Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d5b040ed authored by Eric Biggers's avatar Eric Biggers
Browse files

Remove checks for FDE in 'adb backup' 

The deviceIsEncrypted() methods in BackupRestoreConfirmation.java and
UserBackupManagerService.java only return true if the device is using
FDE (Full Disk Encryption), for which support has been removed in favor
of FBE (File Based Encryption).  Therefore, the logic to require a
backup password no longer applies to any device.

Remove this logic to simplify the code.

It is possible that this was actually a bug, and this logic should have
applied to FBE devices too.  But given that the code has worked this way
for years, and there isn't necessarily a logical connection between
whether the device is encrypted and whether a backup *must* be
encrypted, I decided not to change the current behavior.

Bug: 208476087
Test: 'adb backup' and 'adb restore' still work.
Change-Id: Idc72d2a4c3e8bfa10a32cdc57884159b37635e81
parent 57135bf8

packages/BackupRestoreConfirmation/res/values/strings.xml

+0 −2
Original line number Diff line number Diff line
@@ -44,8 +44,6 @@ 
    <string name="backup_enc_password_text">Please enter a password to use for encrypting the full backup data. If this is left blank, your current backup password will be used:</string>

    <!-- Text for message to user that they may optionally supply an encryption password to use for a full backup operation. -->

    <string name="backup_enc_password_optional">If you wish to encrypt the full backup data, enter a password below:</string>

    <!-- Text for message to user that they must supply an encryption password to use for a full backup operation because their phone is locked. -->

    <string name="backup_enc_password_required">Since your device is encrypted, you are required to encrypt your backup. Please enter a password below:</string>



    <!-- Text for message to user when performing a full restore operation, explaining that they must enter the password originally used to encrypt the full backup data. -->

    <string name="restore_enc_password_text">If the restore data is encrypted, please enter the password below:</string>

packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java

+2 −28
Original line number Diff line number Diff line
@@ -27,8 +27,6 @@ import android.os.Handler; 
import android.os.Message;

import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.storage.IStorageManager;

import android.os.storage.StorageManager;

import android.text.Editable;

import android.text.TextWatcher;

import android.util.Slog;
@@ -66,10 +64,8 @@ public class BackupRestoreConfirmation extends Activity { 


    Handler mHandler;

    IBackupManager mBackupManager;

    IStorageManager mStorageManager;

    FullObserver mObserver;

    int mToken;

    boolean mIsEncrypted;

    boolean mDidAcknowledge;

    String mAction;
@@ -144,7 +140,6 @@ public class BackupRestoreConfirmation extends Activity { 
        }



        mBackupManager = IBackupManager.Stub.asInterface(ServiceManager.getService(Context.BACKUP_SERVICE));

        mStorageManager = IStorageManager.Stub.asInterface(ServiceManager.getService("mount"));



        mHandler = new ObserverHandler(getApplicationContext());

        final Object oldObserver = getLastNonConfigurationInstance();
@@ -248,23 +243,16 @@ public class BackupRestoreConfirmation extends Activity { 
            mDenyButton.setEnabled(!mDidAcknowledge);

        }



        // We vary the password prompt depending on whether one is predefined, and whether

        // the device is encrypted.

        mIsEncrypted = deviceIsEncrypted();

        // We vary the password prompt depending on whether one is predefined.

        if (!haveBackupPassword()) {

            curPwDesc.setVisibility(View.GONE);

            mCurPassword.setVisibility(View.GONE);

            if (layoutId == R.layout.confirm_backup) {

                TextView encPwDesc = findViewById(R.id.enc_password_desc);

                if (mIsEncrypted) {

                    encPwDesc.setText(R.string.backup_enc_password_required);

                    monitorEncryptionPassword();

                } else {

                encPwDesc.setText(R.string.backup_enc_password_optional);

            }

        }

    }

    }



    private void monitorEncryptionPassword() {

        mAllowButton.setEnabled(false);
@@ -312,20 +300,6 @@ public class BackupRestoreConfirmation extends Activity { 
        }

    }



    boolean deviceIsEncrypted() {

        try {

            return mStorageManager.getEncryptionState()

                     != StorageManager.ENCRYPTION_STATE_NONE

                && mStorageManager.getPasswordType()

                     != StorageManager.CRYPT_TYPE_DEFAULT;

        } catch (Exception e) {

            // If we can't talk to the storagemanager service we have a serious problem; fail

            // "secure" i.e. assuming that the device is encrypted.

