Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aae03d8b authored by Paul Crowley's avatar Paul Crowley Committed by The Android Automerger
Browse files

Revert "Two phases to set the password for disk encryption" 

This reverts commit 17e5dce5.

Bug: 28694324
Change-Id: I6d89bc26cb429b195c9bcf640666c495617257b7
parent 31291d92

core/java/android/os/storage/IMountService.java

+12 −35
Original line number Diff line number Diff line
@@ -1233,8 +1233,8 @@ public interface IMountService extends IInterface { 
            }



            @Override

            public void addUserKeyAuth(int userId, int serialNumber,

                    byte[] token, byte[] secret) throws RemoteException {

            public void changeUserKey(int userId, int serialNumber,

                    byte[] token, byte[] oldSecret, byte[] newSecret) throws RemoteException {

                Parcel _data = Parcel.obtain();

                Parcel _reply = Parcel.obtain();

                try {
@@ -1242,23 +1242,9 @@ public interface IMountService extends IInterface { 
                    _data.writeInt(userId);

                    _data.writeInt(serialNumber);

                    _data.writeByteArray(token);

                    _data.writeByteArray(secret);

                    mRemote.transact(Stub.TRANSACTION_addUserKeyAuth, _data, _reply, 0);

                    _reply.readException();

                } finally {

                    _reply.recycle();

                    _data.recycle();

                }

            }



            @Override

            public void fixateNewestUserKeyAuth(int userId) throws RemoteException {

                Parcel _data = Parcel.obtain();

                Parcel _reply = Parcel.obtain();

                try {

                    _data.writeInterfaceToken(DESCRIPTOR);

                    _data.writeInt(userId);

                    mRemote.transact(Stub.TRANSACTION_fixateNewestUserKeyAuth, _data, _reply, 0);

                    _data.writeByteArray(oldSecret);

                    _data.writeByteArray(newSecret);

                    mRemote.transact(Stub.TRANSACTION_changeUserKey, _data, _reply, 0);

                    _reply.readException();

                } finally {

                    _reply.recycle();
@@ -1503,9 +1489,7 @@ public interface IMountService extends IInterface { 


        static final int TRANSACTION_mountAppFuse = IBinder.FIRST_CALL_TRANSACTION + 69;



        static final int TRANSACTION_addUserKeyAuth = IBinder.FIRST_CALL_TRANSACTION + 70;



        static final int TRANSACTION_fixateNewestUserKeyAuth = IBinder.FIRST_CALL_TRANSACTION + 71;

        static final int TRANSACTION_changeUserKey = IBinder.FIRST_CALL_TRANSACTION + 70;



        /**

         * Cast an IBinder object into an IMountService interface, generating a
@@ -2085,20 +2069,14 @@ public interface IMountService extends IInterface { 
                    reply.writeNoException();

                    return true;

                }

                case TRANSACTION_addUserKeyAuth: {

                case TRANSACTION_changeUserKey: {

                    data.enforceInterface(DESCRIPTOR);

                    int userId = data.readInt();

                    int serialNumber = data.readInt();

                    byte[] token = data.createByteArray();

                    byte[] secret = data.createByteArray();

                    addUserKeyAuth(userId, serialNumber, token, secret);

                    reply.writeNoException();

                    return true;

                }

                case TRANSACTION_fixateNewestUserKeyAuth: {

                    data.enforceInterface(DESCRIPTOR);

                    int userId = data.readInt();

                    fixateNewestUserKeyAuth(userId);

                    byte[] oldSecret = data.createByteArray();

                    byte[] newSecret = data.createByteArray();

                    changeUserKey(userId, serialNumber, token, oldSecret, newSecret);

                    reply.writeNoException();

                    return true;

