Merge "More file-based encryption work."
diff --git a/cmds/am/src/com/android/commands/am/Am.java b/cmds/am/src/com/android/commands/am/Am.java
index 62e0919a..daf01ec 100644
--- a/cmds/am/src/com/android/commands/am/Am.java
+++ b/cmds/am/src/com/android/commands/am/Am.java
@@ -65,6 +65,7 @@
import android.view.IWindowManager;
import com.android.internal.os.BaseCommand;
+import com.android.internal.util.HexDump;
import com.android.internal.util.Preconditions;
import java.io.BufferedReader;
@@ -152,6 +153,7 @@
" am to-app-uri [INTENT]\n" +
" am switch-user <USER_ID>\n" +
" am start-user <USER_ID>\n" +
+ " am unlock-user <USER_ID> [TOKEN_HEX]\n" +
" am stop-user [-w] <USER_ID>\n" +
" am stack start <DISPLAY_ID> <INTENT>\n" +
" am stack movetask <TASK_ID> <STACK_ID> [true|false]\n" +
@@ -411,6 +413,8 @@
runSwitchUser();
} else if (op.equals("start-user")) {
runStartUserInBackground();
+ } else if (op.equals("unlock-user")) {
+ runUnlockUser();
} else if (op.equals("stop-user")) {
runStopUser();
} else if (op.equals("stack")) {
@@ -1086,6 +1090,21 @@
}
}
+ private void runUnlockUser() throws Exception {
+ int userId = Integer.parseInt(nextArgRequired());
+ String tokenHex = nextArg();
+ byte[] token = null;
+ if (tokenHex != null) {
+ token = HexDump.hexStringToByteArray(tokenHex);
+ }
+ boolean success = mAm.unlockUser(userId, token);
+ if (success) {
+ System.out.println("Success: user unlocked");
+ } else {
+ System.err.println("Error: could not unlock user");
+ }
+ }
+
private static class StopUserCallback extends IStopUserCallback.Stub {
private boolean mFinished = false;
diff --git a/core/java/android/app/ActivityManagerNative.java b/core/java/android/app/ActivityManagerNative.java
index 16cf254..0b7b6fc 100644
--- a/core/java/android/app/ActivityManagerNative.java
+++ b/core/java/android/app/ActivityManagerNative.java
@@ -1962,6 +1962,16 @@
return true;
}
+ case UNLOCK_USER_TRANSACTION: {
+ data.enforceInterface(IActivityManager.descriptor);
+ int userId = data.readInt();
+ byte[] token = data.createByteArray();
+ boolean result = unlockUser(userId, token);
+ reply.writeNoException();
+ reply.writeInt(result ? 1 : 0);
+ return true;
+ }
+
case STOP_USER_TRANSACTION: {
data.enforceInterface(IActivityManager.descriptor);
int userid = data.readInt();
@@ -5250,6 +5260,20 @@
return result;
}
+ public boolean unlockUser(int userId, byte[] token) throws RemoteException {
+ Parcel data = Parcel.obtain();
+ Parcel reply = Parcel.obtain();
+ data.writeInterfaceToken(IActivityManager.descriptor);
+ data.writeInt(userId);
+ data.writeByteArray(token);
+ mRemote.transact(IActivityManager.UNLOCK_USER_TRANSACTION, data, reply, 0);
+ reply.readException();
+ boolean result = reply.readInt() != 0;
+ reply.recycle();
+ data.recycle();
+ return result;
+ }
+
public int stopUser(int userid, IStopUserCallback callback) throws RemoteException {
Parcel data = Parcel.obtain();
Parcel reply = Parcel.obtain();
diff --git a/core/java/android/app/IActivityManager.java b/core/java/android/app/IActivityManager.java
index 88543e5..db4f5c1 100644
--- a/core/java/android/app/IActivityManager.java
+++ b/core/java/android/app/IActivityManager.java
@@ -390,6 +390,7 @@
// Multi-user APIs
public boolean switchUser(int userid) throws RemoteException;
public boolean startUserInBackground(int userid) throws RemoteException;
+ public boolean unlockUser(int userid, byte[] token) throws RemoteException;
public int stopUser(int userid, IStopUserCallback callback) throws RemoteException;
public UserInfo getCurrentUser() throws RemoteException;
public boolean isUserRunning(int userid, int flags) throws RemoteException;
@@ -904,4 +905,5 @@
int REMOVE_STACK_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION + 348;
