drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove unused FDE methods from StorageManager

Browse Source 
Now that FDE is no longer supported, remove the FDE-related methods from
StorageManager that are no longer called.

Bug: 208476087
Change-Id: Ic24a5b029bdf51dec622d1b70cef9ef26c3d54c5
(cherry picked from commit 41fa601601ecb094fd813ac4c01356045c34cf88)
Merged-In: Ic24a5b029bdf51dec622d1b70cef9ef26c3d54c5
This commit is contained in:
Eric Biggers 2022-01-26 05:14:09 +00:00
parent f33dbe0540
commit 0bc49e6fc3
5 changed files with 0 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
core/java/android/os/storage/IStorageManager.aidl
View File

@ -77,37 +77,10 @@ interface IStorageManager {
* Gets the path to the mounted Opaque Binary Blob (OBB).
*/
String getMountedObbPath(in String rawPath) = 24;
/**
* Decrypts any encrypted volumes.
*/
int decryptStorage(in String password) = 26;
/**
* Encrypts storage.
*/
int encryptStorage(int type, in String password) = 27;
/**
* Changes the encryption password.
*/
int changeEncryptionPassword(int type, in String password) = 28;
/**
* Returns list of all mountable volumes.
*/
StorageVolume[] getVolumeList(int uid, in String packageName, int flags) = 29;
/**
* Determines the encryption state of the volume.
* @return a numerical value. See {@code ENCRYPTION_STATE_*} for possible
* values.
* Note that this has been replaced in most cases by the APIs in
* StorageManager (see isEncryptable and below)
* This is still useful to get the error state when encryption has failed
* and CryptKeeper needs to throw up a screen advising the user what to do
*/
int getEncryptionState() = 31;
/**
* Verify the encryption password against the stored volume. This method
* may only be called by the system process.
*/
int verifyEncryptionPassword(in String password) = 32;
/**
* Ensure that all directories along given path exist, creating parent
* directories as needed. Validates that given path is absolute and that it
@ -116,32 +89,6 @@ interface IStorageManager {
* external storage data or OBB directory belonging to calling app.
*/
void mkdirs(in String callingPkg, in String path) = 34;
/**
* Determines the type of the encryption password
* @return PasswordType
*/
int getPasswordType() = 35;
/**
* Get password from vold
* @return password or empty string
*/
String getPassword() = 36;
/**
* Securely clear password from vold
*/
oneway void clearPassword() = 37;
/**
* Set a field in the crypto header.
* @param field field to set
* @param contents contents to set in field
*/
oneway void setField(in String field, in String contents) = 38;
/**
* Gets a field from the crypto header.
* @param field field to get
* @return contents of field
*/
String getField(in String field) = 39;
/**
* Report the time of the last maintenance operation such as fstrim.
* @return Timestamp of the last maintenance operation, in the

10
core/java/android/os/storage/StorageManager.java
View File

@ -2904,14 +2904,4 @@ public class StorageManager {
public static final int CRYPT_TYPE_PATTERN = IVold.PASSWORD_TYPE_PATTERN;
/** @hide */
public static final int CRYPT_TYPE_PIN = IVold.PASSWORD_TYPE_PIN;
// Constants for the data available via StorageManagerService.getField.
/** @hide */
public static final String SYSTEM_LOCALE_KEY = "SystemLocale";
/** @hide */
public static final String OWNER_INFO_KEY = "OwnerInfo";
/** @hide */
public static final String PATTERN_VISIBLE_KEY = "PatternVisible";
/** @hide */
public static final String PASSWORD_VISIBLE_KEY = "PasswordVisible";
}

36
libs/storage/IMountService.cpp
View File

@ -48,8 +48,6 @@ enum {
TRANSACTION_isObbMounted,
TRANSACTION_getMountedObbPath,
TRANSACTION_isExternalStorageEmulated,
TRANSACTION_decryptStorage,
TRANSACTION_encryptStorage,
};
class BpMountService: public BpInterface<IMountService>
@ -517,40 +515,6 @@ public:
path = reply.readString16();
return true;
}
int32_t decryptStorage(const String16& password)
{
Parcel data, reply;
data.writeInterfaceToken(IMountService::getInterfaceDescriptor());
data.writeString16(password);
if (remote()->transact(TRANSACTION_decryptStorage, data, &reply) != NO_ERROR) {
ALOGD("decryptStorage could not contact remote\n");
return -1;
}
int32_t err = reply.readExceptionCode();
if (err < 0) {
ALOGD("decryptStorage caught exception %d\n", err);
return err;
}
return reply.readInt32();
}
int32_t encryptStorage(const String16& password)
{
Parcel data, reply;
data.writeInterfaceToken(IMountService::getInterfaceDescriptor());
data.writeString16(password);
if (remote()->transact(TRANSACTION_encryptStorage, data, &reply) != NO_ERROR) {
ALOGD("encryptStorage could not contact remote\n");
return -1;
}
int32_t err = reply.readExceptionCode();
if (err < 0) {
ALOGD("encryptStorage caught exception %d\n", err);
return err;
}
return reply.readInt32();
}
};
IMPLEMENT_META_INTERFACE(MountService, "android.os.storage.IStorageManager")

