Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d5a09cc7 authored by Amit Blay's avatar Amit Blay Committed by Linux Build Service Account
Browse files

Added 'EncryptWipeStorage' API to MountService API 

The EncryptWipeStorage API is used to create a new ext4 file
system on the userdata partition, instead of the existing one,
and encrypt it.
This as opposed to the way EncryptStorage API works, which
encrypts the existing file system as is ('inplace').
The 'wipe' option is already supported in the underlying Cryptfs
implementation.

Also in this change, new values that can be returned by
'getEncryptionState' API are declared.
These values reflects the state of the MDTP activation, together
with the general encryption state, in case that MDTP is activated.
- ENCRYPTION_STATE_OK_MDTP_ACTIVATED - means that the crypto state is ok,
and MDTP is activated.
- ENCRYPTION_STATE_ERROR_MDTP_ACTIVATED - means that the crypto state is
bad, and MDTP is activated.

Change-Id: Ide628a8cf6499bc2216b08c22479a37133bebb03
parent e30aacc2

core/java/android/os/storage/IMountService.java

+38 −1
Original line number Diff line number Diff line
@@ -647,6 +647,24 @@ public interface IMountService extends IInterface { 
                return _result;

            }



            public int encryptWipeStorage(int type, String password) throws RemoteException {

                Parcel _data = Parcel.obtain();

                Parcel _reply = Parcel.obtain();

                int _result;

                try {

                    _data.writeInterfaceToken(DESCRIPTOR);

                    _data.writeInt(type);

                    _data.writeString(password);

                    mRemote.transact(Stub.TRANSACTION_encryptWipeStorage, _data, _reply, 0);

                    _reply.readException();

                    _result = _reply.readInt();

                } finally {

                    _reply.recycle();

                    _data.recycle();

                }

                return _result;

            }



            public int changeEncryptionPassword(int type, String password) throws RemoteException {

                Parcel _data = Parcel.obtain();

                Parcel _reply = Parcel.obtain();
@@ -1507,6 +1525,8 @@ public interface IMountService extends IInterface { 


        static final int TRANSACTION_fixateNewestUserKeyAuth = IBinder.FIRST_CALL_TRANSACTION + 71;



        static final int TRANSACTION_encryptWipeStorage = IBinder.FIRST_CALL_TRANSACTION + 72;



        /**

         * Cast an IBinder object into an IMountService interface, generating a

         * proxy if needed.
@@ -1809,6 +1829,15 @@ public interface IMountService extends IInterface { 
                    reply.writeInt(result);

                    return true;

                }

                case TRANSACTION_encryptWipeStorage: {

                    data.enforceInterface(DESCRIPTOR);

                    int type = data.readInt();

                    String password = data.readString();

                    int result = encryptWipeStorage(type, password);

                    reply.writeNoException();

                    reply.writeInt(result);

                    return true;

                }

                case TRANSACTION_changeEncryptionPassword: {

                    data.enforceInterface(DESCRIPTOR);

                    int type = data.readInt();
@@ -2320,7 +2349,8 @@ public interface IMountService extends IInterface { 
     * Returns whether or not the external storage is emulated.

     */

    public boolean isExternalStorageEmulated() throws RemoteException;



    /** The volume has been encrypted succesfully and MDTP state is 'activated'. */

    static final int ENCRYPTION_STATE_OK_MDTP_ACTIVATED = 2;

    /** The volume is not encrypted. */

    static final int ENCRYPTION_STATE_NONE = 1;

    /** The volume has been encrypted succesfully. */
@@ -2333,6 +2363,8 @@ public interface IMountService extends IInterface { 
    static final int ENCRYPTION_STATE_ERROR_INCONSISTENT = -3;

    /** Underlying data is corrupt */

    static final int ENCRYPTION_STATE_ERROR_CORRUPT = -4;

    /** The volume is in a bad state and MDTP state is 'activated'.*/

    static final int ENCRYPTION_STATE_ERROR_MDTP_ACTIVATED = -5;



    /**

     * Determines the encryption state of the volume.
@@ -2355,6 +2387,11 @@ public interface IMountService extends IInterface { 
     */

    public int encryptStorage(int type, String password) throws RemoteException;



    /**

     * Encrypts and wipes storage.

