Merge "Update the encryption password when the device password is changed." into honeycomb (a2e765ef) · Commits · e / os / android_frameworks_base

core/java/android/os/storage/IMountService.java

+34 −1

Original line number	Diff line number	Diff line
		@@ -620,6 +620,23 @@ public interface IMountService extends IInterface {
		}
		return _result;
		}

		public int changeEncryptionPassword(String password) throws RemoteException {
		Parcel _data = Parcel.obtain();
		Parcel _reply = Parcel.obtain();
		int _result;
		try {
		_data.writeInterfaceToken(DESCRIPTOR);
		_data.writeString(password);
		mRemote.transact(Stub.TRANSACTION_changeEncryptionPassword, _data, _reply, 0);
		_reply.readException();
		_result = _reply.readInt();
		} finally {
		_reply.recycle();
		_data.recycle();
		}
		return _result;
		}
		}

		private static final String DESCRIPTOR = "IMountService";
		@@ -680,6 +697,8 @@ public interface IMountService extends IInterface {

		static final int TRANSACTION_encryptStorage = IBinder.FIRST_CALL_TRANSACTION + 27;

		static final int TRANSACTION_changeEncryptionPassword = IBinder.FIRST_CALL_TRANSACTION + 28;

		/**
		* Cast an IBinder object into an IMountService interface, generating a
		* proxy if needed.
		@@ -977,6 +996,14 @@ public interface IMountService extends IInterface {
		reply.writeInt(result);
		return true;
		}
		case TRANSACTION_changeEncryptionPassword: {
		data.enforceInterface(DESCRIPTOR);
		String password = data.readString();
		int result = changeEncryptionPassword(password);
		reply.writeNoException();
		reply.writeInt(result);
		return true;
		}
		}
		return super.onTransact(code, data, reply, flags);
		}
		@@ -1146,4 +1173,10 @@ public interface IMountService extends IInterface {
		* Encrypts storage.
		*/
		public int encryptStorage(String password) throws RemoteException;

		/**
		* Changes the encryption password.
		*/
		public int changeEncryptionPassword(String password) throws RemoteException;

		}

core/java/com/android/internal/widget/LockPatternUtils.java

+31 −4

Original line number	Diff line number	Diff line
		@@ -16,13 +16,19 @@

		package com.android.internal.widget;

		import com.android.internal.R;
		import com.android.internal.telephony.ITelephony;
		import com.google.android.collect.Lists;

		import android.app.admin.DevicePolicyManager;
		import android.content.ContentResolver;
		import android.content.Context;
		import android.os.FileObserver;
		import android.os.IBinder;
		import android.os.RemoteException;
		import android.os.ServiceManager;
		import android.os.SystemClock;
		import android.os.storage.IMountService;
		import android.provider.Settings;
		import android.security.MessageDigest;
		import android.telephony.TelephonyManager;
		@@ -30,10 +36,6 @@ import android.text.TextUtils;
		import android.util.Log;
		import android.widget.Button;

		import com.android.internal.R;
		import com.android.internal.telephony.ITelephony;
		import com.google.android.collect.Lists;

		import java.io.File;
		import java.io.FileNotFoundException;
		import java.io.IOException;
		@@ -139,6 +141,7 @@ public class LockPatternUtils {
		int fileObserverMask = FileObserver.CLOSE_WRITE \| FileObserver.DELETE \|
		FileObserver.MOVED_TO \| FileObserver.CREATE;
		sPasswordObserver = new FileObserver(dataSystemDirectory, fileObserverMask) {
		@Override
		public void onEvent(int event, String path) {
		if (LOCK_PATTERN_FILE.equals(path)) {
		Log.d(TAG, "lock pattern file changed");
		@@ -439,6 +442,27 @@ public class LockPatternUtils {
		return DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
		}

		/ Update the encryption password if it is enabled /
		private void updateEncryptionPassword(String password) {
		DevicePolicyManager dpm = getDevicePolicyManager();
		if (dpm.getStorageEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) {
		return;
		}

		IBinder service = ServiceManager.getService("mount");
		if (service == null) {
		Log.e(TAG, "Could not find the mount service to update the encryption password");
		return;
		}

		IMountService mountService = IMountService.Stub.asInterface(service);
		try {
		mountService.changeEncryptionPassword(password);
		} catch (RemoteException e) {
		Log.e(TAG, "Error changing encryption password", e);
		}
		}

		/**
		* Save a lock password. Does not ensure that the password is as good
		* as the requested mode, but will adjust the mode to be as good as the
		@@ -461,6 +485,9 @@ public class LockPatternUtils {
		raf.close();
		DevicePolicyManager dpm = getDevicePolicyManager();
		if (password != null) {
		// Update the encryption password.
		updateEncryptionPassword(password);

		int computedQuality = computePasswordQuality(password);
		setLong(PASSWORD_TYPE_KEY, Math.max(quality, computedQuality));
		if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {

services/java/com/android/server/MountService.java

+39 −8

Original line number	Diff line number	Diff line
		@@ -46,6 +46,7 @@ import android.os.storage.IMountShutdownObserver;
		import android.os.storage.IObbActionListener;
		import android.os.storage.OnObbStateChangeListener;
		import android.os.storage.StorageResultCode;
		import android.text.TextUtils;
		import android.util.Slog;

		import java.io.FileDescriptor;
		@@ -1632,8 +1633,8 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
		}

		public int decryptStorage(String password) {
		if (password == null) {
		throw new IllegalArgumentException("password cannot be null");
		if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("password cannot be empty");
		}

		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		@@ -1647,13 +1648,13 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC

		try {
		ArrayList<String> rsp = mConnector.doCommand("cryptfs checkpw " + password);
		String []tok = rsp.get(0).split(" ");
		String[] tokens = rsp.get(0).split(" ");

		if (tok == null \|\| tok.length != 2) {
		if (tokens == null \|\| tokens.length != 2) {
		return -1;
		}

		int code = Integer.parseInt(tok[1]);
		int code = Integer.parseInt(tokens[1]);

		if (code == 0) {
		// Decrypt was successful. Post a delayed message before restarting in order
		@@ -1662,7 +1663,7 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
		public void run() {
		mConnector.doCommand(String.format("cryptfs restart"));
		}
		}, 2000); // 2 seconds
		}, 1000); // 1 second
		}

		return code;
		@@ -1673,8 +1674,8 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
		}

		public int encryptStorage(String password) {
		if (password == null) {
		throw new IllegalArgumentException("password cannot be null");
		if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("password cannot be empty");
		}

		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		@@ -1696,6 +1697,36 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
		return 0;
		}

		public int changeEncryptionPassword(String password) {
		if (TextUtils.isEmpty(password)) {
		throw new IllegalArgumentException("password cannot be empty");
		}

		mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
		"no permission to access the crypt keeper");

		waitForReady();

		if (DEBUG_EVENTS) {
		Slog.i(TAG, "changing encryption password...");
		}

		try {
		ArrayList<String> response = mConnector.doCommand("cryptfs changepw " + password);

		String[] tokens = response.get(0).split(" ");

		if (tokens == null \|\| tokens.length != 2) {
		return -1;
		}

		return Integer.parseInt(tokens[1]);
		} catch (NativeDaemonConnectorException e) {
		// Encryption failed
		return e.getCode();
		}
		}

		private void addObbStateLocked(ObbState obbState) throws RemoteException {
		final IBinder binder = obbState.getBinder();
		List<ObbState> obbStates = mObbMounts.get(binder);