Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0e3bda21 authored by Eric Biggers's avatar Eric Biggers
Browse files

DPM: remove FDE-specific password validity persistence 

On FDE devices, DevicePolicyManagerService persistently stored a flag
indicating whether the user's password is sufficient for the policy.
Since FDE is no longer supported, this code is no longer needed.

Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Bug: 208476087
Change-Id: I1e2a97a354382dbee6a92b166e91ae8130f1e48c
parent 106150d8

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java

+2 −18
Original line number Diff line number Diff line
@@ -67,7 +67,6 @@ class DevicePolicyData { 
    private static final String TAG_CURRENT_INPUT_METHOD_SET = "current-ime-set";

    private static final String TAG_OWNER_INSTALLED_CA_CERT = "owner-installed-ca-cert";

    private static final String TAG_INITIALIZATION_BUNDLE = "initialization-bundle";

    private static final String TAG_PASSWORD_VALIDITY = "password-validity";

    private static final String TAG_PASSWORD_TOKEN_HANDLE = "password-token";

    private static final String TAG_PROTECTED_PACKAGES = "protected-packages";

    private static final String TAG_BYPASS_ROLE_QUALIFICATIONS = "bypass-role-qualifications";
@@ -184,7 +183,7 @@ class DevicePolicyData { 
    /**

     * Serializes DevicePolicyData object as XML.

     */

    static boolean store(DevicePolicyData policyData, JournaledFile file, boolean isFdeDevice) {

    static boolean store(DevicePolicyData policyData, JournaledFile file) {

        FileOutputStream stream = null;

        File chooseForWrite = null;

        try {
@@ -269,15 +268,6 @@ class DevicePolicyData { 
                out.endTag(null, "failed-password-attempts");

            }



            // For FDE devices only, we save this flag so we can report on password sufficiency

            // before the user enters their password for the first time after a reboot.  For

            // security reasons, we don't want to store the full set of active password metrics.

            if (isFdeDevice) {

                out.startTag(null, TAG_PASSWORD_VALIDITY);

                out.attributeBoolean(null, ATTR_VALUE, policyData.mPasswordValidAtLastCheckpoint);

                out.endTag(null, TAG_PASSWORD_VALIDITY);

            }



            for (int i = 0; i < policyData.mAcceptedCaCertificates.size(); i++) {

                out.startTag(null, TAG_ACCEPTED_CA_CERTIFICATES);

                out.attribute(null, ATTR_NAME, policyData.mAcceptedCaCertificates.valueAt(i));
@@ -405,7 +395,7 @@ class DevicePolicyData { 
     * @param adminInfoSupplier function that queries DeviceAdminInfo from PackageManager

     * @param ownerComponent device or profile owner component if any.

     */

    static void load(DevicePolicyData policy, boolean isFdeDevice, JournaledFile journaledFile,

    static void load(DevicePolicyData policy, JournaledFile journaledFile,

            Function<ComponentName, DeviceAdminInfo> adminInfoSupplier,

            ComponentName ownerComponent) {

        FileInputStream stream = null;
@@ -545,12 +535,6 @@ class DevicePolicyData { 
                    policy.mAdminBroadcastPending = Boolean.toString(true).equals(pending);

                } else if (TAG_INITIALIZATION_BUNDLE.equals(tag)) {

                    policy.mInitBundle = PersistableBundle.restoreFromXml(parser);

                } else if (TAG_PASSWORD_VALIDITY.equals(tag)) {

                    if (isFdeDevice) {

                        // This flag is only used for FDE devices

                        policy.mPasswordValidAtLastCheckpoint =

                                parser.getAttributeBoolean(null, ATTR_VALUE, false);

                    }

                } else if (TAG_PASSWORD_TOKEN_HANDLE.equals(tag)) {

                    policy.mPasswordTokenHandle = parser.getAttributeLong(null, ATTR_VALUE);

