Stop trying to update FDE password from LockSettingsService

Since FDE is no longer supported, updating the FDE password never does anything. Stop trying to do so. Remove updateEncryptionPassword() from ILockSettings, since its only caller outside of LockSettingsService itself was in LockPatternUtils, and the previous CL removed that caller. Bug: 208476087 Change-Id: I46c2a472177836f0c9084e4c3b4ed2e6c0ab61d5 (cherry picked from commit 3762ada110e11b051badb6ff2f4109083721d627) Merged-In: I46c2a472177836f0c9084e4c3b4ed2e6c0ab61d5
author: Eric Biggers <ebiggers@google.com> 2022-01-26 05:22:38 +0000
committer: Eric Biggers <ebiggers@google.com> 2022-03-09 05:11:10 +0000
commit: d63d0e12cc6db7e2f2bb84edb794254b6b94f58e (patch)
tree: b04761efc7fe21824cedc96b73f5c208d0d3a3d8
parent: 0a9389d296636a3c8322381ff859b3527753bcc2 (diff)
2 files changed, 4 insertions, 50 deletions
diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl
index d16d9c619403..654b46164dcf 100644
--- a/core/java/com/android/internal/widget/ILockSettings.aidl
+++ b/core/java/com/android/internal/widget/ILockSettings.aidl
@@ -95,5 +95,4 @@ interface ILockSettings {
     boolean hasSecureLockScreen();
     boolean tryUnlockWithCachedUnifiedChallenge(int userId);
     void removeCachedUnifiedChallenge(int userId);
-    void updateEncryptionPassword(int type, in byte[] password);
 }
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 7d5b7e535ca9..45f85edeff7e 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -1761,7 +1761,10 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     private void onPostPasswordChanged(LockscreenCredential newCredential, int userHandle) {
-        updateEncryptionPasswordIfNeeded(newCredential, userHandle);
+        if (userHandle == UserHandle.USER_SYSTEM && isDeviceEncryptionEnabled() &&
+            shouldEncryptWithCredentials() && newCredential.isNone()) {
+            setCredentialRequiredToDecrypt(false);
+        }
         if (newCredential.isPattern()) {
             setBoolean(LockPatternUtils.PATTERN_EVER_CHOSEN_KEY, true, userHandle);
         }
@@ -1770,26 +1773,6 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     /**
-     * Update device encryption password if calling user is USER_SYSTEM and device supports
-     * encryption.
-     */
-    private void updateEncryptionPasswordIfNeeded(LockscreenCredential credential, int userHandle) {
-        // Update the device encryption password.
-        if (userHandle != UserHandle.USER_SYSTEM || !isDeviceEncryptionEnabled()) {
-            return;
-        }
-        if (!shouldEncryptWithCredentials()) {
-            updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);
-            return;
-        }
-        if (credential.isNone()) {
-            // Set the encryption password to default.
-            setCredentialRequiredToDecrypt(false);
-        }
-        updateEncryptionPassword(credential.getStorageCryptType(), credential.getCredential());
-    }
-
-    /**
      * Store the hash of the *current* password in the password history list, if device policy
      * enforces password history requirement.
      */
@@ -1883,34 +1866,6 @@ public class LockSettingsService extends ILockSettings.Stub {
         }
     }
 
-    /** Update the encryption password if it is enabled **/
-    @Override
-    public void updateEncryptionPassword(final int type, final byte[] password) {
-        if (!hasSecureLockScreen() && password != null && password.length != 0) {
-            throw new UnsupportedOperationException(
-                    "This operation requires the lock screen feature.");
-        }
-        if (!isDeviceEncryptionEnabled()) {
-            return;
-        }
-        final IBinder service = ServiceManager.getService("mount");
-        if (service == null) {
-            Slog.e(TAG, "Could not find the mount service to update the encryption password");
-            return;
-        }
-
-        // TODO(b/120484642): This is a location where we still use a String for vold
-        String passwordString = password != null ? new String(password) : null;
-        mHandler.post(() -> {
-            IStorageManager storageManager = mInjector.getStorageManager();
-            try {
-                storageManager.changeEncryptionPassword(type, passwordString);
-            } catch (RemoteException e) {
-                Slog.e(TAG, "Error changing encryption password", e);
-            }
-        });
-    }
-
     @VisibleForTesting /** Note: this method is overridden in unit tests */
     protected void tieProfileLockToParent(int userId, LockscreenCredential password) {
         if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId);
author	Eric Biggers <ebiggers@google.com>	2022-01-26 05:22:38 +0000
committer	Eric Biggers <ebiggers@google.com>	2022-03-09 05:11:10 +0000
commit	d63d0e12cc6db7e2f2bb84edb794254b6b94f58e (patch)
tree	b04761efc7fe21824cedc96b73f5c208d0d3a3d8
parent	0a9389d296636a3c8322381ff859b3527753bcc2 (diff)