Loading cmds/sm/src/com/android/commands/sm/Sm.java +1 −13 Original line number Diff line number Diff line Loading @@ -94,8 +94,6 @@ public final class Sm { runBenchmark(); } else if ("forget".equals(op)) { runForget(); } else if ("set-emulate-fbe".equals(op)) { runSetEmulateFbe(); } else if ("get-fbe-mode".equals(op)) { runGetFbeMode(); } else if ("idle-maint".equals(op)) { Loading Loading @@ -191,17 +189,9 @@ public final class Sm { } } public void runSetEmulateFbe() throws RemoteException { final boolean emulateFbe = Boolean.parseBoolean(nextArg()); mSm.setDebugFlags(emulateFbe ? StorageManager.DEBUG_EMULATE_FBE : 0, StorageManager.DEBUG_EMULATE_FBE); } public void runGetFbeMode() { if (StorageManager.isFileEncryptedNativeOnly()) { if (StorageManager.isFileEncrypted()) { System.out.println("native"); } else if (StorageManager.isFileEncryptedEmulatedOnly()) { System.out.println("emulated"); } else { System.out.println("none"); } Loading Loading @@ -357,8 +347,6 @@ public final class Sm { System.err.println(""); System.err.println(" sm forget [UUID|all]"); System.err.println(""); System.err.println(" sm set-emulate-fbe [true|false]"); System.err.println(""); System.err.println(" sm start-checkpoint <num-retries>"); System.err.println(""); System.err.println(" sm supports-checkpoint"); Loading core/java/android/os/storage/StorageManager.java +16 −19 Original line number Diff line number Diff line Loading @@ -152,8 +152,6 @@ public class StorageManager { /** {@hide} */ public static final String PROP_ADOPTABLE = "persist.sys.adoptable"; /** {@hide} */ public static final String PROP_EMULATE_FBE = "persist.sys.emulate_fbe"; /** {@hide} */ public static final String PROP_SDCARDFS = "persist.sys.sdcardfs"; /** {@hide} */ public static final String PROP_VIRTUAL_DISK = "persist.sys.virtual_disk"; Loading Loading @@ -257,13 +255,11 @@ public class StorageManager { /** {@hide} */ public static final int DEBUG_ADOPTABLE_FORCE_OFF = 1 << 1; /** {@hide} */ public static final int DEBUG_EMULATE_FBE = 1 << 2; /** {@hide} */ public static final int DEBUG_SDCARDFS_FORCE_ON = 1 << 3; public static final int DEBUG_SDCARDFS_FORCE_ON = 1 << 2; /** {@hide} */ public static final int DEBUG_SDCARDFS_FORCE_OFF = 1 << 4; public static final int DEBUG_SDCARDFS_FORCE_OFF = 1 << 3; /** {@hide} */ public static final int DEBUG_VIRTUAL_DISK = 1 << 5; public static final int DEBUG_VIRTUAL_DISK = 1 << 4; /** {@hide} */ public static final int FLAG_STORAGE_DE = IInstalld.FLAG_STORAGE_DE; Loading Loading @@ -1591,30 +1587,31 @@ public class StorageManager { } /** {@hide} * Is this device file encrypted? * @return true for file encrypted. (Implies isEncrypted() == true) * false not encrypted or using "managed" encryption * Does this device have file-based encryption (FBE) enabled? * @return true if the device has file-based encryption enabled. */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public static boolean isFileEncryptedNativeOnly() { public static boolean isFileEncrypted() { if (!isEncrypted()) { return false; } return RoSystemProperties.CRYPTO_FILE_ENCRYPTED; } /** {@hide} */ public static boolean isFileEncryptedEmulatedOnly() { return SystemProperties.getBoolean(StorageManager.PROP_EMULATE_FBE, false); /** {@hide} * @deprecated Use {@link #isFileEncrypted} instead, since emulated FBE is no longer supported. */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) @Deprecated public static boolean isFileEncryptedNativeOnly() { return isFileEncrypted(); } /** {@hide} * Is this device running in a file encrypted mode, either native or emulated? * @return true for file encrypted, false otherwise * @deprecated Use {@link #isFileEncrypted} instead, since emulated FBE is no longer supported. */ @Deprecated public static boolean isFileEncryptedNativeOrEmulated() { return isFileEncryptedNativeOnly() || isFileEncryptedEmulatedOnly(); return isFileEncrypted(); } /** {@hide} */ Loading services/core/java/com/android/server/StorageManagerService.java +5 −70 Original line number Diff line number Diff line Loading @@ -94,7 +94,6 @@ import android.os.Message; import android.os.ParcelFileDescriptor; import android.os.ParcelableException; import android.os.PersistableBundle; import android.os.PowerManager; import android.os.Process; import android.os.RemoteCallbackList; import android.os.RemoteException; Loading Loading @@ -289,15 +288,6 @@ class StorageManagerService extends IStorageManager.Stub */ private static final boolean WATCHDOG_ENABLE = true; /** * Our goal is for all Android devices to be usable as development devices, * which includes the new Direct Boot mode added in N. For devices that * don't have native FBE support, we offer an emulation mode for developer * testing purposes, but if it's prohibitively difficult to support this * mode, it can be disabled for specific products using this flag. */ private static final boolean EMULATE_FBE_SUPPORTED = true; private static final String TAG = "StorageManagerService"; private static final boolean LOCAL_LOGV = Log.isLoggable(TAG, Log.VERBOSE); Loading Loading @@ -1091,31 +1081,6 @@ class StorageManagerService extends IStorageManager.Stub mVolumes.put(internal.id, internal); } private void initIfBootedAndConnected() { Slog.d(TAG, "Thinking about init, mBootCompleted=" + mBootCompleted + ", mDaemonConnected=" + mDaemonConnected); if (mBootCompleted && mDaemonConnected && !StorageManager.isFileEncryptedNativeOnly()) { // When booting a device without native support, make sure that our // user directories are locked or unlocked based on the current // emulation status. final boolean initLocked = StorageManager.isFileEncryptedEmulatedOnly(); Slog.d(TAG, "Setting up emulation state, initlocked=" + initLocked); final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers(); for (UserInfo user : users) { try { if (initLocked) { mVold.lockUserKey(user.id); } else { mVold.unlockUserKey(user.id, user.serialNumber, encodeBytes(null)); } } catch (Exception e) { Slog.wtf(TAG, e); } } } } private void resetIfBootedAndConnected() { Slog.d(TAG, "Thinking about reset, mBootCompleted=" + mBootCompleted + ", mDaemonConnected=" + mDaemonConnected); Loading Loading @@ -1362,7 +1327,6 @@ class StorageManagerService extends IStorageManager.Stub } private void handleDaemonConnected() { initIfBootedAndConnected(); resetIfBootedAndConnected(); } Loading Loading @@ -2110,7 +2074,6 @@ class StorageManagerService extends IStorageManager.Stub } private void handleBootCompleted() { initIfBootedAndConnected(); resetIfBootedAndConnected(); } Loading Loading @@ -2805,32 +2768,6 @@ class StorageManagerService extends IStorageManager.Stub public void setDebugFlags(int flags, int mask) { enforcePermission(android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS); if ((mask & StorageManager.DEBUG_EMULATE_FBE) != 0) { if (!EMULATE_FBE_SUPPORTED) { throw new IllegalStateException( "Emulation not supported on this device"); } if (StorageManager.isFileEncryptedNativeOnly()) { throw new IllegalStateException( "Emulation not supported on device with native FBE"); } if (mLockPatternUtils.isCredentialRequiredToDecrypt(false)) { throw new IllegalStateException( "Emulation requires disabling 'Secure start-up' in Settings > Security"); } final long token = Binder.clearCallingIdentity(); try { final