From 0bc49e6fc3122731a66df1c8d48e2dd47c0a2187 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 26 Jan 2022 05:14:09 +0000 Subject: [PATCH] Remove unused FDE methods from StorageManager Now that FDE is no longer supported, remove the FDE-related methods from StorageManager that are no longer called. Bug: 208476087 Change-Id: Ic24a5b029bdf51dec622d1b70cef9ef26c3d54c5 (cherry picked from commit 41fa601601ecb094fd813ac4c01356045c34cf88) Merged-In: Ic24a5b029bdf51dec622d1b70cef9ef26c3d54c5 --- .../android/os/storage/IStorageManager.aidl | 53 ----- .../android/os/storage/StorageManager.java | 10 - libs/storage/IMountService.cpp | 36 --- libs/storage/include/storage/IMountService.h | 2 - .../android/server/StorageManagerService.java | 224 ------------------ 5 files changed, 325 deletions(-) diff --git a/core/java/android/os/storage/IStorageManager.aidl b/core/java/android/os/storage/IStorageManager.aidl index 6c0a1f99e112..b7b6c3002e70 100644 --- a/core/java/android/os/storage/IStorageManager.aidl +++ b/core/java/android/os/storage/IStorageManager.aidl @@ -77,37 +77,10 @@ interface IStorageManager { * Gets the path to the mounted Opaque Binary Blob (OBB). */ String getMountedObbPath(in String rawPath) = 24; - /** - * Decrypts any encrypted volumes. - */ - int decryptStorage(in String password) = 26; - /** - * Encrypts storage. - */ - int encryptStorage(int type, in String password) = 27; - /** - * Changes the encryption password. - */ - int changeEncryptionPassword(int type, in String password) = 28; /** * Returns list of all mountable volumes. */ StorageVolume[] getVolumeList(int uid, in String packageName, int flags) = 29; - /** - * Determines the encryption state of the volume. - * @return a numerical value. See {@code ENCRYPTION_STATE_*} for possible - * values. - * Note that this has been replaced in most cases by the APIs in - * StorageManager (see isEncryptable and below) - * This is still useful to get the error state when encryption has failed - * and CryptKeeper needs to throw up a screen advising the user what to do - */ - int getEncryptionState() = 31; - /** - * Verify the encryption password against the stored volume. This method - * may only be called by the system process. - */ - int verifyEncryptionPassword(in String password) = 32; /** * Ensure that all directories along given path exist, creating parent * directories as needed. Validates that given path is absolute and that it @@ -116,32 +89,6 @@ interface IStorageManager { * external storage data or OBB directory belonging to calling app. */ void mkdirs(in String callingPkg, in String path) = 34; - /** - * Determines the type of the encryption password - * @return PasswordType - */ - int getPasswordType() = 35; - /** - * Get password from vold - * @return password or empty string - */ - String getPassword() = 36; - /** - * Securely clear password from vold - */ - oneway void clearPassword() = 37; - /** - * Set a field in the crypto header. - * @param field field to set - * @param contents contents to set in field - */ - oneway void setField(in String field, in String contents) = 38; - /** - * Gets a field from the crypto header. - * @param field field to get - * @return contents of field - */ - String getField(in String field) = 39; /** * Report the time of the last maintenance operation such as fstrim. * @return Timestamp of the last maintenance operation, in the diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java index db724d2de30b..4540574f342a 100644 --- a/core/java/android/os/storage/StorageManager.java +++ b/core/java/android/os/storage/StorageManager.java @@ -2904,14 +2904,4 @@ public class StorageManager { public static final int CRYPT_TYPE_PATTERN = IVold.PASSWORD_TYPE_PATTERN; /** @hide */ public static final int CRYPT_TYPE_PIN = IVold.PASSWORD_TYPE_PIN; - - // Constants for the data available via StorageManagerService.getField. - /** @hide */ - public static final String SYSTEM_LOCALE_KEY = "SystemLocale"; - /** @hide */ - public static final String OWNER_INFO_KEY = "OwnerInfo"; - /** @hide */ - public static final String PATTERN_VISIBLE_KEY = "PatternVisible"; - /** @hide */ - public static final String PASSWORD_VISIBLE_KEY = "PasswordVisible"; } diff --git a/libs/storage/IMountService.cpp b/libs/storage/IMountService.cpp index 055dbb2b5c5e..99508a2943ff 100644 --- a/libs/storage/IMountService.cpp +++ b/libs/storage/IMountService.cpp @@ -48,8 +48,6 @@ enum { TRANSACTION_isObbMounted, TRANSACTION_getMountedObbPath, TRANSACTION_isExternalStorageEmulated, - TRANSACTION_decryptStorage, - TRANSACTION_encryptStorage, }; class BpMountService: public BpInterface @@ -517,40 +515,6 @@ public: path = reply.readString16(); return true; } - - int32_t decryptStorage(const String16& password) - { - Parcel data, reply; - data.writeInterfaceToken(IMountService::getInterfaceDescriptor()); - data.writeString16(password); - if (remote()->transact(TRANSACTION_decryptStorage, data, &reply) != NO_ERROR) { - ALOGD("decryptStorage could not contact remote\n"); - return -1; - } - int32_t err = reply.readExceptionCode(); - if (err < 0) { - ALOGD("decryptStorage caught exception %d\n", err); - return err; - } - return reply.readInt32(); - } - - int32_t encryptStorage(const String16& password) - { - Parcel data, reply; - data.writeInterfaceToken(IMountService::getInterfaceDescriptor()); - data.writeString16(password); - if (remote()->transact(TRANSACTION_encryptStorage, data, &reply) != NO_ERROR) { - ALOGD("encryptStorage could not contact remote\n"); - return -1; - } - int32_t err = reply.readExceptionCode(); - if (err < 0) { - ALOGD("encryptStorage caught exception %d\n", err); - return err; - } - return reply.readInt32(); - } }; IMPLEMENT_META_INTERFACE(MountService, "android.os.storage.IStorageManager") diff --git a/libs/storage/include/storage/IMountService.h b/libs/storage/include/storage/IMountService.h