diff options
11 files changed, 151 insertions, 103 deletions
diff --git a/core/java/android/os/StrictMode.java b/core/java/android/os/StrictMode.java index 81d4e3abb9a4..47b6d8d6db30 100644 --- a/core/java/android/os/StrictMode.java +++ b/core/java/android/os/StrictMode.java @@ -2367,14 +2367,14 @@ public final class StrictMode { } /** Assume locked until we hear otherwise */ - private static volatile boolean sUserKeyUnlocked = false; + private static volatile boolean sCeStorageUnlocked = false; - private static boolean isUserKeyUnlocked(int userId) { + private static boolean isCeStorageUnlocked(int userId) { final IStorageManager storage = IStorageManager.Stub .asInterface(ServiceManager.getService("mount")); if (storage != null) { try { - return storage.isUserKeyUnlocked(userId); + return storage.isCeStorageUnlocked(userId); } catch (RemoteException ignored) { } } @@ -2387,13 +2387,13 @@ public final class StrictMode { // since any relocking of that user will always result in our // process being killed to release any CE FDs we're holding onto. if (userId == UserHandle.myUserId()) { - if (sUserKeyUnlocked) { + if (sCeStorageUnlocked) { return; - } else if (isUserKeyUnlocked(userId)) { - sUserKeyUnlocked = true; + } else if (isCeStorageUnlocked(userId)) { + sCeStorageUnlocked = true; return; } - } else if (isUserKeyUnlocked(userId)) { + } else if (isCeStorageUnlocked(userId)) { return; } diff --git a/core/java/android/os/storage/IStorageManager.aidl b/core/java/android/os/storage/IStorageManager.aidl index 369a1932e437..3ecf74e75367 100644 --- a/core/java/android/os/storage/IStorageManager.aidl +++ b/core/java/android/os/storage/IStorageManager.aidl @@ -134,20 +134,20 @@ interface IStorageManager { @EnforcePermission("MOUNT_UNMOUNT_FILESYSTEMS") void setDebugFlags(int flags, int mask) = 60; @EnforcePermission("STORAGE_INTERNAL") - void createUserKey(int userId, int serialNumber, boolean ephemeral) = 61; + void createUserStorageKeys(int userId, int serialNumber, boolean ephemeral) = 61; @EnforcePermission("STORAGE_INTERNAL") - void destroyUserKey(int userId) = 62; + void destroyUserStorageKeys(int userId) = 62; @EnforcePermission("STORAGE_INTERNAL") - void unlockUserKey(int userId, int serialNumber, in byte[] secret) = 63; + void unlockCeStorage(int userId, int serialNumber, in byte[] secret) = 63; @EnforcePermission("STORAGE_INTERNAL") - void lockUserKey(int userId) = 64; - boolean isUserKeyUnlocked(int userId) = 65; + void lockCeStorage(int userId) = 64; + boolean isCeStorageUnlocked(int userId) = 65; @EnforcePermission("STORAGE_INTERNAL") void prepareUserStorage(in String volumeUuid, int userId, int serialNumber, int flags) = 66; @EnforcePermission("STORAGE_INTERNAL") void destroyUserStorage(in String volumeUuid, int userId, int flags) = 67; @EnforcePermission("STORAGE_INTERNAL") - void setUserKeyProtection(int userId, in byte[] secret) = 70; + void setCeStorageProtection(int userId, in byte[] secret) = 70; @EnforcePermission("MOUNT_FORMAT_FILESYSTEMS") void fstrim(int flags, IVoldTaskListener listener) = 72; AppFuseMount mountProxyFileDescriptorBridge() = 73; diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java index ee387e7c284f..2d1802ae85e5 100644 --- a/core/java/android/os/storage/StorageManager.java +++ b/core/java/android/os/storage/StorageManager.java @@ -1589,28 +1589,64 @@ public class StorageManager { DEFAULT_FULL_THRESHOLD_BYTES); } - /** {@hide} */ - public void createUserKey(int userId, int serialNumber, boolean ephemeral) { + /** + * Creates the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. + * <p> + * This creates the user's CE key and DE key for internal storage, then adds them to the kernel. + * Then, if the user is