int MOVE_TOP_ACTIVITY_TO_PINNED_STACK_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION + 349;
int GET_APP_START_MODE_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION + 350;
+ int UNLOCK_USER_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION + 351;
}
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index eda4136..1996e0f 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -982,7 +982,7 @@
.getAbsolutePath();
if ((privateFlags & PRIVATE_FLAG_FORCE_DEVICE_ENCRYPTED) != 0
- && SystemProperties.getBoolean(StorageManager.PROP_HAS_FBE, false)) {
+ && StorageManager.isFileBasedEncryptionEnabled()) {
dataDir = deviceEncryptedDataDir;
} else {
dataDir = credentialEncryptedDataDir;
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index 566de4e..42fef3b 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -240,16 +240,15 @@
public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 0x00040000;
/**
- * {@link PackageInfo} flag: return components as if the given user is
- * running with amnesia. This typically limits the component to only those
- * marked as {@link ComponentInfo#encryptionAware}, unless
+ * {@link PackageInfo} flag: return components that are marked as
+ * {@link ComponentInfo#encryptionAware}, unless
* {@link #GET_ENCRYPTION_UNAWARE_COMPONENTS} is also specified.
* <p>
* This flag is for internal use only.
*
* @hide
*/
- public static final int FLAG_USER_RUNNING_WITH_AMNESIA = 0x00080000;
+ public static final int MATCH_ENCRYPTION_AWARE_ONLY = 0x00080000;
/**
* Flag for {@link addCrossProfileIntentFilter}: if this flag is set:
diff --git a/core/java/android/os/storage/IMountService.java b/core/java/android/os/storage/IMountService.java
index 2e43ffc..c6510f0 100644
--- a/core/java/android/os/storage/IMountService.java
+++ b/core/java/android/os/storage/IMountService.java
@@ -1301,23 +1301,6 @@
}
@Override
- public boolean isPerUserEncryptionEnabled() throws RemoteException {
- Parcel _data = Parcel.obtain();
- Parcel _reply = Parcel.obtain();
- boolean _result;
- try {
- _data.writeInterfaceToken(DESCRIPTOR);
- mRemote.transact(Stub.TRANSACTION_isPerUserEncryptionEnabled, _data, _reply, 0);
- _reply.readException();
- _result = 0 != _reply.readInt();
- } finally {
- _reply.recycle();
- _data.recycle();
- }
- return _result;
- }
-
- @Override
public ParcelFileDescriptor mountAppFuse(String name) throws RemoteException {
Parcel _data = Parcel.obtain();
Parcel _reply = Parcel.obtain();
@@ -1459,7 +1442,6 @@
static final int TRANSACTION_prepareUserStorage = IBinder.FIRST_CALL_TRANSACTION + 66;
- static final int TRANSACTION_isPerUserEncryptionEnabled = IBinder.FIRST_CALL_TRANSACTION + 67;
static final int TRANSACTION_isConvertibleToFBE = IBinder.FIRST_CALL_TRANSACTION + 68;
static final int TRANSACTION_mountAppFuse = IBinder.FIRST_CALL_TRANSACTION + 69;
@@ -2074,13 +2056,6 @@
reply.writeNoException();
return true;
}
- case TRANSACTION_isPerUserEncryptionEnabled: {
- data.enforceInterface(DESCRIPTOR);
- boolean result = isPerUserEncryptionEnabled();
- reply.writeNoException();
- reply.writeInt(result ? 1 : 0);
- return true;
- }
case TRANSACTION_mountAppFuse: {
data.enforceInterface(DESCRIPTOR);
String name = data.readString();
@@ -2411,7 +2386,5 @@
public void prepareUserStorage(String volumeUuid, int userId, int serialNumber)
throws RemoteException;
- public boolean isPerUserEncryptionEnabled() throws RemoteException;
-
public ParcelFileDescriptor mountAppFuse(String name) throws RemoteException;
}
diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java
index 2d9090b..db12564 100644
--- a/core/java/android/os/storage/StorageManager.java
+++ b/core/java/android/os/storage/StorageManager.java
