Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83645e6d authored by Eric Biggers's avatar Eric Biggers Committed by Android (Google) Code Review
Browse files

Merge changes Ib5bcfb6a,I46c2a472,If0c75774 into tm-dev 

* changes:
  Stub out some FDE methods in StorageManager
  Stop trying to update FDE password from LockSettingsService
  Remove clearEncryptionPassword() from LockPatternUtils
parents aea2082a f4f345db

core/java/android/os/storage/StorageManager.java

+4 −21
Original line number Diff line number Diff line
@@ -83,7 +83,6 @@ import android.os.UserHandle; 
import android.provider.DeviceConfig;

import android.provider.MediaStore;

import android.provider.Settings;

import android.sysprop.VoldProperties;

import android.system.ErrnoException;

import android.system.Os;

import android.system.OsConstants;
@@ -1739,11 +1738,8 @@ public class StorageManager { 
     *         false not encrypted or file encrypted

     */

    public static boolean isBlockEncrypted() {

        if (!isEncrypted()) {

        return false;

    }

        return RoSystemProperties.CRYPTO_BLOCK_ENCRYPTED;

    }



    /** {@hide}

     * Is this device block encrypted with credentials?
@@ -1752,20 +1748,9 @@ public class StorageManager { 
     *         false not encrypted, file encrypted or default block encrypted

     */

    public static boolean isNonDefaultBlockEncrypted() {

        if (!isBlockEncrypted()) {

        return false;

    }



        try {

            IStorageManager storageManager = IStorageManager.Stub.asInterface(

                    ServiceManager.getService("mount"));

            return storageManager.getPasswordType() != CRYPT_TYPE_DEFAULT;

        } catch (RemoteException e) {

            Log.e(TAG, "Error getting encryption type");

            return false;

        }

    }



    /** {@hide}

     * Is this device in the process of being block encrypted?

     * @return true for encrypting.
@@ -1777,8 +1762,7 @@ public class StorageManager { 
     * framework, so no service needs to check for changes during their lifespan

     */

    public static boolean isBlockEncrypting() {

        final String state = VoldProperties.encrypt_progress().orElse("");

        return !"".equalsIgnoreCase(state);

        return false;

    }



    /** {@hide}
@@ -1793,8 +1777,7 @@ public class StorageManager { 
     * framework, so no service needs to check for changes during their lifespan

     */

    public static boolean inCryptKeeperBounce() {

        final String status = VoldProperties.decrypt().orElse("");

        return "trigger_restart_min_framework".equals(status);

        return false;

    }



    /** {@hide} */

core/java/com/android/internal/widget/ILockSettings.aidl

+0 −1
Original line number Diff line number Diff line
@@ -97,7 +97,6 @@ interface ILockSettings { 
    boolean hasSecureLockScreen();

    boolean tryUnlockWithCachedUnifiedChallenge(int userId);

    void removeCachedUnifiedChallenge(int userId);

    void updateEncryptionPassword(int type, in byte[] password);

    boolean registerWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener);

    boolean unregisterWeakEscrowTokenRemovedListener(in IWeakEscrowTokenRemovedListener listener);

    long addWeakEscrowToken(in byte[] token, int userId, in IWeakEscrowTokenActivatedListener callback);

core/java/com/android/internal/widget/LockPatternUtils.java

+0 −11
Original line number Diff line number Diff line
@@ -783,17 +783,6 @@ public class LockPatternUtils { 
        return StorageManager.isFileEncryptedNativeOrEmulated();

    }



    /**

     * Clears the encryption password.

     */

    public void clearEncryptionPassword() {

        try {

            getLockSettings().updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);

        } catch (RemoteException e) {

            Log.e(TAG, "Couldn't clear encryption password");

        }

    }



    /**

     * Retrieves the quality mode for {@code userHandle}.

     * @see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)

services/core/java/com/android/server/locksettings/LockSettingsService.java

+4 −49
Original line number Diff line number Diff line
@@ -1800,7 +1800,10 @@ public class LockSettingsService extends ILockSettings.Stub { 
    }



    private void onPostPasswordChanged(LockscreenCredential newCredential, int userHandle) {

        updateEncryptionPasswordIfNeeded(newCredential, userHandle);

        if (userHandle == UserHandle.USER_SYSTEM && isDeviceEncryptionEnabled() &&

            shouldEncryptWithCredentials() && newCredential.isNone()) {

            setCredentialRequiredToDecrypt(false);

        }

        if (newCredential.isPattern()) {

            setBoolean(LockPatternUtils.PATTERN_EVER_CHOSEN_KEY, true, userHandle);

        }
@@ -1808,26 +1811,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
        mContext.getSystemService(TrustManager.class).reportEnabledTrustAgentsChanged(userHandle);

    }



    /**

     * Update device encryption password if calling user is USER_SYSTEM and device supports

     * encryption.

     */

    private void updateEncryptionPasswordIfNeeded(LockscreenCredential credential, int userHandle) {

        // Update the device encryption password.

        if (userHandle != UserHandle.USER_SYSTEM || !isDeviceEncryptionEnabled()) {

            return;

        }

        if (!shouldEncryptWithCredentials()) {

            updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);

            return;

        }

        if (credential.isNone()) {

            // Set the encryption password to default.

            setCredentialRequiredToDecrypt(false);

        }

        updateEncryptionPassword(credential.getStorageCryptType(), credential.getCredential());

    }



    /**

     * Store the hash of the *current* password in the password history list, if device policy

     * enforces password history requirement.
@@ -1942,34 +1925,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }

    }



    /** Update the encryption password if it is enabled **/

    @Override

    public void updateEncryptionPassword(final int type, final byte[] password) {

        if (!hasSecureLockScreen() && password != null && password.length != 0) {

            throw new UnsupportedOperationException(

                    "This operation requires the lock screen feature.");

        }

        if (!isDeviceEncryptionEnabled()) {

            return;

        }

        final IBinder service = ServiceManager.getService("mount");

        if (service == null) {

            Slog.e(TAG, "Could not find the mount service to update the encryption password");

            return;

        }



        // TODO(b/120484642): This is a location where we still use a String for vold

        String passwordString = password != null ? new String(password) : null;

        mHandler.post(() -> {

            IStorageManager storageManager = mInjector.getStorageManager();

            try {

                storageManager.changeEncryptionPassword(type, passwordString);

            } catch (RemoteException e) {

                Slog.e(TAG, "Error changing encryption password", e);

            }

        });

    }



    /** Register the given WeakEscrowTokenRemovedListener. */

    @Override

    public boolean registerWeakEscrowTokenRemovedListener(