Loading core/java/android/os/storage/IStorageManager.aidl +0 −4 Original line number Diff line number Diff line Loading @@ -134,10 +134,6 @@ interface IStorageManager { @EnforcePermission("MOUNT_UNMOUNT_FILESYSTEMS") void setDebugFlags(int flags, int mask) = 60; @EnforcePermission("STORAGE_INTERNAL") void createUserStorageKeys(int userId, boolean ephemeral) = 61; @EnforcePermission("STORAGE_INTERNAL") void destroyUserStorageKeys(int userId) = 62; @EnforcePermission("STORAGE_INTERNAL") void lockCeStorage(int userId) = 64; boolean isCeStorageUnlocked(int userId) = 65; @EnforcePermission("STORAGE_INTERNAL") Loading core/java/android/os/storage/StorageManager.java +0 −49 Original line number Diff line number Diff line Loading @@ -1635,55 +1635,6 @@ public class StorageManager { DEFAULT_FULL_THRESHOLD_BYTES); } /** * Creates the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. * <p> * This creates the user's CE key and DE key for internal storage, then adds them to the kernel. * Then, if the user is not ephemeral, this stores the DE key (encrypted) on flash. (The CE key * is not stored until {@link IStorageManager#setCeStorageProtection()}.) * <p> * This does not create the CE and DE directories themselves. For that, see {@link * #prepareUserStorage()}. * <p> * This is only intended to be called by UserManagerService, as part of creating a user. * * @param userId ID of the user * @param ephemeral whether the user is ephemeral * @throws RuntimeException on error. The user's keys already existing is considered an error. * @hide */ public void createUserStorageKeys(int userId, boolean ephemeral) { try { mStorageManager.createUserStorageKeys(userId, ephemeral); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Destroys the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. * <p> * This evicts the keys from the kernel (if present), which "locks" the corresponding * directories. Then, this deletes the encrypted keys from flash. This operates on all the * user's CE and DE keys, for both internal and adoptable storage. * <p> * This does not destroy the CE and DE directories themselves. For that, see {@link * #destroyUserStorage()}. * <p> * This is only intended to be called by UserManagerService, as part of removing a user. * * @param userId ID of the user * @throws RuntimeException on error. On error, as many things as possible are still destroyed. * @hide */ public void destroyUserStorageKeys(int userId) { try { mStorageManager.destroyUserStorageKeys(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Locks the user's credential-encrypted (CE) storage. * Loading services/core/java/com/android/server/StorageManagerInternal.java +33 −0 Original line number Diff line number Diff line Loading @@ -138,6 +138,39 @@ public abstract class StorageManagerInternal { */ public abstract List<String> getPrimaryVolumeIds(); /** * Creates the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. * * <p>This creates the user's CE key and DE key for internal storage, then adds them to the * kernel. Then, if the user is not ephemeral, this stores the DE key (encrypted) on flash. (The * CE key is not stored until {@link #setCeStorageProtection()}.) * * <p>This does not create the CE and DE directories themselves. For that, see {@link * #prepareUserStorage()}. * * <p>This is intended to be called only by UserManagerService, as part of creating a user. * * @param userId ID of the user * @param ephemeral whether the user is ephemeral */ public abstract void createUserStorageKeys(int userId, boolean ephemeral); /** * Destroys the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. * * <p>This evicts the keys from the kernel (if present), which "locks" the corresponding * directories. Then, this deletes the encrypted keys from flash. This operates on all the * user's CE and DE keys, for both internal and adoptable storage. * * <p>This does not destroy the CE and DE directories themselves. For that, see {@link * #destroyUserStorage()}. * * <p>This is intended to be called only by UserManagerService, as part of removing a user. * * @param userId ID of the user */ public abstract void destroyUserStorageKeys(int userId); /** * Tells StorageManager that CE storage for this user has been prepared. * Loading services/core/java/com/android/server/StorageManagerService.java +26 −34 Original line number Diff line number Diff line Loading @@ -3323,40 +3323,6 @@ class StorageManagerService extends IStorageManager.Stub