diff options
4 files changed, 18 insertions, 17 deletions
diff --git a/core/java/android/os/storage/IStorageManager.aidl b/core/java/android/os/storage/IStorageManager.aidl index 6c0a1f99e112..c86221c26fa3 100644 --- a/core/java/android/os/storage/IStorageManager.aidl +++ b/core/java/android/os/storage/IStorageManager.aidl @@ -179,7 +179,7 @@ interface IStorageManager { void prepareUserStorage(in String volumeUuid, int userId, int serialNumber, int flags) = 66; void destroyUserStorage(in String volumeUuid, int userId, int flags) = 67; boolean isConvertibleToFBE() = 68; - void addUserKeyAuth(int userId, int serialNumber, in byte[] token, in byte[] secret) = 70; + void addUserKeyAuth(int userId, int serialNumber, in byte[] secret) = 70; void fixateNewestUserKeyAuth(int userId) = 71; void fstrim(int flags, IVoldTaskListener listener) = 72; AppFuseMount mountProxyFileDescriptorBridge() = 73; diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index 8a83130f50fa..bfa310f2b0ed 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -3408,18 +3408,19 @@ class StorageManagerService extends IStorageManager.Stub } /* - * Add this token/secret pair to the set of ways we can recover a disk encryption key. - * Changing the token/secret for a disk encryption key is done in two phases: first, adding - * a new token/secret pair with this call, then delting all other pairs with - * fixateNewestUserKeyAuth. This allows other places where a credential is used, such as - * Gatekeeper, to be updated between the two calls. + * Add this secret to the set of ways we can recover a user's disk + * encryption key. Changing the secret for a disk encryption key is done in + * two phases. First, this method is called to add the new secret binding. + * Second, fixateNewestUserKeyAuth is called to delete all other bindings. + * This allows other places where a credential is used, such as Gatekeeper, + * to be updated between the two calls. */ @Override - public void addUserKeyAuth(int userId, int serialNumber, byte[] token, byte[] secret) { + public void addUserKeyAuth(int userId, int serialNumber, byte[] secret) { enforcePermission(android.Manifest.permission.STORAGE_INTERNAL); try { - mVold.addUserKeyAuth(userId, serialNumber, encodeBytes(token), encodeBytes(secret)); + mVold.addUserKeyAuth(userId, serialNumber, encodeBytes(secret)); } catch (Exception e) { Slog.wtf(TAG, e); } diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index a1626696c7be..31083601b15c 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -1891,9 +1891,9 @@ public class LockSettingsService extends ILockSettings.Stub { mStorage.writeChildProfileLock(userId, outputStream.toByteArray()); } - private void setAuthlessUserKeyProtection(int userId, byte[] key) { - if (DEBUG) Slog.d(TAG, "setAuthlessUserKeyProtectiond: user=" + userId); - addUserKeyAuth(userId, null, key); + private void setUserKeyProtection(int userId, byte[] key) { + if (DEBUG) Slog.d(TAG, "setUserKeyProtection: user=" + userId); + addUserKeyAuth(userId, key); } private void clearUserKeyProtection(int userId, byte[] secret) { @@ -1944,11 +1944,11 @@ public class LockSettingsService extends ILockSettings.Stub { } } - private void addUserKeyAuth(int userId, byte[] token, byte[] secret) { + private void addUserKeyAuth(int userId, byte[] secret) { final UserInfo userInfo = mUserManager.getUserInfo(userId); final long callingId = Binder.clearCallingIdentity(); try { - mStorageManager.addUserKeyAuth(userId, userInfo.serialNumber, token, secret); + mStorageManager.addUserKeyAuth(userId, userInfo.serialNumber, secret); } catch (RemoteException e) { throw new IllegalStateException("Failed to add new key to vold " + userId, e); } finally { @@ -2725,7 +2725,7 @@ public class LockSettingsService extends ILockSettings.Stub { mSpManager.newSidForUser(getGateKeeperService(), auth, userId); } mSpManager.verifyChallenge(getGateKeeperService(), auth, 0L, userId); - setAuthlessUserKeyProtection(userId, auth.deriveDiskEncryptionKey()); + setUserKeyProtection(userId, auth.deriveDiskEncryptionKey()); setKeystorePassword(auth.deriveKeyStorePassword(), userId); } else { clearUserKeyProtection(userId, null); @@ -2927,7 +2927,7 @@ public class LockSettingsService extends ILockSettings.Stub { // a new SID, and re-add keys to vold and keystore. mSpManager.newSidForUser(getGateKeeperService(), auth, userId); mSpManager.verifyChallenge(getGateKeeperService(), auth, 0L, userId); - setAuthlessUserKeyProtection(userId, auth.deriveDiskEncryptionKey()); + setUserKeyProtection(userId, auth.deriveDiskEncryptionKey()); fixateNewestUserKeyAuth(userId); setKeystorePassword(auth.deriveKeyStorePassword(), userId); } diff --git a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java index dad50bd8a9d1..2bd42fa26d65 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java @@ -221,10 +221,10 @@ public abstract class BaseLockSettingsServiceTests { Object[] args = invocation.getArguments(); mStorageManager.addUserKeyAuth((int) args[0] /* userId */, (int) args[1] /* serialNumber */, - (byte[]) args[3] /* secret */); + (byte[]) args[2] /* secret */); return null; } - }).when(sm).addUserKeyAuth(anyInt(), anyInt(), any(), any()); + }).when(sm).addUserKeyAuth(anyInt(), anyInt(), any()); doAnswer(new Answer<Void>() { @Override |