Create a File Based Encryption check API

Change-Id: Ibf41f98818ea801b9f690200c340be80c3b9bf31
author: Clara Bayarri <clarabayarri@google.com> 2015-10-28 17:53:53 +0000
committer: Clara Bayarri <clarabayarri@google.com> 2015-11-04 12:27:39 +0000
commit: 965da39942f9a8736f785f7c57a6c351a8c89d6b (patch)
tree: 59049d32e798adf1e8bc91b4a37be6850384b647
parent: 3034538ca84c3daef776d6f97e0e16bc7f881afd (diff)
6 files changed, 52 insertions, 5 deletions
diff --git a/core/java/android/os/storage/IMountService.java b/core/java/android/os/storage/IMountService.java
index 01e1dc882474..c4337cb565b7 100644
--- a/core/java/android/os/storage/IMountService.java
+++ b/core/java/android/os/storage/IMountService.java
@@ -1211,6 +1211,23 @@ public interface IMountService extends IInterface {
                     _data.recycle();
                 }
             }
+
+            @Override
+            public boolean isPerUserEncryptionEnabled() throws RemoteException {
+                Parcel _data = Parcel.obtain();
+                Parcel _reply = Parcel.obtain();
+                boolean _result;
+                try {
+                    _data.writeInterfaceToken(DESCRIPTOR);
+                    mRemote.transact(Stub.TRANSACTION_isPerUserEncryptionEnabled, _data, _reply, 0);
+                    _reply.readException();
+                    _result = 0 != _reply.readInt();
+                } finally {
+                    _reply.recycle();
+                    _data.recycle();
+                }
+                return _result;
+            }
         }
 
         private static final String DESCRIPTOR = "IMountService";
@@ -1330,6 +1347,8 @@ public interface IMountService extends IInterface {
 
         static final int TRANSACTION_deleteUserKey = IBinder.FIRST_CALL_TRANSACTION + 63;
 
+        static final int TRANSACTION_isPerUserEncryptionEnabled = IBinder.FIRST_CALL_TRANSACTION + 64;
+
         /**
          * Cast an IBinder object into an IMountService interface, generating a
          * proxy if needed.
@@ -1900,6 +1919,13 @@ public interface IMountService extends IInterface {
                     reply.writeNoException();
                     return true;
                 }
+                case TRANSACTION_isPerUserEncryptionEnabled: {
+                    data.enforceInterface(DESCRIPTOR);
+                    boolean result = isPerUserEncryptionEnabled();
+                    reply.writeNoException();
+                    reply.writeInt((result ? 1 : 0));
+                    return true;
+                }
             }
             return super.onTransact(code, data, reply, flags);
         }
@@ -2224,4 +2250,10 @@ public interface IMountService extends IInterface {
      */
     public void deleteUserKey(int userHandle)
         throws RemoteException;
+
+    /**
+     * Returns whether the current encryption type is per user.
+     */
+    public boolean isPerUserEncryptionEnabled()
+        throws RemoteException;
 }
diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java
index 1d92453b3e9e..2ca0b206ef7b 100644
--- a/core/java/android/os/storage/StorageManager.java
+++ b/core/java/android/os/storage/StorageManager.java
@@ -978,6 +978,15 @@ public class StorageManager {
     }
 
     /** {@hide} */
+    public boolean isPerUserEncryptionEnabled() {
+        try {
+            return mMountService.isPerUserEncryptionEnabled();
+        } catch (RemoteException e) {
+            throw e.rethrowAsRuntimeException();
+        }
+    }
+
+    /** {@hide} */
     public static File maybeTranslateEmulatedPathToInternal(File path) {
         final IMountService mountService = IMountService.Stub.asInterface(
                 ServiceManager.getService("mount"));
diff --git a/services/core/java/com/android/server/LockSettingsStorage.java b/services/core/java/com/android/server/LockSettingsStorage.java
index 7c0a82001569..6acec6bb864d 100644
--- a/services/core/java/com/android/server/LockSettingsStorage.java
+++ b/services/core/java/com/android/server/LockSettingsStorage.java
@@ -27,6 +27,7 @@ import android.database.sqlite.SQLiteOpenHelper;
 import android.os.Environment;
 import android.os.SystemProperties;
 import android.os.UserManager;
+import android.os.storage.StorageManager;
 import android.util.ArrayMap;
 import android.util.Log;
 import android.util.Slog;
@@ -387,8 +388,8 @@ class LockSettingsStorage {
     }
 
     private int getUserParentOrSelfId(int userId) {
-        // Device supports File Based Encryption, and lock is applied per-user
-        if ("file".equals(SystemProperties.get("ro.crypto.type", "none"))) {
+        // Device supports per user encryption, so lock is applied to the given user.
+        if (mContext.getSystemService(StorageManager.class).isPerUserEncryptionEnabled()) {
             return userId;
         }
         // Device uses Block Based Encryption, and the parent user's lock is used for the whole
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index a7879c64bc13..50afa3c302c4 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -2693,6 +2693,11 @@ class MountService extends IMountService.Stub
     }
 
     @Override
+    public boolean isPerUserEncryptionEnabled() {
+        return "file".equals(SystemProperties.get("ro.crypto.type", "none"));
+    }
+
+    @Override
     public int mkdirs(String callingPkg, String appPath) {
         final int userId = UserHandle.getUserId(Binder.getCallingUid());
         final UserEnvironment userEnv = new UserEnvironment(userId);
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index c41d49359a66..621ae2d56e7c 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -404,7 +404,7 @@ public class UserManagerService extends IUserManager.Stub {
     @Override
     public int getCredentialOwnerProfile(int userHandle) {
         checkManageUsersPermission("get the credential owner");
-        if (!"file".equals(SystemProperties.get("ro.crypto.type", "none"))) {
+        if (!mContext.getSystemService(StorageManager.class).isPerUserEncryptionEnabled()) {
             synchronized (mUsersLock) {
                 UserInfo profileParent = getProfileParentLU(userHandle);
                 if (profileParent != null) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index aea2ecf68858..bf7c745a546e 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3803,8 +3803,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             return;
         }
         enforceCrossUserPermission(userHandle);
-        // Managed Profile password can only be changed when file based encryption is present.
-        if (!"file".equals(SystemProperties.get("ro.crypto.type", "none"))) {
+        // Managed Profile password can only be changed when per user encryption is present.
+        if (!mContext.getSystemService(StorageManager.class).isPerUserEncryptionEnabled()) {
             enforceNotManagedProfile(userHandle, "set the active password");
         }
author	Clara Bayarri <clarabayarri@google.com>	2015-10-28 17:53:53 +0000
committer	Clara Bayarri <clarabayarri@google.com>	2015-11-04 12:27:39 +0000
commit	965da39942f9a8736f785f7c57a6c351a8c89d6b (patch)
tree	59049d32e798adf1e8bc91b4a37be6850384b647
parent	3034538ca84c3daef776d6f97e0e16bc7f881afd (diff)