Merge changes from topic "remove-auth-token" am: 6a8f891205 (6cdb257f) · Commits · e / os / android_frameworks_base

core/java/android/os/storage/IStorageManager.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -120,7 +120,7 @@ interface IStorageManager {
		void setDebugFlags(int flags, int mask) = 60;
		void createUserKey(int userId, int serialNumber, boolean ephemeral) = 61;
		void destroyUserKey(int userId) = 62;
		void unlockUserKey(int userId, int serialNumber, in byte[] token, in byte[] secret) = 63;
		void unlockUserKey(int userId, int serialNumber, in byte[] secret) = 63;
		void lockUserKey(int userId) = 64;
		boolean isUserKeyUnlocked(int userId) = 65;
		void prepareUserStorage(in String volumeUuid, int userId, int serialNumber, int flags) = 66;

core/java/android/os/storage/StorageManager.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -1528,9 +1528,9 @@ public class StorageManager {
		}

		/** {@hide} */
		public void unlockUserKey(int userId, int serialNumber, byte[] token, byte[] secret) {
		public void unlockUserKey(int userId, int serialNumber, byte[] secret) {
		try {
		mStorageManager.unlockUserKey(userId, serialNumber, token, secret);
		mStorageManager.unlockUserKey(userId, serialNumber, secret);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}

services/core/java/com/android/server/StorageManagerService.java

+3 −6

Original line number	Diff line number	Diff line
		@@ -1120,8 +1120,7 @@ class StorageManagerService extends IStorageManager.Stub
		if (initLocked) {
		mVold.lockUserKey(user.id);
		} else {
		mVold.unlockUserKey(user.id, user.serialNumber, encodeBytes(null),
		encodeBytes(null));
		mVold.unlockUserKey(user.id, user.serialNumber, encodeBytes(null));
		}
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		@@ -3236,11 +3235,10 @@ class StorageManagerService extends IStorageManager.Stub
		}

		@Override
		public void unlockUserKey(int userId, int serialNumber, byte[] token, byte[] secret) {
		public void unlockUserKey(int userId, int serialNumber, byte[] secret) {
		boolean isFsEncrypted = StorageManager.isFileEncryptedNativeOrEmulated();
		Slog.d(TAG, "unlockUserKey: " + userId
		+ " isFileEncryptedNativeOrEmulated: " + isFsEncrypted
		+ " hasToken: " + (token != null)
		+ " hasSecret: " + (secret != null));
		enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);

		@@ -3260,8 +3258,7 @@ class StorageManagerService extends IStorageManager.Stub
		return;
		}
		try {
		mVold.unlockUserKey(userId, serialNumber, encodeBytes(token),
		encodeBytes(secret));
		mVold.unlockUserKey(userId, serialNumber, encodeBytes(secret));
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return;

services/core/java/com/android/server/am/ActivityManagerService.java

+16 −2

Original line number	Diff line number	Diff line
		@@ -15108,9 +15108,23 @@ public class ActivityManagerService extends IActivityManager.Stub
		return mUserController.startUser(userId, /* foreground */ true, unlockListener);
		}

		/**
		* Unlocks the given user.
		*
		* @param userId The ID of the user to unlock.
		* @param token No longer used. (This parameter cannot be removed because
		* this method is marked with UnsupportedAppUsage, so its
		* signature might not be safe to change.)
		* @param secret The secret needed to unlock the user's credential-encrypted
		* storage, or null if no secret is needed.
		* @param listener An optional progress listener.
		*
		* @return true if the user was successfully unlocked, otherwise false.
		*/
		@Override
		public boolean unlockUser(int userId, byte[] token, byte[] secret, IProgressListener listener) {
		return mUserController.unlockUser(userId, token, secret, listener);
		public boolean unlockUser(int userId, @Nullable byte[] token, @Nullable byte[] secret,
		@Nullable IProgressListener listener) {
		return mUserController.unlockUser(userId, secret, listener);
		}

		@Override

services/core/java/com/android/server/am/UserController.java

+12 −21

Original line number	Diff line number	Diff line
		@@ -714,15 +714,9 @@ class UserController implements Handler.Callback {
		if (!Objects.equals(info.lastLoggedInFingerprint, Build.FINGERPRINT)
		\|\| SystemProperties.getBoolean("persist.pm.mock-upgrade", false)) {
		// Suppress double notifications for managed profiles that
		// were unlocked automatically as part of their parent user
		// being unlocked.
		final boolean quiet;
		if (info.isManagedProfile()) {
		quiet = !uss.tokenProvided
		\|\| !mLockPatternUtils.isSeparateProfileChallengeEnabled(userId);
		} else {
		quiet = false;
		}
		// were unlocked automatically as part of their parent user being
		// unlocked. TODO(b/217442918): this code doesn't work correctly.
		final boolean quiet = info.isManagedProfile();
		mInjector.sendPreBootBroadcast(userId, quiet,
		() -> finishUserUnlockedCompleted(uss));
		} else {
		@@ -1658,27 +1652,25 @@ class UserController implements Handler.Callback {
		}
		}

		boolean unlockUser(final @UserIdInt int userId, byte[] token, byte[] secret,
		IProgressListener listener) {
		boolean unlockUser(final @UserIdInt int userId, byte[] secret, IProgressListener listener) {
		checkCallingPermission(INTERACT_ACROSS_USERS_FULL, "unlockUser");
		EventLog.writeEvent(EventLogTags.UC_UNLOCK_USER, userId);
		final long binderToken = Binder.clearCallingIdentity();
		try {
		return unlockUserCleared(userId, token, secret, listener);
		return unlockUserCleared(userId, secret, listener);
		} finally {
		Binder.restoreCallingIdentity(binderToken);
		}
		}

		/**
		* Attempt to unlock user without a credential token. This typically
		* succeeds when the device doesn't have credential-encrypted storage, or
		* when the credential-encrypted storage isn't tied to a user-provided
		* PIN or pattern.
		* Attempt to unlock user without a secret. This typically succeeds when the
		* device doesn't have credential-encrypted storage, or when the
		* credential-encrypted storage isn't tied to a user-provided PIN or
		* pattern.
		*/
		private boolean maybeUnlockUser(final @UserIdInt int userId) {
		// Try unlocking storage using empty token
		return unlockUserCleared(userId, null, null, null);
		return unlockUserCleared(userId, null, null);
		}

		private static void notifyFinished(@UserIdInt int userId, IProgressListener listener) {
		@@ -1689,7 +1681,7 @@ class UserController implements Handler.Callback {
		}
		}

		private boolean unlockUserCleared(final @UserIdInt int userId, byte[] token, byte[] secret,
		private boolean unlockUserCleared(final @UserIdInt int userId, byte[] secret,
		IProgressListener listener) {
		UserState uss;
		if (!StorageManager.isUserKeyUnlocked(userId)) {
		@@ -1697,7 +1689,7 @@ class UserController implements Handler.Callback {
		final IStorageManager storageManager = mInjector.getStorageManager();
		try {
		// We always want to unlock user storage, even user is not started yet
		storageManager.unlockUserKey(userId, userInfo.serialNumber, token, secret);
		storageManager.unlockUserKey(userId, userInfo.serialNumber, secret);
		} catch (RemoteException \| RuntimeException e) {
		Slogf.w(TAG, "Failed to unlock: " + e.getMessage());
		}
		@@ -1707,7 +1699,6 @@ class UserController implements Handler.Callback {
		uss = mStartedUsers.get(userId);
		if (uss != null) {
		uss.mUnlockProgress.addListener(listener);
		uss.tokenProvided = (token != null);
		}
		}
		// Bail if user isn't actually running