Merge "Move setCeStorageProtection() and unlockCeStorage() to StorageManagerInternal" into main

    @EnforcePermission("STORAGE_INTERNAL")

    void destroyUserStorageKeys(int userId) = 62;

    @EnforcePermission("STORAGE_INTERNAL")

    void unlockCeStorage(int userId, in byte[] secret) = 63;

    @EnforcePermission("STORAGE_INTERNAL")

    void lockCeStorage(int userId) = 64;

    boolean isCeStorageUnlocked(int userId) = 65;

    @EnforcePermission("STORAGE_INTERNAL")

    void prepareUserStorage(in String volumeUuid, int userId, int flags) = 66;

    @EnforcePermission("STORAGE_INTERNAL")

    void destroyUserStorage(in String volumeUuid, int userId, int flags) = 67;

    @EnforcePermission("STORAGE_INTERNAL")

    void setCeStorageProtection(int userId, in byte[] secret) = 70;

    @EnforcePermission("MOUNT_FORMAT_FILESYSTEMS")

    void fstrim(int flags, IVoldTaskListener listener) = 72;

    AppFuseMount mountProxyFileDescriptorBridge() = 73;

     */

    public abstract boolean isCeStoragePrepared(@UserIdInt int userId);

    /**

     * Protects a user's CE storage using the given secret.

     *

     * <p>This is intended to be used only by LockSettingsService.

     *

     * @param userId ID of the user whose CE storage to protect

     * @param secret the secret with which the CE storage will be protected

     * @throws RuntimeException on failure

     */

    public abstract void setCeStorageProtection(@UserIdInt int userId, byte[] secret);

    /**

     * Unlocks a user's CE storage using the given secret.

     *

     * <p>This is intended to be used only by LockSettingsService.

     *

     * @param userId ID of the user whose CE storage to unlock

     * @param secret the secret with which the CE storage will be unlocked

     * @throws RuntimeException on failure

     */

    public abstract void unlockCeStorage(@UserIdInt int userId, byte[] secret);

    /**

     * A listener for changes to the cloud provider.

     */

        }

    }

    /* Only for use by LockSettingsService */

    @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL)

    @Override

    public void setCeStorageProtection(@UserIdInt int userId, byte[] secret)

            throws RemoteException {

        super.setCeStorageProtection_enforcePermission();

        mVold.setCeStorageProtection(userId, secret);

    }

    /* Only for use by LockSettingsService */

    @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL)

    @Override

    public void unlockCeStorage(@UserIdInt int userId, byte[] secret) throws RemoteException {

        super.unlockCeStorage_enforcePermission();

        if (StorageManager.isFileEncrypted()) {

            mVold.unlockCeStorage(userId, secret);

        }

        synchronized (mLock) {

            mCeUnlockedUsers.append(userId);

        }

    }

    @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL)

    @Override

    public void lockCeStorage(int userId) {

            }

        }

        @Override

        public void setCeStorageProtection(@UserIdInt int userId, byte[] secret) {

            try {

                mVold.setCeStorageProtection(userId, secret);

            } catch (RemoteException e) {

                e.rethrowAsRuntimeException();

            }

        }

        @Override

        public void unlockCeStorage(@UserIdInt int userId, byte[] secret) {

            if (StorageManager.isFileEncrypted()) {

                try {

                    mVold.unlockCeStorage(userId, secret);

                } catch (RemoteException e) {

                    e.rethrowAsRuntimeException();

                }

            }

            synchronized (mLock) {

                mCeUnlockedUsers.append(userId);

            }

        }

        @Override

        public void registerCloudProviderChangeListener(

                @NonNull StorageManagerInternal.CloudProviderChangeListener listener) {

import com.android.internal.widget.VerifyCredentialResponse;

import com.android.server.LocalServices;

import com.android.server.ServiceThread;

import com.android.server.StorageManagerInternal;

import com.android.server.SystemService;

import com.android.server.locksettings.LockSettingsStorage.PersistentData;

import com.android.server.locksettings.SyntheticPasswordManager.AuthenticationResult;

    private final NotificationManager mNotificationManager;

    protected final UserManager mUserManager;

    private final IStorageManager mStorageManager;

    private final StorageManagerInternal mStorageManagerInternal;

    private final IActivityManager mActivityManager;

    private final SyntheticPasswordManager mSpManager;

            return null;

        }

        public StorageManagerInternal getStorageManagerInternal() {

            return LocalServices.getService(StorageManagerInternal.class);

        }

        public SyntheticPasswordManager getSyntheticPasswordManager(LockSettingsStorage storage) {

            return new SyntheticPasswordManager(getContext(), storage, getUserManager(),

                    new PasswordSlotManager());

        mNotificationManager = injector.getNotificationManager();

        mUserManager = injector.getUserManager();

        mStorageManager = injector.getStorageManager();

        mStorageManagerInternal = mInjector.getStorageManagerInternal();

        mStrongAuthTracker = injector.getStrongAuthTracker();

        mStrongAuthTracker.register(mStrongAuth);

        mGatekeeperPasswords = new LongSparseArray<>();

        final byte[] secret = sp.deriveFileBasedEncryptionKey();

        final long callingId = Binder.clearCallingIdentity();

        try {

            mStorageManager.setCeStorageProtection(userId, secret);

        } catch (RemoteException e) {

            mStorageManagerInternal.setCeStorageProtection(userId, secret);

        } catch (RuntimeException e) {

            throw new IllegalStateException("Failed to protect CE key for user " + userId, e);

        } finally {

            Binder.restoreCallingIdentity(callingId);

        final String userType = isUserSecure(userId) ? "secured" : "unsecured";

        final byte[] secret = sp.deriveFileBasedEncryptionKey();

        try {

            mStorageManager.unlockCeStorage(userId, secret);

            mStorageManagerInternal.unlockCeStorage(userId, secret);

            Slogf.i(TAG, "Unlocked CE storage for %s user %d", userType, userId);

        } catch (RemoteException e) {

        } catch (RuntimeException e) {

            Slogf.wtf(TAG, e, "Failed to unlock CE storage for %s user %d", userType, userId);

        } finally {

            ArrayUtils.zeroize(secret);

import android.os.SystemClock;

import android.os.UserHandle;

import android.os.UserManager;

import android.os.storage.IStorageManager;

import android.platform.test.annotations.Presubmit;

import android.platform.test.flag.junit.SetFlagsRule;

import android.util.ArraySet;

        mUserController.startUser(TEST_USER_ID, USER_START_MODE_BACKGROUND);

        verify(mInjector.mStorageManagerMock, never()).unlockCeStorage(eq(TEST_USER_ID), any());

        verify(mInjector.mLockPatternUtilsMock, never()).unlockUserKeyIfUnsecured(TEST_USER_ID);

    }

    @Test

        private final TestHandler mUiHandler;

        private final IStorageManager mStorageManagerMock;

        private final UserManagerInternal mUserManagerInternalMock;

        private final LockSettingsInternal mLockSettingsInternalMock;

        private final WindowManagerService mWindowManagerMock;

            mUserManagerInternalMock = mock(UserManagerInternal.class);

            mLockSettingsInternalMock = mock(LockSettingsInternal.class);

            mWindowManagerMock = mock(WindowManagerService.class);

            mStorageManagerMock = mock(IStorageManager.class);

            mPowerManagerInternal = mock(PowerManagerInternal.class);

            mAlarmManagerInternal = mock(AlarmManagerInternal.class);

            mAudioManagerInternal = mock(AudioManagerInternal.class);