summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Eric Biggers <ebiggers@google.com> 2022-06-09 19:52:48 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-06-09 19:52:48 +0000
commitcb6e4d4cda6ece1ac20db1a6bd66a0db46cce19f (patch)
tree81fe1b4f8a125839c62865a698a12faff5a3e33d
parent322db8517ec8da83c4f7281cb74a4d6a1458d922 (diff)
parent5f2aa0bd1937380ed89392508231fe81d43d708c (diff)
Merge "Remove obsolete support for emulated FBE" am: d96c8701dd am: 5f2aa0bd19
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2101871 Change-Id: Idd5e502f12216c2de212b68682fb97a4bb28e874 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--cmds/sm/src/com/android/commands/sm/Sm.java14
-rw-r--r--core/java/android/os/storage/StorageManager.java35
-rw-r--r--services/core/java/com/android/server/StorageManagerService.java75
-rw-r--r--services/core/java/com/android/server/pm/UserDataPreparer.java13
-rw-r--r--services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java5
5 files changed, 22 insertions, 120 deletions
diff --git a/cmds/sm/src/com/android/commands/sm/Sm.java b/cmds/sm/src/com/android/commands/sm/Sm.java
index b384e702ac4e..07c407933dc5 100644
--- a/cmds/sm/src/com/android/commands/sm/Sm.java
+++ b/cmds/sm/src/com/android/commands/sm/Sm.java
@@ -94,8 +94,6 @@ public final class Sm {
runBenchmark();
} else if ("forget".equals(op)) {
runForget();
- } else if ("set-emulate-fbe".equals(op)) {
- runSetEmulateFbe();
} else if ("get-fbe-mode".equals(op)) {
runGetFbeMode();
} else if ("idle-maint".equals(op)) {
@@ -191,17 +189,9 @@ public final class Sm {
}
}
- public void runSetEmulateFbe() throws RemoteException {
- final boolean emulateFbe = Boolean.parseBoolean(nextArg());
- mSm.setDebugFlags(emulateFbe ? StorageManager.DEBUG_EMULATE_FBE : 0,
- StorageManager.DEBUG_EMULATE_FBE);
- }
-
public void runGetFbeMode() {
- if (StorageManager.isFileEncryptedNativeOnly()) {
+ if (StorageManager.isFileEncrypted()) {
System.out.println("native");
- } else if (StorageManager.isFileEncryptedEmulatedOnly()) {
- System.out.println("emulated");
} else {
System.out.println("none");
}
@@ -358,8 +348,6 @@ public final class Sm {
System.err.println("");
System.err.println(" sm forget [UUID|all]");
System.err.println("");
- System.err.println(" sm set-emulate-fbe [true|false]");
- System.err.println("");
System.err.println(" sm start-checkpoint <num-retries>");
System.err.println("");
System.err.println(" sm supports-checkpoint");
diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java
index 497bfa6380bc..08de87ebe2e6 100644
--- a/core/java/android/os/storage/StorageManager.java
+++ b/core/java/android/os/storage/StorageManager.java
@@ -153,8 +153,6 @@ public class StorageManager {
/** {@hide} */
public static final String PROP_ADOPTABLE = "persist.sys.adoptable";
/** {@hide} */
- public static final String PROP_EMULATE_FBE = "persist.sys.emulate_fbe";
- /** {@hide} */
public static final String PROP_SDCARDFS = "persist.sys.sdcardfs";
/** {@hide} */
public static final String PROP_VIRTUAL_DISK = "persist.sys.virtual_disk";
@@ -258,13 +256,11 @@ public class StorageManager {
/** {@hide} */
public static final int DEBUG_ADOPTABLE_FORCE_OFF = 1 << 1;
/** {@hide} */
- public static final int DEBUG_EMULATE_FBE = 1 << 2;
- /** {@hide} */
- public static final int DEBUG_SDCARDFS_FORCE_ON = 1 << 3;
+ public static final int DEBUG_SDCARDFS_FORCE_ON = 1 << 2;
/** {@hide} */
- public static final int DEBUG_SDCARDFS_FORCE_OFF = 1 << 4;
+ public static final int DEBUG_SDCARDFS_FORCE_OFF = 1 << 3;
/** {@hide} */
- public static final int DEBUG_VIRTUAL_DISK = 1 << 5;
+ public static final int DEBUG_VIRTUAL_DISK = 1 << 4;
/** {@hide} */
public static final int FLAG_STORAGE_DE = IInstalld.FLAG_STORAGE_DE;
@@ -1694,30 +1690,31 @@ public class StorageManager {
}
/** {@hide}
- * Is this device file encrypted?
