Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1213e2f4 authored by Amir Samuelov's avatar Amir Samuelov Committed by Gerrit - the friendly Code Review server
Browse files

security: prevent FDE after PFE 

Full-Disk-Encryption (FDE) is not allowed
after Per-File-Encryption (PFE) is activated.

Change-Id: I17e6039f3b33450835fea6ee5e612c079868b71f
parent 628bc01b

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+5 −0
Original line number Diff line number Diff line
@@ -3387,6 +3387,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
     * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}.

     */

    private int getEncryptionStatus() {

        String pfeStatus = SystemProperties.get("vold.pfe", "");

        if ("activated".equalsIgnoreCase(pfeStatus)) {

            return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;

        }



        String status = SystemProperties.get("ro.crypto.state", "unsupported");

        if ("encrypted".equalsIgnoreCase(status)) {

            final long token = Binder.clearCallingIdentity();