mVold.abortChanges(message, retry); } @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override public void createUserStorageKeys(int userId, boolean ephemeral) { super.createUserStorageKeys_enforcePermission(); try { mVold.createUserStorageKeys(userId, ephemeral); // Since the user's CE key was just created, the user's CE storage is now unlocked. synchronized (mLock) { mCeUnlockedUsers.append(userId); } } catch (Exception e) { Slog.wtf(TAG, e); } } @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override public void destroyUserStorageKeys(int userId) { super.destroyUserStorageKeys_enforcePermission(); try { mVold.destroyUserStorageKeys(userId); // Since the user's CE key was just destroyed, the user's CE storage is now locked. synchronized (mLock) { mCeUnlockedUsers.remove(userId); } } catch (Exception e) { Slog.wtf(TAG, e); } } @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override public void lockCeStorage(int userId) { Loading Loading @@ -5092,6 +5058,32 @@ class StorageManagerService extends IStorageManager.Stub return primaryVolumeIds; } @Override public void createUserStorageKeys(int userId, boolean ephemeral) { try { mVold.createUserStorageKeys(userId, ephemeral); // Since the user's CE key was just created, the user's CE storage is now unlocked. synchronized (mLock) { mCeUnlockedUsers.append(userId); } } catch (Exception e) { Slog.wtf(TAG, e); } } @Override public void destroyUserStorageKeys(int userId) { try { mVold.destroyUserStorageKeys(userId); // Since the user's CE key was just destroyed, the user's CE storage is now locked. synchronized (mLock) { mCeUnlockedUsers.remove(userId); } } catch (Exception e) { Slog.wtf(TAG, e); } } @Override public void markCeStoragePrepared(int userId) { synchronized (mLock) { Loading services/core/java/com/android/server/pm/UserManagerService.java +12 −5 Original line number Diff line number Diff line Loading @@ -415,6 +415,7 @@ public class UserManagerService extends IUserManager.Stub { private DevicePolicyManagerInternal mDevicePolicyManagerInternal; private ActivityManagerInternal mAmInternal; private LockSettingsInternal mLockSettingsInternal; private StorageManagerInternal mStorageManagerInternal; /** Indicates that this is the 1st boot after the system user mode was changed by emulation. */ private boolean mUpdatingSystemUserMode; Loading Loading @@ -6399,8 +6400,7 @@ public class UserManagerService extends IUserManager.Stub { } t.traceBegin("createUserStorageKeys"); final StorageManager storage = mContext.getSystemService(StorageManager.class); storage.createUserStorageKeys(userId, userInfo.isEphemeral()); getStorageManagerInternal().createUserStorageKeys(userId, userInfo.isEphemeral()); t.traceEnd(); // Only prepare DE storage here. CE storage will be prepared later, when the user is Loading Loading @@ -7241,7 +7241,7 @@ public class UserManagerService extends IUserManager.Stub { // Evict and destroy the user's CE and DE encryption keys. At this point, the user's CE and // DE storage is made inaccessible, except to delete its contents. try { mContext.getSystemService(StorageManager.class).destroyUserStorageKeys(userId); getStorageManagerInternal().destroyUserStorageKeys(userId); } catch (IllegalStateException e) { // This may be simply because the user was partially created. Slog.i(LOG_TAG, "Destroying storage keys for user " + userId Loading Loading @@ -7797,8 +7797,7 @@ public class UserManagerService extends IUserManager.Stub { mUserDataPreparer.prepareUserData(userInfo, StorageManager.FLAG_STORAGE_CE); t.traceEnd(); StorageManagerInternal smInternal = LocalServices.getService(StorageManagerInternal.class); smInternal.markCeStoragePrepared(userId); getStorageManagerInternal().markCeStoragePrepared(userId); t.traceBegin("reconcileAppsData-" + userId); getPackageManagerInternal().reconcileAppsData(userId, StorageManager.FLAG_STORAGE_CE, Loading Loading @@ -9027,6 +9026,14 @@ public class UserManagerService extends IUserManager.Stub { return mLockSettingsInternal; } /** Returns the internal storage manager interface. */ private StorageManagerInternal getStorageManagerInternal() { if (mStorageManagerInternal == null) { mStorageManagerInternal = LocalServices.getService(StorageManagerInternal.class); } return mStorageManagerInternal; } /** * Returns true, when user has {@link UserInfo#FLAG_MAIN} and system property * {@link com.android.internal.R.bool#config_isMainUserPermanentAdmin} is true. Loading Loading