     */

    public int encryptWipeStorage(int type, String password) throws RemoteException;



    /**

     * Changes the encryption password.

     */

include/storage/IMountService.h

+1 −0
Original line number Diff line number Diff line
@@ -71,6 +71,7 @@ public: 
    virtual bool getMountedObbPath(const String16& filename, String16& path) = 0;

    virtual int32_t decryptStorage(const String16& password) = 0;

    virtual int32_t encryptStorage(const String16& password) = 0;

    virtual int32_t encryptWipeStorage(const String16& password) = 0;

};



// ----------------------------------------------------------------------------

libs/storage/IMountService.cpp

+18 −0
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ enum { 
    TRANSACTION_isExternalStorageEmulated,

    TRANSACTION_decryptStorage,

    TRANSACTION_encryptStorage,

    TRANSACTION_encryptWipeStorage = IBinder::FIRST_CALL_TRANSACTION + 72,

};



class BpMountService: public BpInterface<IMountService>
@@ -551,6 +552,23 @@ public: 
        }

        return reply.readInt32();

    }



    int32_t encryptWipeStorage(const String16& password)

    {

        Parcel data, reply;

        data.writeInterfaceToken(IMountService::getInterfaceDescriptor());

        data.writeString16(password);

        if (remote()->transact(TRANSACTION_encryptWipeStorage, data, &reply) != NO_ERROR) {

            ALOGD("encryptWipeStorage could not contact remote\n");

            return -1;

        }

        int32_t err = reply.readExceptionCode();

        if (err < 0) {

            ALOGD("encryptWipeStorage caught exception %d\n", err);

            return err;

        }

        return reply.readInt32();

    }

};



IMPLEMENT_META_INTERFACE(MountService, "IMountService")

services/core/java/com/android/server/MountService.java

+19 −3
Original line number Diff line number Diff line
@@ -2567,7 +2567,7 @@ class MountService extends IMountService.Stub 
        }

    }



    public int encryptStorage(int type, String password) {

    private int encryptStorageExtended(int type, String password, boolean wipe) {

        if (TextUtils.isEmpty(password) && type != StorageManager.CRYPT_TYPE_DEFAULT) {

            throw new IllegalArgumentException("password cannot be empty");

        }
@@ -2583,10 +2583,10 @@ class MountService extends IMountService.Stub 


        try {

            if (type == StorageManager.CRYPT_TYPE_DEFAULT) {

                mCryptConnector.execute("cryptfs", "enablecrypto", "inplace",

                mCryptConnector.execute("cryptfs", "enablecrypto", wipe ? "wipe" : "inplace",

                                CRYPTO_TYPES[type]);

            } else {

                mCryptConnector.execute("cryptfs", "enablecrypto", "inplace",

                mCryptConnector.execute("cryptfs", "enablecrypto", wipe ? "wipe" : "inplace",

                                CRYPTO_TYPES[type], new SensitiveArg(password));

            }

        } catch (NativeDaemonConnectorException e) {
@@ -2597,6 +2597,22 @@ class MountService extends IMountService.Stub 
        return 0;

    }



    /** Encrypt Storage given a password.

     *  @param type The password type.

     *  @param password The password to be used in encryption.

     */

    public int encryptStorage(int type, String password) {

        return encryptStorageExtended(type, password, false);

    }



    /** Encrypt Storage given a password after wiping it.

     *  @param type The password type.

     *  @param password The password to be used in encryption.

     */

    public int encryptWipeStorage(int type, String password) {

        return encryptStorageExtended(type, password, true);

    }



    /** Set the password for encrypting the master key.

     *  @param type One of the CRYPTO_TYPE_XXX consts defined in StorageManager.

     *  @param password The password to set.