From a1eb750e75ff7c7ef7698deed4442449c33334c8 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Tue, 10 May 2016 20:36:56 +0000 Subject: [PATCH] Revert "Two phases to set the password for disk encryption" This reverts commit 17e5dce5112fece2d2b9cd070c2f96bf65108e40. Bug: 28694324 Change-Id: I6d89bc26cb429b195c9bcf640666c495617257b7 --- .../android/os/storage/IMountService.java | 47 +++++-------------- .../android/server/LockSettingsService.java | 45 ++++-------------- .../android/server/LockSettingsStorage.java | 2 +- .../java/com/android/server/MountService.java | 29 ++---------- 4 files changed, 27 insertions(+), 96 deletions(-) diff --git a/core/java/android/os/storage/IMountService.java b/core/java/android/os/storage/IMountService.java index b9bcd1c190a4a..3915b02574931 100644 --- a/core/java/android/os/storage/IMountService.java +++ b/core/java/android/os/storage/IMountService.java @@ -1233,8 +1233,8 @@ public interface IMountService extends IInterface { } @Override - public void addUserKeyAuth(int userId, int serialNumber, - byte[] token, byte[] secret) throws RemoteException { + public void changeUserKey(int userId, int serialNumber, + byte[] token, byte[] oldSecret, byte[] newSecret) throws RemoteException { Parcel _data = Parcel.obtain(); Parcel _reply = Parcel.obtain(); try { @@ -1242,23 +1242,9 @@ public interface IMountService extends IInterface { _data.writeInt(userId); _data.writeInt(serialNumber); _data.writeByteArray(token); - _data.writeByteArray(secret); - mRemote.transact(Stub.TRANSACTION_addUserKeyAuth, _data, _reply, 0); - _reply.readException(); - } finally { - _reply.recycle(); - _data.recycle(); - } - } - - @Override - public void fixateNewestUserKeyAuth(int userId) throws RemoteException { - Parcel _data = Parcel.obtain(); - Parcel _reply = Parcel.obtain(); - try { - _data.writeInterfaceToken(DESCRIPTOR); - _data.writeInt(userId); - mRemote.transact(Stub.TRANSACTION_fixateNewestUserKeyAuth, _data, _reply, 0); + _data.writeByteArray(oldSecret); + _data.writeByteArray(newSecret); + mRemote.transact(Stub.TRANSACTION_changeUserKey, _data, _reply, 0); _reply.readException(); } finally { _reply.recycle(); @@ -1503,9 +1489,7 @@ public interface IMountService extends IInterface { static final int TRANSACTION_mountAppFuse = IBinder.FIRST_CALL_TRANSACTION + 69; - static final int TRANSACTION_addUserKeyAuth = IBinder.FIRST_CALL_TRANSACTION + 70; - - static final int TRANSACTION_fixateNewestUserKeyAuth = IBinder.FIRST_CALL_TRANSACTION + 71; + static final int TRANSACTION_changeUserKey = IBinder.FIRST_CALL_TRANSACTION + 70; /** * Cast an IBinder object into an IMountService interface, generating a @@ -2085,20 +2069,14 @@ public interface IMountService extends IInterface { reply.writeNoException(); return true; } - case TRANSACTION_addUserKeyAuth: { + case TRANSACTION_changeUserKey: { data.enforceInterface(DESCRIPTOR); int userId = data.readInt(); int serialNumber = data.readInt(); byte[] token = data.createByteArray(); - byte[] secret = data.createByteArray(); - addUserKeyAuth(userId, serialNumber, token, secret); - reply.writeNoException(); - return true; - } - case TRANSACTION_fixateNewestUserKeyAuth: { - data.enforceInterface(DESCRIPTOR); - int userId = data.readInt(); - fixateNewestUserKeyAuth(userId); + byte[] oldSecret = data.createByteArray(); + byte[] newSecret = data.createByteArray(); + changeUserKey(userId, serialNumber, token, oldSecret, newSecret); reply.writeNoException(); return true; } @@ -2474,9 +2452,8 @@ public interface IMountService extends IInterface { public void createUserKey(int userId, int serialNumber, boolean ephemeral) throws RemoteException; public void destroyUserKey(int userId) throws RemoteException; - public void addUserKeyAuth(int userId, int serialNumber, - byte[] token, byte[] secret) throws RemoteException; - public void fixateNewestUserKeyAuth(int userId) throws RemoteException; + public void changeUserKey(int userId, int serialNumber, + byte[] token, byte[] oldSecret, byte[] newSecret) throws RemoteException; public