From 5cdc8a48e84483603e77679ad1b20b028cba0082 Mon Sep 17 00:00:00 2001
From: Tianjie <xunchang@google.com>
Date: Tue, 23 Mar 2021 15:10:00 -0700
Subject: Catch security exceptions in RoR APIs

The security exceptions in RoR API caused the OTA reboot to stuck.
Since the error isn't related to the input of clients and clients
already have a fallback path; catch and and rethrow the security
exception as an IOException.

Bug: 183475757
Test: OTA falls back to normal reboot upon security exceptions
Change-Id: I359f2f85bd1f0f8734011aa2db24dd7abe0aaa03
---
 core/java/android/os/RecoverySystem.java | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

(limited to 'core/java/android/os/RecoverySystem.java')

diff --git a/core/java/android/os/RecoverySystem.java b/core/java/android/os/RecoverySystem.java
index 43184ea4b9a9..857a4c3f8fa5 100644
--- a/core/java/android/os/RecoverySystem.java
+++ b/core/java/android/os/RecoverySystem.java
@@ -1361,8 +1361,8 @@ public class RecoverySystem {
     private boolean requestLskf(String packageName, IntentSender sender) throws IOException {
         try {
             return mService.requestLskf(packageName, sender);
-        } catch (RemoteException e) {
-            throw new IOException("could request LSKF capture");
+        } catch (RemoteException | SecurityException e) {
+            throw new IOException("could not request LSKF capture", e);
         }
     }
 
@@ -1375,8 +1375,8 @@ public class RecoverySystem {
     private boolean clearLskf(String packageName) throws IOException {
         try {
             return mService.clearLskf(packageName);
-        } catch (RemoteException e) {
-            throw new IOException("could not clear LSKF");
+        } catch (RemoteException | SecurityException e) {
+            throw new IOException("could not clear LSKF", e);
         }
     }
 
@@ -1390,8 +1390,8 @@ public class RecoverySystem {
     private boolean isLskfCaptured(String packageName) throws IOException {
         try {
             return mService.isLskfCaptured(packageName);
-        } catch (RemoteException e) {
-            throw new IOException("could not get LSKF capture state");
+        } catch (RemoteException | SecurityException e) {
+            throw new IOException("could not get LSKF capture state", e);
         }
     }
 
@@ -1403,12 +1403,11 @@ public class RecoverySystem {
             throws IOException {
         try {
             return mService.rebootWithLskf(packageName, reason, slotSwitch);
-        } catch (RemoteException e) {
-            throw new IOException("could not reboot for update");
+        } catch (RemoteException | SecurityException e) {
+            throw new IOException("could not reboot for update", e);
         }
     }
 
-
     /**
      * Calls the recovery system service to reboot and apply update. This is the legacy API and
      * expects a slot switch for A/B devices.
@@ -1418,8 +1417,8 @@ public class RecoverySystem {
             throws IOException {
         try {
             return mService.rebootWithLskfAssumeSlotSwitch(packageName, reason);
-        } catch (RemoteException e) {
-            throw new IOException("could not reboot for update");
+        } catch (RemoteException | RuntimeException e) {
+            throw new IOException("could not reboot for update", e);
         }
     }
 
-- 
cgit v1.2.3