boolean emulateFbe = (flags & StorageManager.DEBUG_EMULATE_FBE) != 0; SystemProperties.set(StorageManager.PROP_EMULATE_FBE, Boolean.toString(emulateFbe)); // Perform hard reboot to kick policy into place mContext.getSystemService(PowerManager.class).reboot(null); } finally { Binder.restoreCallingIdentity(token); } } if ((mask & (StorageManager.DEBUG_ADOPTABLE_FORCE_ON | StorageManager.DEBUG_ADOPTABLE_FORCE_OFF)) != 0) { final String value; Loading Loading @@ -2918,8 +2855,7 @@ class StorageManagerService extends IStorageManager.Stub // We need all the users unlocked to move their primary storage final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers(); for (UserInfo user : users) { if (StorageManager.isFileEncryptedNativeOrEmulated() && !isUserKeyUnlocked(user.id)) { if (StorageManager.isFileEncrypted() && !isUserKeyUnlocked(user.id)) { Slog.w(TAG, "Failing move due to locked user " + user.id); onMoveStatusLocked(PackageManager.MOVE_FAILED_LOCKED_USER); return; Loading Loading @@ -3222,9 +3158,9 @@ class StorageManagerService extends IStorageManager.Stub @Override public void unlockUserKey(int userId, int serialNumber, byte[] secret) { boolean isFsEncrypted = StorageManager.isFileEncryptedNativeOrEmulated(); boolean isFileEncrypted = StorageManager.isFileEncrypted(); Slog.d(TAG, "unlockUserKey: " + userId + " isFileEncryptedNativeOrEmulated: " + isFsEncrypted + " isFileEncrypted: " + isFileEncrypted + " hasSecret: " + (secret != null)); enforcePermission(android.Manifest.permission.STORAGE_INTERNAL); Loading @@ -3233,11 +3169,10 @@ class StorageManagerService extends IStorageManager.Stub return; } if (isFsEncrypted) { if (isFileEncrypted) { // When a user has a secure lock screen, a secret is required to // unlock the key, so don't bother trying to unlock it without one. // This prevents misleading error messages from being logged. This // is also needed for emulated FBE to behave like native FBE. // This prevents misleading error messages from being logged. if (mLockPatternUtils.isSecure(userId) && ArrayUtils.isEmpty(secret)) { Slog.d(TAG, "Not unlocking user " + userId + "'s CE storage yet because a secret is needed"); Loading services/core/java/com/android/server/pm/UserDataPreparer.java +0 −13 Original line number Diff line number Diff line Loading @@ -286,11 +286,6 @@ class UserDataPreparer { return Environment.getDataUserDeDirectory(volumeUuid, userId); } @VisibleForTesting protected boolean isFileEncryptedEmulatedOnly() { return StorageManager.isFileEncryptedEmulatedOnly(); } /** * Enforce that serial number stored in user directory inode matches the * given expected value. Gracefully sets the serial number if currently Loading @@ -300,14 +295,6 @@ class UserDataPreparer { * number is mismatched. */ void enforceSerialNumber(File file, int serialNumber) throws IOException { if (isFileEncryptedEmulatedOnly()) { // When we're emulating FBE, the directory may have been chmod // 000'ed, meaning we can't read the serial number to enforce it; // instead of destroying the user, just log a warning. Slog.w(TAG, "Device is emulating FBE; assuming current serial number is valid"); return; } final int foundSerial = getSerialNumber(file); Slog.v(TAG, "Found " + file + " with serial number " + foundSerial); Loading services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java +0 −5 Original line number Diff line number Diff line Loading @@ -261,11 +261,6 @@ public class UserDataPreparerTest { protected File getDataUserDeDirectory(String volumeUuid, int userId) { return new File(testDir, "user_de_" + userId); } @Override protected boolean isFileEncryptedEmulatedOnly() { return false; } } } Loading
