Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f9fc6d6c authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

More file-based encryption work. 

Add granular StorageManager APIs for key creation/destruction and
unlocking/locking.  Start passing through an opaque token as part
of the unlock command, but leave it empty for now.  We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.

Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE.  Wire
a command to "sm", but persisting will come later.

Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model.  Small tweaks to handle non-encryptionAware voice interaction
services.  Switch PackageManager to consult StorageManager about the
unlocked state of a user.

Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6
parent cef9219f

api/current.txt

+2 −0
Original line number Diff line number Diff line
@@ -499,6 +499,7 @@ package android { 
    field public static final int ellipsize = 16842923; // 0x10100ab

    field public static final int ems = 16843096; // 0x1010158

    field public static final int enabled = 16842766; // 0x101000e

    field public static final int encryptionAware = 16844038; // 0x1010506

    field public static final int end = 16843996; // 0x10104dc

    field public static final int endColor = 16843166; // 0x101019e

    field public static final deprecated int endYear = 16843133; // 0x101017d
@@ -559,6 +560,7 @@ package android { 
    field public static final int fontFamily = 16843692; // 0x10103ac

    field public static final int fontFeatureSettings = 16843959; // 0x10104b7

    field public static final int footerDividersEnabled = 16843311; // 0x101022f

    field public static final int forceDeviceEncrypted = 16844037; // 0x1010505

    field public static final int foreground = 16843017; // 0x1010109

    field public static final int foregroundGravity = 16843264; // 0x1010200

    field public static final int foregroundTint = 16843885; // 0x101046d

api/system-current.txt

+2 −0
Original line number Diff line number Diff line
@@ -591,6 +591,7 @@ package android { 
    field public static final int ellipsize = 16842923; // 0x10100ab

    field public static final int ems = 16843096; // 0x1010158

    field public static final int enabled = 16842766; // 0x101000e

    field public static final int encryptionAware = 16844038; // 0x1010506

    field public static final int end = 16843996; // 0x10104dc

    field public static final int endColor = 16843166; // 0x101019e

    field public static final deprecated int endYear = 16843133; // 0x101017d
@@ -651,6 +652,7 @@ package android { 
    field public static final int fontFamily = 16843692; // 0x10103ac

    field public static final int fontFeatureSettings = 16843959; // 0x10104b7

    field public static final int footerDividersEnabled = 16843311; // 0x101022f

    field public static final int forceDeviceEncrypted = 16844037; // 0x1010505

    field public static final int foreground = 16843017; // 0x1010109

    field public static final int foregroundGravity = 16843264; // 0x1010200

    field public static final int foregroundTint = 16843885; // 0x101046d

cmds/sm/src/com/android/commands/sm/Sm.java

+10 −0
Original line number Diff line number Diff line
@@ -86,6 +86,8 @@ public final class Sm { 
            runBenchmark();

        } else if ("forget".equals(op)) {

            runForget();

        } else if ("set-emulate-fbe".equals(op)) {

            runSetEmulateFbe();

        } else {

            throw new IllegalArgumentException();

        }
@@ -137,6 +139,12 @@ public final class Sm { 
                StorageManager.DEBUG_FORCE_ADOPTABLE);

    }



    public void runSetEmulateFbe() throws RemoteException {

        final boolean emulateFbe = Boolean.parseBoolean(nextArg());

        mSm.setDebugFlags(emulateFbe ? StorageManager.DEBUG_EMULATE_FBE : 0,

                StorageManager.DEBUG_EMULATE_FBE);

    }



    public void runPartition() throws RemoteException {

        final String diskId = nextArg();

        final String type = nextArg();
@@ -205,6 +213,8 @@ public final class Sm { 
        System.err.println("");

        System.err.println("       sm forget [UUID|all]");

        System.err.println("");

        System.err.println("       sm set-emulate-fbe [true|false]");

        System.err.println("");

        return 1;

    }

}

core/java/android/content/pm/ApplicationInfo.java

+17 −1
Original line number Diff line number Diff line
@@ -22,7 +22,9 @@ import android.graphics.drawable.Drawable; 
import android.os.Environment;

import android.os.Parcel;

import android.os.Parcelable;

import android.os.SystemProperties;

import android.os.UserHandle;

import android.os.storage.StorageManager;

import android.text.TextUtils;

import android.util.Printer;
@@ -468,6 +470,14 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
     */

    public static final int PRIVATE_FLAG_FORCE_DEVICE_ENCRYPTED = 1 << 5;



    /**

     * When set, assume that all components under the given app are encryption

     * aware, unless otherwise specified.