2
libs/storage/include/storage/IMountService.h
View File

@ -70,8 +70,6 @@ public:
const sp<IObbActionListener>& token, const int32_t nonce) = 0;
virtual bool isObbMounted(const String16& filename) = 0;
virtual bool getMountedObbPath(const String16& filename, String16& path) = 0;
virtual int32_t decryptStorage(const String16& password) = 0;
virtual int32_t encryptStorage(const String16& password) = 0;
};
// ----------------------------------------------------------------------------

224
services/core/java/com/android/server/StorageManagerService.java
View File

@ -3072,203 +3072,6 @@ class StorageManagerService extends IStorageManager.Stub
}
}
@Override
public int getEncryptionState() {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
try {
return mVold.fdeComplete();
} catch (Exception e) {
Slog.wtf(TAG, e);
return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN;
}
}
@Override
public int decryptStorage(String password) {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("password cannot be empty");
}
if (DEBUG_EVENTS) {
Slog.i(TAG, "decrypting storage...");
}
try {
mVold.fdeCheckPassword(password);
mHandler.postDelayed(() -> {
try {
mVold.fdeRestart();
} catch (Exception e) {
Slog.wtf(TAG, e);
}
}, DateUtils.SECOND_IN_MILLIS);
return 0;
} catch (ServiceSpecificException e) {
Slog.e(TAG, "fdeCheckPassword failed", e);
return e.errorCode;
} catch (Exception e) {
Slog.wtf(TAG, e);
return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN;
}
}
@Override
public int encryptStorage(int type, String password) {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
if (type == StorageManager.CRYPT_TYPE_DEFAULT) {
password = "";
} else if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("password cannot be empty");
}
if (DEBUG_EVENTS) {
Slog.i(TAG, "encrypting storage...");
}
try {
mVold.fdeEnable(type, password, 0);
} catch (Exception e) {
Slog.wtf(TAG, e);
return -1;
}
return 0;
}
/** Set the password for encrypting the main key.
* @param type One of the CRYPTO_TYPE_XXX consts defined in StorageManager.
* @param password The password to set.
*/
@Override
public int changeEncryptionPassword(int type, String password) {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
if (StorageManager.isFileEncryptedNativeOnly()) {
// Not supported on FBE devices
return -1;
}
if (type == StorageManager.CRYPT_TYPE_DEFAULT) {
password = "";
} else if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("password cannot be empty");
}
if (DEBUG_EVENTS) {
Slog.i(TAG, "changing encryption password...");
}
try {
mVold.fdeChangePassword(type, password);
return 0;
} catch (Exception e) {
Slog.wtf(TAG, e);
return -1;
}
}
/**
* Validate a user-supplied password string with cryptfs
*/
@Override
public int verifyEncryptionPassword(String password) throws RemoteException {
// Only the system process is permitted to validate passwords
if (Binder.getCallingUid() != android.os.Process.SYSTEM_UID) {
throw new SecurityException("no permission to access the crypt keeper");
}
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("password cannot be empty");
}
if (DEBUG_EVENTS) {
Slog.i(TAG, "validating encryption password...");
}
try {
mVold.fdeVerifyPassword(password);
return 0;
} catch (Exception e) {
Slog.wtf(TAG, e);
return -1;
}
}
/**
* Get the type of encryption used to encrypt the main key.
* @return The type, one of the CRYPT_TYPE_XXX consts from StorageManager.
*/
@Override
public int getPasswordType() {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
try {
return mVold.fdeGetPasswordType();
} catch (Exception e) {
Slog.wtf(TAG, e);
return -1;
}
}
/**
* Set a field in the crypto header.
* @param field field to set
* @param contents contents to set in field
*/
@Override
public void setField(String field, String contents) throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
if (!StorageManager.isBlockEncrypted()) {
// Only supported on FDE devices
return;
}
try {
mVold.fdeSetField(field, contents);
return;
} catch (Exception e) {
Slog.wtf(TAG, e);
return;
}
}
/**
* Gets a field from the crypto header.
* @param field field to get
* @return contents of field
*/
@Override
public String getField(String field) throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
if (!StorageManager.isBlockEncrypted()) {
// Only supported on FDE devices
return null;
}
try {
return mVold.fdeGetField(field);
} catch (Exception e) {
Slog.wtf(TAG, e);
return null;
}
}
/**
* Is userdata convertible to file based encryption?
* @return non zero for convertible
@ -3350,33 +3153,6 @@ class StorageManagerService extends IStorageManager.Stub
mVold.abortChanges(message, retry);
}
@Override
public String getPassword() throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"only keyguard can retrieve password");
try {
return mVold.fdeGetPassword();
} catch (Exception e) {
Slog.wtf(TAG, e);
return null;
}
}
@Override
public void clearPassword() throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"only keyguard can clear password");
try {
mVold.fdeClearPassword();
return;
} catch (Exception e) {
Slog.wtf(TAG, e);
return;
}
}
@Override
public void createUserKey(int userId, int serialNumber, boolean ephemeral) {
enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);