Move all crypto commands over to Binder. (43e12114) · Commits · e / os / android_frameworks_base

core/java/android/os/storage/StorageManager.java

+17 −11

Original line number	Diff line number	Diff line
		@@ -225,22 +225,28 @@ public class StorageManager {
		public static final int FSTRIM_FLAG_BENCHMARK = IVold.FSTRIM_FLAG_BENCHMARK_AFTER;

		/** @hide The volume is not encrypted. */
		public static final int ENCRYPTION_STATE_NONE = 1;
		public static final int ENCRYPTION_STATE_NONE =
		IVold.ENCRYPTION_STATE_NONE;

		/** @hide The volume has been encrypted succesfully. */
		public static final int ENCRYPTION_STATE_OK = 0;
		public static final int ENCRYPTION_STATE_OK =
		IVold.ENCRYPTION_STATE_OK;

		/** @hide The volume is in a bad state. */
		public static final int ENCRYPTION_STATE_ERROR_UNKNOWN = -1;
		public static final int ENCRYPTION_STATE_ERROR_UNKNOWN =
		IVold.ENCRYPTION_STATE_ERROR_UNKNOWN;

		/** @hide Encryption is incomplete */
		public static final int ENCRYPTION_STATE_ERROR_INCOMPLETE = -2;
		public static final int ENCRYPTION_STATE_ERROR_INCOMPLETE =
		IVold.ENCRYPTION_STATE_ERROR_INCOMPLETE;

		/** @hide Encryption is incomplete and irrecoverable */
		public static final int ENCRYPTION_STATE_ERROR_INCONSISTENT = -3;
		public static final int ENCRYPTION_STATE_ERROR_INCONSISTENT =
		IVold.ENCRYPTION_STATE_ERROR_INCONSISTENT;

		/** @hide Underlying data is corrupt */
		public static final int ENCRYPTION_STATE_ERROR_CORRUPT = -4;
		public static final int ENCRYPTION_STATE_ERROR_CORRUPT =
		IVold.ENCRYPTION_STATE_ERROR_CORRUPT;

		private static volatile IStorageManager sStorageManager = null;

		@@ -1974,13 +1980,13 @@ public class StorageManager {

		/// Consts to match the password types in cryptfs.h
		/** @hide */
		public static final int CRYPT_TYPE_PASSWORD = 0;
		public static final int CRYPT_TYPE_PASSWORD = IVold.PASSWORD_TYPE_PASSWORD;
		/** @hide */
		public static final int CRYPT_TYPE_DEFAULT = 1;
		public static final int CRYPT_TYPE_DEFAULT = IVold.PASSWORD_TYPE_DEFAULT;
		/** @hide */
		public static final int CRYPT_TYPE_PATTERN = 2;
		public static final int CRYPT_TYPE_PATTERN = IVold.PASSWORD_TYPE_PATTERN;
		/** @hide */
		public static final int CRYPT_TYPE_PIN = 3;
		public static final int CRYPT_TYPE_PIN = IVold.PASSWORD_TYPE_PIN;

		// Constants for the data available via StorageManagerService.getField.
		/** @hide */

services/core/java/com/android/server/StorageManagerService.java

+206 −47

Original line number	Diff line number	Diff line
		@@ -917,13 +917,22 @@ class StorageManagerService extends IStorageManager.Stub
		for (UserInfo user : users) {
		try {
		if (initLocked) {
		if (ENABLE_BINDER) {
		mVold.lockUserKey(user.id);
		} else {
		mCryptConnector.execute("cryptfs", "lock_user_key", user.id);
		}
		} else {
		if (ENABLE_BINDER) {
		mVold.unlockUserKey(user.id, user.serialNumber, encodeBytes(null),
		encodeBytes(null));
		} else {
		mCryptConnector.execute("cryptfs", "unlock_user_key", user.id,
		user.serialNumber, "!", "!");
		}
		} catch (NativeDaemonConnectorException e) {
		Slog.w(TAG, "Failed to init vold", e);
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}
		}
		@@ -2734,6 +2743,15 @@ class StorageManagerService extends IStorageManager.Stub

		waitForReady();

		if (ENABLE_BINDER) {
		try {
		return mVold.fdeComplete();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN;
		}
		}