- * @return true for file encrypted. (Implies isEncrypted() == true)
- * false not encrypted or using "managed" encryption
+ * Does this device have file-based encryption (FBE) enabled?
+ * @return true if the device has file-based encryption enabled.
*/
- @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
- public static boolean isFileEncryptedNativeOnly() {
+ public static boolean isFileEncrypted() {
if (!isEncrypted()) {
return false;
}
return RoSystemProperties.CRYPTO_FILE_ENCRYPTED;
}
- /** {@hide} */
- public static boolean isFileEncryptedEmulatedOnly() {
- return SystemProperties.getBoolean(StorageManager.PROP_EMULATE_FBE, false);
+ /** {@hide}
+ * @deprecated Use {@link #isFileEncrypted} instead, since emulated FBE is no longer supported.
+ */
+ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
+ @Deprecated
+ public static boolean isFileEncryptedNativeOnly() {
+ return isFileEncrypted();
}
/** {@hide}
- * Is this device running in a file encrypted mode, either native or emulated?
- * @return true for file encrypted, false otherwise
+ * @deprecated Use {@link #isFileEncrypted} instead, since emulated FBE is no longer supported.
*/
+ @Deprecated
public static boolean isFileEncryptedNativeOrEmulated() {
- return isFileEncryptedNativeOnly()
- || isFileEncryptedEmulatedOnly();
+ return isFileEncrypted();
}
/** {@hide} */
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index 5eec6e58e925..eb4c97bf2f3f 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -96,7 +96,6 @@ import android.os.Message;
import android.os.ParcelFileDescriptor;
import android.os.ParcelableException;
import android.os.PersistableBundle;
-import android.os.PowerManager;
import android.os.Process;
import android.os.RemoteCallbackList;
import android.os.RemoteException;
@@ -295,15 +294,6 @@ class StorageManagerService extends IStorageManager.Stub
*/
private static final boolean WATCHDOG_ENABLE = true;
- /**
- * Our goal is for all Android devices to be usable as development devices,
- * which includes the new Direct Boot mode added in N. For devices that
- * don't have native FBE support, we offer an emulation mode for developer
- * testing purposes, but if it's prohibitively difficult to support this
- * mode, it can be disabled for specific products using this flag.
- */
- private static final boolean EMULATE_FBE_SUPPORTED = true;
-
private static final String TAG = "StorageManagerService";
private static final boolean LOCAL_LOGV = Log.isLoggable(TAG, Log.VERBOSE);
@@ -1108,31 +1098,6 @@ class StorageManagerService extends IStorageManager.Stub
mVolumes.put(internal.id, internal);
}
- private void initIfBootedAndConnected() {
- Slog.d(TAG, "Thinking about init, mBootCompleted=" + mBootCompleted
- + ", mDaemonConnected=" + mDaemonConnected);
- if (mBootCompleted && mDaemonConnected
- && !StorageManager.isFileEncryptedNativeOnly()) {
- // When booting a device without native support, make sure that our
- // user directories are locked or unlocked based on the current
- // emulation status.
- final boolean initLocked = StorageManager.isFileEncryptedEmulatedOnly();
- Slog.d(TAG, "Setting up emulation state, initlocked=" + initLocked);
- final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers();
- for (UserInfo user : users) {
- try {
- if (initLocked) {
- mVold.lockUserKey(user.id);
- } else {
- mVold.unlockUserKey(user.id, user.serialNumber, encodeBytes(null));
- }
- } catch (Exception e) {
- Slog.wtf(TAG, e);
- }
- }
- }
- }
-
private void resetIfBootedAndConnected() {
Slog.d(TAG, "Thinking about reset, mBootCompleted=" + mBootCompleted
+ ", mDaemonConnected=" + mDaemonConnected);
@@ -1392,7 +1357,6 @@ class StorageManagerService extends IStorageManager.Stub
}
private void handleDaemonConnected() {
- initIfBootedAndConnected();
resetIfBootedAndConnected();
}
@@ -2174,7 +2138,6 @@ class StorageManagerService extends IStorageManager.Stub
}
private void handleBootCompleted() {
- initIfBootedAndConnected();
resetIfBootedAndConnected();
}
@@ -2869,32 +2832,6 @@ class StorageManagerService extends IStorageManager.Stub
public void setDebugFlags(int flags, int mask) {
enforcePermission(android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS);
- if ((mask & StorageManager.DEBUG_EMULATE_FBE) != 0) {
- if (!EMULATE_FBE_SUPPORTED) {
- throw new IllegalStateException(
- "Emulation not supported on this device");
- }