core/java/android/os/storage/IStorageManager.aidl +0 −4 Original line number Diff line number Diff line Loading @@ -134,10 +134,6 @@ interface IStorageManager { @EnforcePermission("MOUNT_UNMOUNT_FILESYSTEMS") void setDebugFlags(int flags, int mask) = 60; @EnforcePermission("STORAGE_INTERNAL") void createUserStorageKeys(int userId, boolean ephemeral) = 61; @EnforcePermission("STORAGE_INTERNAL") void destroyUserStorageKeys(int userId) = 62; @EnforcePermission("STORAGE_INTERNAL") void lockCeStorage(int userId) = 64; boolean isCeStorageUnlocked(int userId) = 65; @EnforcePermission("STORAGE_INTERNAL") Loading
core/java/android/os/storage/StorageManager.java +0 −49 Original line number Diff line number Diff line Loading @@ -1635,55 +1635,6 @@ public class StorageManager { DEFAULT_FULL_THRESHOLD_BYTES); } /** * Creates the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. * <p> * This creates the user's CE key and DE key for internal storage, then adds them to the kernel. * Then, if the user is not ephemeral, this stores the DE key (encrypted) on flash. (The CE key * is not stored until {@link IStorageManager#setCeStorageProtection()}.) * <p> * This does not create the CE and DE directories themselves. For that, see {@link * #prepareUserStorage()}. * <p> * This is only intended to be called by UserManagerService, as part of creating a user. * * @param userId ID of the user * @param ephemeral whether the user is ephemeral * @throws RuntimeException on error. The user's keys already existing is considered an error. * @hide */ public void createUserStorageKeys(int userId, boolean ephemeral) { try { mStorageManager.createUserStorageKeys(userId, ephemeral); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Destroys the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. * <p> * This evicts the keys from the kernel (if present), which "locks" the corresponding * directories. Then, this deletes the encrypted keys from flash. This operates on all the * user's CE and DE keys, for both internal and adoptable storage. * <p> * This does not destroy the CE and DE directories themselves. For that, see {@link * #destroyUserStorage()}. * <p> * This is only intended to be called by UserManagerService, as part of removing a user. * * @param userId ID of the user * @throws RuntimeException on error. On error, as many things as possible are still destroyed. * @hide */ public void destroyUserStorageKeys(int userId) { try { mStorageManager.destroyUserStorageKeys(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Locks the user's credential-encrypted (CE) storage. * Loading
services/core/java/com/android/server/StorageManagerInternal.java +33 −0 Original line number Diff line number Diff line Loading @@ -138,6 +138,39 @@ public abstract class StorageManagerInternal { */ public abstract List<String> getPrimaryVolumeIds(); /** * Creates the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. * * <p>This creates the user's CE key and DE key for internal storage, then adds them to the * kernel. Then, if the user is not ephemeral, this stores the DE key (encrypted) on flash. (The * CE key is not stored until {@link #setCeStorageProtection()}.) * * <p>This does not create the CE and DE directories themselves. For that, see {@link * #prepareUserStorage()}. * * <p>This is intended to be called only by UserManagerService, as part of creating a user. * * @param userId ID of the user * @param ephemeral whether the user is ephemeral */ public abstract void createUserStorageKeys(int userId, boolean ephemeral); /** * Destroys the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. * * <p>This evicts the keys from the kernel (if present), which "locks" the corresponding * directories. Then, this deletes the encrypted keys from flash. This operates on all the * user's CE and DE keys, for both internal and adoptable storage. * * <p>This does not destroy the CE and DE directories themselves. For that, see {@link * #destroyUserStorage()}. * * <p>This is intended to be called only by UserManagerService, as part of removing a user. * * @param userId ID of the user */ public abstract void destroyUserStorageKeys(int userId); /** * Tells StorageManager that CE storage for this user has been prepared. * Loading
