Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b56960bc authored by Eric Biggers's avatar Eric Biggers Committed by Gerrit Code Review
Browse files

Merge changes Ib5bcfb6a,I46c2a472,If0c75774,Iab7ba8d3 

* changes:
  Stub out some FDE methods in StorageManager
  Stop trying to update FDE password from LockSettingsService
  Remove clearEncryptionPassword() from LockPatternUtils
  Stop trying to get/set fields in FDE footer
parents e55bd160 25bf2f8a

core/java/android/os/storage/StorageManager.java

+4 −21
Original line number Diff line number Diff line
@@ -82,7 +82,6 @@ import android.os.SystemProperties; 
import android.os.UserHandle;

import android.provider.MediaStore;

import android.provider.Settings;

import android.sysprop.VoldProperties;

import android.system.ErrnoException;

import android.system.Os;

import android.system.OsConstants;
@@ -1636,11 +1635,8 @@ public class StorageManager { 
     *         false not encrypted or file encrypted

     */

    public static boolean isBlockEncrypted() {

        if (!isEncrypted()) {

        return false;

    }

        return RoSystemProperties.CRYPTO_BLOCK_ENCRYPTED;

    }



    /** {@hide}

     * Is this device block encrypted with credentials?
@@ -1649,20 +1645,9 @@ public class StorageManager { 
     *         false not encrypted, file encrypted or default block encrypted

     */

    public static boolean isNonDefaultBlockEncrypted() {

        if (!isBlockEncrypted()) {

        return false;

    }



        try {

            IStorageManager storageManager = IStorageManager.Stub.asInterface(

                    ServiceManager.getService("mount"));

            return storageManager.getPasswordType() != CRYPT_TYPE_DEFAULT;

        } catch (RemoteException e) {

            Log.e(TAG, "Error getting encryption type");

            return false;

        }

    }



    /** {@hide}

     * Is this device in the process of being block encrypted?

     * @return true for encrypting.
@@ -1674,8 +1659,7 @@ public class StorageManager { 
     * framework, so no service needs to check for changes during their lifespan

     */

    public static boolean isBlockEncrypting() {

        final String state = VoldProperties.encrypt_progress().orElse("");

        return !"".equalsIgnoreCase(state);

        return false;

    }



    /** {@hide}
@@ -1690,8 +1674,7 @@ public class StorageManager { 
     * framework, so no service needs to check for changes during their lifespan

     */

    public static boolean inCryptKeeperBounce() {

        final String status = VoldProperties.decrypt().orElse("");

        return "trigger_restart_min_framework".equals(status);

        return false;

    }



    /** {@hide} */

core/java/com/android/internal/widget/ILockSettings.aidl

+0 −1
Original line number Diff line number Diff line
@@ -95,5 +95,4 @@ interface ILockSettings { 
    boolean hasSecureLockScreen();

    boolean tryUnlockWithCachedUnifiedChallenge(int userId);

    void removeCachedUnifiedChallenge(int userId);

    void updateEncryptionPassword(int type, in byte[] password);

}

core/java/com/android/internal/widget/LockPatternUtils.java

+1 −70
Original line number Diff line number Diff line
@@ -701,38 +701,14 @@ public class LockPatternUtils { 
        return true;

    }



    private void updateCryptoUserInfo(int userId) {

        if (userId != UserHandle.USER_SYSTEM) {

            return;

        }



        final String ownerInfo = isOwnerInfoEnabled(userId) ? getOwnerInfo(userId) : "";



        IBinder service = ServiceManager.getService("mount");

        if (service == null) {

            Log.e(TAG, "Could not find the mount service to update the user info");

            return;

        }



        IStorageManager storageManager = IStorageManager.Stub.asInterface(service);

        try {

            Log.d(TAG, "Setting owner info");

            storageManager.setField(StorageManager.OWNER_INFO_KEY, ownerInfo);

        } catch (RemoteException e) {

            Log.e(TAG, "Error changing user info", e);

