Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Update the encryption password when the device password is changed." into honeycomb

Browse Source
This commit is contained in:
Jason parks
2011-01-29 12:02:19 -08:00
committed by Android (Google) Code Review
parent e40dea0d06 f7b3cd4efd
commit a2e765ef1a
3 changed files with 104 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
core/java/android/os/storage/IMountService.java
View File

@@ -26,7 +26,7 @@ import android.os.RemoteException;
* WARNING! Update IMountService.h and IMountService.cpp if you change this
* file. In particular, the ordering of the methods below must match the
* _TRANSACTION enum in IMountService.cpp
*
*
* @hide - Applications should use android.os.storage.StorageManager to access
* storage functions.
*/
@@ -620,6 +620,23 @@ public interface IMountService extends IInterface {
}
return _result;
}
public int changeEncryptionPassword(String password) throws RemoteException {
Parcel _data = Parcel.obtain();
Parcel _reply = Parcel.obtain();
int _result;
try {
_data.writeInterfaceToken(DESCRIPTOR);
_data.writeString(password);
mRemote.transact(Stub.TRANSACTION_changeEncryptionPassword, _data, _reply, 0);
_reply.readException();
_result = _reply.readInt();
} finally {
_reply.recycle();
_data.recycle();
}
return _result;
}
}
private static final String DESCRIPTOR = "IMountService";
@@ -680,6 +697,8 @@ public interface IMountService extends IInterface {
static final int TRANSACTION_encryptStorage = IBinder.FIRST_CALL_TRANSACTION + 27;
static final int TRANSACTION_changeEncryptionPassword = IBinder.FIRST_CALL_TRANSACTION + 28;
/**
* Cast an IBinder object into an IMountService interface, generating a
* proxy if needed.
@@ -977,6 +996,14 @@ public interface IMountService extends IInterface {
reply.writeInt(result);
return true;
}
case TRANSACTION_changeEncryptionPassword: {
data.enforceInterface(DESCRIPTOR);
String password = data.readString();
int result = changeEncryptionPassword(password);
reply.writeNoException();
reply.writeInt(result);
return true;
}
}
return super.onTransact(code, data, reply, flags);
}
@@ -1146,4 +1173,10 @@ public interface IMountService extends IInterface {
* Encrypts storage.
*/
public int encryptStorage(String password) throws RemoteException;
/**
* Changes the encryption password.
*/
public int changeEncryptionPassword(String password) throws RemoteException;
}

35
core/java/com/android/internal/widget/LockPatternUtils.java
View File

@@ -16,13 +16,19 @@
package com.android.internal.widget;
import com.android.internal.R;
import com.android.internal.telephony.ITelephony;
import com.google.android.collect.Lists;
import android.app.admin.DevicePolicyManager;
import android.content.ContentResolver;
import android.content.Context;
import android.os.FileObserver;
import android.os.IBinder;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.SystemClock;
import android.os.storage.IMountService;
import android.provider.Settings;
import android.security.MessageDigest;
import android.telephony.TelephonyManager;
@@ -30,10 +36,6 @@ import android.text.TextUtils;
import android.util.Log;
import android.widget.Button;
import com.android.internal.R;
import com.android.internal.telephony.ITelephony;
import com.google.android.collect.Lists;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -139,6 +141,7 @@ public class LockPatternUtils {
int fileObserverMask = FileObserver.CLOSE_WRITE | FileObserver.DELETE |
FileObserver.MOVED_TO | FileObserver.CREATE;
sPasswordObserver = new FileObserver(dataSystemDirectory, fileObserverMask) {
@Override
public void onEvent(int event, String path) {
if (LOCK_PATTERN_FILE.equals(path)) {
Log.d(TAG, "lock pattern file changed");
@@ -439,6 +442,27 @@ public class LockPatternUtils {
return DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
}
/** Update the encryption password if it is enabled **/
private void updateEncryptionPassword(String password) {
DevicePolicyManager dpm = getDevicePolicyManager();
if (dpm.getStorageEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) {
return;
}
IBinder service = ServiceManager.getService("mount");
if (service == null) {
Log.e(TAG, "Could not find the mount service to update the encryption password");
return;
}
IMountService mountService = IMountService.Stub.asInterface(service);
try {
mountService.changeEncryptionPassword(password);
} catch (RemoteException e) {
Log.e(TAG, "Error changing encryption password", e);
}
}
/**
* Save a lock password. Does not ensure that the password is as good
* as the requested mode, but will adjust the mode to be as good as the
@@ -461,6 +485,9 @@ public class LockPatternUtils {
raf.close();
DevicePolicyManager dpm = getDevicePolicyManager();
if (password != null) {
// Update the encryption password.
updateEncryptionPassword(password);
int computedQuality = computePasswordQuality(password);
setLong(PASSWORD_TYPE_KEY, Math.max(quality, computedQuality));
if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {

47
services/java/com/android/server/MountService.java
View File

@@ -46,6 +46,7 @@ import android.os.storage.IMountShutdownObserver;
import android.os.storage.IObbActionListener;
import android.os.storage.OnObbStateChangeListener;
import android.os.storage.StorageResultCode;
import android.text.TextUtils;
import android.util.Slog;
import java.io.FileDescriptor;
@@ -1632,8 +1633,8 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
}
public int decryptStorage(String password) {
if (password == null) {
throw new IllegalArgumentException("password cannot be null");
if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("password cannot be empty");
}
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
@@ -1647,13 +1648,13 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
try {
ArrayList<String> rsp = mConnector.doCommand("cryptfs checkpw " + password);
String []tok = rsp.get(0).split(" ");
String[] tokens = rsp.get(0).split(" ");
if (tok == null || tok.length != 2) {
if (tokens == null || tokens.length != 2) {
return -1;
}
int code = Integer.parseInt(tok[1]);
int code = Integer.parseInt(tokens[1]);
if (code == 0) {
// Decrypt was successful. Post a delayed message before restarting in order
@@ -1662,7 +1663,7 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
public void run() {
mConnector.doCommand(String.format("cryptfs restart"));
}
}, 2000); // 2 seconds
}, 1000); // 1 second
}
return code;
@@ -1673,8 +1674,8 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
}
public int encryptStorage(String password) {
if (password == null) {
throw new IllegalArgumentException("password cannot be null");
if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("password cannot be empty");
}
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
@@ -1696,6 +1697,36 @@ class MountService extends IMountService.Stub implements INativeDaemonConnectorC
return 0;
}
public int changeEncryptionPassword(String password) {
if (TextUtils.isEmpty(password)) {
throw new IllegalArgumentException("password cannot be empty");
}
mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
"no permission to access the crypt keeper");
waitForReady();
if (DEBUG_EVENTS) {
Slog.i(TAG, "changing encryption password...");
}
try {
ArrayList<String> response = mConnector.doCommand("cryptfs changepw " + password);
String[] tokens = response.get(0).split(" ");
if (tokens == null || tokens.length != 2) {
return -1;
}
return Integer.parseInt(tokens[1]);
} catch (NativeDaemonConnectorException e) {
// Encryption failed
return e.getCode();
}
}
private void addObbStateLocked(ObbState obbState) throws RemoteException {
final IBinder binder = obbState.getBinder();
List<ObbState> obbStates = mObbMounts.get(binder);