cmds/sm/src/com/android/commands/sm/Sm.java +1 −13 Original line number Diff line number Diff line Loading @@ -94,8 +94,6 @@ public final class Sm { runBenchmark(); } else if ("forget".equals(op)) { runForget(); } else if ("set-emulate-fbe".equals(op)) { runSetEmulateFbe(); } else if ("get-fbe-mode".equals(op)) { runGetFbeMode(); } else if ("idle-maint".equals(op)) { Loading Loading @@ -191,17 +189,9 @@ public final class Sm { } } public void runSetEmulateFbe() throws RemoteException { final boolean emulateFbe = Boolean.parseBoolean(nextArg()); mSm.setDebugFlags(emulateFbe ? StorageManager.DEBUG_EMULATE_FBE : 0, StorageManager.DEBUG_EMULATE_FBE); } public void runGetFbeMode() { if (StorageManager.isFileEncryptedNativeOnly()) { if (StorageManager.isFileEncrypted()) { System.out.println("native"); } else if (StorageManager.isFileEncryptedEmulatedOnly()) { System.out.println("emulated"); } else { System.out.println("none"); } Loading Loading @@ -357,8 +347,6 @@ public final class Sm { System.err.println(""); System.err.println(" sm forget [UUID|all]"); System.err.println(""); System.err.println(" sm set-emulate-fbe [true|false]"); System.err.println(""); System.err.println(" sm start-checkpoint <num-retries>"); System.err.println(""); System.err.println(" sm supports-checkpoint"); Loading
core/java/android/os/storage/StorageManager.java +16 −19 Original line number Diff line number Diff line Loading @@ -152,8 +152,6 @@ public class StorageManager { /** {@hide} */ public static final String PROP_ADOPTABLE = "persist.sys.adoptable"; /** {@hide} */ public static final String PROP_EMULATE_FBE = "persist.sys.emulate_fbe"; /** {@hide} */ public static final String PROP_SDCARDFS = "persist.sys.sdcardfs"; /** {@hide} */ public static final String PROP_VIRTUAL_DISK = "persist.sys.virtual_disk"; Loading Loading @@ -257,13 +255,11 @@ public class StorageManager { /** {@hide} */ public static final int DEBUG_ADOPTABLE_FORCE_OFF = 1 << 1; /** {@hide} */ public static final int DEBUG_EMULATE_FBE = 1 << 2; /** {@hide} */ public static final int DEBUG_SDCARDFS_FORCE_ON = 1 << 3; public static final int DEBUG_SDCARDFS_FORCE_ON = 1 << 2; /** {@hide} */ public static final int DEBUG_SDCARDFS_FORCE_OFF = 1 << 4; public static final int DEBUG_SDCARDFS_FORCE_OFF = 1 << 3; /** {@hide} */ public static final int DEBUG_VIRTUAL_DISK = 1 << 5; public static final int DEBUG_VIRTUAL_DISK = 1 << 4; /** {@hide} */ public static final int FLAG_STORAGE_DE = IInstalld.FLAG_STORAGE_DE; Loading Loading @@ -1591,30 +1587,31 @@ public class StorageManager { } /** {@hide} * Is this device file encrypted? * @return true for file encrypted. (Implies isEncrypted() == true) * false not encrypted or using "managed" encryption * Does this device have file-based encryption (FBE) enabled? * @return true if the device has file-based encryption enabled. */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public static boolean isFileEncryptedNativeOnly() { public static boolean isFileEncrypted() { if (!isEncrypted()) { return false; } return RoSystemProperties.CRYPTO_FILE_ENCRYPTED; } /** {@hide} */ public static boolean isFileEncryptedEmulatedOnly() { return SystemProperties.getBoolean(StorageManager.PROP_EMULATE_FBE, false); /** {@hide} * @deprecated Use {@link #isFileEncrypted} instead, since emulated FBE is no longer supported. */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) @Deprecated public static boolean isFileEncryptedNativeOnly() { return isFileEncrypted(); } /** {@hide} * Is this device running in a file encrypted mode, either native or emulated? * @return true for file encrypted, false otherwise * @deprecated Use {@link #isFileEncrypted} instead, since emulated FBE is no longer supported. */ @Deprecated public static boolean isFileEncryptedNativeOrEmulated() { return isFileEncryptedNativeOnly() || isFileEncryptedEmulatedOnly(); return isFileEncrypted(); } /** {@hide} */ Loading
