Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3ea44a52 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Device encrypted storage is always available. 

In order to support backup/restore on devices without native FBE
support, we always need to make the DE storage area available.  Add
docs clarifying the lifecycle.

Bug: 26279618
Change-Id: I789915f295b10aca6bf80ca58406aea212835ffd
parent 4175be2f

core/java/android/app/ContextImpl.java

+0 −4
Original line number Diff line number Diff line
@@ -1762,10 +1762,6 @@ class ContextImpl extends Context { 


    @Override

    public Context createDeviceEncryptedStorageContext() {

        if (!StorageManager.isFileBasedEncryptionEnabled()) {

            return null;

        }



        final int flags = (mFlags & ~Context.CONTEXT_CREDENTIAL_ENCRYPTED_STORAGE)

                | Context.CONTEXT_DEVICE_ENCRYPTED_STORAGE;

        return new ContextImpl(this, mMainThread, mPackageInfo, mActivityToken,

core/java/android/content/Context.java

+10 −2
Original line number Diff line number Diff line
@@ -4021,13 +4021,16 @@ public abstract class Context { 
     * Because device-encrypted data is available before user authentication,

     * you should carefully consider what data you store using this Context.

     * <p>

     * If the underlying device does not have the ability to store

     * device-encrypted and credential-encrypted data using different keys, then

     * both storage areas will become available at the same time. They remain

     * two distinct storage areas, and only the window of availability changes.

     * <p>

     * Each call to this method returns a new instance of a Context object;

     * Context objects are not shared, however common state (ClassLoader, other

     * Resources for the same configuration) may be so the Context itself can be

     * fairly lightweight.

     *

     * @return new Context or {@code null} if device-encrypted storage is not

     *         supported or available on this device.

     * @see #isDeviceEncryptedStorage()

     */

    public abstract Context createDeviceEncryptedStorageContext();
@@ -4041,6 +4044,11 @@ public abstract class Context { 
     * <em>only after</em> the user has entered their credentials (such as a

     * lock pattern or PIN).

     * <p>

     * If the underlying device does not have the ability to store

     * device-encrypted and credential-encrypted data using different keys, then

     * both storage areas will become available at the same time. They remain

     * two distinct storage areas, and only the window of availability changes.

     * <p>

     * Each call to this method returns a new instance of a Context object;

     * Context objects are not shared, however common state (ClassLoader, other

     * Resources for the same configuration) may be so the Context itself can be