Merge changes from topic "remove-fde" am: 841350e6ac (741d018f) · Commits · e / os / android_frameworks_base

core/java/android/os/storage/IStorageManager.aidl

+0 −53

Original line number	Diff line number	Diff line
		@@ -77,37 +77,10 @@ interface IStorageManager {
		* Gets the path to the mounted Opaque Binary Blob (OBB).
		*/
		String getMountedObbPath(in String rawPath) = 24;
		/**
		* Decrypts any encrypted volumes.
		*/
		int decryptStorage(in String password) = 26;
		/**
		* Encrypts storage.
		*/
		int encryptStorage(int type, in String password) = 27;
		/**
		* Changes the encryption password.
		*/
		int changeEncryptionPassword(int type, in String password) = 28;
		/**
		* Returns list of all mountable volumes.
		*/
		StorageVolume[] getVolumeList(int uid, in String packageName, int flags) = 29;
		/**
		* Determines the encryption state of the volume.
		* @return a numerical value. See {@code ENCRYPTION_STATE_*} for possible
		* values.
		* Note that this has been replaced in most cases by the APIs in
		* StorageManager (see isEncryptable and below)
		* This is still useful to get the error state when encryption has failed
		* and CryptKeeper needs to throw up a screen advising the user what to do
		*/
		int getEncryptionState() = 31;
		/**
		* Verify the encryption password against the stored volume. This method
		* may only be called by the system process.
		*/
		int verifyEncryptionPassword(in String password) = 32;
		/**
		* Ensure that all directories along given path exist, creating parent
		* directories as needed. Validates that given path is absolute and that it
		@@ -116,32 +89,6 @@ interface IStorageManager {
		* external storage data or OBB directory belonging to calling app.
		*/
		void mkdirs(in String callingPkg, in String path) = 34;
		/**
		* Determines the type of the encryption password
		* @return PasswordType
		*/
		int getPasswordType() = 35;
		/**
		* Get password from vold
		* @return password or empty string
		*/
		String getPassword() = 36;
		/**
		* Securely clear password from vold
		*/
		oneway void clearPassword() = 37;
		/**
		* Set a field in the crypto header.
		* @param field field to set
		* @param contents contents to set in field
		*/
		oneway void setField(in String field, in String contents) = 38;
		/**
		* Gets a field from the crypto header.
		* @param field field to get
		* @return contents of field
		*/
		String getField(in String field) = 39;
		/**
		* Report the time of the last maintenance operation such as fstrim.
		* @return Timestamp of the last maintenance operation, in the

core/java/android/os/storage/StorageManager.java

+0 −10

Original line number	Diff line number	Diff line
		@@ -2904,14 +2904,4 @@ public class StorageManager {
		public static final int CRYPT_TYPE_PATTERN = IVold.PASSWORD_TYPE_PATTERN;
		/** @hide */
		public static final int CRYPT_TYPE_PIN = IVold.PASSWORD_TYPE_PIN;

		// Constants for the data available via StorageManagerService.getField.
		/** @hide */
		public static final String SYSTEM_LOCALE_KEY = "SystemLocale";
		/** @hide */
		public static final String OWNER_INFO_KEY = "OwnerInfo";
		/** @hide */
		public static final String PATTERN_VISIBLE_KEY = "PatternVisible";
		/** @hide */
		public static final String PASSWORD_VISIBLE_KEY = "PasswordVisible";
		}

libs/storage/IMountService.cpp

+0 −36

Original line number	Diff line number	Diff line
		@@ -48,8 +48,6 @@ enum {
		TRANSACTION_isObbMounted,
		TRANSACTION_getMountedObbPath,
		TRANSACTION_isExternalStorageEmulated,
		TRANSACTION_decryptStorage,
		TRANSACTION_encryptStorage,
		};

		class BpMountService: public BpInterface<IMountService>
		@@ -517,40 +515,6 @@ public:
		path = reply.readString16();
		return true;
		}

		int32_t decryptStorage(const String16& password)
		{
		Parcel data, reply;
		data.writeInterfaceToken(IMountService::getInterfaceDescriptor());
		data.writeString16(password);
		if (remote()->transact(TRANSACTION_decryptStorage, data, &reply) != NO_ERROR) {
		ALOGD("decryptStorage could not contact remote\n");
		return -1;
		}
		int32_t err = reply.readExceptionCode();
		if (err < 0) {
		ALOGD("decryptStorage caught exception %d\n", err);
		return err;
		}
		return reply.readInt32();
		}

		int32_t encryptStorage(const String16& password)
		{
		Parcel data, reply;
		data.writeInterfaceToken(IMountService::getInterfaceDescriptor());
		data.writeString16(password);
		if (remote()->transact(TRANSACTION_encryptStorage, data, &reply) != NO_ERROR) {
		ALOGD("encryptStorage could not contact remote\n");
		return -1;
		}
		int32_t err = reply.readExceptionCode();
		if (err < 0) {
		ALOGD("encryptStorage caught exception %d\n", err);
		return err;
		}
		return reply.readInt32();
		}
		};

