Stop trying to update FDE password from LockSettingsService (031a23fa) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/widget/ILockSettings.aidl

+0 −1

Original line number	Diff line number	Diff line
		@@ -97,7 +97,6 @@ interface ILockSettings {
		boolean hasSecureLockScreen();
		boolean tryUnlockWithCachedUnifiedChallenge(int userId);
		void removeCachedUnifiedChallenge(int userId);
		void updateEncryptionPassword(int type, in byte[] password);
		boolean registerWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener);
		boolean unregisterWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener);
		long addWeakEscrowToken(in byte[] token, int userId, in IWeakEscrowTokenActivatedListener callback);

services/core/java/com/android/server/locksettings/LockSettingsService.java

+4 −49

Original line number	Diff line number	Diff line
		@@ -1800,7 +1800,10 @@ public class LockSettingsService extends ILockSettings.Stub {
		}

		private void onPostPasswordChanged(LockscreenCredential newCredential, int userHandle) {
		updateEncryptionPasswordIfNeeded(newCredential, userHandle);
		if (userHandle == UserHandle.USER_SYSTEM && isDeviceEncryptionEnabled() &&
		shouldEncryptWithCredentials() && newCredential.isNone()) {
		setCredentialRequiredToDecrypt(false);
		}
		if (newCredential.isPattern()) {
		setBoolean(LockPatternUtils.PATTERN_EVER_CHOSEN_KEY, true, userHandle);
		}
		@@ -1808,26 +1811,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		mContext.getSystemService(TrustManager.class).reportEnabledTrustAgentsChanged(userHandle);
		}

		/**
		* Update device encryption password if calling user is USER_SYSTEM and device supports
		* encryption.
		*/
		private void updateEncryptionPasswordIfNeeded(LockscreenCredential credential, int userHandle) {
		// Update the device encryption password.
		if (userHandle != UserHandle.USER_SYSTEM \|\| !isDeviceEncryptionEnabled()) {
		return;
		}
		if (!shouldEncryptWithCredentials()) {
		updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);
		return;
		}
		if (credential.isNone()) {
		// Set the encryption password to default.
		setCredentialRequiredToDecrypt(false);
		}
		updateEncryptionPassword(credential.getStorageCryptType(), credential.getCredential());
		}

		/**
		* Store the hash of the current password in the password history list, if device policy
		* enforces password history requirement.
		@@ -1942,34 +1925,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		}
		}

		/ Update the encryption password if it is enabled /
		@Override
		public void updateEncryptionPassword(final int type, final byte[] password) {
		if (!hasSecureLockScreen() && password != null && password.length != 0) {
		throw new UnsupportedOperationException(
		"This operation requires the lock screen feature.");
		}
		if (!isDeviceEncryptionEnabled()) {
		return;
		}
		final IBinder service = ServiceManager.getService("mount");
		if (service == null) {
		Slog.e(TAG, "Could not find the mount service to update the encryption password");
		return;
		}

		// TODO(b/120484642): This is a location where we still use a String for vold
		String passwordString = password != null ? new String(password) : null;
		mHandler.post(() -> {
		IStorageManager storageManager = mInjector.getStorageManager();
		try {
		storageManager.changeEncryptionPassword(type, passwordString);
		} catch (RemoteException e) {
		Slog.e(TAG, "Error changing encryption password", e);
		}
		});
		}

		/** Register the given WeakEscrowTokenRemovedListener. */
		@Override
		public boolean registerWeakEscrowTokenRemovedListener(