not ephemeral, this stores the DE key (encrypted) on flash. (The CE key + * is not stored until {@link IStorageManager#setCeStorageProtection()}.) + * <p> + * This does not create the CE and DE directories themselves. For that, see {@link + * #prepareUserStorage()}. + * <p> + * This is only intended to be called by UserManagerService, as part of creating a user. + * + * @param userId ID of the user + * @param serialNumber serial number of the user + * @param ephemeral whether the user is ephemeral + * @throws RuntimeException on error. The user's keys already existing is considered an error. + * @hide + */ + public void createUserStorageKeys(int userId, int serialNumber, boolean ephemeral) { try { - mStorageManager.createUserKey(userId, serialNumber, ephemeral); + mStorageManager.createUserStorageKeys(userId, serialNumber, ephemeral); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } - /** {@hide} */ - public void destroyUserKey(int userId) { + /** + * Destroys the keys for a user's credential-encrypted (CE) and device-encrypted (DE) storage. + * <p> + * This evicts the keys from the kernel (if present), which "locks" the corresponding + * directories. Then, this deletes the encrypted keys from flash. This operates on all the + * user's CE and DE keys, for both internal and adoptable storage. + * <p> + * This does not destroy the CE and DE directories themselves. For that, see {@link + * #destroyUserStorage()}. + * <p> + * This is only intended to be called by UserManagerService, as part of removing a user. + * + * @param userId ID of the user + * @throws RuntimeException on error. On error, as many things as possible are still destroyed. + * @hide + */ + public void destroyUserStorageKeys(int userId) { try { - mStorageManager.destroyUserKey(userId); + mStorageManager.destroyUserStorageKeys(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } - /** {@hide} */ - public void lockUserKey(int userId) { + /** + * Locks the user's credential-encrypted (CE) storage. + * + * @hide + */ + public void lockCeStorage(int userId) { try { - mStorageManager.lockUserKey(userId); + mStorageManager.lockCeStorage(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -1637,17 +1673,26 @@ public class StorageManager { /** {@hide} */ @TestApi public static boolean isUserKeyUnlocked(int userId) { + return isCeStorageUnlocked(userId); + } + + /** + * Returns true if the user's credential-encrypted (CE) storage is unlocked. + * + * @hide + */ + public static boolean isCeStorageUnlocked(int userId) { if (sStorageManager == null) { sStorageManager = IStorageManager.Stub .asInterface(ServiceManager.getService("mount")); } if (sStorageManager == null) { - Slog.w(TAG, "Early during boot, assuming locked"); + Slog.w(TAG, "Early during boot, assuming CE storage is locked"); return false; } final long token = Binder.clearCallingIdentity(); try { - return sStorageManager.isUserKeyUnlocked(userId); + return sStorageManager.isCeStorageUnlocked(userId); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index 3af0e8c54cd2..15fc2dc15d02 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -3007,7 +3007,7 @@ class StorageManagerService extends IStorageManager.Stub // We need all the users unlocked to move their primary storage users = mContext.getSystemService(UserManager.class).getUsers(); for (UserInfo user : users) { - if (StorageManager.isFileEncrypted() && !isUserKeyUnlocked(user.id)) { + if (StorageManager.isFileEncrypted() && !isCeStorageUnlocked(user.id)) { Slog.w(TAG, "Failing move due to locked user " + user.id); onMoveStatusLocked(PackageManager.MOVE_FAILED_LOCKED_USER); return; @@ -3231,12 +3231,12 @@ class StorageManagerService extends IStorageManager.Stub @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override - public void createUserKey(int userId, int serialNumber, boolean ephemeral) { + public void createUserStorageKeys(int userId, int serialNumber, boolean ephemeral) { - super.createUserKey_enforcePermission(); + super.createUserStorageKeys_enforcePermission(); try { - mVold.createUserKey(userId, serialNumber, ephemeral); + mVold.createUserStorageKeys(userId, serialNumber, ephemeral); // Since the user's CE key was just created, the user's CE storage is now unlocked. synchronized (mLock) { mCeUnlockedUsers.append(userId); @@ -3248,12 +3248,12 @@ class StorageManagerService extends IStorageManager.Stub @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override - public void destroyUserKey(int userId) { + public void destroyUserStorageKeys(int userId) { - super.destroyUserKey_enforcePermission(); + super.destroyUserStorageKeys_enforcePermission(); try { - mVold.destroyUserKey(userId); + mVold.destroyUserStorageKeys(userId); // Since the user's CE key was just destroyed, the user's CE storage is now locked. synchronized (mLock) { mCeUnlockedUsers.remove(userId); @@ -3266,21 +3266,22 @@ class StorageManagerService extends IStorageManager.Stub /* Only for use by LockSettingsService */ @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override - public void setUserKeyProtection(@UserIdInt int userId, byte[] secret) throws RemoteException { - super.setUserKeyProtection_enforcePermission(); + public void setCeStorageProtection(@UserIdInt int userId, byte[] secret) + throws RemoteException { + super.setCeStorageProtection_enforcePermission(); - mVold.setUserKeyProtection(userId, HexDump.toHexString(secret)); + mVold.setCeStorageProtection(userId, HexDump.toHexString(secret)); } /* Only for use by LockSettingsService */ @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override - public void unlockUserKey(@UserIdInt int userId, int serialNumber, byte[] secret) - throws RemoteException { - super.unlockUserKey_enforcePermission(); + public void unlockCeStorage(@UserIdInt int userId, int serialNumber, byte[] secret) + throws RemoteException { + super.unlockCeStorage_enforcePermission(); if (StorageManager.isFileEncrypted()) { - mVold.unlockUserKey(userId, serialNumber, HexDump.toHexString(secret)); + mVold.unlockCeStorage(userId, serialNumber, HexDump.toHexString(secret)); } synchronized (mLock) { mCeUnlockedUsers.append(userId); @@ -3289,23 +3290,22 @@ class StorageManagerService extends IStorageManager.Stub @android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL) @Override - public void lockUserKey(int userId) { - // Do not lock user 0 data for headless system user - super.lockUserKey_enforcePermission(); + public void lockCeStorage(int userId) { + super.lockCeStorage_enforcePermission(); + // Never lock the CE storage of a headless system user. if (userId == UserHandle.USER_SYSTEM && UserManager.isHeadlessSystemUserMode()) { throw new IllegalArgumentException("Headless system user data cannot be locked.."); } - - if (!isUserKeyUnlocked(userId)) { + if (!isCeStorageUnlocked(userId)) { Slog.d(TAG, "User " + userId + "'s CE storage is already locked"); return; } try { - mVold.lockUserKey(userId); + mVold.lockCeStorage(userId); } catch (Exception e) { Slog.wtf(TAG, e); return; @@ -3317,7 +3317,7 @@ class StorageManagerService extends IStorageManager.Stub } @Override - public boolean isUserKeyUnlocked(int userId) { + public boolean isCeStorageUnlocked(int userId) { synchronized (mLock) { return mCeUnlockedUsers.contains(userId); } @@ -3719,8 +3719,8 @@ class StorageManagerService extends IStorageManager.Stub final int userId = UserHandle.getUserId(callingUid); final String propertyName = "sys.user." + userId + ".ce_available"; - // Ignore requests to create directories while storage is locked - if (!isUserKeyUnlocked(userId)) { + // Ignore requests to create directories while CE storage is locked + if (!isCeStorageUnlocked(userId)) { throw new IllegalStateException("Failed to prepare " + appPath); } @@ -3846,15 +3846,15 @@ class StorageManagerService extends IStorageManager.Stub final boolean systemUserUnlocked = isSystemUnlocked(UserHandle.USER_SYSTEM); final boolean userIsDemo; - final boolean userKeyUnlocked; final boolean storagePermission; + final boolean ceStorageUnlocked; final long token = Binder.clearCallingIdentity(); try { userIsDemo = LocalServices.getService(UserManagerInternal.class) .getUserInfo(userId).isDemo(); storagePermission = mStorageManagerInternal.hasExternalStorage(callingUid, callingPackage); - userKeyUnlocked = isUserKeyUnlocked(userId); + ceStorageUnlocked = isCeStorageUnlocked(userId); } finally { Binder.restoreCallingIdentity(token); } @@ -3914,7 +3914,7 @@ class StorageManagerService extends IStorageManager.Stub } else if (!systemUserUnlocked) { reportUnmounted = true; Slog.w(TAG, "Reporting " + volId + " unmounted due to system locked"); - } else if ((vol.getType() == VolumeInfo.TYPE_EMULATED) && !userKeyUnlocked) { + } else if ((vol.getType() == VolumeInfo.TYPE_EMULATED) && !ceStorageUnlocked) { reportUnmounted = true; Slog.w(TAG, "Reporting " + volId + "unmounted due to " + userId + " locked"); } else if (!storagePermission && !realState) { diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index f42e2be44d03..e88d0c6baf26 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -2299,7 +2299,7 @@ public class ActivityManagerService extends IActivityManager.Stub return; } // TODO(b/148767783): should we check all profiles under user0? - UserspaceRebootLogger.logEventAsync(StorageManager.isUserKeyUnlocked(userId), + UserspaceRebootLogger.logEventAsync(StorageManager.isCeStorageUnlocked(userId), BackgroundThread.getExecutor()); } @@ -4648,7 +4648,7 @@ public class ActivityManagerService extends IActivityManager.Stub // We carefully use the same state that PackageManager uses for // filtering, since we use this flag to decide if we need to install // providers when user is unlocked later - app.setUnlocked(StorageManager.isUserKeyUnlocked(app.userId)); + app.setUnlocked(StorageManager.isCeStorageUnlocked(app.userId)); } boolean normalMode = mProcessesReady || isAllowedWhileBooting(app.info); diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java index 0dd579fd0b15..728bacea3380 100644 --- a/services/core/java/com/android/server/am/UserController.java +++ b/services/core/java/com/android/server/am/UserController.java @@ -658,8 +658,8 @@ class UserController implements Handler.Callback { mInjector.getUserJourneyLogger() .logUserLifecycleEvent(userId, USER_LIFECYCLE_EVENT_UNLOCKING_USER, EVENT_STATE_BEGIN); - // If the user key hasn't been unlocked yet, we cannot proceed. - if (!StorageManager.isUserKeyUnlocked(userId)) return false; + // If the user's CE storage hasn't been unlocked yet, we cannot proceed. + if (!StorageManager.isCeStorageUnlocked(userId)) return false; synchronized (mLock) { // Do not proceed if unexpected state or a stale user if (mStartedUsers.get(userId) != uss || uss.state != STATE_RUNNING_LOCKED) { @@ -674,8 +674,8 @@ class UserController implements Handler.Callback { // Call onBeforeUnlockUser on a worker thread that allows disk I/O FgThread.getHandler().post(() -> { - if (!StorageManager.isUserKeyUnlocked(userId)) { - Slogf.w(TAG, "User key got locked unexpectedly, leaving user locked."); + if (!StorageManager.isCeStorageUnlocked(userId)) { + Slogf.w(TAG, "User's CE storage got locked unexpectedly, leaving