@@ -33,6 +33,7 @@
import android.os.ParcelFileDescriptor;
import android.os.RemoteException;
import android.os.ServiceManager;
+import android.os.SystemProperties;
import android.provider.Settings;
import android.text.TextUtils;
import android.util.Log;
@@ -77,11 +78,9 @@
/** {@hide} */
public static final String PROP_HAS_ADOPTABLE = "vold.has_adoptable";
/** {@hide} */
- public static final String PROP_HAS_FBE = "vold.has_fbe";
- /** {@hide} */
public static final String PROP_FORCE_ADOPTABLE = "persist.fw.force_adoptable";
/** {@hide} */
- public static final String PROP_EMULATE_FBE = "vold.emulate_fbe";
+ public static final String PROP_EMULATE_FBE = "persist.sys.emulate_fbe";
/** {@hide} */
public static final String UUID_PRIVATE_INTERNAL = null;
@@ -1021,12 +1020,9 @@
}
/** {@hide} */
- public boolean isPerUserEncryptionEnabled() {
- try {
- return mMountService.isPerUserEncryptionEnabled();
- } catch (RemoteException e) {
- throw e.rethrowAsRuntimeException();
- }
+ public static boolean isFileBasedEncryptionEnabled() {
+ return "file".equals(SystemProperties.get("ro.crypto.type", "none"))
+ || SystemProperties.getBoolean(StorageManager.PROP_EMULATE_FBE, false);
}
/** {@hide} */
diff --git a/services/core/java/com/android/server/LockSettingsStorage.java b/services/core/java/com/android/server/LockSettingsStorage.java
index 6acec6b..eb49a78 100644
--- a/services/core/java/com/android/server/LockSettingsStorage.java
+++ b/services/core/java/com/android/server/LockSettingsStorage.java
@@ -389,7 +389,7 @@
private int getUserParentOrSelfId(int userId) {
// Device supports per user encryption, so lock is applied to the given user.
- if (mContext.getSystemService(StorageManager.class).isPerUserEncryptionEnabled()) {
+ if (StorageManager.isFileBasedEncryptionEnabled()) {
return userId;
}
// Device uses Block Based Encryption, and the parent user's lock is used for the whole
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index f89155d..a32bb2f 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -1904,16 +1904,18 @@
enforcePermission(android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS);
waitForReady();
- synchronized (mLock) {
- if ((mask & StorageManager.DEBUG_FORCE_ADOPTABLE) != 0) {
- mForceAdoptable = (flags & StorageManager.DEBUG_FORCE_ADOPTABLE) != 0;
- }
- if ((mask & StorageManager.DEBUG_EMULATE_FBE) != 0) {
- // TODO: persist through vold and reboot
- }
+ if ((mask & StorageManager.DEBUG_EMULATE_FBE) != 0) {
+ final boolean emulateFbe = (flags & StorageManager.DEBUG_EMULATE_FBE) != 0;
+ SystemProperties.set(StorageManager.PROP_EMULATE_FBE, Boolean.toString(emulateFbe));
+ }
- writeSettingsLocked();
- mHandler.obtainMessage(H_RESET).sendToTarget();
+ if ((mask & StorageManager.DEBUG_FORCE_ADOPTABLE) != 0) {
+ synchronized (mLock) {
+ mForceAdoptable = (flags & StorageManager.DEBUG_FORCE_ADOPTABLE) != 0;
+
+ writeSettingsLocked();
+ mHandler.obtainMessage(H_RESET).sendToTarget();
+ }
}
}
@@ -2738,7 +2740,7 @@
@Override
public boolean isUserKeyUnlocked(int userId) {
- if (SystemProperties.getBoolean(StorageManager.PROP_HAS_FBE, false)) {
+ if (StorageManager.isFileBasedEncryptionEnabled()) {
synchronized (mLock) {
return ArrayUtils.contains(mUnlockedUsers, userId);
}
@@ -2761,14 +2763,6 @@
}
@Override
- public boolean isPerUserEncryptionEnabled() {
- // TODO: switch this over to a single property; currently using two to
- // handle the emulated case
- return "file".equals(SystemProperties.get("ro.crypto.type", "none"))
- || SystemProperties.getBoolean(StorageManager.PROP_HAS_FBE, false);
- }
-
- @Override
public ParcelFileDescriptor mountAppFuse(String name) throws RemoteException {
// TODO: Invoke vold to mount app fuse.