     *

     * @hide

     */

    public static final int PRIVATE_FLAG_ENCRYPTION_AWARE = 1 << 6;



    /**

     * Private/hidden flags. See {@code PRIVATE_FLAG_...} constants.

     * {@hide}
@@ -963,7 +973,8 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
                .getDataUserCredentialEncryptedPackageDirectory(volumeUuid, userId, packageName)

                .getAbsolutePath();



        if ((privateFlags & PRIVATE_FLAG_FORCE_DEVICE_ENCRYPTED) != 0) {

        if ((privateFlags & PRIVATE_FLAG_FORCE_DEVICE_ENCRYPTED) != 0

                && SystemProperties.getBoolean(StorageManager.PROP_HAS_FBE, false)) {

            dataDir = deviceEncryptedDataDir;

        } else {

            dataDir = credentialEncryptedDataDir;
@@ -1030,6 +1041,11 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
                && (flags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) != 0;

    }



    /** @hide */

    public boolean isEncryptionAware() {

        return (privateFlags & ApplicationInfo.PRIVATE_FLAG_ENCRYPTION_AWARE) != 0;

    }



    /**

     * @hide

     */

core/java/android/content/pm/PackageParser.java

+12 −4
Original line number Diff line number Diff line
@@ -2636,6 +2636,10 @@ public class PackageParser { 
                && (flags & PARSE_IS_SYSTEM) != 0) {

            ai.privateFlags |= ApplicationInfo.PRIVATE_FLAG_FORCE_DEVICE_ENCRYPTED;

        }

        if (sa.getBoolean(R.styleable.AndroidManifestApplication_encryptionAware, false)

                && (flags & PARSE_IS_SYSTEM) != 0) {

            ai.privateFlags |= ApplicationInfo.PRIVATE_FLAG_ENCRYPTION_AWARE;

        }



        String str;

        str = sa.getNonConfigurationString(
@@ -3236,7 +3240,8 @@ public class PackageParser { 
                    sa.getInt(R.styleable.AndroidManifestActivity_lockTaskMode, 0);



            a.info.encryptionAware = sa.getBoolean(

                    R.styleable.AndroidManifestActivity_encryptionAware, false);

                    R.styleable.AndroidManifestActivity_encryptionAware,

                    owner.applicationInfo.isEncryptionAware());

        } else {

            a.info.launchMode = ActivityInfo.LAUNCH_MULTIPLE;

            a.info.configChanges = 0;
@@ -3253,7 +3258,8 @@ public class PackageParser { 
            }



            a.info.encryptionAware = sa.getBoolean(

                    R.styleable.AndroidManifestActivity_encryptionAware, false);

                    R.styleable.AndroidManifestActivity_encryptionAware,

                    owner.applicationInfo.isEncryptionAware());

        }



        sa.recycle();
@@ -3655,7 +3661,8 @@ public class PackageParser { 
        }



        p.info.encryptionAware = sa.getBoolean(

                R.styleable.AndroidManifestProvider_encryptionAware, false);

                R.styleable.AndroidManifestProvider_encryptionAware,

                owner.applicationInfo.isEncryptionAware());



        sa.recycle();
@@ -3938,7 +3945,8 @@ public class PackageParser { 
        }



        s.info.encryptionAware = sa.getBoolean(

                R.styleable.AndroidManifestService_encryptionAware, false);

                R.styleable.AndroidManifestService_encryptionAware,

                owner.applicationInfo.isEncryptionAware());



        sa.recycle();