Remove checks for FDE in 'adb backup'

The deviceIsEncrypted() methods in BackupRestoreConfirmation.java and UserBackupManagerService.java only return true if the device is using FDE (Full Disk Encryption), for which support has been removed in favor of FBE (File Based Encryption). Therefore, the logic to require a backup password no longer applies to any device. Remove this logic to simplify the code. It is possible that this was actually a bug, and this logic should have applied to FBE devices too. But given that the code has worked this way for years, and there isn't necessarily a logical connection between whether the device is encrypted and whether a backup *must* be encrypted, I decided not to change the current behavior. Bug: 208476087 Test: 'adb backup' and 'adb restore' still work. Change-Id: Idc72d2a4c3e8bfa10a32cdc57884159b37635e81
author: Eric Biggers <ebiggers@google.com> 2022-01-26 04:53:29 +0000
committer: Eric Biggers <ebiggers@google.com> 2022-02-23 23:00:27 +0000
commit: d5b040ed643948dd892f4ad8e2d0f3cfa8d4613d (patch)
tree: 1b38137b317ccb9fe33b528a6c40d6edfbba73d2
parent: 57135bf8995cb744ba2e1765de88c130335ce79f (diff)
4 files changed, 2 insertions, 61 deletions
diff --git a/packages/BackupRestoreConfirmation/res/values/strings.xml b/packages/BackupRestoreConfirmation/res/values/strings.xml
index 3fb3fd475ab3..5c90fd019cd8 100644
--- a/packages/BackupRestoreConfirmation/res/values/strings.xml
+++ b/packages/BackupRestoreConfirmation/res/values/strings.xml
@@ -44,8 +44,6 @@
     <string name="backup_enc_password_text">Please enter a password to use for encrypting the full backup data. If this is left blank, your current backup password will be used:</string>
     <!-- Text for message to user that they may optionally supply an encryption password to use for a full backup operation. -->
     <string name="backup_enc_password_optional">If you wish to encrypt the full backup data, enter a password below:</string>
-    <!-- Text for message to user that they must supply an encryption password to use for a full backup operation because their phone is locked. -->
-    <string name="backup_enc_password_required">Since your device is encrypted, you are required to encrypt your backup. Please enter a password below:</string>
 
     <!-- Text for message to user when performing a full restore operation, explaining that they must enter the password originally used to encrypt the full backup data. -->
     <string name="restore_enc_password_text">If the restore data is encrypted, please enter the password below:</string>
diff --git a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java
index d6b6bf8d1e56..3c790f0e24ee 100644
--- a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java
+++ b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java
@@ -27,8 +27,6 @@ import android.os.Handler;
 import android.os.Message;
 import android.os.RemoteException;
 import android.os.ServiceManager;
-import android.os.storage.IStorageManager;
-import android.os.storage.StorageManager;
 import android.text.Editable;
 import android.text.TextWatcher;
 import android.util.Slog;
@@ -66,10 +64,8 @@ public class BackupRestoreConfirmation extends Activity {
 
     Handler mHandler;
     IBackupManager mBackupManager;
-    IStorageManager mStorageManager;
     FullObserver mObserver;
     int mToken;
-    boolean mIsEncrypted;
     boolean mDidAcknowledge;
     String mAction;
 
@@ -144,7 +140,6 @@ public class BackupRestoreConfirmation extends Activity {
         }
 
         mBackupManager = IBackupManager.Stub.asInterface(ServiceManager.getService(Context.BACKUP_SERVICE));
-        mStorageManager = IStorageManager.Stub.asInterface(ServiceManager.getService("mount"));
 
         mHandler = new ObserverHandler(getApplicationContext());
         final Object oldObserver = getLastNonConfigurationInstance();
@@ -248,20 +243,13 @@ public class BackupRestoreConfirmation extends Activity {
             mDenyButton.setEnabled(!mDidAcknowledge);
         }
 
-        // We vary the password prompt depending on whether one is predefined, and whether
-        // the device is encrypted.
-        mIsEncrypted = deviceIsEncrypted();
+        // We vary the password prompt depending on whether one is predefined.
         if (!haveBackupPassword()) {
             curPwDesc.setVisibility(View.GONE);
             mCurPassword.setVisibility(View.GONE);
             if (layoutId == R.layout.confirm_backup) {
                 TextView encPwDesc = findViewById(R.id.enc_password_desc);
-                if (mIsEncrypted) {
-                    encPwDesc.setText(R.string.backup_enc_password_required);
-                    monitorEncryptionPassword();
-                } else {
-                    encPwDesc.setText(R.string.backup_enc_password_optional);
-                }
+                encPwDesc.setText(R.string.backup_enc_password_optional);
             }
         }
     }
@@ -312,20 +300,6 @@ public class BackupRestoreConfirmation extends Activity {
         }
     }
 
-    boolean deviceIsEncrypted() {
-        try {
-            return mStorageManager.getEncryptionState()
-                     != StorageManager.ENCRYPTION_STATE_NONE
-                && mStorageManager.getPasswordType()
-                     != StorageManager.CRYPT_TYPE_DEFAULT;
-        } catch (Exception e) {
-            // If we can't talk to the storagemanager service we have a serious problem; fail
-            // "secure" i.e. assuming that the device is encrypted.
-            Slog.e(TAG, "Unable to communicate with storagemanager service: " + e.getMessage());
-            return true;
-        }
-    }
-
     boolean haveBackupPassword() {
         try {
             return mBackupManager.hasBackupPassword();
diff --git a/services/backup/java/com/android/server/backup/UserBackupManagerService.java b/services/backup/java/com/android/server/backup/UserBackupManagerService.java
index e10151dbd04b..1af35af9fc17 100644
--- a/services/backup/java/com/android/server/backup/UserBackupManagerService.java
+++ b/services/backup/java/com/android/server/backup/UserBackupManagerService.java
@@ -89,8 +89,6 @@ import android.os.ServiceManager;
 import android.os.SystemClock;
 import android.os.UserHandle;
 import android.os.WorkSource;
-import android.os.storage.IStorageManager;
-import android.os.storage.StorageManager;
 import android.provider.Settings;
 import android.text.TextUtils;
 import android.util.ArraySet;
@@ -325,7 +323,6 @@ public class UserBackupManagerService {
     private final ActivityManagerInternal mActivityManagerInternal;
     private PowerManager mPowerManager;
     private final AlarmManager mAlarmManager;
-    private final IStorageManager mStorageManager;
     private final BackupManagerConstants mConstants;
     private final BackupWakeLock mWakelock;
     private final BackupHandler mBackupHandler;
@@ -536,7 +533,6 @@ public class UserBackupManagerService {
         mBackupPasswordManager = null;
         mPackageManagerBinder = null;
         mActivityManager = null;
-        mStorageManager = null;
         mBackupManagerBinder = null;
         mScheduledBackupEligibility = null;
     }
@@ -560,7 +556,6 @@ public class UserBackupManagerService {
 
         mAlarmManager = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);
         mPowerManager = (PowerManager) context.getSystemService(Context.POWER_SERVICE);
-        mStorageManager = IStorageManager.Stub.asInterface(ServiceManager.getService("mount"));
 
         Objects.requireNonNull(parent, "parent cannot be null");
         mBackupManagerBinder = BackupManagerService.asInterface(parent.asBinder());
@@ -2077,26 +2072,6 @@ public class UserBackupManagerService {
         }
     }
 
-    /** For adb backup/restore. */
-    public boolean deviceIsEncrypted() {
-        try {
-            return mStorageManager.getEncryptionState()
-                    != StorageManager.ENCRYPTION_STATE_NONE
-                    && mStorageManager.getPasswordType()
-                    != StorageManager.CRYPT_TYPE_DEFAULT;
-        } catch (Exception e) {
-            // If we can't talk to the storagemanager service we have a serious problem; fail
-            // "secure" i.e. assuming that the device is encrypted.
-            Slog.e(
-                    TAG,
-                    addUserIdToLogMessage(
-                            mUserId,
-                            "Unable to communicate with storagemanager service: "
-                                    + e.getMessage()));
-            return true;
-        }
-    }
-
     // ----- Full-data backup scheduling -----
 
     /**
diff --git a/services/backup/java/com/android/server/backup/fullbackup/PerformAdbBackupTask.java b/services/backup/java/com/android/server/backup/fullbackup/PerformAdbBackupTask.java
index 7ee307e30dce..ec58e17148b3 100644
--- a/services/backup/java/com/android/server/backup/fullbackup/PerformAdbBackupTask.java
+++ b/services/backup/java/com/android/server/backup/fullbackup/PerformAdbBackupTask.java
@@ -320,12 +320,6 @@ public class PerformAdbBackupTask extends FullBackupTask implements BackupRestor
         try {
             boolean encrypting = (mEncryptPassword != null && mEncryptPassword.length() > 0);
 
-            // Only allow encrypted backups of encrypted devices
-            if (mUserBackupManagerService.deviceIsEncrypted() && !encrypting) {
-                Slog.e(TAG, "Unencrypted backup of encrypted device; aborting");
-                return;
-            }
-
             OutputStream finalOutput = ofstream;
 
             // Verify that the given password matches the currently-active
author	Eric Biggers <ebiggers@google.com>	2022-01-26 04:53:29 +0000
committer	Eric Biggers <ebiggers@google.com>	2022-02-23 23:00:27 +0000
commit	d5b040ed643948dd892f4ad8e2d0f3cfa8d4613d (patch)
tree	1b38137b317ccb9fe33b528a6c40d6edfbba73d2
parent	57135bf8995cb744ba2e1765de88c130335ce79f (diff)