2 files changed, 74 insertions, 13 deletions

diff --git a/core/java/android/os/IRecoverySystem.aidl b/core/java/android/os/IRecoverySystem.aidl
index 205288303b1e..9368b68a91c6 100644
--- a/core/java/android/os/IRecoverySystem.aidl
+++ b/core/java/android/os/IRecoverySystem.aidl
@@ -30,6 +30,6 @@ interface IRecoverySystem {
     boolean requestLskf(in String packageName, in IntentSender sender);
     boolean clearLskf(in String packageName);
     boolean isLskfCaptured(in String packageName);
-    boolean rebootWithLskfAssumeSlotSwitch(in String packageName, in String reason);
-    boolean rebootWithLskf(in String packageName, in String reason, in boolean slotSwitch);
+    int rebootWithLskfAssumeSlotSwitch(in String packageName, in String reason);
+    int rebootWithLskf(in String packageName, in String reason, in boolean slotSwitch);
 }
diff --git a/core/java/android/os/RecoverySystem.java b/core/java/android/os/RecoverySystem.java
index 43184ea4b9a9..a42448c261d4 100644
--- a/core/java/android/os/RecoverySystem.java
+++ b/core/java/android/os/RecoverySystem.java
@@ -20,6 +20,7 @@ import static android.view.Display.DEFAULT_DISPLAY;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.RequiresPermission;
@@ -155,6 +156,65 @@ public class RecoverySystem {
     private final IRecoverySystem mService;
 
     /**
+     * The error codes for reboots initiated by resume on reboot clients.
+     *  @hide
+     */
+    @IntDef(prefix = { "RESUME_ON_REBOOT_REBOOT_ERROR_" }, value = {
+            RESUME_ON_REBOOT_REBOOT_ERROR_NONE,
+            RESUME_ON_REBOOT_REBOOT_ERROR_UNSPECIFIED,
+            RESUME_ON_REBOOT_REBOOT_ERROR_INVALID_PACKAGE_NAME,
+            RESUME_ON_REBOOT_REBOOT_ERROR_LSKF_NOT_CAPTURED,
+            RESUME_ON_REBOOT_REBOOT_ERROR_SLOT_MISMATCH,
+            RESUME_ON_REBOOT_REBOOT_ERROR_PROVIDER_PREPARATION_FAILURE})
+    public @interface ResumeOnRebootRebootErrorCode {}
+
+    /**
+     * The preparation of resume on reboot succeeds. Don't expose it because a successful reboot
+     * should just reboot the device.
+     *  @hide
+     */
+    public static final int RESUME_ON_REBOOT_REBOOT_ERROR_NONE = 0;
+
+    /**
+     * The resume on reboot fails due to an unknown reason.
+     *  @hide
+     */
+    @SystemApi
+    public static final int RESUME_ON_REBOOT_REBOOT_ERROR_UNSPECIFIED = 1000;
+
+    /**
+     * The resume on reboot fails because the package name of the client is invalid, e.g. null
+     * packageName, name contains invalid characters, etc.
+     *  @hide
+     */
+    @SystemApi
+    public static final int RESUME_ON_REBOOT_REBOOT_ERROR_INVALID_PACKAGE_NAME = 2000;
+
+    /**
+     * The resume on reboot fails because the Lock Screen Knowledge Factor hasn't been captured.
+     * This error is also reported if the client attempts to reboot without preparing RoR.
+     *  @hide
+     */
+    @SystemApi
+    public static final int RESUME_ON_REBOOT_REBOOT_ERROR_LSKF_NOT_CAPTURED = 3000;
+
+    /**
+     * The resume on reboot fails because the client expects a different boot slot for the next boot
+     * on A/B devices.
+     *  @hide
+     */
+    @SystemApi
+    public static final int RESUME_ON_REBOOT_REBOOT_ERROR_SLOT_MISMATCH = 4000;
+
+    /**
+     * The resume on reboot fails because the resume on reboot provider, e.g. HAL / server based,
+     * fails to arm/store the escrow key.
+     *  @hide
+     */
+    @SystemApi
+    public static final int RESUME_ON_REBOOT_REBOOT_ERROR_PROVIDER_PREPARATION_FAILURE = 5000;
+
+    /**
      * Interface definition for a callback to be invoked regularly as
      * verification proceeds.
      */
@@ -723,7 +783,8 @@ public class RecoverySystem {
         }
         RecoverySystem rs = (RecoverySystem) context.getSystemService(Context.RECOVERY_SERVICE);
         // OTA is the sole user, who expects a slot switch.
-        if (!rs.rebootWithLskfAssumeSlotSwitch(context.getPackageName(), reason)) {
+        if (rs.rebootWithLskfAssumeSlotSwitch(context.getPackageName(), reason)
+                != RESUME_ON_REBOOT_REBOOT_ERROR_NONE) {
             throw new IOException("system not prepared to apply update");
         }
     }
@@ -752,19 +813,19 @@ public class RecoverySystem {
      * @param context the Context to use.
      * @param reason the reboot reason to give to the {@link PowerManager}
      * @param slotSwitch true if the caller expects the slot to be switched on A/B devices.
-     * @throws IOException if the reboot couldn't proceed because the device wasn't ready for an
-     *               unattended reboot.
+     *
+     * @return 0 on success, and a non-zero error code if the reboot couldn't proceed because the
+     *         device wasn't ready for an unattended reboot.
+     * @throws IOException on remote exceptions from the RecoverySystemService
      * @hide
      */
     @SystemApi
     @RequiresPermission(anyOf = {android.Manifest.permission.RECOVERY,
             android.Manifest.permission.REBOOT})
-    public static void rebootAndApply(@NonNull Context context,
+    public static @ResumeOnRebootRebootErrorCode int rebootAndApply(@NonNull Context context,
             @NonNull String reason, boolean slotSwitch) throws IOException {
         RecoverySystem rs = context.getSystemService(RecoverySystem.class);
-        if (!rs.rebootWithLskf(context.getPackageName(), reason, slotSwitch)) {
-            throw new IOException("system not prepared to apply update");
-        }
+        return rs.rebootWithLskf(context.getPackageName(), reason, slotSwitch);
     }
 
     /**
@@ -1399,8 +1460,8 @@ public class RecoverySystem {
      * Calls the recovery system service to reboot and apply update.
      *
      */
-    private boolean rebootWithLskf(String packageName, String reason, boolean slotSwitch)
-            throws IOException {
+    private @ResumeOnRebootRebootErrorCode int rebootWithLskf(String packageName, String reason,
+            boolean slotSwitch) throws IOException {
         try {
             return mService.rebootWithLskf(packageName, reason, slotSwitch);
         } catch (RemoteException e) {
@@ -1414,8 +1475,8 @@ public class RecoverySystem {
      * expects a slot switch for A/B devices.
      *
      */
-    private boolean rebootWithLskfAssumeSlotSwitch(String packageName, String reason)
-            throws IOException {
+    private @ResumeOnRebootRebootErrorCode int rebootWithLskfAssumeSlotSwitch(String packageName,
+            String reason) throws IOException {
         try {
             return mService.rebootWithLskfAssumeSlotSwitch(packageName, reason);
         } catch (RemoteException e) {