            Slog.e(TAG, "Unable to communicate with storagemanager service: " + e.getMessage());

            return true;

        }

    }



    boolean haveBackupPassword() {

        try {

            return mBackupManager.hasBackupPassword();

services/backup/java/com/android/server/backup/UserBackupManagerService.java

+0 −25
Original line number Diff line number Diff line
@@ -89,8 +89,6 @@ import android.os.ServiceManager; 
import android.os.SystemClock;

import android.os.UserHandle;

import android.os.WorkSource;

import android.os.storage.IStorageManager;

import android.os.storage.StorageManager;

import android.provider.Settings;

import android.text.TextUtils;

import android.util.ArraySet;
@@ -325,7 +323,6 @@ public class UserBackupManagerService { 
    private final ActivityManagerInternal mActivityManagerInternal;

    private PowerManager mPowerManager;

    private final AlarmManager mAlarmManager;

    private final IStorageManager mStorageManager;

    private final BackupManagerConstants mConstants;

    private final BackupWakeLock mWakelock;

    private final BackupHandler mBackupHandler;
@@ -536,7 +533,6 @@ public class UserBackupManagerService { 
        mBackupPasswordManager = null;

        mPackageManagerBinder = null;

        mActivityManager = null;

        mStorageManager = null;

        mBackupManagerBinder = null;

        mScheduledBackupEligibility = null;

    }
@@ -560,7 +556,6 @@ public class UserBackupManagerService { 


        mAlarmManager = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);

        mPowerManager = (PowerManager) context.getSystemService(Context.POWER_SERVICE);

        mStorageManager = IStorageManager.Stub.asInterface(ServiceManager.getService("mount"));



        Objects.requireNonNull(parent, "parent cannot be null");

        mBackupManagerBinder = BackupManagerService.asInterface(parent.asBinder());
@@ -2077,26 +2072,6 @@ public class UserBackupManagerService { 
        }

    }



    /** For adb backup/restore. */

    public boolean deviceIsEncrypted() {

        try {

            return mStorageManager.getEncryptionState()

                    != StorageManager.ENCRYPTION_STATE_NONE

                    && mStorageManager.getPasswordType()

                    != StorageManager.CRYPT_TYPE_DEFAULT;

        } catch (Exception e) {

            // If we can't talk to the storagemanager service we have a serious problem; fail

            // "secure" i.e. assuming that the device is encrypted.

            Slog.e(

                    TAG,

                    addUserIdToLogMessage(

                            mUserId,

                            "Unable to communicate with storagemanager service: "

                                    + e.getMessage()));

            return true;

        }

    }



    // ----- Full-data backup scheduling -----



    /**

services/backup/java/com/android/server/backup/fullbackup/PerformAdbBackupTask.java

+0 −6
Original line number Diff line number Diff line
@@ -320,12 +320,6 @@ public class PerformAdbBackupTask extends FullBackupTask implements BackupRestor 
        try {

            boolean encrypting = (mEncryptPassword != null && mEncryptPassword.length() > 0);



            // Only allow encrypted backups of encrypted devices

            if (mUserBackupManagerService.deviceIsEncrypted() && !encrypting) {

                Slog.e(TAG, "Unencrypted backup of encrypted device; aborting");

                return;

            }



            OutputStream finalOutput = ofstream;



            // Verify that the given password matches the currently-active