commit 5cdc8a48e84483603e77679ad1b20b028cba0082
author Tianjie <xunchang@google.com> Tue Mar 23 15:10:00 2021 -0700
committer Tianjie <xunchang@google.com> Mon Mar 29 14:36:04 2021 -0700
tree e38fc02342d86ee25a554cf6c40823409490d98d
parent d7858116cae4eb2e5685649fff790db8c2552baf

Catch security exceptions in RoR APIs

The security exceptions in RoR API caused the OTA reboot to stuck.
Since the error isn't related to the input of clients and clients
already have a fallback path; catch and and rethrow the security
exception as an IOException.

Bug: 183475757
Test: OTA falls back to normal reboot upon security exceptions
Change-Id: I359f2f85bd1f0f8734011aa2db24dd7abe0aaa03

core/java/android/os/RecoverySystem.java

diff --git a/core/java/android/os/RecoverySystem.java b/core/java/android/os/RecoverySystem.java
index 43184ea..857a4c3 100644
--- a/core/java/android/os/RecoverySystem.java
+++ b/core/java/android/os/RecoverySystem.java
@@ -1361,8 +1361,8 @@
     private boolean requestLskf(String packageName, IntentSender sender) throws IOException {
         try {
             return mService.requestLskf(packageName, sender);
-        } catch (RemoteException e) {
-            throw new IOException("could request LSKF capture");
+        } catch (RemoteException | SecurityException e) {
+            throw new IOException("could not request LSKF capture", e);
         }
     }
 
@@ -1375,8 +1375,8 @@
     private boolean clearLskf(String packageName) throws IOException {
         try {
             return mService.clearLskf(packageName);
-        } catch (RemoteException e) {
-            throw new IOException("could not clear LSKF");
+        } catch (RemoteException | SecurityException e) {
+            throw new IOException("could not clear LSKF", e);
         }
     }
 
@@ -1390,8 +1390,8 @@
     private boolean isLskfCaptured(String packageName) throws IOException {
         try {
             return mService.isLskfCaptured(packageName);
-        } catch (RemoteException e) {
-            throw new IOException("could not get LSKF capture state");
+        } catch (RemoteException | SecurityException e) {
+            throw new IOException("could not get LSKF capture state", e);
         }
     }
 
@@ -1403,12 +1403,11 @@
             throws IOException {
         try {
             return mService.rebootWithLskf(packageName, reason, slotSwitch);
-        } catch (RemoteException e) {
-            throw new IOException("could not reboot for update");
+        } catch (RemoteException | SecurityException e) {
+            throw new IOException("could not reboot for update", e);
         }
     }
 
-
     /**
      * Calls the recovery system service to reboot and apply update. This is the legacy API and
      * expects a slot switch for A/B devices.
@@ -1418,8 +1417,8 @@
             throws IOException {
         try {
             return mService.rebootWithLskfAssumeSlotSwitch(packageName, reason);
-        } catch (RemoteException e) {
-            throw new IOException("could not reboot for update");
+        } catch (RemoteException | RuntimeException e) {
+            throw new IOException("could not reboot for update", e);
         }
     }