services/core/java/com/android/server/StorageManagerService.java +26 −34 Original line number Diff line number Diff line Loading @@ -3323,40 +3323,6 @@ class StorageManagerService extends IStorageManager.Stub mVold.abortChanges(message, retry); } @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override public void createUserStorageKeys(int userId, boolean ephemeral) { super.createUserStorageKeys_enforcePermission(); try { mVold.createUserStorageKeys(userId, ephemeral); // Since the user's CE key was just created, the user's CE storage is now unlocked. synchronized (mLock) { mCeUnlockedUsers.append(userId); } } catch (Exception e) { Slog.wtf(TAG, e); } } @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override public void destroyUserStorageKeys(int userId) { super.destroyUserStorageKeys_enforcePermission(); try { mVold.destroyUserStorageKeys(userId); // Since the user's CE key was just destroyed, the user's CE storage is now locked. synchronized (mLock) { mCeUnlockedUsers.remove(userId); } } catch (Exception e) { Slog.wtf(TAG, e); } } @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override public void lockCeStorage(int userId) { Loading Loading @@ -5092,6 +5058,32 @@ class StorageManagerService extends IStorageManager.Stub return primaryVolumeIds; } @Override public void createUserStorageKeys(int userId, boolean ephemeral) { try { mVold.createUserStorageKeys(userId, ephemeral); // Since the user's CE key was just created, the user's CE storage is now unlocked. synchronized (mLock) { mCeUnlockedUsers.append(userId); } } catch (Exception e) { Slog.wtf(TAG, e); } } @Override public void destroyUserStorageKeys(int userId) { try { mVold.destroyUserStorageKeys(userId); // Since the user's CE key was just destroyed, the user's CE storage is now locked. synchronized (mLock) { mCeUnlockedUsers.remove(userId); } } catch (Exception e) { Slog.wtf(TAG, e); } } @Override public void markCeStoragePrepared(int userId) { synchronized (mLock) { Loading
services/core/java/com/android/server/pm/UserManagerService.java +12 −5 Original line number Diff line number Diff line Loading @@ -415,6 +415,7 @@ public class UserManagerService extends IUserManager.Stub { private DevicePolicyManagerInternal mDevicePolicyManagerInternal; private ActivityManagerInternal mAmInternal; private LockSettingsInternal mLockSettingsInternal; private StorageManagerInternal mStorageManagerInternal; /** Indicates that this is the 1st boot after the system user mode was changed by emulation. */ private boolean mUpdatingSystemUserMode; Loading Loading @@ -6399,8 +6400,7 @@ public class UserManagerService extends IUserManager.Stub { } t.traceBegin("createUserStorageKeys"); final StorageManager storage = mContext.getSystemService(StorageManager.class); storage.createUserStorageKeys(userId, userInfo.isEphemeral()); getStorageManagerInternal().createUserStorageKeys(userId, userInfo.isEphemeral()); t.traceEnd(); // Only prepare DE storage here. CE storage will be prepared later, when the user is Loading Loading @@ -7241,7 +7241,7 @@ public class UserManagerService extends IUserManager.Stub { // Evict and destroy the user's CE and DE encryption keys. At this point, the user's CE and // DE storage is made inaccessible, except to delete its contents. try { mContext.getSystemService(StorageManager.class).destroyUserStorageKeys(userId); getStorageManagerInternal().destroyUserStorageKeys(userId); } catch (IllegalStateException e) { // This may be simply because the user was partially created. Slog.i(LOG_TAG, "Destroying storage keys for user " + userId Loading Loading @@ -7797,8 +7797,7 @@ public class UserManagerService extends IUserManager.Stub { mUserDataPreparer.prepareUserData(userInfo, StorageManager.FLAG_STORAGE_CE); t.traceEnd(); StorageManagerInternal smInternal = LocalServices.getService(StorageManagerInternal.class); smInternal.markCeStoragePrepared(userId); getStorageManagerInternal().markCeStoragePrepared(userId); t.traceBegin("reconcileAppsData-" + userId); getPackageManagerInternal().reconcileAppsData(userId, StorageManager.FLAG_STORAGE_CE, Loading Loading @@ -9027,6 +9026,14 @@ public class UserManagerService extends IUserManager.Stub { return mLockSettingsInternal; } /** Returns the internal storage manager interface. */ private StorageManagerInternal getStorageManagerInternal() { if (mStorageManagerInternal == null) { mStorageManagerInternal = LocalServices.getService(StorageManagerInternal.class); } return mStorageManagerInternal; } /** * Returns true, when user has {@link UserInfo#FLAG_MAIN} and system property * {@link com.android.internal.R.bool#config_isMainUserPermanentAdmin} is true. Loading