user locked."); return; } @@ -709,8 +709,8 @@ class UserController implements Handler.Callback { private void finishUserUnlocked(final UserState uss) { final int userId = uss.mHandle.getIdentifier(); EventLog.writeEvent(EventLogTags.UC_FINISH_USER_UNLOCKED, userId); - // Only keep marching forward if user is actually unlocked - if (!StorageManager.isUserKeyUnlocked(userId)) return; + // Only keep marching forward if the user's CE storage is unlocked. + if (!StorageManager.isCeStorageUnlocked(userId)) return; synchronized (mLock) { // Bail if we ended up with a stale user if (mStartedUsers.get(uss.mHandle.getIdentifier()) != uss) return; @@ -796,8 +796,8 @@ class UserController implements Handler.Callback { if (userInfo == null) { return; } - // Only keep marching forward if user is actually unlocked - if (!StorageManager.isUserKeyUnlocked(userId)) return; + // Only keep marching forward if the user's CE storage is unlocked. + if (!StorageManager.isCeStorageUnlocked(userId)) return; // Remember that we logged in mInjector.getUserManager().onUserLoggedIn(userId); @@ -1330,7 +1330,7 @@ class UserController implements Handler.Callback { } try { Slogf.i(TAG, "Locking CE storage for user #" + userId); - mInjector.getStorageManager().lockUserKey(userId); + mInjector.getStorageManager().lockCeStorage(userId); } catch (RemoteException re) { throw re.rethrowAsRuntimeException(); } @@ -1946,8 +1946,8 @@ class UserController implements Handler.Callback { } UserState uss; - if (!StorageManager.isUserKeyUnlocked(userId)) { - // We always want to try to unlock the user key, even if the user is not started yet. + if (!StorageManager.isCeStorageUnlocked(userId)) { + // We always want to try to unlock CE storage, even if the user is not started yet. mLockPatternUtils.unlockUserKeyIfUnsecured(userId); } synchronized (mLock) { @@ -2750,10 +2750,10 @@ class UserController implements Handler.Callback { case UserState.STATE_RUNNING_UNLOCKING: case UserState.STATE_RUNNING_UNLOCKED: return true; - // In the stopping/shutdown state return unlock state of the user key + // In the stopping/shutdown state, return unlock state of the user's CE storage. case UserState.STATE_STOPPING: case UserState.STATE_SHUTDOWN: - return StorageManager.isUserKeyUnlocked(userId); + return StorageManager.isCeStorageUnlocked(userId); default: return false; } @@ -2762,10 +2762,10 @@ class UserController implements Handler.Callback { switch (state.state) { case UserState.STATE_RUNNING_UNLOCKED: return true; - // In the stopping/shutdown state return unlock state of the user key + // In the stopping/shutdown state, return unlock state of the user's CE storage. case UserState.STATE_STOPPING: case UserState.STATE_SHUTDOWN: - return StorageManager.isUserKeyUnlocked(userId); + return StorageManager.isCeStorageUnlocked(userId); default: return false; } diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index f35b045471a6..568618e0a065 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -697,9 +697,9 @@ public class LockSettingsService extends ILockSettings.Stub { return; } - if (isUserKeyUnlocked(userId)) { - // If storage is not locked, the user will be automatically unlocked so there is - // no need to show the notification. + if (isCeStorageUnlocked(userId)) { + // If the user's CE storage is already unlocked, then the user will be automatically + // unlocked, so there is no need to show the notification. return; } @@ -1030,8 +1030,8 @@ public class LockSettingsService extends ILockSettings.Stub { // they did have an SP then their CE key wasn't encrypted by it. // // If this gets interrupted (e.g. by the device powering off), there shouldn't be a - // problem since this will run again on the