index 5b07318f4432..5a9c39bc021b 100644 --- a/libs/storage/include/storage/IMountService.h +++ b/libs/storage/include/storage/IMountService.h @@ -70,8 +70,6 @@ public: const sp& token, const int32_t nonce) = 0; virtual bool isObbMounted(const String16& filename) = 0; virtual bool getMountedObbPath(const String16& filename, String16& path) = 0; - virtual int32_t decryptStorage(const String16& password) = 0; - virtual int32_t encryptStorage(const String16& password) = 0; }; // ---------------------------------------------------------------------------- diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index 8a83130f50fa..6e4a1ea134c6 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -3072,203 +3072,6 @@ class StorageManagerService extends IStorageManager.Stub } } - @Override - public int getEncryptionState() { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - try { - return mVold.fdeComplete(); - } catch (Exception e) { - Slog.wtf(TAG, e); - return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN; - } - } - - @Override - public int decryptStorage(String password) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (TextUtils.isEmpty(password)) { - throw new IllegalArgumentException("password cannot be empty"); - } - - if (DEBUG_EVENTS) { - Slog.i(TAG, "decrypting storage..."); - } - - try { - mVold.fdeCheckPassword(password); - mHandler.postDelayed(() -> { - try { - mVold.fdeRestart(); - } catch (Exception e) { - Slog.wtf(TAG, e); - } - }, DateUtils.SECOND_IN_MILLIS); - return 0; - } catch (ServiceSpecificException e) { - Slog.e(TAG, "fdeCheckPassword failed", e); - return e.errorCode; - } catch (Exception e) { - Slog.wtf(TAG, e); - return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN; - } - } - - @Override - public int encryptStorage(int type, String password) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (type == StorageManager.CRYPT_TYPE_DEFAULT) { - password = ""; - } else if (TextUtils.isEmpty(password)) { - throw new IllegalArgumentException("password cannot be empty"); - } - - if (DEBUG_EVENTS) { - Slog.i(TAG, "encrypting storage..."); - } - - try { - mVold.fdeEnable(type, password, 0); - } catch (Exception e) { - Slog.wtf(TAG, e); - return -1; - } - - return 0; - } - - /** Set the password for encrypting the main key. - * @param type One of the CRYPTO_TYPE_XXX consts defined in StorageManager. - * @param password The password to set. - */ - @Override - public int changeEncryptionPassword(int type, String password) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (StorageManager.isFileEncryptedNativeOnly()) { - // Not supported on FBE devices - return -1; - } - - if (type == StorageManager.CRYPT_TYPE_DEFAULT) { - password = ""; - } else if (TextUtils.isEmpty(password)) { - throw new IllegalArgumentException("password cannot be empty"); - } - - if (DEBUG_EVENTS) { - Slog.i(TAG, "changing encryption password..."); - } - - try { - mVold.fdeChangePassword(type, password); - return 0; - } catch (Exception e) { - Slog.wtf(TAG, e); - return -1; - } - } - - /** - * Validate a user-supplied password string with cryptfs - */ - @Override - public int verifyEncryptionPassword(String password) throws RemoteException { - // Only the system process is permitted to validate passwords - if (Binder.getCallingUid() != android.os.Process.SYSTEM_UID) { - throw new SecurityException("no permission to access the crypt keeper"); - } - - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (TextUtils.isEmpty(password)) { - throw new IllegalArgumentException("password cannot be empty"); - } - - if (DEBUG_EVENTS) { - Slog.i(TAG, "validating encryption password..."); - } - - try { - mVold.fdeVerifyPassword(password); - return 0; - } catch (Exception e) { - Slog.wtf(TAG, e); - return -1; - } - } - - /** - * Get the type of encryption used to encrypt the main key. - * @return The type, one of the CRYPT_TYPE_XXX consts from StorageManager. - */ - @Override - public int getPasswordType() { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - try { - return mVold.fdeGetPasswordType(); - } catch (Exception e) { - Slog.wtf(TAG, e); - return -1; - } - } - - /** - * Set a field in the crypto header. - * @param field field to set - * @param contents contents to set in field - */ - @Override - public void setField(String field, String contents) throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (!StorageManager.isBlockEncrypted()) { - // Only supported on FDE devices - return; - } - - try { - mVold.fdeSetField(field, contents); - return; - } catch (Exception e) { - Slog.wtf(TAG, e); - return; - } - } - - /** - * Gets a field from the crypto header. - * @param field field to get - * @return contents of field - */ - @Override - public String getField(String field) throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (!StorageManager.isBlockEncrypted()) { - // Only supported on FDE devices - return null; - } - - try { - return mVold.fdeGetField(field); - } catch (Exception e) { - Slog.wtf(TAG, e); - return null; - } - } - /** * Is userdata convertible to file based encryption? * @return non zero for convertible @@ -3350,33 +3153,6 @@ class StorageManagerService extends IStorageManager.Stub mVold.abortChanges(message, retry); } - @Override - public String getPassword() throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "only keyguard can retrieve password"); - - try { - return mVold.fdeGetPassword(); - } catch (Exception e) { - Slog.wtf(TAG, e); - return null; - } - } - - @Override - public void clearPassword() throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "only keyguard can clear password"); - - try { - mVold.fdeClearPassword(); - return; - } catch (Exception e) { - Slog.wtf(TAG, e); - return; - } - } - @Override public void createUserKey(int userId, int serialNumber, boolean ephemeral) { enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);