		final NativeDaemonEvent event;
		try {
		event = mCryptConnector.execute("cryptfs", "cryptocomplete");
		@@ -2764,6 +2782,22 @@ class StorageManagerService extends IStorageManager.Stub
		Slog.i(TAG, "decrypting storage...");
		}

		if (ENABLE_BINDER) {
		try {
		mVold.fdeCheckPassword(password);
		mHandler.postDelayed(() -> {
		try {
		mVold.fdeRestart();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}, DateUtils.SECOND_IN_MILLIS);
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN;
		}
		}

		final NativeDaemonEvent event;
		try {
		event = mCryptConnector.execute("cryptfs", "checkpw", new SensitiveArg(password));
		@@ -2806,15 +2840,23 @@ class StorageManagerService extends IStorageManager.Stub

		try {
		if (type == StorageManager.CRYPT_TYPE_DEFAULT) {
		if (ENABLE_BINDER) {
		mVold.fdeEnable(type, null, IVold.ENCRYPTION_FLAG_IN_PLACE);
		} else {
		mCryptConnector.execute("cryptfs", "enablecrypto", "inplace",
		CRYPTO_TYPES[type]);
		}
		} else {
		if (ENABLE_BINDER) {
		mVold.fdeEnable(type, password, IVold.ENCRYPTION_FLAG_IN_PLACE);
		} else {
		mCryptConnector.execute("cryptfs", "enablecrypto", "inplace",
		CRYPTO_TYPES[type], new SensitiveArg(password));
		}
		} catch (NativeDaemonConnectorException e) {
		// Encryption failed
		return e.getCode();
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return -1;
		}

		return 0;
		@@ -2834,6 +2876,16 @@ class StorageManagerService extends IStorageManager.Stub
		Slog.i(TAG, "changing encryption password...");
		}

		if (ENABLE_BINDER) {
		try {
		mVold.fdeChangePassword(type, password);
		return 0;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return -1;
		}
		}

		try {
		NativeDaemonEvent event = mCryptConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
		new SensitiveArg(password));
		@@ -2867,6 +2919,16 @@ class StorageManagerService extends IStorageManager.Stub
		Slog.i(TAG, "validating encryption password...");
		}

		if (ENABLE_BINDER) {
		try {
		mVold.fdeVerifyPassword(password);
		return 0;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return -1;
		}
		}

		final NativeDaemonEvent event;
		try {
		event = mCryptConnector.execute("cryptfs", "verifypw", new SensitiveArg(password));
		@@ -2889,6 +2951,15 @@ class StorageManagerService extends IStorageManager.Stub

		waitForReady();

		if (ENABLE_BINDER) {
		try {
		return mVold.fdeGetPasswordType();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return -1;
		}
		}

		final NativeDaemonEvent event;
		try {
		event = mCryptConnector.execute("cryptfs", "getpwtype");
		@@ -2915,6 +2986,16 @@ class StorageManagerService extends IStorageManager.Stub

		waitForReady();

		if (ENABLE_BINDER) {
		try {
		mVold.fdeSetField(field, contents);
		return;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return;
		}
		}

		final NativeDaemonEvent event;
		try {
		event = mCryptConnector.execute("cryptfs", "setfield", field, contents);
		@@ -2935,6 +3016,15 @@ class StorageManagerService extends IStorageManager.Stub

		waitForReady();

		if (ENABLE_BINDER) {
		try {
		return mVold.fdeGetField(field);
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return null;
		}
		}

		final NativeDaemonEvent event;
		try {
		final String[] contents = NativeDaemonEvent.filterMessageList(
		@@ -2961,6 +3051,15 @@ class StorageManagerService extends IStorageManager.Stub

		waitForReady();

		if (ENABLE_BINDER) {
		try {
		return mVold.isConvertibleToFbe();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return false;
		}
		}

		final NativeDaemonEvent event;
		try {
		event = mCryptConnector.execute("cryptfs", "isConvertibleToFBE");
		@@ -2979,6 +3078,15 @@ class StorageManagerService extends IStorageManager.Stub
		return new String();
		}

		if (ENABLE_BINDER) {
		try {
		return mVold.fdeGetPassword();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return null;
		}
		}

		final NativeDaemonEvent event;
		try {
		event = mCryptConnector.execute("cryptfs", "getpw");
		@@ -3004,6 +3112,16 @@ class StorageManagerService extends IStorageManager.Stub
		return;
		}

		if (ENABLE_BINDER) {
		try {
		mVold.fdeClearPassword();
		return;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return;
		}
		}

		final NativeDaemonEvent event;
		try {
		event = mCryptConnector.execute("cryptfs", "clearpw");
		@@ -3018,10 +3136,14 @@ class StorageManagerService extends IStorageManager.Stub
		waitForReady();

		try {
		if (ENABLE_BINDER) {
		mVold.createUserKey(userId, serialNumber, ephemeral);
		} else {
		mCryptConnector.execute("cryptfs", "create_user_key", userId, serialNumber,
		ephemeral ? 1 : 0);
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}