        }

    }



    @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)

    public void setOwnerInfo(String info, int userId) {

        setString(LOCK_SCREEN_OWNER_INFO, info, userId);

        updateCryptoUserInfo(userId);

    }



    @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)

    public void setOwnerInfoEnabled(boolean enabled, int userId) {

        setBoolean(LOCK_SCREEN_OWNER_INFO_ENABLED, enabled, userId);

        updateCryptoUserInfo(userId);

    }



    @UnsupportedAppUsage
@@ -786,17 +762,6 @@ public class LockPatternUtils { 
        return StorageManager.isFileEncryptedNativeOrEmulated();

    }



    /**

     * Clears the encryption password.

     */

    public void clearEncryptionPassword() {

        try {

            getLockSettings().updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);

        } catch (RemoteException e) {

            Log.e(TAG, "Couldn't clear encryption password");

        }

    }



    /**

     * Retrieves the quality mode for {@code userHandle}.

     * @see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)
@@ -988,24 +953,6 @@ public class LockPatternUtils { 
     */

    public void setVisiblePatternEnabled(boolean enabled, int userId) {

        setBoolean(Settings.Secure.LOCK_PATTERN_VISIBLE, enabled, userId);



        // Update for crypto if owner

        if (userId != UserHandle.USER_SYSTEM) {

            return;

        }



        IBinder service = ServiceManager.getService("mount");

        if (service == null) {

            Log.e(TAG, "Could not find the mount service to update the user info");

            return;

        }



        IStorageManager storageManager = IStorageManager.Stub.asInterface(service);

        try {

            storageManager.setField(StorageManager.PATTERN_VISIBLE_KEY, enabled ? "1" : "0");

        } catch (RemoteException e) {

            Log.e(TAG, "Error changing pattern visible state", e);

        }

    }



    public boolean isVisiblePatternEverChosen(int userId) {
@@ -1016,23 +963,7 @@ public class LockPatternUtils { 
     * Set whether the visible password is enabled for cryptkeeper screen.

     */

    public void setVisiblePasswordEnabled(boolean enabled, int userId) {

        // Update for crypto if owner

        if (userId != UserHandle.USER_SYSTEM) {

            return;

        }



        IBinder service = ServiceManager.getService("mount");

        if (service == null) {

            Log.e(TAG, "Could not find the mount service to update the user info");

            return;

        }



        IStorageManager storageManager = IStorageManager.Stub.asInterface(service);

        try {

            storageManager.setField(StorageManager.PASSWORD_VISIBLE_KEY, enabled ? "1" : "0");

        } catch (RemoteException e) {

            Log.e(TAG, "Error changing password visible state", e);

        }

        // No longer does anything.

    }



    /**

services/core/java/com/android/server/StorageManagerService.java

+0 −35
Original line number Diff line number Diff line
@@ -75,7 +75,6 @@ import android.content.pm.PackageManager; 
import android.content.pm.PackageManagerInternal;

import android.content.pm.ProviderInfo;

import android.content.pm.UserInfo;

import android.content.res.Configuration;

import android.content.res.ObbInfo;

import android.database.ContentObserver;

import android.net.Uri;
@@ -122,7 +121,6 @@ import android.provider.DocumentsContract; 
import android.provider.Downloads;

import android.provider.MediaStore;

import android.provider.Settings;

import android.sysprop.VoldProperties;

import android.text.TextUtils;

import android.text.format.DateUtils;

import android.util.ArrayMap;
@@ -1380,39 +1378,6 @@ class StorageManagerService extends IStorageManager.Stub 
    private void handleDaemonConnected() {

        initIfBootedAndConnected();

        resetIfBootedAndConnected();



        // On an encrypted device we can't see system properties yet, so pull

        // the system locale out of the mount service.

        if ("".equals(VoldProperties.encrypt_progress().orElse(""))) {

            copyLocaleFromMountService();