services/core/java/com/android/server/StorageManagerService.java +5 −70 Original line number Diff line number Diff line Loading @@ -94,7 +94,6 @@ import android.os.Message; import android.os.ParcelFileDescriptor; import android.os.ParcelableException; import android.os.PersistableBundle; import android.os.PowerManager; import android.os.Process; import android.os.RemoteCallbackList; import android.os.RemoteException; Loading Loading @@ -289,15 +288,6 @@ class StorageManagerService extends IStorageManager.Stub */ private static final boolean WATCHDOG_ENABLE = true; /** * Our goal is for all Android devices to be usable as development devices, * which includes the new Direct Boot mode added in N. For devices that * don't have native FBE support, we offer an emulation mode for developer * testing purposes, but if it's prohibitively difficult to support this * mode, it can be disabled for specific products using this flag. */ private static final boolean EMULATE_FBE_SUPPORTED = true; private static final String TAG = "StorageManagerService"; private static final boolean LOCAL_LOGV = Log.isLoggable(TAG, Log.VERBOSE); Loading Loading @@ -1091,31 +1081,6 @@ class StorageManagerService extends IStorageManager.Stub mVolumes.put(internal.id, internal); } private void initIfBootedAndConnected() { Slog.d(TAG, "Thinking about init, mBootCompleted=" + mBootCompleted + ", mDaemonConnected=" + mDaemonConnected); if (mBootCompleted && mDaemonConnected && !StorageManager.isFileEncryptedNativeOnly()) { // When booting a device without native support, make sure that our // user directories are locked or unlocked based on the current // emulation status. final boolean initLocked = StorageManager.isFileEncryptedEmulatedOnly(); Slog.d(TAG, "Setting up emulation state, initlocked=" + initLocked); final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers(); for (UserInfo user : users) { try { if (initLocked) { mVold.lockUserKey(user.id); } else { mVold.unlockUserKey(user.id, user.serialNumber, encodeBytes(null)); } } catch (Exception e) { Slog.wtf(TAG, e); } } } } private void resetIfBootedAndConnected() { Slog.d(TAG, "Thinking about reset, mBootCompleted=" + mBootCompleted + ", mDaemonConnected=" + mDaemonConnected); Loading Loading @@ -1362,7 +1327,6 @@ class StorageManagerService extends IStorageManager.Stub } private void handleDaemonConnected() { initIfBootedAndConnected(); resetIfBootedAndConnected(); } Loading Loading @@ -2110,7 +2074,6 @@ class StorageManagerService extends IStorageManager.Stub } private void handleBootCompleted() { initIfBootedAndConnected(); resetIfBootedAndConnected(); } Loading Loading @@ -2805,32 +2768,6 @@ class StorageManagerService extends IStorageManager.Stub public void setDebugFlags(int flags, int mask) { enforcePermission(android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS); if ((mask & StorageManager.DEBUG_EMULATE_FBE) != 0) { if (!EMULATE_FBE_SUPPORTED) { throw new IllegalStateException( "Emulation not supported on this device"); } if (StorageManager.isFileEncryptedNativeOnly()) { throw new IllegalStateException( "Emulation not supported on device with native FBE"); } if (mLockPatternUtils.isCredentialRequiredToDecrypt(false)) { throw new IllegalStateException( "Emulation requires disabling 'Secure start-up' in Settings > Security"); } final long token = Binder.clearCallingIdentity(); try { final