From cd410ba4e816b657020cafb23e69206734726b42 Mon Sep 17 00:00:00 2001
From: Amith Yamasani <yamasani@google.com>
Date: Fri, 17 Oct 2014 11:16:58 -0700
Subject: [PATCH] Use the correct method to check if device is encrypted

DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.

Check if the device is encrypted by some means, instead.

Also fix a SecurityException when Device Admin queries encryption state
(recent regression)

Bug: 17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
---
 .../com/android/internal/widget/LockPatternUtils.java |  5 +----
 .../devicepolicy/DevicePolicyManagerService.java      | 11 ++++++++---
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 9a1c9fc15d348..412b4d2dc95c4 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -728,12 +728,9 @@ public class LockPatternUtils {
 
     /** Update the encryption password if it is enabled **/
     private void updateEncryptionPassword(final int type, final String password) {
-        DevicePolicyManager dpm = getDevicePolicyManager();
-        if (dpm.getStorageEncryptionStatus(getCurrentOrCallingUserId())
-                != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) {
+        if (!isDeviceEncryptionEnabled()) {
             return;
         }
-
         final IBinder service = ServiceManager.getService("mount");
         if (service == null) {
             Log.e(TAG, "Could not find the mount service to update the encryption password");
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index fc5c053fd1565..fe4b7b9cc949f 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3390,9 +3390,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     private int getEncryptionStatus() {
         String status = SystemProperties.get("ro.crypto.state", "unsupported");
         if ("encrypted".equalsIgnoreCase(status)) {
-            return LockPatternUtils.isDeviceEncrypted()
-                    ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
-                    : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
+            final long token = Binder.clearCallingIdentity();
+            try {
+                return LockPatternUtils.isDeviceEncrypted()
+                        ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
+                        : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
+            } finally {
+                Binder.restoreCallingIdentity(token);
+            }
         } else if ("unencrypted".equalsIgnoreCase(status)) {
             return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
         } else {