void unlockUserKey(int userId, int serialNumber, byte[] token, byte[] secret) throws RemoteException; diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index c2a1c50a8d2b7..434464c90a09d 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -789,11 +789,10 @@ public class LockSettingsService extends ILockSettings.Stub { if (isSecure) { tieManagedProfileLockIfNecessary(managedUserId, null); } else { - clearUserKeyProtection(managedUserId); getGateKeeperService().clearSecureUserId(managedUserId); mStorage.writePatternHash(null, managedUserId); setKeystorePassword(null, managedUserId); - fixateNewestUserKeyAuth(managedUserId); + clearUserKeyProtection(managedUserId); mStorage.removeChildProfileLock(managedUserId); removeKeystoreProfileKey(managedUserId); } @@ -828,11 +827,10 @@ public class LockSettingsService extends ILockSettings.Stub { byte[] currentHandle = getCurrentHandle(userId); if (pattern == null) { - clearUserKeyProtection(userId); getGateKeeperService().clearSecureUserId(userId); mStorage.writePatternHash(null, userId); setKeystorePassword(null, userId); - fixateNewestUserKeyAuth(userId); + clearUserKeyProtection(userId); onUserLockChanged(userId); return; } @@ -862,12 +860,8 @@ public class LockSettingsService extends ILockSettings.Stub { byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, pattern, userId); if (enrolledHandle != null) { - CredentialHash willStore - = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER); - setUserKeyProtection(userId, pattern, - doVerifyPattern(pattern, willStore, true, 0, userId)); mStorage.writePatternHash(enrolledHandle, userId); - fixateNewestUserKeyAuth(userId); + setUserKeyProtection(userId, pattern, verifyPattern(pattern, 0, userId)); onUserLockChanged(userId); } else { throw new RemoteException("Failed to enroll pattern"); @@ -890,11 +884,10 @@ public class LockSettingsService extends ILockSettings.Stub { throws RemoteException { byte[] currentHandle = getCurrentHandle(userId); if (password == null) { - clearUserKeyProtection(userId); getGateKeeperService().clearSecureUserId(userId); mStorage.writePasswordHash(null, userId); setKeystorePassword(null, userId); - fixateNewestUserKeyAuth(userId); + clearUserKeyProtection(userId); onUserLockChanged(userId); return; } @@ -922,12 +915,8 @@ public class LockSettingsService extends ILockSettings.Stub { byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, password, userId); if (enrolledHandle != null) { - CredentialHash willStore - = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER); - setUserKeyProtection(userId, password, - doVerifyPassword(password, willStore, true, 0, userId)); mStorage.writePasswordHash(enrolledHandle, userId); - fixateNewestUserKeyAuth(userId); + setUserKeyProtection(userId, password, verifyPassword(password, 0, userId)); onUserLockChanged(userId); } else { throw new RemoteException("Failed to enroll password"); @@ -1032,11 +1021,11 @@ public class LockSettingsService extends ILockSettings.Stub { if (token == null) { throw new RemoteException("Empty payload verifying a credential we just set"); } - addUserKeyAuth(userId, token, secretFromCredential(credential)); + changeUserKey(userId, token, secretFromCredential(credential)); } private void clearUserKeyProtection(int userId) throws RemoteException { - addUserKeyAuth(userId, null, null); + changeUserKey(userId, null, null); } private static byte[] secretFromCredential(String credential) throws RemoteException { @@ -1055,23 +1044,18 @@ public class LockSettingsService extends ILockSettings.Stub { } } - private void addUserKeyAuth(int userId, byte[] token, byte[] secret) + private void changeUserKey(int userId, byte[] token, byte[] secret) throws RemoteException { final UserInfo userInfo = UserManager.get(mContext).getUserInfo(userId); final IMountService mountService = getMountService(); final long callingId = Binder.clearCallingIdentity(); try { - mountService.addUserKeyAuth(userId, userInfo.serialNumber, token, secret); + mountService.changeUserKey(userId, userInfo.serialNumber, token, null, secret); } finally { Binder.restoreCallingIdentity(callingId); } } - private void fixateNewestUserKeyAuth(int userId) - throws RemoteException { - getMountService().fixateNewestUserKeyAuth(userId); - } - @Override public VerifyCredentialResponse checkPattern(String pattern, int userId) throws RemoteException { return doVerifyPattern(pattern, false, 0, userId); @@ -1087,11 +1071,6 @@ public class LockSettingsService extends ILockSettings.Stub { long challenge, int userId) throws RemoteException { checkPasswordReadPermission(userId); CredentialHash storedHash = mStorage.readPatternHash(userId); - return doVerifyPattern(pattern, storedHash, hasChallenge, challenge, userId); - } - - private VerifyCredentialResponse doVerifyPattern(String pattern, CredentialHash storedHash, - boolean hasChallenge, long challenge, int userId) throws RemoteException { boolean shouldReEnrollBaseZero = storedHash != null && storedHash.isBaseZeroPattern; String patternToVerify; @@ -1129,6 +1108,7 @@ public class LockSettingsService extends ILockSettings.Stub { } return response; + } @Override @@ -1178,11 +1158,6 @@ public class LockSettingsService extends ILockSettings.Stub { long challenge, int userId) throws RemoteException { checkPasswordReadPermission(userId); CredentialHash storedHash = mStorage.readPasswordHash(userId); - return doVerifyPassword(password, storedHash, hasChallenge, challenge, userId); - } - - private VerifyCredentialResponse doVerifyPassword(String password, CredentialHash storedHash, - boolean hasChallenge, long challenge, int userId) throws RemoteException { return verifyCredential(userId, storedHash, password, hasChallenge, challenge, new CredentialUtil() { @Override diff --git a/services/core/java/com/android/server/LockSettingsStorage.java b/services/core/java/com/android/server/LockSettingsStorage.java index ab91a732f3ccf..9ab63003c8dc4 100644 --- a/services/core/java/com/android/server/LockSettingsStorage.java +++ b/services/core/java/com/android/server/LockSettingsStorage.java @@ -74,7 +74,7 @@ class LockSettingsStorage { private SparseArray mStoredCredentialType; - static class CredentialHash { + class CredentialHash { static final int TYPE_NONE = -1; static final int TYPE_PATTERN = 1; static final int TYPE_PASSWORD = 2; diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java index c89b6ea4f18d7..25ce4856be1fe 100644 --- a/services/core/java/com/android/server/MountService.java +++ b/services/core/java/com/android/server/MountService.java @@ -2816,36 +2816,15 @@ class MountService extends IMountService.Stub } } - /* - * Add this token/secret pair to the set of ways we can recover a disk encryption key. - * Changing the token/secret for a disk encryption key is done in two phases: first, adding - * a new token/secret pair with this call, then delting all other pairs with - * fixateNewestUserKeyAuth. This allows other places where a credential is used, such as - * Gatekeeper, to be updated between the two calls. - */ @Override - public void addUserKeyAuth(int userId, int serialNumber, byte[] token, byte[] secret) { + public void changeUserKey(int userId, int serialNumber, + byte[] token, byte[] oldSecret, byte[] newSecret) { enforcePermission(android.Manifest.permission.STORAGE_INTERNAL); waitForReady(); try { - mCryptConnector.execute("cryptfs", "add_user_key_auth", userId, serialNumber, - encodeBytes(token), encodeBytes(secret)); - } catch (NativeDaemonConnectorException e) { - throw e.rethrowAsParcelableException(); - } - } - - /* - * Delete all disk encryption token/secret pairs except the most recently added one - */ - @Override - public void fixateNewestUserKeyAuth(int userId) { - enforcePermission(android.Manifest.permission.STORAGE_INTERNAL); - waitForReady(); - - try { - mCryptConnector.execute("cryptfs", "fixate_newest_user_key_auth", userId); + mCryptConnector.execute("cryptfs", "change_user_key", userId, serialNumber, + encodeBytes(token), encodeBytes(oldSecret), encodeBytes(newSecret)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); }