boolean emulateFbe = (flags & StorageManager.DEBUG_EMULATE_FBE) != 0; SystemProperties.set(StorageManager.PROP_EMULATE_FBE, Boolean.toString(emulateFbe)); // Perform hard reboot to kick policy into place mContext.getSystemService(PowerManager.class).reboot(null); } finally { Binder.restoreCallingIdentity(token); } } if ((mask & (StorageManager.DEBUG_ADOPTABLE_FORCE_ON | StorageManager.DEBUG_ADOPTABLE_FORCE_OFF)) != 0) { final String value; Loading Loading @@ -2918,8 +2855,7 @@ class StorageManagerService extends IStorageManager.Stub // We need all the users unlocked to move their primary storage final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers(); for (UserInfo user : users) { if (StorageManager.isFileEncryptedNativeOrEmulated() && !isUserKeyUnlocked(user.id)) { if (StorageManager.isFileEncrypted() && !isUserKeyUnlocked(user.id)) { Slog.w(TAG, "Failing move due to locked user " + user.id); onMoveStatusLocked(PackageManager.MOVE_FAILED_LOCKED_USER); return; Loading Loading @@ -3222,9 +3158,9 @@ class StorageManagerService extends IStorageManager.Stub @Override public void unlockUserKey(int userId, int serialNumber, byte[] secret) { boolean isFsEncrypted = StorageManager.isFileEncryptedNativeOrEmulated(); boolean isFileEncrypted = StorageManager.isFileEncrypted(); Slog.d(TAG, "unlockUserKey: " + userId + " isFileEncryptedNativeOrEmulated: " + isFsEncrypted + " isFileEncrypted: " + isFileEncrypted + " hasSecret: " + (secret != null)); enforcePermission(android.Manifest.permission.STORAGE_INTERNAL); Loading @@ -3233,11 +3169,10 @@ class StorageManagerService extends IStorageManager.Stub return; } if (isFsEncrypted) { if (isFileEncrypted) { // When a user has a secure lock screen, a secret is required to // unlock the key, so don't bother trying to unlock it without one. // This prevents misleading error messages from being logged. This // is also needed for emulated FBE to behave like native FBE. // This prevents misleading error messages from being logged. if (mLockPatternUtils.isSecure(userId) && ArrayUtils.isEmpty(secret)) { Slog.d(TAG, "Not unlocking user " + userId + "'s CE storage yet because a secret is needed"); Loading
services/core/java/com/android/server/pm/UserDataPreparer.java +0 −13 Original line number Diff line number Diff line Loading @@ -286,11 +286,6 @@ class UserDataPreparer { return Environment.getDataUserDeDirectory(volumeUuid, userId); } @VisibleForTesting protected boolean isFileEncryptedEmulatedOnly() { return StorageManager.isFileEncryptedEmulatedOnly(); } /** * Enforce that serial number stored in user directory inode matches the * given expected value. Gracefully sets the serial number if currently Loading @@ -300,14 +295,6 @@ class UserDataPreparer { * number is mismatched. */ void enforceSerialNumber(File file, int serialNumber) throws IOException { if (isFileEncryptedEmulatedOnly()) { // When we're emulating FBE, the directory may have been chmod // 000'ed, meaning we can't read the serial number to enforce it; // instead of destroying the user, just log a warning. Slog.w(TAG, "Device is emulating FBE; assuming current serial number is valid"); return; } final int foundSerial = getSerialNumber(file); Slog.v(TAG, "Found " + file + " with serial number " + foundSerial); Loading
services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java +0 −5 Original line number Diff line number Diff line Loading @@ -261,11 +261,6 @@ public class UserDataPreparerTest { protected File getDataUserDeDirectory(String volumeUuid, int userId) { return new File(testDir, "user_de_" + userId); } @Override protected boolean isFileEncryptedEmulatedOnly() { return false; } } }
