Remove HardwareAuthToken parameter from addUserKeyAuth am: 5eb0659999 am: 2e4db6c49e (67fb478f) · Commits · e / os / android_frameworks_base

core/java/android/os/storage/IStorageManager.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -126,7 +126,7 @@ interface IStorageManager {
		void prepareUserStorage(in String volumeUuid, int userId, int serialNumber, int flags) = 66;
		void destroyUserStorage(in String volumeUuid, int userId, int flags) = 67;
		boolean isConvertibleToFBE() = 68;
		void addUserKeyAuth(int userId, int serialNumber, in byte[] token, in byte[] secret) = 70;
		void addUserKeyAuth(int userId, int serialNumber, in byte[] secret) = 70;
		void fixateNewestUserKeyAuth(int userId) = 71;
		void fstrim(int flags, IVoldTaskListener listener) = 72;
		AppFuseMount mountProxyFileDescriptorBridge() = 73;

services/core/java/com/android/server/StorageManagerService.java

+8 −7

Original line number	Diff line number	Diff line
		@@ -3184,18 +3184,19 @@ class StorageManagerService extends IStorageManager.Stub
		}

		/*
		* Add this token/secret pair to the set of ways we can recover a disk encryption key.
		* Changing the token/secret for a disk encryption key is done in two phases: first, adding
		* a new token/secret pair with this call, then delting all other pairs with
		* fixateNewestUserKeyAuth. This allows other places where a credential is used, such as
		* Gatekeeper, to be updated between the two calls.
		* Add this secret to the set of ways we can recover a user's disk
		* encryption key. Changing the secret for a disk encryption key is done in
		* two phases. First, this method is called to add the new secret binding.
		* Second, fixateNewestUserKeyAuth is called to delete all other bindings.
		* This allows other places where a credential is used, such as Gatekeeper,
		* to be updated between the two calls.
		*/
		@Override
		public void addUserKeyAuth(int userId, int serialNumber, byte[] token, byte[] secret) {
		public void addUserKeyAuth(int userId, int serialNumber, byte[] secret) {
		enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);

		try {
		mVold.addUserKeyAuth(userId, serialNumber, encodeBytes(token), encodeBytes(secret));
		mVold.addUserKeyAuth(userId, serialNumber, encodeBytes(secret));
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}

services/core/java/com/android/server/locksettings/LockSettingsService.java

+7 −7

Original line number	Diff line number	Diff line
		@@ -1887,9 +1887,9 @@ public class LockSettingsService extends ILockSettings.Stub {
		mStorage.writeChildProfileLock(userId, outputStream.toByteArray());
		}

		private void setAuthlessUserKeyProtection(int userId, byte[] key) {
		if (DEBUG) Slog.d(TAG, "setAuthlessUserKeyProtectiond: user=" + userId);
		addUserKeyAuth(userId, null, key);
		private void setUserKeyProtection(int userId, byte[] key) {
		if (DEBUG) Slog.d(TAG, "setUserKeyProtection: user=" + userId);
		addUserKeyAuth(userId, key);
		}

		private void clearUserKeyProtection(int userId, byte[] secret) {
		@@ -1940,11 +1940,11 @@ public class LockSettingsService extends ILockSettings.Stub {
		}
		}

		private void addUserKeyAuth(int userId, byte[] token, byte[] secret) {
		private void addUserKeyAuth(int userId, byte[] secret) {
		final UserInfo userInfo = mUserManager.getUserInfo(userId);
		final long callingId = Binder.clearCallingIdentity();
		try {
		mStorageManager.addUserKeyAuth(userId, userInfo.serialNumber, token, secret);
		mStorageManager.addUserKeyAuth(userId, userInfo.serialNumber, secret);
		} catch (RemoteException e) {
		throw new IllegalStateException("Failed to add new key to vold " + userId, e);
		} finally {
		@@ -2650,7 +2650,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		mSpManager.newSidForUser(getGateKeeperService(), auth, userId);
		}
		mSpManager.verifyChallenge(getGateKeeperService(), auth, 0L, userId);
		setAuthlessUserKeyProtection(userId, auth.deriveDiskEncryptionKey());
		setUserKeyProtection(userId, auth.deriveDiskEncryptionKey());
		setKeystorePassword(auth.deriveKeyStorePassword(), userId);
		} else {
		clearUserKeyProtection(userId, null);
		@@ -2852,7 +2852,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		// a new SID, and re-add keys to vold and keystore.
		mSpManager.newSidForUser(getGateKeeperService(), auth, userId);
		mSpManager.verifyChallenge(getGateKeeperService(), auth, 0L, userId);
		setAuthlessUserKeyProtection(userId, auth.deriveDiskEncryptionKey());
		setUserKeyProtection(userId, auth.deriveDiskEncryptionKey());
		fixateNewestUserKeyAuth(userId);
		setKeystorePassword(auth.deriveKeyStorePassword(), userId);
		}

services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -221,10 +221,10 @@ public abstract class BaseLockSettingsServiceTests {
		Object[] args = invocation.getArguments();
		mStorageManager.addUserKeyAuth((int) args[0] /* userId */,
		(int) args[1] /* serialNumber */,
		(byte[]) args[3] /* secret */);
		(byte[]) args[2] /* secret */);
		return null;
		}
		}).when(sm).addUserKeyAuth(anyInt(), anyInt(), any(), any());
		}).when(sm).addUserKeyAuth(anyInt(), anyInt(), any());

		doAnswer(new Answer<Void>() {
		@Override