                }
@@ -2474,9 +2452,8 @@ public interface IMountService extends IInterface { 
    public void createUserKey(int userId, int serialNumber, boolean ephemeral)

            throws RemoteException;

    public void destroyUserKey(int userId) throws RemoteException;

    public void addUserKeyAuth(int userId, int serialNumber,

            byte[] token, byte[] secret) throws RemoteException;

    public void fixateNewestUserKeyAuth(int userId) throws RemoteException;

    public void changeUserKey(int userId, int serialNumber,

            byte[] token, byte[] oldSecret, byte[] newSecret) throws RemoteException;



    public void unlockUserKey(int userId, int serialNumber,

            byte[] token, byte[] secret) throws RemoteException;

services/core/java/com/android/server/LockSettingsService.java

+10 −35
Original line number Diff line number Diff line
@@ -789,11 +789,10 @@ public class LockSettingsService extends ILockSettings.Stub { 
                if (isSecure) {

                    tieManagedProfileLockIfNecessary(managedUserId, null);

                } else {

                    clearUserKeyProtection(managedUserId);

                    getGateKeeperService().clearSecureUserId(managedUserId);

                    mStorage.writePatternHash(null, managedUserId);

                    setKeystorePassword(null, managedUserId);

                    fixateNewestUserKeyAuth(managedUserId);

                    clearUserKeyProtection(managedUserId);

                    mStorage.removeChildProfileLock(managedUserId);

                    removeKeystoreProfileKey(managedUserId);

                }
@@ -828,11 +827,10 @@ public class LockSettingsService extends ILockSettings.Stub { 
        byte[] currentHandle = getCurrentHandle(userId);



        if (pattern == null) {

            clearUserKeyProtection(userId);

            getGateKeeperService().clearSecureUserId(userId);

            mStorage.writePatternHash(null, userId);

            setKeystorePassword(null, userId);

            fixateNewestUserKeyAuth(userId);

            clearUserKeyProtection(userId);

            onUserLockChanged(userId);

            return;

        }
@@ -862,12 +860,8 @@ public class LockSettingsService extends ILockSettings.Stub { 


        byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, pattern, userId);

        if (enrolledHandle != null) {

            CredentialHash willStore

                = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER);

            setUserKeyProtection(userId, pattern,

                doVerifyPattern(pattern, willStore, true, 0, userId));

            mStorage.writePatternHash(enrolledHandle, userId);

            fixateNewestUserKeyAuth(userId);

            setUserKeyProtection(userId, pattern, verifyPattern(pattern, 0, userId));

            onUserLockChanged(userId);

        } else {

            throw new RemoteException("Failed to enroll pattern");
@@ -890,11 +884,10 @@ public class LockSettingsService extends ILockSettings.Stub { 
            throws RemoteException {

        byte[] currentHandle = getCurrentHandle(userId);

        if (password == null) {

            clearUserKeyProtection(userId);

            getGateKeeperService().clearSecureUserId(userId);

            mStorage.writePasswordHash(null, userId);

            setKeystorePassword(null, userId);

            fixateNewestUserKeyAuth(userId);

            clearUserKeyProtection(userId);

            onUserLockChanged(userId);

            return;

        }
@@ -922,12 +915,8 @@ public class LockSettingsService extends ILockSettings.Stub { 


        byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, password, userId);

        if (enrolledHandle != null) {

            CredentialHash willStore

                = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER);

            setUserKeyProtection(userId, password,

                doVerifyPassword(password, willStore, true, 0, userId));

            mStorage.writePasswordHash(enrolledHandle, userId);

            fixateNewestUserKeyAuth(userId);

            setUserKeyProtection(userId, password, verifyPassword(password, 0, userId));

            onUserLockChanged(userId);

        } else {

            throw new RemoteException("Failed to enroll password");
@@ -1032,11 +1021,11 @@ public class LockSettingsService extends ILockSettings.Stub { 
        if (token == null) {

            throw new RemoteException("Empty payload verifying a credential we just set");

        }

        addUserKeyAuth(userId, token, secretFromCredential(credential));

        changeUserKey(userId, token, secretFromCredential(credential));

    }



    private void clearUserKeyProtection(int userId) throws RemoteException {

        addUserKeyAuth(userId, null, null);

        changeUserKey(userId, null, null);

    }



    private static byte[] secretFromCredential(String credential) throws RemoteException {
@@ -1055,23 +1044,18 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }

    }



    private void addUserKeyAuth(int userId, byte[] token, byte[] secret)

    private void changeUserKey(int userId, byte[] token, byte[] secret)

            throws RemoteException {

        final UserInfo userInfo = UserManager.get(mContext).getUserInfo(userId);

        final IMountService mountService = getMountService();

        final long callingId = Binder.clearCallingIdentity();

        try {

            mountService.addUserKeyAuth(userId, userInfo.serialNumber, token, secret);

            mountService.changeUserKey(userId, userInfo.serialNumber, token, null, secret);

        } finally {

            Binder.restoreCallingIdentity(callingId);

        }

    }



    private void fixateNewestUserKeyAuth(int userId)

            throws RemoteException {

        getMountService().fixateNewestUserKeyAuth(userId);

    }



    @Override

    public VerifyCredentialResponse checkPattern(String pattern, int userId) throws RemoteException {

        return doVerifyPattern(pattern, false, 0, userId);
@@ -1087,11 +1071,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
            long challenge, int userId) throws RemoteException {

       checkPasswordReadPermission(userId);

       CredentialHash storedHash = mStorage.readPatternHash(userId);

       return doVerifyPattern(pattern, storedHash, hasChallenge, challenge, userId);

    }



    private VerifyCredentialResponse doVerifyPattern(String pattern, CredentialHash storedHash,

            boolean hasChallenge, long challenge, int userId) throws RemoteException {

       boolean shouldReEnrollBaseZero = storedHash != null && storedHash.isBaseZeroPattern;



       String patternToVerify;
@@ -1129,6 +1108,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
       }



       return response;



    }



    @Override
@@ -1178,11 +1158,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
            long challenge, int userId) throws RemoteException {

       checkPasswordReadPermission(userId);

       CredentialHash storedHash = mStorage.readPasswordHash(userId);

       return doVerifyPassword(password, storedHash, hasChallenge, challenge, userId);

    }



    private VerifyCredentialResponse doVerifyPassword(String password, CredentialHash storedHash,

            boolean hasChallenge, long challenge, int userId) throws RemoteException {

       return verifyCredential(userId, storedHash, password, hasChallenge, challenge,

               new CredentialUtil() {

                   @Override

services/core/java/com/android/server/LockSettingsStorage.java

+1 −1
Original line number Diff line number Diff line
@@ -74,7 +74,7 @@ class LockSettingsStorage { 


    private SparseArray<Integer> mStoredCredentialType;



    static class CredentialHash {

    class CredentialHash {

        static final int TYPE_NONE = -1;

        static final int TYPE_PATTERN = 1;

        static final int TYPE_PASSWORD = 2;

services/core/java/com/android/server/MountService.java

+4 −25
Original line number Diff line number Diff line
@@ -2816,36 +2816,15 @@ class MountService extends IMountService.Stub 
        }

    }



    /*

     * Add this token/secret pair to the set of ways we can recover a disk encryption key.

     * Changing the token/secret for a disk encryption key is done in two phases: first, adding

     * a new token/secret pair with this call, then delting all other pairs with

     * fixateNewestUserKeyAuth. This allows other places where a credential is used, such as

     * Gatekeeper, to be updated between the two calls.

     */

    @Override

    public void addUserKeyAuth(int userId, int serialNumber, byte[] token, byte[] secret) {

        enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);

        waitForReady();



        try {

            mCryptConnector.execute("cryptfs", "add_user_key_auth", userId, serialNumber,

                encodeBytes(token), encodeBytes(secret));

        } catch (NativeDaemonConnectorException e) {

            throw e.rethrowAsParcelableException();

        }

    }



    /*

     * Delete all disk encryption token/secret pairs except the most recently added one

     */

    @Override

    public void fixateNewestUserKeyAuth(int userId) {

    public void changeUserKey(int userId, int serialNumber,

            byte[] token, byte[] oldSecret, byte[] newSecret) {

        enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);

        waitForReady();



        try {

            mCryptConnector.execute("cryptfs", "fixate_newest_user_key_auth", userId);

            mCryptConnector.execute("cryptfs", "change_user_key", userId, serialNumber,

                encodeBytes(token), encodeBytes(oldSecret), encodeBytes(newSecret));

        } catch (NativeDaemonConnectorException e) {

            throw e.rethrowAsParcelableException();

        }