throw new UnsupportedOperationException();
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 92e16c7..3a0d80b 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -20220,6 +20220,11 @@
}
@Override
+ public boolean unlockUser(int userId, byte[] token) {
+ return mUserController.unlockUser(userId, token);
+ }
+
+ @Override
public boolean switchUser(final int userId) {
enforceShellRestriction(UserManager.DISALLOW_DEBUGGING_FEATURES, userId);
String userName;
diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index 79aa85f..124d2ef 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -1665,9 +1665,7 @@
UserInfo user = getUserInfo(userId);
// TODO: Timeout for work challenge
- if (user.isManagedProfile()
- && mService.mContext.getSystemService(StorageManager.class)
- .isPerUserEncryptionEnabled()) {
+ if (user.isManagedProfile() && StorageManager.isFileBasedEncryptionEnabled()) {
KeyguardManager km = (KeyguardManager) mService.mContext
.getSystemService(Context.KEYGUARD_SERVICE);
diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index d6fced6..e04f138 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -66,6 +66,7 @@
import android.util.SparseIntArray;
import com.android.internal.R;
+import com.android.internal.annotations.GuardedBy;
import com.android.internal.util.ArrayUtils;
import com.android.server.pm.UserManagerService;
@@ -99,7 +100,9 @@
/**
* Which users have been started, so are allowed to run code.
*/
+ @GuardedBy("mService")
private final SparseArray<UserState> mStartedUsers = new SparseArray<>();
+
/**
* LRU list of history of current users. Most recently current is at the end.
*/
@@ -415,7 +418,7 @@
private void updateUserUnlockedState(UserState uss) {
final IMountService mountService = IMountService.Stub
- .asInterface(ServiceManager.getService(Context.STORAGE_SERVICE));
+ .asInterface(ServiceManager.getService("mount"));
if (mountService != null) {
try {
uss.unlocked = mountService.isUserKeyUnlocked(uss.mHandle.getIdentifier());
@@ -424,7 +427,7 @@
}
} else {
// System isn't fully booted yet, so guess based on property
- uss.unlocked = !SystemProperties.getBoolean(StorageManager.PROP_HAS_FBE, false);
+ uss.unlocked = !StorageManager.isFileBasedEncryptionEnabled();
}
}
@@ -606,6 +609,35 @@
return result;
}
+ boolean unlockUser(final int userId, byte[] token) {
+ if (mService.checkCallingPermission(INTERACT_ACROSS_USERS_FULL)
+ != PackageManager.PERMISSION_GRANTED) {
+ String msg = "Permission Denial: unlockUser() from pid="
+ + Binder.getCallingPid()
+ + ", uid=" + Binder.getCallingUid()
+ + " requires " + INTERACT_ACROSS_USERS_FULL;
+ Slog.w(TAG, msg);
+ throw new SecurityException(msg);
+ }
+
+ final UserInfo userInfo = getUserInfo(userId);
+ final IMountService mountService = IMountService.Stub
+ .asInterface(ServiceManager.getService("mount"));
+ try {
+ mountService.unlockUserKey(userId, userInfo.serialNumber, token);
+ } catch (RemoteException e) {
+ Slog.w(TAG, "Failed to unlock: " + e.getMessage());
+ throw e.rethrowAsRuntimeException();
+ }
+
+ synchronized (mService) {
+ final UserState uss = mStartedUsers.get(userId);
+ updateUserUnlockedState(uss);
+ }
+
+ return true;
+ }
+
void showUserSwitchDialog(int userId, String userName) {
// The dialog will show and then initiate the user switch by calling startUserInForeground
Dialog d = new UserSwitchingDialog(mService, mService.mContext, userId, userName,
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index 8fac9da..073b4f03 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -57,6 +57,8 @@
private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
private static final boolean DEBUG = false;
+ private static final int DEFAULT_FLAGS = PackageManager.GET_ENCRYPTION_UNAWARE_COMPONENTS;
+