		IMPLEMENT_META_INTERFACE(MountService, "android.os.storage.IStorageManager")

libs/storage/include/storage/IMountService.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -70,8 +70,6 @@ public:
		const sp<IObbActionListener>& token, const int32_t nonce) = 0;
		virtual bool isObbMounted(const String16& filename) = 0;
		virtual bool getMountedObbPath(const String16& filename, String16& path) = 0;
		virtual int32_t decryptStorage(const String16& password) = 0;
		virtual int32_t encryptStorage(const String16& password) = 0;
		};

		// ----------------------------------------------------------------------------

services/core/java/com/android/server/StorageManagerService.java

+0 −224

Original line number	Diff line number	Diff line
		@@ -3072,203 +3072,6 @@ class StorageManagerService extends IStorageManager.Stub
		}
		}

		@Override
		public int getEncryptionState() {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		try {
		return mVold.fdeComplete();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN;
		}
		}

		@Override
		public int decryptStorage(String password) {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("password cannot be empty");
		}

		if (DEBUG_EVENTS) {
		Slog.i(TAG, "decrypting storage...");
		}

		try {
		mVold.fdeCheckPassword(password);
		mHandler.postDelayed(() -> {
		try {
		mVold.fdeRestart();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		}
		}, DateUtils.SECOND_IN_MILLIS);
		return 0;
		} catch (ServiceSpecificException e) {
		Slog.e(TAG, "fdeCheckPassword failed", e);
		return e.errorCode;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN;
		}
		}

		@Override
		public int encryptStorage(int type, String password) {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		if (type == StorageManager.CRYPT_TYPE_DEFAULT) {
		password = "";
		} else if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("password cannot be empty");
		}

		if (DEBUG_EVENTS) {
		Slog.i(TAG, "encrypting storage...");
		}

		try {
		mVold.fdeEnable(type, password, 0);
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return -1;
		}

		return 0;
		}

		/** Set the password for encrypting the main key.
		* @param type One of the CRYPTO_TYPE_XXX consts defined in StorageManager.
		* @param password The password to set.
		*/
		@Override
		public int changeEncryptionPassword(int type, String password) {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		if (StorageManager.isFileEncryptedNativeOnly()) {
		// Not supported on FBE devices
		return -1;
		}

		if (type == StorageManager.CRYPT_TYPE_DEFAULT) {
		password = "";
		} else if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("password cannot be empty");
		}

		if (DEBUG_EVENTS) {
		Slog.i(TAG, "changing encryption password...");
		}

		try {
		mVold.fdeChangePassword(type, password);
		return 0;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return -1;
		}
		}

		/**
		* Validate a user-supplied password string with cryptfs
		*/
		@Override
		public int verifyEncryptionPassword(String password) throws RemoteException {
		// Only the system process is permitted to validate passwords
		if (Binder.getCallingUid() != android.os.Process.SYSTEM_UID) {
		throw new SecurityException("no permission to access the crypt keeper");
		}

		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("password cannot be empty");
		}

		if (DEBUG_EVENTS) {
		Slog.i(TAG, "validating encryption password...");
		}

		try {
		mVold.fdeVerifyPassword(password);
		return 0;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return -1;
		}
		}

		/**
		* Get the type of encryption used to encrypt the main key.
		* @return The type, one of the CRYPT_TYPE_XXX consts from StorageManager.
		*/
		@Override
		public int getPasswordType() {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		try {
		return mVold.fdeGetPasswordType();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return -1;
		}
		}

		/**
		* Set a field in the crypto header.
		* @param field field to set
		* @param contents contents to set in field
		*/
		@Override
		public void setField(String field, String contents) throws RemoteException {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		if (!StorageManager.isBlockEncrypted()) {
		// Only supported on FDE devices
		return;
		}

		try {
		mVold.fdeSetField(field, contents);
		return;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return;
		}
		}

		/**
		* Gets a field from the crypto header.
		* @param field field to get
		* @return contents of field
		*/
		@Override
		public String getField(String field) throws RemoteException {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		if (!StorageManager.isBlockEncrypted()) {
		// Only supported on FDE devices
		return null;
		}

		try {
		return mVold.fdeGetField(field);
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return null;
		}
		}

		/**
		* Is userdata convertible to file based encryption?
		* @return non zero for convertible
		@@ -3350,33 +3153,6 @@ class StorageManagerService extends IStorageManager.Stub
		mVold.abortChanges(message, retry);
		}

		@Override
		public String getPassword() throws RemoteException {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"only keyguard can retrieve password");

		try {
		return mVold.fdeGetPassword();
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return null;
		}
		}

		@Override
		public void clearPassword() throws RemoteException {
		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"only keyguard can clear password");

		try {
		mVold.fdeClearPassword();
		return;
		} catch (Exception e) {
		Slog.wtf(TAG, e);
		return;
		}
		}

		@Override
		public void createUserKey(int userId, int serialNumber, boolean ephemeral) {
		enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);