LockSettings: fix the get password issue during boot up
Use the lock setting service info from ILockSettings class
instead of LockSettingsService classs to get the stored
password the stored passed during bootup. Also check whether
called process has cryptkeeper or Admin permissions to get
the password.
Change-Id: I5970168853f1e4cca876f6ae767b0702368663b3
diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl
index 72f18d6..b8e9b1d 100644
--- a/core/java/com/android/internal/widget/ILockSettings.aidl
+++ b/core/java/com/android/internal/widget/ILockSettings.aidl
@@ -40,4 +40,5 @@
void registerStrongAuthTracker(in IStrongAuthTracker tracker);
void unregisterStrongAuthTracker(in IStrongAuthTracker tracker);
void requireStrongAuth(int strongAuthReason, int userId);
+ String getPassword();
}
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 1dbb054..990b483 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -388,8 +388,28 @@
}
}
+ private boolean checkCryptKeeperPermissions() {
+ boolean permission_err = false;
+ try {
+ mContext.enforceCallingOrSelfPermission(
+ android.Manifest.permission.CRYPT_KEEPER,
+ "no permission to get the password");
+ } catch (SecurityException e) {
+ permission_err = true;
+ }
+ return permission_err;
+ }
+
public String getPassword() {
- return mSavePassword;
+ /** if calling process does't have crypt keeper or admin permissions,
+ * throw the exception.
+ */
+ if (checkCryptKeeperPermissions())
+ mContext.enforceCallingOrSelfPermission(
+ android.Manifest.permission.MANAGE_DEVICE_ADMINS,
+ "no crypt_keeper or admin permission to get the password");
+
+ return mSavePassword;
}
private void setKeystorePassword(String password, int userHandle) {
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index 8af43ca..d999fcd 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -101,6 +101,7 @@
import com.android.server.NativeDaemonConnector.Command;
import com.android.server.NativeDaemonConnector.SensitiveArg;
import com.android.server.pm.PackageManagerService;
+import com.android.internal.widget.ILockSettings;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
@@ -2460,13 +2461,24 @@
Slog.i(TAG, "changing encryption password...");
}
- LockSettingsService lockSettings = new LockSettingsService(mContext);
- String currentPassword = lockSettings.getPassword();
+ ILockSettings lockSettings = ILockSettings.Stub.asInterface(
+ ServiceManager.getService("lock_settings"));
+ String currentPassword="default_password";
+ try {
+ currentPassword = lockSettings.getPassword();
+ } catch (RemoteException e) {
+ Slog.e(TAG, "Couldn't get password" + e);
+ }
try {
NativeDaemonEvent event = mCryptConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
new SensitiveArg(currentPassword), new SensitiveArg(password));
- lockSettings.sanitizePassword();
+ try {
+ lockSettings.sanitizePassword();
+ } catch (RemoteException e) {
+ Slog.e(TAG, "Couldn't sanitize password" + e);
+ }
+
return Integer.parseInt(event.getMessage());
} catch (NativeDaemonConnectorException e) {
// Encryption failed