Add API to IMountService to get encryption state
Bug: 18002358
Change-Id: If7d9c9a5ed38ac37849fcf638ec10c76d2f419a1
diff --git a/services/core/java/com/android/server/DiskStatsService.java b/services/core/java/com/android/server/DiskStatsService.java
index 9313148..8ca675a 100644
--- a/services/core/java/com/android/server/DiskStatsService.java
+++ b/services/core/java/com/android/server/DiskStatsService.java
@@ -80,7 +80,7 @@
reportFreeSpace(Environment.getDownloadCacheDirectory(), "Cache", pw);
reportFreeSpace(new File("/system"), "System", pw);
- if (StorageManager.isNativeFileBasedEncryptionEnabled()) {
+ if (StorageManager.isFileEncryptedNativeOnly()) {
pw.println("File-based Encryption: true");
}
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index a3322fc..4536e04 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -839,11 +839,11 @@
Slog.d(TAG, "Thinking about init, mSystemReady=" + mSystemReady
+ ", mDaemonConnected=" + mDaemonConnected);
if (mSystemReady && mDaemonConnected
- && !StorageManager.isNativeFileBasedEncryptionEnabled()) {
+ && !StorageManager.isFileEncryptedNativeOnly()) {
// When booting a device without native support, make sure that our
// user directories are locked or unlocked based on the current
// emulation status.
- final boolean initLocked = StorageManager.isEmulatedFileBasedEncryptionEnabled();
+ final boolean initLocked = StorageManager.isFileEncryptedEmulatedOnly();
Slog.d(TAG, "Setting up emulation state, initlocked=" + initLocked);
final List<UserInfo> users = mContext.getSystemService(UserManager.class).getUsers();
for (UserInfo user : users) {
@@ -1940,7 +1940,7 @@
waitForReady();
if ((mask & StorageManager.DEBUG_EMULATE_FBE) != 0) {
- if (StorageManager.isNativeFileBasedEncryptionEnabled()) {
+ if (StorageManager.isFileEncryptedNativeOnly()) {
throw new IllegalStateException(
"Emulation not available on device with native FBE");
}
@@ -2811,7 +2811,7 @@
@Override
public boolean isUserKeyUnlocked(int userId) {
- if (StorageManager.isFileBasedEncryptionEnabled()) {
+ if (StorageManager.isFileEncryptedNativeOrEmulated()) {
synchronized (mLock) {
return ArrayUtils.contains(mLocalUnlockedUsers, userId);
}
diff --git a/services/core/java/com/android/server/SystemConfig.java b/services/core/java/com/android/server/SystemConfig.java
index 73d8bdd..30e0ceb 100644
--- a/services/core/java/com/android/server/SystemConfig.java
+++ b/services/core/java/com/android/server/SystemConfig.java
@@ -446,7 +446,7 @@
// Some devices can be field-converted to FBE, so offer to splice in
// those features if not already defined by the static config
- if (StorageManager.isNativeFileBasedEncryptionEnabled()) {
+ if (StorageManager.isFileEncryptedNativeOnly()) {
addFeature(PackageManager.FEATURE_FILE_BASED_ENCRYPTION, 0);
addFeature(PackageManager.FEATURE_SECURELY_REMOVES_USERS, 0);
}
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 0317641..3105134 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -10884,7 +10884,7 @@
* belonging to any running apps.
*/
private void installEncryptionUnawareProviders(int userId) {
- if (!StorageManager.isFileBasedEncryptionEnabled()) {
+ if (!StorageManager.isFileEncryptedNativeOrEmulated()) {
// TODO: eventually pivot this back to look at current user state,
// similar to the comment in UserManager.isUserUnlocked(), but for
// now, if we started apps when "unlocked" then unaware providers
diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index addffd3..5f231ed 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -620,7 +620,7 @@
}
} else {
Slog.w(TAG, "Mount service not published; guessing locked state based on property");
- return !StorageManager.isFileBasedEncryptionEnabled();
+ return !StorageManager.isFileEncryptedNativeOrEmulated();
}
}
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index e180e050..debe072 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -2449,7 +2449,7 @@
// since core system apps like SettingsProvider and SystemUI
// can't wait for user to start
final int storageFlags;
- if (StorageManager.isFileBasedEncryptionEnabled()) {
+ if (StorageManager.isFileEncryptedNativeOrEmulated()) {
storageFlags = StorageManager.FLAG_STORAGE_DE;
} else {
storageFlags = StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE;
@@ -3231,7 +3231,7 @@
* Return if the user key is currently unlocked.
*/
private boolean isUserKeyUnlocked(int userId) {
- if (StorageManager.isFileBasedEncryptionEnabled()) {
+ if (StorageManager.isFileEncryptedNativeOrEmulated()) {
final IMountService mount = IMountService.Stub
.asInterface(ServiceManager.getService("mount"));
if (mount == null) {
@@ -18313,7 +18313,7 @@
* the app.
*/
private boolean maybeMigrateAppData(String volumeUuid, int userId, PackageParser.Package pkg) {
- if (pkg.isSystemApp() && !StorageManager.isFileBasedEncryptionEnabled()
+ if (pkg.isSystemApp() && !StorageManager.isFileEncryptedNativeOrEmulated()
&& PackageManager.APPLY_FORCE_DEVICE_ENCRYPTED) {
final int storageTarget = pkg.applicationInfo.isForceDeviceEncrypted()
? StorageManager.FLAG_STORAGE_DE : StorageManager.FLAG_STORAGE_CE;
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index d979675..32343cc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -1636,9 +1636,7 @@
}
// Still at the first stage of CryptKeeper double bounce, mOwners.hasDeviceOwner is
// always false at this point.
- if ("encrypted".equals(mInjector.systemPropertiesGet("ro.crypto.state"))
- && "trigger_restart_min_framework".equals(
- mInjector.systemPropertiesGet("vold.decrypt"))){
+ if (StorageManager.inCryptKeeperBounce()) {
return;
}
@@ -4854,17 +4852,11 @@
* {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}.
*/
private int getEncryptionStatus() {
- String status = mInjector.systemPropertiesGet("ro.crypto.state", "unsupported");
- if ("encrypted".equalsIgnoreCase(status)) {
- final long token = mInjector.binderClearCallingIdentity();
- try {
- return LockPatternUtils.isDeviceEncrypted()
- ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
- : DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY;
- } finally {
- mInjector.binderRestoreCallingIdentity(token);
- }
- } else if ("unencrypted".equalsIgnoreCase(status)) {
+ if (!StorageManager.isNonDefaultBlockEncrypted()) {
+ return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY;
+ } else if (StorageManager.isEncrypted()) {
+ return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
+ } else if (StorageManager.isEncryptable()) {
return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
} else {
return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;