                } else if (TAG_CURRENT_INPUT_METHOD_SET.equals(tag)) {

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+1 −10
Original line number Diff line number Diff line
@@ -2877,10 +2877,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
    }















    private void saveSettingsLocked(int userHandle) {













        if (DevicePolicyData.store(













                getUserData(userHandle),













                makeJournaledFile(userHandle),













                !mInjector.storageManagerIsFileBasedEncryptionEnabled())) {













        if (DevicePolicyData.store(getUserData(userHandle), makeJournaledFile(userHandle))) {















            sendChangedNotification(userHandle);















        }















        invalidateBinderCaches();









@@ -2895,7 +2892,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {



























    private void loadSettingsLocked(DevicePolicyData policy, int userHandle) {















        DevicePolicyData.load(policy,













                !mInjector.storageManagerIsFileBasedEncryptionEnabled(),















                makeJournaledFile(userHandle),















                component -> findAdmin(















                        component, userHandle, /* throwForMissingPermission= */ false),










@@ -3060,11 +3056,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {



























    // TODO(b/230841522) Make it static.















    private class DpmsUpgradeDataProvider implements PolicyUpgraderDataProvider {













        @Override













        public boolean storageManagerIsFileBasedEncryptionEnabled() {













            return mInjector.storageManagerIsFileBasedEncryptionEnabled();













        }



























        @Override















        public JournaledFile makeDevicePoliciesJournaledFile(int userId) {















            return DevicePolicyManagerService.this.makeJournaledFile(userId, DEVICE_POLICIES_XML);

































services/devicepolicy/java/com/android/server/devicepolicy/PolicyUpgraderDataProvider.java



+0
−5






























Original line number
Diff line number
Diff line








@@ -28,11 +28,6 @@ import java.util.function.Function;













 * to go through the upgrade process.















 */















public interface PolicyUpgraderDataProvider {













    /**













     * Returns true if the storage manager indicates file-based encryption is enabled.













     */













    boolean storageManagerIsFileBasedEncryptionEnabled();





























    /**















     * Returns the journaled policies file for a given user.















     */

































services/devicepolicy/java/com/android/server/devicepolicy/PolicyVersionUpgrader.java



+1
−5






























Original line number
Diff line number
Diff line








@@ -222,7 +222,6 @@ public class PolicyVersionUpgrader {













            int userId, int loadVersion, ComponentName ownerComponent) {















        DevicePolicyData policy = new DevicePolicyData(userId);















        DevicePolicyData.load(policy,













                !mProvider.storageManagerIsFileBasedEncryptionEnabled(),















                mProvider.makeDevicePoliciesJournaledFile(userId),















                mProvider.getAdminInfoSupplier(userId),















                ownerComponent);









@@ -230,10 +229,7 @@ public class PolicyVersionUpgrader {













    }































    private boolean writeDataForUser(int userId, DevicePolicyData policy) {













        return DevicePolicyData.store(













                policy,













                mProvider.makeDevicePoliciesJournaledFile(userId),













                !mProvider.storageManagerIsFileBasedEncryptionEnabled());













        return DevicePolicyData.store(policy, mProvider.makeDevicePoliciesJournaledFile(userId));















    }































    private JournaledFile getVersionFile() {

































services/tests/servicestests/src/com/android/server/devicepolicy/PolicyVersionUpgraderTest.java



+0
−6






























Original line number
Diff line number
Diff line








@@ -69,15 +69,9 @@ public class PolicyVersionUpgraderTest extends DpmTestBase {













    private ComponentName mFakeAdmin;































    private class FakePolicyUpgraderDataProvider implements PolicyUpgraderDataProvider {













        boolean mIsFileBasedEncryptionEnabled;















        Map<ComponentName, DeviceAdminInfo> mComponentToDeviceAdminInfo = new HashMap<>();















        int[] mUsers;





























        @Override













        public boolean storageManagerIsFileBasedEncryptionEnabled() {













            return mIsFileBasedEncryptionEnabled;













        }





























        private JournaledFile makeJournaledFile(int userId, String fileName) {















            File parentDir = getServices().environment.getUserSystemDirectory(userId);