fix soft reboot caused by KeyStore exception

The Mac handle obtained from AndroidKeyStore is sometimes invalidated by
the AndroidKeyStore based on some LRU technique.

This change make sure that we always get a valid handle.
And adds exception handling to make sure a crash will not happen for the
same reason again.

If KeyStore continuously fails to generate MAC address, we will use
locally generated MAC as it is the next best option.

Bug: 146203882
Test: atest FrameworksWifiTests

Merged-In: I8a3b810ba95898a96d81fe57979db4787e1a46c4
Change-Id: I8a3b810ba95898a96d81fe57979db4787e1a46c4
(cherry-picked from e299359a6e6e9e13217862f7f66627eccbff46ce)

2 files changed, 20 insertions, 12 deletions

diff --git a/service/java/com/android/server/wifi/MacAddressUtil.java b/service/java/com/android/server/wifi/MacAddressUtil.java
index effa931a5..4739b6141 100644
--- a/service/java/com/android/server/wifi/MacAddressUtil.java
+++ b/service/java/com/android/server/wifi/MacAddressUtil.java
@@ -62,8 +62,14 @@ public class MacAddressUtil {
         if (config == null || hashFunction == null) {
             return null;
         }
-        byte[] hashedBytes = hashFunction.doFinal(
-                config.getSsidAndSecurityTypeString().getBytes(StandardCharsets.UTF_8));
+        byte[] hashedBytes;
+        try {
+            hashedBytes = hashFunction.doFinal(config.getSsidAndSecurityTypeString()
+                    .getBytes(StandardCharsets.UTF_8));
+        } catch (ProviderException | IllegalStateException e) {
+            Log.e(TAG, "Failure in calculatePersistentMac", e);
+            return null;
+        }
         ByteBuffer bf = ByteBuffer.wrap(hashedBytes);
         long longFromSsid = bf.getLong();
         /**
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index 80b583feb..c617b9e1f 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -76,8 +76,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import javax.crypto.Mac;
-
 /**
  * This class provides the APIs to manage configured Wi-Fi networks.
  * It deals with the following:
@@ -278,7 +276,6 @@ public class WifiConfigManager {
     private final WifiInjector mWifiInjector;
     private final MacAddressUtil mMacAddressUtil;
     private boolean mConnectedMacRandomzationSupported;
-    private Mac mMac;
 
     /**
      * Local log used for debugging any WifiConfigManager issues.
@@ -516,7 +513,18 @@ public class WifiConfigManager {
                 mRandomizedMacAddressMapping.remove(config.getSsidAndSecurityTypeString());
             }
         }
-        return mMacAddressUtil.calculatePersistentMacForConfiguration(config, mMac);
+        MacAddress result = mMacAddressUtil.calculatePersistentMacForConfiguration(
+                config, mMacAddressUtil.obtainMacRandHashFunction(Process.WIFI_UID));
+        if (result == null) {
+            result = mMacAddressUtil.calculatePersistentMacForConfiguration(
+                    config, mMacAddressUtil.obtainMacRandHashFunction(Process.WIFI_UID));
+        }
+        if (result == null) {
+            Log.wtf(TAG, "Failed to generate MAC address from KeyStore even after retrying. "
+                    + "Using locally generated MAC address instead.");
+            result = MacAddress.createRandomUnicastAddress();
+        }
+        return result;
     }
 
     /**
@@ -3146,12 +3154,6 @@ public class WifiConfigManager {
      * @return true on success or not needed (fresh install), false otherwise.
      */
     public boolean loadFromStore() {
-        // Get the hashfunction that is used to generate randomized MACs from the KeyStore
-        mMac = mMacAddressUtil.obtainMacRandHashFunction(Process.WIFI_UID);
-        if (mMac == null) {
-            Log.wtf(TAG, "Failed to obtain secret for MAC randomization."
-                    + " All randomized MAC addresses are lost!");
-        }
         // If the user unlock comes in before we load from store, which means the user store have
         // not been setup yet for the current user. Setup the user store before the read so that
         // configurations for the current user will also being loaded.