eb5f8458f3bccac2b5 [diff]
parent174f792e60a24f21371d4536c600f793e3ce3bb5 [diff]
Merge "Check for secdiscardable file missing" into udc-dev
diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
index dee26e38..e592a22 100644
--- a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
+++ b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

@@ -1245,8 +1245,13 @@
                 }
                 sid = sidFromPasswordHandle(pwd.passwordHandle);
             }
-            protectorSecret = transformUnderSecdiscardable(stretchedLskf,
-                    loadSecdiscardable(protectorId, userId));
+            byte[] secdiscardable = loadSecdiscardable(protectorId, userId);
+            if (secdiscardable == null) {
+                Slog.e(TAG, "secdiscardable file not found");
+                result.gkResponse = VerifyCredentialResponse.ERROR;
+                return result;
+            }
+            protectorSecret = transformUnderSecdiscardable(stretchedLskf, secdiscardable);
         }
         // Supplied credential passes first stage weaver/gatekeeper check so it should be correct.
         // Notify the callback so the keyguard UI can proceed immediately.
@@ -1311,6 +1316,11 @@
             byte[] token, int userId) {
         AuthenticationResult result = new AuthenticationResult();
         byte[] secdiscardable = loadSecdiscardable(protectorId, userId);
+        if (secdiscardable == null) {
+            Slog.e(TAG, "secdiscardable file not found");
+            result.gkResponse = VerifyCredentialResponse.ERROR;
+            return result;
+        }
         int slotId = loadWeaverSlot(protectorId, userId);
         if (slotId != INVALID_WEAVER_SLOT) {
             if (!isWeaverAvailable()) {