next boot, and setUserKeyProtection() is - // okay with the key being already protected by the given secret. + // problem since this will run again on the next boot, and setCeStorageProtection() is + // okay with the CE key being already protected by the given secret. if (getString(MIGRATED_SP_CE_ONLY, null, 0) == null) { for (UserInfo user : mUserManager.getAliveUsers()) { removeStateForReusedUserIdIfNecessary(user.id, user.serialNumber); @@ -1066,7 +1066,7 @@ public class LockSettingsService extends ILockSettings.Stub { Slogf.wtf(TAG, "Failed to unwrap synthetic password for unsecured user %d", userId); return; } - setUserKeyProtection(userId, result.syntheticPassword); + setCeStorageProtection(userId, result.syntheticPassword); } } @@ -2005,11 +2005,11 @@ public class LockSettingsService extends ILockSettings.Stub { mStorage.writeChildProfileLock(profileUserId, ArrayUtils.concat(iv, ciphertext)); } - private void setUserKeyProtection(@UserIdInt int userId, SyntheticPassword sp) { + private void setCeStorageProtection(@UserIdInt int userId, SyntheticPassword sp) { final byte[] secret = sp.deriveFileBasedEncryptionKey(); final long callingId = Binder.clearCallingIdentity(); try { - mStorageManager.setUserKeyProtection(userId, secret); + mStorageManager.setCeStorageProtection(userId, secret); } catch (RemoteException e) { throw new IllegalStateException("Failed to protect CE key for user " + userId, e); } finally { @@ -2017,11 +2017,11 @@ public class LockSettingsService extends ILockSettings.Stub { } } - private boolean isUserKeyUnlocked(int userId) { + private boolean isCeStorageUnlocked(int userId) { try { - return mStorageManager.isUserKeyUnlocked(userId); + return mStorageManager.isCeStorageUnlocked(userId); } catch (RemoteException e) { - Slog.e(TAG, "failed to check user key locked state", e); + Slog.e(TAG, "Error checking whether CE storage is unlocked", e); return false; } } @@ -2032,8 +2032,8 @@ public class LockSettingsService extends ILockSettings.Stub { * This method doesn't throw exceptions because it is called opportunistically whenever a user * is started. Whether it worked or not can be detected by whether the key got unlocked or not. */ - private void unlockUserKey(@UserIdInt int userId, SyntheticPassword sp) { - if (isUserKeyUnlocked(userId)) { + private void unlockCeStorage(@UserIdInt int userId, SyntheticPassword sp) { + if (isCeStorageUnlocked(userId)) { Slogf.d(TAG, "CE storage for user %d is already unlocked", userId); return; } @@ -2041,7 +2041,7 @@ public class LockSettingsService extends ILockSettings.Stub { final String userType = isUserSecure(userId) ? "secured" : "unsecured"; final byte[] secret = sp.deriveFileBasedEncryptionKey(); try { - mStorageManager.unlockUserKey(userId, userInfo.serialNumber, secret); + mStorageManager.unlockCeStorage(userId, userInfo.serialNumber, secret); Slogf.i(TAG, "Unlocked CE storage for %s user %d", userType, userId); } catch (RemoteException e) { Slogf.wtf(TAG, e, "Failed to unlock CE storage for %s user %d", userType, userId); @@ -2054,8 +2054,10 @@ public class LockSettingsService extends ILockSettings.Stub { public void unlockUserKeyIfUnsecured(@UserIdInt int userId) { checkPasswordReadPermission(); synchronized (mSpManager) { - if (isUserKeyUnlocked(userId)) { + if (isCeStorageUnlocked(userId)) { Slogf.d(TAG, "CE storage for user %d is already unlocked", userId); + // This method actually does more than unlock CE storage. However, if CE storage is + // already unlocked, then the other parts must have already been done too. return; } if (isUserSecure(userId)) { @@ -2072,7 +2074,7 @@ public class LockSettingsService extends ILockSettings.Stub { return; } onSyntheticPasswordUnlocked(userId, result.syntheticPassword); - unlockUserKey(userId, result.syntheticPassword); + unlockCeStorage(userId, result.syntheticPassword); } } @@ -2775,7 +2777,7 @@ public class LockSettingsService extends ILockSettings.Stub { final long protectorId = mSpManager.createLskfBasedProtector(getGateKeeperService(), LockscreenCredential.createNone(), sp, userId); setCurrentLskfBasedProtectorId(protectorId, userId); - setUserKeyProtection(userId, sp); + setCeStorageProtection(userId, sp); onSyntheticPasswordCreated(userId, sp); Slogf.i(TAG, "Successfully initialized synthetic password for user %d", userId); return sp; @@ -2836,7 +2838,7 @@ public class LockSettingsService extends ILockSettings.Stub { unlockKeystore(userId, sp); - unlockUserKey(userId, sp); + unlockCeStorage(userId, sp); unlockUser(userId); @@ -2900,7 +2902,7 @@ public class LockSettingsService extends ILockSettings.Stub { mSpManager.clearSidForUser(userId); gateKeeperClearSecureUserId(userId); - unlockUserKey(userId, sp); + unlockCeStorage(userId, sp); unlockKeystore(userId, sp); setKeystorePassword(null, userId); removeBiometricsForUser(userId); diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java index 154ee6eda138..bb55a39f8e4b 100644 --- a/services/core/java/com/android/server/pm/UserManagerService.java +++ b/services/core/java/com/android/server/pm/UserManagerService.java @@ -5095,9 +5095,9 @@ public class UserManagerService extends IUserManager.Stub { } } - t.traceBegin("createUserKey"); + t.traceBegin("createUserStorageKeys"); final StorageManager storage = mContext.getSystemService(StorageManager.class); - storage.createUserKey(userId, userInfo.serialNumber, userInfo.isEphemeral()); + storage.createUserStorageKeys(userId, userInfo.serialNumber, userInfo.isEphemeral()); t.traceEnd(); // Only prepare DE storage here. CE storage will be prepared later, when the user is @@ -5899,17 +5899,18 @@ public class UserManagerService extends IUserManager.Stub { private void removeUserState(final @UserIdInt int userId) { Slog.i(LOG_TAG, "Removing user state of user " + userId); - // Cleanup lock settings. This must happen before destroyUserKey(), since the user's DE - // storage must still be accessible for the lock settings state to be properly cleaned up. + // Cleanup lock settings. This requires that the user's DE storage still be accessible, so + // this must happen before destroyUserStorageKeys(). mLockPatternUtils.removeUser(userId); // Evict and destroy the user's CE and DE encryption keys. At this point, the user's CE and // DE storage is made inaccessible, except to delete its contents. try { - mContext.getSystemService(StorageManager.class).destroyUserKey(userId); + mContext.getSystemService(StorageManager.class).destroyUserStorageKeys(userId); } catch (IllegalStateException e) { // This may be simply because the user was partially created. - Slog.i(LOG_TAG, "Destroying key for user " + userId + " failed, continuing anyway", e); + Slog.i(LOG_TAG, "Destroying storage keys for user " + userId + + " failed, continuing anyway", e); } // Cleanup package manager settings diff --git a/services/tests/servicestests/src/com/android/server/am/UserControllerTest.java b/services/tests/servicestests/src/com/android/server/am/UserControllerTest.java index 24a628eb4331..d26d67107001 100644 --- a/services/tests/servicestests/src/com/android/server/am/UserControllerTest.java +++ b/services/tests/servicestests/src/com/android/server/am/UserControllerTest.java @@ -345,7 +345,7 @@ public class UserControllerTest { assertWithMessage("should not have received intents") .that(getActions(mInjector.mSentIntents)).isEmpty(); // TODO(b/140868593): should have received a USER_UNLOCK_MSG message as well, but it doesn't - // because StorageManager.isUserKeyUnlocked(TEST_PRE_CREATED_USER_ID) returns false - to + // because StorageManager.isCeStorageUnlocked(TEST_PRE_CREATED_USER_ID) returns false - to // properly fix it, we'd need to move this class to FrameworksMockingServicesTests so we can // mock static methods (but moving this class would involve changing the presubmit tests, // and the cascade effect goes on...). In fact, a better approach would to not assert the @@ -648,7 +648,7 @@ public class UserControllerTest { // checking. waitForHandlerToComplete(FgThread.getHandler(), HANDLER_WAIT_TIME_MS); verify(mInjector.mStorageManagerMock, times(0)) - .lockUserKey(anyInt()); + .lockCeStorage(anyInt()); addForegroundUserAndContinueUserSwitch(TEST_USER_ID2, TEST_USER_ID1, numerOfUserSwitches, true); @@ -663,7 +663,7 @@ public class UserControllerTest { mUserController.finishUserStopped(ussUser1, /* allowDelayedLocking= */ true); waitForHandlerToComplete(FgThread.getHandler(), HANDLER_WAIT_TIME_MS); verify(mInjector.mStorageManagerMock, times(1)) - .lockUserKey(TEST_USER_ID); + .lockCeStorage(TEST_USER_ID); } /** @@ -757,7 +757,7 @@ public class UserControllerTest { mUserController.startUser(TEST_USER_ID, USER_START_MODE_BACKGROUND); verify(mInjector.mStorageManagerMock, never()) - .unlockUserKey(eq(TEST_USER_ID), anyInt(), any()); + .unlockCeStorage(eq(TEST_USER_ID), anyInt(), any()); } @Test @@ -1035,7 +1035,7 @@ public class UserControllerTest { mUserController.finishUserStopped(ussUser, delayedLocking); waitForHandlerToComplete(FgThread.getHandler(), HANDLER_WAIT_TIME_MS); verify(mInjector.mStorageManagerMock, times(expectLocking ? 1 : 0)) - .lockUserKey(userId); + .lockCeStorage(userId); } private void addForegroundUserAndContinueUserSwitch(int newUserId, int expectedOldUserId, diff --git a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java index fe2ac176949d..f5d50d173466 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java @@ -304,17 +304,17 @@ public abstract class BaseLockSettingsServiceTests { doAnswer(invocation -> { Object[] args = invocation.getArguments(); - mStorageManager.unlockUserKey(/* userId= */ (int) args[0], + mStorageManager.unlockCeStorage(/* userId= */ (int) args[0], /* secret= */ (byte[]) args[2]); return null; - }).when(sm).unlockUserKey(anyInt(), anyInt(), any()); + }).when(sm).unlockCeStorage(anyInt(), anyInt(), any()); doAnswer(invocation -> { Object[] args = invocation.getArguments(); - mStorageManager.setUserKeyProtection(/* userId= */ (int) args[0], + mStorageManager.setCeStorageProtection(/* userId= */ (int) args[0], /* secret= */ (byte[]) args[1]); return null; - }).when(sm).setUserKeyProtection(anyInt(), any()); + }).when(sm).setCeStorageProtection(anyInt(), any()); return sm; } diff --git a/services/tests/servicestests/src/com/android/server/locksettings/FakeStorageManager.java b/services/tests/servicestests/src/com/android/server/locksettings/FakeStorageManager.java index 91f3fed01267..c08ad134d74a 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/FakeStorageManager.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/FakeStorageManager.java @@ -24,7 +24,7 @@ public class FakeStorageManager { private final ArrayMap<Integer, byte[]> mUserSecrets = new ArrayMap<>(); - public void setUserKeyProtection(int userId, byte[] secret) { + public void setCeStorageProtection(int userId, byte[] secret) { assertThat(mUserSecrets).doesNotContainKey(userId); mUserSecrets.put(userId, secret); } @@ -35,7 +35,7 @@ public class FakeStorageManager { return secret; } - public void unlockUserKey(int userId, byte[] secret) { + public void unlockCeStorage(int userId, byte[] secret) { assertThat(mUserSecrets.get(userId)).isEqualTo(secret); } } |