diff options
author | Andy Stadler <stadler@google.com> | 2011-01-17 12:52:41 -0800 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2011-01-17 12:52:41 -0800 |
commit | 2c12c708bfb62464e75dcde292547b2d778dafce (patch) | |
tree | cd99bb00c7d68af3d16c127c377fc18b071c99f1 | |
parent | 59cce94eb8cecd484b467d7b855817116e4b13fc (diff) | |
parent | 22dbfda976aab9ae897eed0625e2e64ead32bbc4 (diff) | |
download | frameworks_base-2c12c708bfb62464e75dcde292547b2d778dafce.zip frameworks_base-2c12c708bfb62464e75dcde292547b2d778dafce.tar.gz frameworks_base-2c12c708bfb62464e75dcde292547b2d778dafce.tar.bz2 |
Merge "Add internal plumbing to DPM for encryption" into honeycomb
-rw-r--r-- | api/11.xml | 281 | ||||
-rw-r--r-- | api/current.xml | 28 | ||||
-rw-r--r-- | core/java/android/app/admin/DevicePolicyManager.java | 69 | ||||
-rw-r--r-- | core/java/android/app/admin/IDevicePolicyManager.aidl | 3 | ||||
-rw-r--r-- | services/java/com/android/server/DevicePolicyManagerService.java | 101 |
5 files changed, 414 insertions, 68 deletions
@@ -30672,6 +30672,17 @@ <parameter name="listener" type="android.app.FragmentManager.OnBackStackChangedListener"> </parameter> </method> +<method name="beginTransaction" + return="android.app.FragmentTransaction" + abstract="true" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +</method> <method name="countBackStackEntries" return="int" abstract="true" @@ -30782,7 +30793,7 @@ </method> <method name="openTransaction" return="android.app.FragmentTransaction" - abstract="true" + abstract="false" native="false" synchronized="false" static="false" @@ -37816,7 +37827,7 @@ </parameter> </method> <method name="getStorageEncryption" - return="int" + return="boolean" abstract="false" native="false" synchronized="false" @@ -37828,6 +37839,17 @@ <parameter name="admin" type="android.content.ComponentName"> </parameter> </method> +<method name="getStorageEncryptionStatus" + return="int" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +</method> <method name="hasGrantedPolicy" return="boolean" abstract="false" @@ -38168,7 +38190,7 @@ type="int" transient="false" volatile="false" - value="3" + value="2" static="true" final="true" deprecated="not deprecated" @@ -38179,7 +38201,7 @@ type="int" transient="false" volatile="false" - value="4" + value="3" static="true" final="true" deprecated="not deprecated" @@ -38197,17 +38219,6 @@ visibility="public" > </field> -<field name="ENCRYPTION_STATUS_REQUESTED" - type="int" - transient="false" - volatile="false" - value="2" - static="true" - final="true" - deprecated="not deprecated" - visibility="public" -> -</field> <field name="ENCRYPTION_STATUS_UNSUPPORTED" type="int" transient="false" @@ -86359,7 +86370,7 @@ <method name="updateTexImage" return="void" abstract="false" - native="true" + native="false" synchronized="false" static="false" final="false" @@ -95617,6 +95628,17 @@ visibility="public" > </field> +<field name="TOUCHABLE_INSETS_REGION" + type="int" + transient="false" + volatile="false" + value="3" + static="true" + final="true" + deprecated="not deprecated" + visibility="public" +> +</field> <field name="TOUCHABLE_INSETS_VISIBLE" type="int" transient="false" @@ -95648,6 +95670,16 @@ visibility="public" > </field> +<field name="touchableRegion" + type="android.graphics.Region" + transient="false" + volatile="false" + static="false" + final="true" + deprecated="not deprecated" + visibility="public" +> +</field> <field name="visibleTopInsets" type="int" transient="false" @@ -167174,6 +167206,38 @@ <parameter name="dimX" type="int"> </parameter> </method> +<method name="setFromFieldPacker" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="xoff" type="int"> +</parameter> +<parameter name="fp" type="android.renderscript.FieldPacker"> +</parameter> +</method> +<method name="setFromFieldPacker" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="xoff" type="int"> +</parameter> +<parameter name="component_number" type="int"> +</parameter> +<parameter name="fp" type="android.renderscript.FieldPacker"> +</parameter> +</method> <method name="syncAll" return="void" abstract="false" @@ -172934,6 +172998,49 @@ deprecated="not deprecated" visibility="public" > +<method name="bindAllocation" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="va" type="android.renderscript.Allocation"> +</parameter> +<parameter name="slot" type="int"> +</parameter> +</method> +<method name="invoke" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="protected" +> +<parameter name="slot" type="int"> +</parameter> +</method> +<method name="invoke" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="protected" +> +<parameter name="slot" type="int"> +</parameter> +<parameter name="v" type="android.renderscript.FieldPacker"> +</parameter> +</method> <method name="setTimeZone" return="void" abstract="false" @@ -172947,6 +173054,111 @@ <parameter name="timeZone" type="java.lang.String"> </parameter> </method> +<method name="setVar" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="index" type="int"> +</parameter> +<parameter