private static final String AUDIO_MIME_TYPE = "audio/mpeg";
private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
@@ -696,7 +698,7 @@
private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr(
Intent intent, int userId) {
ResolveInfo handler = mService.resolveIntent(intent,
- intent.resolveType(mService.mContext.getContentResolver()), 0, userId);
+ intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId);
if (handler == null || handler.activityInfo == null) {
return null;
}
@@ -711,7 +713,7 @@
private PackageParser.Package getDefaultSystemHandlerServicePackageLPr(
Intent intent, int userId) {
List<ResolveInfo> handlers = mService.queryIntentServices(intent,
- intent.resolveType(mService.mContext.getContentResolver()), 0, userId);
+ intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId);
if (handlers == null) {
return null;
}
@@ -738,7 +740,8 @@
homeIntent.setPackage(syncAdapterPackageName);
ResolveInfo homeActivity = mService.resolveIntent(homeIntent,
- homeIntent.resolveType(mService.mContext.getContentResolver()), 0, userId);
+ homeIntent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS,
+ userId);
if (homeActivity != null) {
continue;
}
@@ -754,7 +757,7 @@
private PackageParser.Package getDefaultProviderAuthorityPackageLPr(
String authority, int userId) {
- ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId);
+ ProviderInfo provider = mService.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
if (provider != null) {
return getSystemPackageLPr(provider.packageName);
}
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 992919e..e41a976 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3021,18 +3021,19 @@
* purposefully done before acquiring {@link #mPackages} lock.
*/
private int augmentFlagsForUser(int flags, int userId) {
- if (SystemProperties.getBoolean(StorageManager.PROP_HAS_FBE, false)) {
+ if (StorageManager.isFileBasedEncryptionEnabled()) {
final IMountService mount = IMountService.Stub
- .asInterface(ServiceManager.getService(Context.STORAGE_SERVICE));
+ .asInterface(ServiceManager.getService("mount"));
if (mount == null) {
// We must be early in boot, so the best we can do is assume the
// user is fully running.
+ Slog.w(TAG, "Early during boot, assuming not encrypted");
return flags;
}
final long token = Binder.clearCallingIdentity();
try {
if (!mount.isUserKeyUnlocked(userId)) {
- flags |= PackageManager.FLAG_USER_RUNNING_WITH_AMNESIA;
+ flags |= PackageManager.MATCH_ENCRYPTION_AWARE_ONLY;
}
} catch (RemoteException e) {
throw e.rethrowAsRuntimeException();
@@ -6302,22 +6303,25 @@
return true;
}
- private int createDataDirsLI(String volumeUuid, String packageName, int uid, String seinfo) {
- int[] users = sUserManager.getUserIds();
+ private void createDataDirsLI(String volumeUuid, String packageName, int uid, String seinfo)
+ throws PackageManagerException {
int res = mInstaller.install(volumeUuid, packageName, uid, uid, seinfo);
- if (res < 0) {
- return res;
+ if (res != 0) {
+ throw new PackageManagerException(INSTALL_FAILED_INSUFFICIENT_STORAGE,
+ "Failed to install " + packageName + ": " + res);
}
+
+ final int[] users = sUserManager.getUserIds();
for (int user : users) {
if (user != 0) {
res = mInstaller.createUserData(volumeUuid, packageName,
UserHandle.getUid(user, uid), user, seinfo);
- if (res < 0) {
- return res;
+ if (res != 0) {
+ throw new PackageManagerException(INSTALL_FAILED_INSUFFICIENT_STORAGE,
+ "Failed to createUserData " + packageName + ": " + res);
}
}
}
- return res;
}
private int removeDataDirsLI(String volumeUuid, String packageName) {
@@ -6887,18 +6891,6 @@
+ pkg.applicationInfo.uid + "; old data erased";
reportSettingsProblem(Log.WARN, msg);
recovered = true;
-
- // And now re-install the app.
