More file-based encryption work. Add granular StorageManager APIs for key creation/destruction and unlocking/locking. Start passing through an opaque token as part of the unlock command, but leave it empty for now. We now have a separate "prepare" method that sanity checks that user directories are correctly setup. Define a handful of system properties used for marking devices that should be operating in FBE mode, and if they're emulating FBE. Wire a command to "sm", but persisting will come later. Start using new "encryptionAware" flag on apps previously marked with coreApp flag, which were apps running in the legacy CryptKeeper model. Small tweaks to handle non-encryptionAware voice interaction services. Switch PackageManager to consult StorageManager about the unlocked state of a user. Bug: 22358539 Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6

commit: f9fc6d6cc05595241bc7ced6d4cab97b45f9b901 [log] [tgz]
author: Jeff Sharkey <jsharkey@android.com> Sun Nov 08 16:46:05 2015 -0800
committer: Jeff Sharkey <jsharkey@android.com> Wed Nov 11 10:47:23 2015 -0800
tree: 0acf0e517de54713340c1ae88085ef9c7f88926e
parent: cef9219fdad0585ab3948d349f346608a7b9feb3 [diff] [blame]
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 9a87abe..3a1d2de 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java

@@ -1563,13 +1563,15 @@
                             userInfo.restrictedProfileParentId = parent.restrictedProfileParentId;
                         }
                     }
+
                     final StorageManager storage = mContext.getSystemService(StorageManager.class);
+                    storage.createUserKey(userId, userInfo.serialNumber);
                     for (VolumeInfo vol : storage.getWritablePrivateVolumes()) {
                         final String volumeUuid = vol.getFsUuid();
                         try {
                             final File userDir = Environment.getDataUserDirectory(volumeUuid,
                                     userId);
-                            prepareUserDirectory(mContext, volumeUuid, userId);
+                            storage.prepareUserStorage(volumeUuid, userId, userInfo.serialNumber);
                             enforceSerialNumber(userDir, userInfo.serialNumber);
                         } catch (IOException e) {
                             Log.wtf(LOG_TAG, "Failed to create user directory on " + volumeUuid, e);
@@ -1797,8 +1799,7 @@
     }
 
     private void removeUserStateLILP(final int userHandle) {
-        mContext.getSystemService(StorageManager.class)
-            .deleteUserKey(userHandle);
+        mContext.getSystemService(StorageManager.class).destroyUserKey(userHandle);
         // Cleanup package manager settings
         mPm.cleanUpUserLILPw(this, userHandle);
 
@@ -2183,16 +2184,6 @@
     }
 
     /**
-     * Create new {@code /data/user/[id]} directory and sets default
-     * permissions.
-     */
-    public static void prepareUserDirectory(Context context, String volumeUuid, int userId) {
-        final StorageManager storage = context.getSystemService(StorageManager.class);
-        final File userDir = Environment.getDataUserDirectory(volumeUuid, userId);
-        storage.createNewUserDir(userId, userDir);
-    }
-
-    /**
      * Enforce that serial number stored in user directory inode matches the
      * given expected value. Gracefully sets the serial number if currently
      * undefined.
commit	f9fc6d6cc05595241bc7ced6d4cab97b45f9b901	[log] [tgz]
author	Jeff Sharkey <jsharkey@android.com>	Sun Nov 08 16:46:05 2015 -0800
committer	Jeff Sharkey <jsharkey@android.com>	Wed Nov 11 10:47:23 2015 -0800
tree	0acf0e517de54713340c1ae88085ef9c7f88926e
parent	cef9219fdad0585ab3948d349f346608a7b9feb3 [diff] [blame]