        }

    }



    private void copyLocaleFromMountService() {

        String systemLocale;

        try {

            systemLocale = getField(StorageManager.SYSTEM_LOCALE_KEY);

        } catch (RemoteException e) {

            return;

        }

        if (TextUtils.isEmpty(systemLocale)) {

            return;

        }



        Slog.d(TAG, "Got locale " + systemLocale + " from mount service");

        Locale locale = Locale.forLanguageTag(systemLocale);

        Configuration config = new Configuration();

        config.setLocale(locale);

        try {

            ActivityManager.getService().updatePersistentConfigurationWithAttribution(config,

                    mContext.getOpPackageName(), mContext.getAttributionTag());

        } catch (RemoteException e) {

            Slog.e(TAG, "Error setting system locale from mount service", e);

        }



        // Temporary workaround for http://b/17945169.

        Slog.d(TAG, "Setting system properties to " + systemLocale + " from mount service");

        SystemProperties.set("persist.sys.locale", locale.toLanguageTag());

    }



    private final IVoldListener mListener = new IVoldListener.Stub() {

services/core/java/com/android/server/locksettings/LockSettingsService.java

+4 −49
Original line number Diff line number Diff line
@@ -1761,7 +1761,10 @@ public class LockSettingsService extends ILockSettings.Stub { 
    }



    private void onPostPasswordChanged(LockscreenCredential newCredential, int userHandle) {

        updateEncryptionPasswordIfNeeded(newCredential, userHandle);

        if (userHandle == UserHandle.USER_SYSTEM && isDeviceEncryptionEnabled() &&

            shouldEncryptWithCredentials() && newCredential.isNone()) {

            setCredentialRequiredToDecrypt(false);

        }

        if (newCredential.isPattern()) {

            setBoolean(LockPatternUtils.PATTERN_EVER_CHOSEN_KEY, true, userHandle);

        }
@@ -1769,26 +1772,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
        mContext.getSystemService(TrustManager.class).reportEnabledTrustAgentsChanged(userHandle);

    }



    /**

     * Update device encryption password if calling user is USER_SYSTEM and device supports

     * encryption.

     */

    private void updateEncryptionPasswordIfNeeded(LockscreenCredential credential, int userHandle) {

        // Update the device encryption password.

        if (userHandle != UserHandle.USER_SYSTEM || !isDeviceEncryptionEnabled()) {

            return;

        }

        if (!shouldEncryptWithCredentials()) {

            updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);

            return;

        }

        if (credential.isNone()) {

            // Set the encryption password to default.

            setCredentialRequiredToDecrypt(false);

        }

        updateEncryptionPassword(credential.getStorageCryptType(), credential.getCredential());

    }



    /**

     * Store the hash of the *current* password in the password history list, if device policy

     * enforces password history requirement.
@@ -1883,34 +1866,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }

    }



    /** Update the encryption password if it is enabled **/

    @Override

    public void updateEncryptionPassword(final int type, final byte[] password) {

        if (!hasSecureLockScreen() && password != null && password.length != 0) {

            throw new UnsupportedOperationException(

                    "This operation requires the lock screen feature.");

        }

        if (!isDeviceEncryptionEnabled()) {

            return;

        }

        final IBinder service = ServiceManager.getService("mount");

        if (service == null) {

            Slog.e(TAG, "Could not find the mount service to update the encryption password");

            return;

        }



        // TODO(b/120484642): This is a location where we still use a String for vold

        String passwordString = password != null ? new String(password) : null;

        mHandler.post(() -> {

            IStorageManager storageManager = mInjector.getStorageManager();

            try {

                storageManager.changeEncryptionPassword(type, passwordString);

            } catch (RemoteException e) {

                Slog.e(TAG, "Error changing encryption password", e);

            }

        });

    }



    @VisibleForTesting /** Note: this method is overridden in unit tests */

    protected void tieProfileLockToParent(int userId, LockscreenCredential password) {

        if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId);