diff options
| -rw-r--r-- | core/java/android/os/storage/IStorageManager.aidl | 53 | ||||
| -rw-r--r-- | core/java/android/os/storage/StorageManager.java | 10 | ||||
| -rw-r--r-- | libs/storage/IMountService.cpp | 36 | ||||
| -rw-r--r-- | libs/storage/include/storage/IMountService.h | 2 | ||||
| -rw-r--r-- | services/core/java/com/android/server/StorageManagerService.java | 224 |
5 files changed, 0 insertions, 325 deletions
diff --git a/core/java/android/os/storage/IStorageManager.aidl b/core/java/android/os/storage/IStorageManager.aidl index 722cdbc620a7..a48469376587 100644 --- a/core/java/android/os/storage/IStorageManager.aidl +++ b/core/java/android/os/storage/IStorageManager.aidl @@ -78,37 +78,10 @@ interface IStorageManager { */ String getMountedObbPath(in String rawPath) = 24; /** - * Decrypts any encrypted volumes. - */ - int decryptStorage(in String password) = 26; - /** - * Encrypts storage. - */ - int encryptStorage(int type, in String password) = 27; - /** - * Changes the encryption password. - */ - int changeEncryptionPassword(int type, in String password) = 28; - /** * Returns list of all mountable volumes for the specified userId */ StorageVolume[] getVolumeList(int userId, in String callingPackage, int flags) = 29; /** - * Determines the encryption state of the volume. - * @return a numerical value. See {@code ENCRYPTION_STATE_*} for possible - * values. - * Note that this has been replaced in most cases by the APIs in - * StorageManager (see isEncryptable and below) - * This is still useful to get the error state when encryption has failed - * and CryptKeeper needs to throw up a screen advising the user what to do - */ - int getEncryptionState() = 31; - /** - * Verify the encryption password against the stored volume. This method - * may only be called by the system process. - */ - int verifyEncryptionPassword(in String password) = 32; - /** * Ensure that all directories along given path exist, creating parent * directories as needed. Validates that given path is absolute and that it * contains no relative "." or ".." paths or symlinks. Also ensures that @@ -117,32 +90,6 @@ interface IStorageManager { */ void mkdirs(in String callingPkg, in String path) = 34; /** - * Determines the type of the encryption password - * @return PasswordType - */ - int getPasswordType() = 35; - /** - * Get password from vold - * @return password or empty string - */ - String getPassword() = 36; - /** - * Securely clear password from vold - */ - oneway void clearPassword() = 37; - /** - * Set a field in the crypto header. - * @param field field to set - * @param contents contents to set in field - */ - oneway void setField(in String field, in String contents) = 38; - /** - * Gets a field from the crypto header. - * @param field field to get - * @return contents of field - */ - String getField(in String field) = 39; - /** * Report the time of the last maintenance operation such as fstrim. * @return Timestamp of the last maintenance operation, in the * System.currentTimeMillis() time base diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java index 7e925daf915e..dd8d51bbbc8e 100644 --- a/core/java/android/os/storage/StorageManager.java +++ b/core/java/android/os/storage/StorageManager.java @@ -3040,14 +3040,4 @@ public class StorageManager { public static final int CRYPT_TYPE_PATTERN = IVold.PASSWORD_TYPE_PATTERN; /** @hide */ public static final int CRYPT_TYPE_PIN = IVold.PASSWORD_TYPE_PIN; - - // Constants for the data available via StorageManagerService.getField. - /** @hide */ - public static final String SYSTEM_LOCALE_KEY = "SystemLocale"; - /** @hide */ - public static final String OWNER_INFO_KEY = "OwnerInfo"; - /** @hide */ - public static final String PATTERN_VISIBLE_KEY = "PatternVisible"; - /** @hide */ - public static final String PASSWORD_VISIBLE_KEY = "PasswordVisible"; } diff --git a/libs/storage/IMountService.cpp b/libs/storage/IMountService.cpp index fd6e6e932ebc..d9fd1be0f74a 100644 --- a/libs/storage/IMountService.cpp +++ b/libs/storage/IMountService.cpp @@ -48,8 +48,6 @@ enum { TRANSACTION_isObbMounted, TRANSACTION_getMountedObbPath, TRANSACTION_isExternalStorageEmulated, - TRANSACTION_decryptStorage, - TRANSACTION_encryptStorage, }; class BpMountService: public BpInterface<IMountService> @@ -518,40 +516,6 @@ public: path = reply.readString16(); return true; } - - int32_t decryptStorage(const String16& password) - { - Parcel data, reply; - data.writeInterfaceToken(IMountService::getInterfaceDescriptor()); - data.writeString16(password); - if (remote()->transact(TRANSACTION_decryptStorage, data, &reply) != NO_ERROR) { - ALOGD("decryptStorage could not contact remote\n"); - return -1; - } - int32_t err = reply.readExceptionCode(); - if (err < 0) { - ALOGD("decryptStorage caught exception %d\n", err); - return err; - } - return reply.readInt32(); - } - - int32_t encryptStorage(const String16& password) - { - Parcel data, reply; - data.writeInterfaceToken(IMountService::getInterfaceDescriptor()); - data.writeString16(password); - if (remote()->transact(TRANSACTION_encryptStorage, data, &reply) != NO_ERROR) { - ALOGD("encryptStorage could not contact remote\n"); - return -1; - } - int32_t err = reply.readExceptionCode(); - if (err < 0) { - ALOGD("encryptStorage caught exception %d\n", err); - return err; - } - return reply.readInt32(); - } }; IMPLEMENT_META_INTERFACE(MountService, "android.os.storage.IStorageManager") diff --git a/libs/storage/include/storage/IMountService.h b/libs/storage/include/storage/IMountService.h index 2463e023efc1..61694b8f350d 100644 --- a/libs/storage/include/storage/IMountService.h +++ b/libs/storage/include/storage/IMountService.h @@ -70,8 +70,6 @@ public: const sp<IObbActionListener>& token, const int32_t nonce) = 0; virtual bool isObbMounted(const String16& filename) = 0; virtual bool getMountedObbPath(const String16& filename, String16& path) = 0; - virtual int32_t decryptStorage(const String16& password) = 0; - virtual int32_t encryptStorage(const String16& password) = 0; }; // ---------------------------------------------------------------------------- diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index f9dae809548f..e342186d38e4 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -3136,203 +3136,6 @@ class StorageManagerService extends IStorageManager.Stub } } - @Override - public int getEncryptionState() { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - try { - return mVold.fdeComplete(); - } catch (Exception e) { - Slog.wtf(TAG, e); - return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN; - } - } - - @Override - public int decryptStorage(String password) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (TextUtils.isEmpty(password)) { - throw new IllegalArgumentException("password cannot be empty"); - } - - if (DEBUG_EVENTS) { - Slog.i(TAG, "decrypting storage..."); - } - - try { - mVold.fdeCheckPassword(password); - mHandler.postDelayed(() -> { - try { - mVold.fdeRestart(); - } catch (Exception e) { - Slog.wtf(TAG, e); - } - }, DateUtils.SECOND_IN_MILLIS); - return 0; - } catch (ServiceSpecificException e) { - Slog.e(TAG, "fdeCheckPassword failed", e); - return e.errorCode; - } catch (Exception e) { - Slog.wtf(TAG, e); - return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN; - } - } - - @Override - public int encryptStorage(int type, String password) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (type == StorageManager.CRYPT_TYPE_DEFAULT) { - password = ""; - } else if (TextUtils.isEmpty(password)) { - throw new IllegalArgumentException("password cannot be empty"); - } - - if (DEBUG_EVENTS) { - Slog.i(TAG, "encrypting storage..."); - } - - try { - mVold.fdeEnable(type, password, 0); - } catch (Exception e) { - Slog.wtf(TAG, e); - return -1; - } - - return 0; - } - - /** Set the password for encrypting the main key. - * @param type One of the CRYPTO_TYPE_XXX consts defined in StorageManager. - * @param password The password to set. - */ - @Override - public int changeEncryptionPassword(int type, String password) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (StorageManager.isFileEncryptedNativeOnly()) { - // Not supported on FBE devices - return -1; - } - - if (type == StorageManager.CRYPT_TYPE_DEFAULT) { - password = ""; - } else if (TextUtils.isEmpty(password)) { - throw new IllegalArgumentException("password cannot be empty"); - } - - if (DEBUG_EVENTS) { - Slog.i(TAG, "changing encryption password..."); - } - - try { - mVold.fdeChangePassword(type, password); - return 0; - } catch (Exception e) { - Slog.wtf(TAG, e); - return -1; - } - } - - /** - * Validate a user-supplied password string with cryptfs - */ - @Override - public int verifyEncryptionPassword(String password) throws RemoteException { - // Only the system process is permitted to validate passwords - if (Binder.getCallingUid() != android.os.Process.SYSTEM_UID) { - throw new SecurityException("no permission to access the crypt keeper"); - } - - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (TextUtils.isEmpty(password)) { - throw new IllegalArgumentException("password cannot be empty"); - } - - if (DEBUG_EVENTS) { - Slog.i(TAG, "validating encryption password..."); - } - - try { - mVold.fdeVerifyPassword(password); - return 0; - } catch (Exception e) { - Slog.wtf(TAG, e); - return -1; - } - } - - /** - * Get the type of encryption used to encrypt the main key. - * @return The type, one of the CRYPT_TYPE_XXX consts from StorageManager. - */ - @Override - public int getPasswordType() { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - try { - return mVold.fdeGetPasswordType(); - } catch (Exception e) { - Slog.wtf(TAG, e); - return -1; - } - } - - /** - * Set a field in the crypto header. - * @param field field to set - * @param contents contents to set in field - */ - @Override - public void setField(String field, String contents) throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (!StorageManager.isBlockEncrypted()) { - // Only supported on FDE devices - return; - } - - try { - mVold.fdeSetField(field, contents); - return; - } catch (Exception e) { - Slog.wtf(TAG, e); - return; - } - } - - /** - * Gets a field from the crypto header. - * @param field field to get - * @return contents of field - */ - @Override - public String getField(String field) throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "no permission to access the crypt keeper"); - - if (!StorageManager.isBlockEncrypted()) { - // Only supported on FDE devices - return null; - } - - try { - return mVold.fdeGetField(field); - } catch (Exception e) { - Slog.wtf(TAG, e); - return null; - } - } - /** * Is userdata convertible to file based encryption? * @return non zero for convertible @@ -3415,33 +3218,6 @@ class StorageManagerService extends IStorageManager.Stub } @Override - public String getPassword() throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "only keyguard can retrieve password"); - - try { - return mVold.fdeGetPassword(); - } catch (Exception e) { - Slog.wtf(TAG, e); - return null; - } - } - - @Override - public void clearPassword() throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER, - "only keyguard can clear password"); - - try { - mVold.fdeClearPassword(); - return; - } catch (Exception e) { - Slog.wtf(TAG, e); - return; - } - } - - @Override public void createUserKey(int userId, int serialNumber, boolean ephemeral) { enforcePermission(android.Manifest.permission.STORAGE_INTERNAL); |