- ret = createDataDirsLI(pkg.volumeUuid, pkgName, pkg.applicationInfo.uid,
- pkg.applicationInfo.seinfo);
- if (ret == -1) {
- // Ack should not happen!
- msg = prefix + pkg.packageName
- + " could not have data directory re-created after delete.";
- reportSettingsProblem(Log.WARN, msg);
- throw new PackageManagerException(
- INSTALL_FAILED_INSUFFICIENT_STORAGE, msg);
- }
}
if (!recovered) {
mHasSystemUidErrors = true;
@@ -6931,6 +6923,10 @@
}
}
+ // Ensure that directories are prepared
+ createDataDirsLI(pkg.volumeUuid, pkgName, pkg.applicationInfo.uid,
+ pkg.applicationInfo.seinfo);
+
if (mShouldRestoreconData) {
Slog.i(TAG, "SELinux relabeling of " + pkg.packageName + " issued.");
mInstaller.restoreconData(pkg.volumeUuid, pkg.packageName,
@@ -6941,14 +6937,8 @@
if ((parseFlags & PackageParser.PARSE_CHATTY) != 0)
Log.v(TAG, "Want this data dir: " + dataPath);
}
- //invoke installer to do the actual installation
- int ret = createDataDirsLI(pkg.volumeUuid, pkgName, pkg.applicationInfo.uid,
+ createDataDirsLI(pkg.volumeUuid, pkgName, pkg.applicationInfo.uid,
pkg.applicationInfo.seinfo);
- if (ret < 0) {
- // Error from installer
- throw new PackageManagerException(INSTALL_FAILED_INSUFFICIENT_STORAGE,
- "Unable to create data dirs [errorCode=" + ret + "]");
- }
}
// Get all of our default paths setup
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 1d299d7..99aa30b 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -3802,8 +3802,7 @@
if ((flags & PackageManager.GET_ENCRYPTION_UNAWARE_COMPONENTS) != 0) {
return true;
}
- if ((flags & PackageManager.FLAG_USER_RUNNING_WITH_AMNESIA) != 0) {
- // When running with amnesia, we can only run encryption-aware apps
+ if ((flags & PackageManager.MATCH_ENCRYPTION_AWARE_ONLY) != 0) {
return componentInfo.encryptionAware;
}
return true;
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 53ce9e2..baeccb4 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -392,7 +392,7 @@
@Override
public int getCredentialOwnerProfile(int userHandle) {
checkManageUsersPermission("get the credential owner");
- if (!mContext.getSystemService(StorageManager.class).isPerUserEncryptionEnabled()) {
+ if (!StorageManager.isFileBasedEncryptionEnabled()) {
synchronized (mUsersLock) {
UserInfo profileParent = getProfileParentLU(userHandle);
if (profileParent != null) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 31c3670..844cca5 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3852,7 +3852,7 @@
}
enforceCrossUserPermission(userHandle);
// Managed Profile password can only be changed when per user encryption is present.
- if (!mContext.getSystemService(StorageManager.class).isPerUserEncryptionEnabled()) {
+ if (!StorageManager.isFileBasedEncryptionEnabled()) {
enforceNotManagedProfile(userHandle, "set the active password");
}