- if (StorageManager.isFileEncryptedNativeOnly()) {
- throw new IllegalStateException(
- "Emulation not supported on device with native FBE");
- }
- if (mLockPatternUtils.isCredentialRequiredToDecrypt(false)) {
- throw new IllegalStateException(
- "Emulation requires disabling 'Secure start-up' in Settings > Security");
- }
-
- final long token = Binder.clearCallingIdentity();
- try {
- final boolean emulateFbe = (flags & StorageManager.DEBUG_EMULATE_FBE) != 0;
- SystemProperties.set(StorageManager.PROP_EMULATE_FBE, Boolean.toString(emulateFbe));
-
- // Perform hard reboot to kick policy into place
- mContext.getSystemService(PowerManager.class).reboot(null);
- } finally {
- Binder.restoreCallingIdentity(token);
- }
- }
-
if ((mask & (StorageManager.DEBUG_ADOPTABLE_FORCE_ON
| StorageManager.DEBUG_ADOPTABLE_FORCE_OFF)) != 0) {
final String value;
@@ -2982,8 +2919,7 @@ class StorageManagerService extends IStorageManager.Stub
// We need all the users unlocked to move their primary storage
final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers();
for (UserInfo user : users) {
- if (StorageManager.isFileEncryptedNativeOrEmulated()
- && !isUserKeyUnlocked(user.id)) {
+ if (StorageManager.isFileEncrypted() && !isUserKeyUnlocked(user.id)) {
Slog.w(TAG, "Failing move due to locked user " + user.id);
onMoveStatusLocked(PackageManager.MOVE_FAILED_LOCKED_USER);
return;
@@ -3274,9 +3210,9 @@ class StorageManagerService extends IStorageManager.Stub
@Override
public void unlockUserKey(int userId, int serialNumber, byte[] secret) {
- boolean isFsEncrypted = StorageManager.isFileEncryptedNativeOrEmulated();
+ boolean isFileEncrypted = StorageManager.isFileEncrypted();
Slog.d(TAG, "unlockUserKey: " + userId
- + " isFileEncryptedNativeOrEmulated: " + isFsEncrypted
+ + " isFileEncrypted: " + isFileEncrypted
+ " hasSecret: " + (secret != null));
enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);
@@ -3285,11 +3221,10 @@ class StorageManagerService extends IStorageManager.Stub
return;
}
- if (isFsEncrypted) {
+ if (isFileEncrypted) {
// When a user has a secure lock screen, a secret is required to
// unlock the key, so don't bother trying to unlock it without one.
- // This prevents misleading error messages from being logged. This
- // is also needed for emulated FBE to behave like native FBE.
+ // This prevents misleading error messages from being logged.
if (mLockPatternUtils.isSecure(userId) && ArrayUtils.isEmpty(secret)) {
Slog.d(TAG, "Not unlocking user " + userId
+ "'s CE storage yet because a secret is needed");
diff --git a/services/core/java/com/android/server/pm/UserDataPreparer.java b/services/core/java/com/android/server/pm/UserDataPreparer.java
index 0bbbd848016c..479701e91472 100644
--- a/services/core/java/com/android/server/pm/UserDataPreparer.java
+++ b/services/core/java/com/android/server/pm/UserDataPreparer.java
@@ -289,11 +289,6 @@ class UserDataPreparer {
return Environment.getDataUserDeDirectory(volumeUuid, userId);
}
- @VisibleForTesting
- protected boolean isFileEncryptedEmulatedOnly() {
- return StorageManager.isFileEncryptedEmulatedOnly();
- }
-
/**
* Enforce that serial number stored in user directory inode matches the
* given expected value. Gracefully sets the serial number if currently
@@ -303,14 +298,6 @@ class UserDataPreparer {
* number is mismatched.
*/
void enforceSerialNumber(File file, int serialNumber) throws IOException {
- if (isFileEncryptedEmulatedOnly()) {
- // When we're emulating FBE, the directory may have been chmod
- // 000'ed, meaning we can't read the serial number to enforce it;
- // instead of destroying the user, just log a warning.
- Slog.w(TAG, "Device is emulating FBE; assuming current serial number is valid");
- return;
- }
-
final int foundSerial = getSerialNumber(file);
Slog.v(TAG, "Found " + file + " with serial number " + foundSerial);
diff --git a/services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java
index de83e518067e..2c6bb2791124 100644
--- a/services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java
@@ -261,11 +261,6 @@ public class UserDataPreparerTest {
protected File getDataUserDeDirectory(String volumeUuid, int userId) {
return new File(testDir, "user_de_" + userId);
}
-
- @Override
- protected boolean isFileEncryptedEmulatedOnly() {
- return false;
- }
}
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-20 16:41:46 +0000