Remove obsolete support for emulated FBE

Emulated FBE was a developer-mode feature intended to allow developers
to add Direct Boot support to apps before native FBE devices became
widely available.  Since all devices running the latest version of
Android now use native FBE (except for a couple edge cases not relevant
here, like in-development devices on which encryption hasn't been
enabled yet), and emulated FBE doesn't work on native FBE devices
anyway, there's no longer any need to carry the code for emulated FBE.

Bug: 232458753
Change-Id: I2ab35472c872b19b2bf64aa99424b5ccd9f6170f

3 files changed, 5 insertions, 88 deletions

diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index 9e60cf671865..7cbe218a9234 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -94,7 +94,6 @@ import android.os.Message;
 import android.os.ParcelFileDescriptor;
 import android.os.ParcelableException;
 import android.os.PersistableBundle;
-import android.os.PowerManager;
 import android.os.Process;
 import android.os.RemoteCallbackList;
 import android.os.RemoteException;
@@ -289,15 +288,6 @@ class StorageManagerService extends IStorageManager.Stub
      */
     private static final boolean WATCHDOG_ENABLE = true;
 
-    /**
-     * Our goal is for all Android devices to be usable as development devices,
-     * which includes the new Direct Boot mode added in N. For devices that
-     * don't have native FBE support, we offer an emulation mode for developer
-     * testing purposes, but if it's prohibitively difficult to support this
-     * mode, it can be disabled for specific products using this flag.
-     */
-    private static final boolean EMULATE_FBE_SUPPORTED = true;
-
     private static final String TAG = "StorageManagerService";
     private static final boolean LOCAL_LOGV = Log.isLoggable(TAG, Log.VERBOSE);
 
@@ -1091,31 +1081,6 @@ class StorageManagerService extends IStorageManager.Stub
         mVolumes.put(internal.id, internal);
     }
 
-    private void initIfBootedAndConnected() {
-        Slog.d(TAG, "Thinking about init, mBootCompleted=" + mBootCompleted
-                + ", mDaemonConnected=" + mDaemonConnected);
-        if (mBootCompleted && mDaemonConnected
-                && !StorageManager.isFileEncryptedNativeOnly()) {
-            // When booting a device without native support, make sure that our
-            // user directories are locked or unlocked based on the current
-            // emulation status.
-            final boolean initLocked = StorageManager.isFileEncryptedEmulatedOnly();
-            Slog.d(TAG, "Setting up emulation state, initlocked=" + initLocked);
-            final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers();
-            for (UserInfo user : users) {
-                try {
-                    if (initLocked) {
-                        mVold.lockUserKey(user.id);
-                    } else {
-                        mVold.unlockUserKey(user.id, user.serialNumber, encodeBytes(null));
-                    }
-                } catch (Exception e) {
-                    Slog.wtf(TAG, e);
-                }
-            }
-        }
-    }
-
     private void resetIfBootedAndConnected() {
         Slog.d(TAG, "Thinking about reset, mBootCompleted=" + mBootCompleted
                 + ", mDaemonConnected=" + mDaemonConnected);
@@ -1362,7 +1327,6 @@ class StorageManagerService extends IStorageManager.Stub
     }
 
     private void handleDaemonConnected() {
-        initIfBootedAndConnected();
         resetIfBootedAndConnected();
     }
 
@@ -2110,7 +2074,6 @@ class StorageManagerService extends IStorageManager.Stub
     }
 
     private void handleBootCompleted() {
-        initIfBootedAndConnected();
         resetIfBootedAndConnected();
     }
 
@@ -2805,32 +2768,6 @@ class StorageManagerService extends IStorageManager.Stub
     public void setDebugFlags(int flags, int mask) {
         enforcePermission(android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS);
 
-        if ((mask & StorageManager.DEBUG_EMULATE_FBE) != 0) {
-            if (!EMULATE_FBE_SUPPORTED) {
-                throw new IllegalStateException(
-                        "Emulation not supported on this device");
-            }
-            if (StorageManager.isFileEncryptedNativeOnly()) {
-                throw new IllegalStateException(
-                        "Emulation not supported on device with native FBE");
-            }
-            if (mLockPatternUtils.isCredentialRequiredToDecrypt(false)) {
-                throw new IllegalStateException(
-                        "Emulation requires disabling 'Secure start-up' in Settings > Security");
-            }
-
-            final long token = Binder.clearCallingIdentity();
-            try {
-                final boolean emulateFbe = (flags & StorageManager.DEBUG_EMULATE_FBE) != 0;
-                SystemProperties.set(StorageManager.PROP_EMULATE_FBE, Boolean.toString(emulateFbe));
-
-                // Perform hard reboot to kick policy into place
-                mContext.getSystemService(PowerManager.class).reboot(null);
-            } finally {
-                Binder.restoreCallingIdentity(token);
-            }
-        }
-
         if ((mask & (StorageManager.DEBUG_ADOPTABLE_FORCE_ON
                 | StorageManager.DEBUG_ADOPTABLE_FORCE_OFF)) != 0) {
             final String value;
@@ -2918,8 +2855,7 @@ class StorageManagerService extends IStorageManager.Stub
             // We need all the users unlocked to move their primary storage
             final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers();
             for (UserInfo user : users) {
-                if (StorageManager.isFileEncryptedNativeOrEmulated()
-                        && !isUserKeyUnlocked(user.id)) {
+                if (StorageManager.isFileEncrypted() && !isUserKeyUnlocked(user.id)) {
                     Slog.w(TAG, "Failing move due to locked user " + user.id);
                     onMoveStatusLocked(PackageManager.MOVE_FAILED_LOCKED_USER);
                     return;
@@ -3222,9 +3158,9 @@ class StorageManagerService extends IStorageManager.Stub
 
     @Override
     public void unlockUserKey(int userId, int serialNumber, byte[] secret) {
-        boolean isFsEncrypted = StorageManager.isFileEncryptedNativeOrEmulated();
+        boolean isFileEncrypted = StorageManager.isFileEncrypted();
         Slog.d(TAG, "unlockUserKey: " + userId
-                + " isFileEncryptedNativeOrEmulated: " + isFsEncrypted
+                + " isFileEncrypted: " + isFileEncrypted
                 + " hasSecret: " + (secret != null));
         enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);
 
@@ -3233,11 +3169,10 @@ class StorageManagerService extends IStorageManager.Stub
             return;
         }
 
-        if (isFsEncrypted) {
+        if (isFileEncrypted) {
             // When a user has a secure lock screen, a secret is required to
             // unlock the key, so don't bother trying to unlock it without one.
-            // This prevents misleading error messages from being logged.  This
-            // is also needed for emulated FBE to behave like native FBE.
+            // This prevents misleading error messages from being logged.
             if (mLockPatternUtils.isSecure(userId) && ArrayUtils.isEmpty(secret)) {
                 Slog.d(TAG, "Not unlocking user " + userId
                         + "'s CE storage yet because a secret is needed");
diff --git a/services/core/java/com/android/server/pm/UserDataPreparer.java b/services/core/java/com/android/server/pm/UserDataPreparer.java
index 7650d2ef5b2e..1ca7bcd32741 100644
--- a/services/core/java/com/android/server/pm/UserDataPreparer.java
+++ b/services/core/java/com/android/server/pm/UserDataPreparer.java
@@ -286,11 +286,6 @@ class UserDataPreparer {
         return Environment.getDataUserDeDirectory(volumeUuid, userId);
     }
 
-    @VisibleForTesting
-    protected boolean isFileEncryptedEmulatedOnly() {
-        return StorageManager.isFileEncryptedEmulatedOnly();
-    }
-
     /**
      * Enforce that serial number stored in user directory inode matches the
      * given expected value. Gracefully sets the serial number if currently
@@ -300,14 +295,6 @@ class UserDataPreparer {
      *             number is mismatched.
      */
     void enforceSerialNumber(File file, int serialNumber) throws IOException {
-        if (isFileEncryptedEmulatedOnly()) {
-            // When we're emulating FBE, the directory may have been chmod
-            // 000'ed, meaning we can't read the serial number to enforce it;
-            // instead of destroying the user, just log a warning.
-            Slog.w(TAG, "Device is emulating FBE; assuming current serial number is valid");
-            return;
-        }
-
         final int foundSerial = getSerialNumber(file);
         Slog.v(TAG, "Found " + file + " with serial number " + foundSerial);
 
diff --git a/services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java
index de83e518067e..2c6bb2791124 100644
--- a/services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/UserDataPreparerTest.java
@@ -261,11 +261,6 @@ public class UserDataPreparerTest {
         protected File getDataUserDeDirectory(String volumeUuid, int userId) {
             return new File(testDir, "user_de_" + userId);
         }
-
-        @Override
-        protected boolean isFileEncryptedEmulatedOnly() {
-            return false;
-        }
     }
 
 }