Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / f9fc6d6cc05595241bc7ced6d4cab97b45f9b901^! / . / core / java / android / content / pm / ApplicationInfo.java
commitf9fc6d6cc05595241bc7ced6d4cab97b45f9b901[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Sun Nov 08 16:46:05 2015 -0800
committerJeff Sharkey <jsharkey@android.com>Wed Nov 11 10:47:23 2015 -0800
tree0acf0e517de54713340c1ae88085ef9c7f88926e
parentcef9219fdad0585ab3948d349f346608a7b9feb3 [diff] [blame]
More file-based encryption work.

Add granular StorageManager APIs for key creation/destruction and
unlocking/locking.  Start passing through an opaque token as part
of the unlock command, but leave it empty for now.  We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.

Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE.  Wire
a command to "sm", but persisting will come later.

Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model.  Small tweaks to handle non-encryptionAware voice interaction
services.  Switch PackageManager to consult StorageManager about the
unlocked state of a user.

Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6

diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 52c2f9b..9c880d3 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java

@@ -22,7 +22,9 @@
 import android.os.Environment;
 import android.os.Parcel;
 import android.os.Parcelable;
+import android.os.SystemProperties;
 import android.os.UserHandle;
+import android.os.storage.StorageManager;
 import android.text.TextUtils;
 import android.util.Printer;
 
@@ -469,6 +471,14 @@
     public static final int PRIVATE_FLAG_FORCE_DEVICE_ENCRYPTED = 1 << 5;
 
     /**
+     * When set, assume that all components under the given app are encryption
+     * aware, unless otherwise specified.
+     *
+     * @hide
+     */
+    public static final int PRIVATE_FLAG_ENCRYPTION_AWARE = 1 << 6;
+
+    /**
      * Private/hidden flags. See {@code PRIVATE_FLAG_...} constants.
      * {@hide}
      */
@@ -963,7 +973,8 @@
                 .getDataUserCredentialEncryptedPackageDirectory(volumeUuid, userId, packageName)
                 .getAbsolutePath();
 
-        if ((privateFlags & PRIVATE_FLAG_FORCE_DEVICE_ENCRYPTED) != 0) {
+        if ((privateFlags & PRIVATE_FLAG_FORCE_DEVICE_ENCRYPTED) != 0
+                && SystemProperties.getBoolean(StorageManager.PROP_HAS_FBE, false)) {
             dataDir = deviceEncryptedDataDir;
         } else {
             dataDir = credentialEncryptedDataDir;
@@ -1030,6 +1041,11 @@
                 && (flags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) != 0;
     }
 
+    /** @hide */
+    public boolean isEncryptionAware() {
+        return (privateFlags & ApplicationInfo.PRIVATE_FLAG_ENCRYPTION_AWARE) != 0;
+    }
+
     /**
      * @hide
      */