API changes to support encryption in DPM
* New uses-policies value
* Definitions for storage domain and encryption status
* API to get and set encryption status
* Intent to launch encryption changes
* Both new calls bottom out in the DPM service and are suitable for
a device that does not support encryption.
NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver
to be built in Settings (different CL).
Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java
index 470af67..c0ce256 100644
--- a/services/java/com/android/server/DevicePolicyManagerService.java
+++ b/services/java/com/android/server/DevicePolicyManagerService.java
@@ -1822,6 +1822,41 @@
exclusionList);
}
+ /**
+ * Set the storage encryption request.
+ */
+ public int setStorageEncryption(ComponentName who, boolean encrypt) {
+ synchronized (this) {
+ // Check for permissions
+ if (who == null) {
+ throw new NullPointerException("ComponentName is null");
+ }
+ ActiveAdmin ap = getActiveAdminForCallerLocked(who,
+ DeviceAdminInfo.USES_ENCRYPTED_STORAGE);
+
+ // TODO: (1) Record the value for the admin so it's sticky
+ // TODO: (2) Compute "max" for all admins (if any admin requests encryption, then
+ // we enable it.
+ // TODO: (3) Work with filesystem / mount service to start/stop encryption
+ return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
+ }
+ }
+
+ /**
+ * Get the current storage encryption status for a given storage domain.
+ */
+ public int getStorageEncryption(ComponentName who) {
+ synchronized (this) {
+ // Check for permissions if a particular caller is specified
+ if (who != null) {
+ getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_ENCRYPTED_STORAGE);
+ }
+
+ // TODO: Work with filesystem / mount service to query encryption status
+ return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
+ }
+ }
+
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)