		@@ -3031,17 +3153,21 @@ class StorageManagerService extends IStorageManager.Stub
		waitForReady();

		try {
		if (ENABLE_BINDER) {
		mVold.destroyUserKey(userId);
		} else {
		mCryptConnector.execute("cryptfs", "destroy_user_key", userId);
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}

		private SensitiveArg encodeBytes(byte[] bytes) {
		private String encodeBytes(byte[] bytes) {
		if (ArrayUtils.isEmpty(bytes)) {
		return new SensitiveArg("!");
		return "!";
		} else {
		return new SensitiveArg(HexDump.toHexString(bytes));
		return HexDump.toHexString(bytes);
		}
		}

		@@ -3058,10 +3184,15 @@ class StorageManagerService extends IStorageManager.Stub
		waitForReady();

		try {
		if (ENABLE_BINDER) {
		mVold.addUserKeyAuth(userId, serialNumber, encodeBytes(token), encodeBytes(secret));
		} else {
		mCryptConnector.execute("cryptfs", "add_user_key_auth", userId, serialNumber,
		encodeBytes(token), encodeBytes(secret));
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		new SensitiveArg(encodeBytes(token)),
		new SensitiveArg(encodeBytes(secret)));
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}

		@@ -3074,9 +3205,13 @@ class StorageManagerService extends IStorageManager.Stub
		waitForReady();

		try {
		if (ENABLE_BINDER) {
		mVold.fixateNewestUserKeyAuth(userId);
		} else {
		mCryptConnector.execute("cryptfs", "fixate_newest_user_key_auth", userId);
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}

		@@ -3093,10 +3228,17 @@ class StorageManagerService extends IStorageManager.Stub
		}

		try {
		if (ENABLE_BINDER) {
		mVold.unlockUserKey(userId, serialNumber, encodeBytes(token),
		encodeBytes(secret));
		} else {
		mCryptConnector.execute("cryptfs", "unlock_user_key", userId, serialNumber,
		encodeBytes(token), encodeBytes(secret));
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		new SensitiveArg(encodeBytes(token)),
		new SensitiveArg(encodeBytes(secret)));
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return;
		}
		}

		@@ -3116,9 +3258,14 @@ class StorageManagerService extends IStorageManager.Stub
		waitForReady();

		try {
		if (ENABLE_BINDER) {
		mVold.lockUserKey(userId);
		} else {
		mCryptConnector.execute("cryptfs", "lock_user_key", userId);
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return;
		}

		synchronized (mLock) {
		@@ -3139,10 +3286,14 @@ class StorageManagerService extends IStorageManager.Stub
		waitForReady();

		try {
		if (ENABLE_BINDER) {
		mVold.prepareUserStorage(volumeUuid, userId, serialNumber, flags);
		} else {
		mCryptConnector.execute("cryptfs", "prepare_user_storage", escapeNull(volumeUuid),
		userId, serialNumber, flags);
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}

		@@ -3152,10 +3303,14 @@ class StorageManagerService extends IStorageManager.Stub
		waitForReady();

		try {
		if (ENABLE_BINDER) {
		mVold.destroyUserStorage(volumeUuid, userId, flags);
		} else {
		mCryptConnector.execute("cryptfs", "destroy_user_storage", escapeNull(volumeUuid),
		userId, flags);
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}

		@@ -3165,9 +3320,13 @@ class StorageManagerService extends IStorageManager.Stub
		waitForReady();

		try {
		if (ENABLE_BINDER) {
		mVold.secdiscard(path);
		} else {
		mCryptConnector.execute("cryptfs", "secdiscard", escapeNull(path));
		} catch (NativeDaemonConnectorException e) {
		throw e.rethrowAsParcelableException();
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}