name="v" type="float"> +</parameter> +</method> +<method name="setVar" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="index" type="int"> +</parameter> +<parameter name="v" type="double"> +</parameter> +</method> +<method name="setVar" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="index" type="int"> +</parameter> +<parameter name="v" type="int"> +</parameter> +</method> +<method name="setVar" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="index" type="int"> +</parameter> +<parameter name="v" type="long"> +</parameter> +</method> +<method name="setVar" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="index" type="int"> +</parameter> +<parameter name="v" type="boolean"> +</parameter> +</method> +<method name="setVar" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="index" type="int"> +</parameter> +<parameter name="o" type="android.renderscript.BaseObj"> +</parameter> +</method> +<method name="setVar" + return="void" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +<parameter name="index" type="int"> +</parameter> +<parameter name="v" type="android.renderscript.FieldPacker"> +</parameter> +</method> </class> <class name="Script.Builder" extends="java.lang.Object" @@ -173078,6 +173290,32 @@ deprecated="not deprecated" visibility="public" > +<constructor name="ScriptC" + type="android.renderscript.ScriptC" + static="false" + final="false" + deprecated="not deprecated" + visibility="protected" +> +<parameter name="id" type="int"> +</parameter> +<parameter name="rs" type="android.renderscript.RenderScript"> +</parameter> +</constructor> +<constructor name="ScriptC" + type="android.renderscript.ScriptC" + static="false" + final="false" + deprecated="not deprecated" + visibility="protected" +> +<parameter name="rs" type="android.renderscript.RenderScript"> +</parameter> +<parameter name="resources" type="android.content.res.Resources"> +</parameter> +<parameter name="resourceID" type="int"> +</parameter> +</constructor> </class> <class name="Short2" extends="java.lang.Object" @@ -183534,6 +183772,17 @@ visibility="public" > </method> +<method name="getObbDir" + return="java.io.File" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +</method> <method name="getPackageCodePath" return="java.lang.String" abstract="false" diff --git a/api/current.xml b/api/current.xml index 339ba72..9b747bb 100644 --- a/api/current.xml +++ b/api/current.xml @@ -37827,7 +37827,7 @@ </parameter> </method> <method name="getStorageEncryption" - return="int" + return="boolean" abstract="false" native="false" synchronized="false" @@ -37839,6 +37839,17 @@ <parameter name="admin" type="android.content.ComponentName"> </parameter> </method> +<method name="getStorageEncryptionStatus" + return="int" + abstract="false" + native="false" + synchronized="false" + static="false" + final="false" + deprecated="not deprecated" + visibility="public" +> +</method> <method name="hasGrantedPolicy" return="boolean" abstract="false" @@ -38179,7 +38190,7 @@ type="int" transient="false" volatile="false" - value="3" + value="2" static="true" final="true" deprecated="not deprecated" @@ -38190,7 +38201,7 @@ type="int" transient="false" volatile="false" - value="4" + value="3" static="true" final="true" deprecated="not deprecated" @@ -38208,17 +38219,6 @@ visibility="public" > </field> -<field name="ENCRYPTION_STATUS_REQUESTED" - type="int" - transient="false" - volatile="false" - value="2" - static="true" - final="true" - deprecated="not deprecated" - visibility="public" -> -</field> <field name="ENCRYPTION_STATUS_UNSUPPORTED" type="int" transient="false" diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 4186fec..3f3aa74 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -1093,38 +1093,32 @@ public class DevicePolicyManager { } /** - * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryption}: + * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: * indicating that encryption is not supported. */ public static final int ENCRYPTION_STATUS_UNSUPPORTED = 0; /** - * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryption}: + * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: * indicating that encryption is supported, but is not currently active. */ public static final int ENCRYPTION_STATUS_INACTIVE = 1; /** - * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryption}: - * indicating that encryption is not currently active, but has been requested. - */ - public static final int ENCRYPTION_STATUS_REQUESTED = 2; - - /** - * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryption}: + * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: * indicating that encryption is not currently active, but is currently * being activated. This is only reported by devices that support * encryption of data and only when the storage is currently * undergoing a process of becoming encrypted. A device that must reboot and/or wipe data * to become encrypted will never return this value. */ - public static final int ENCRYPTION_STATUS_ACTIVATING = 3; + public static final int ENCRYPTION_STATUS_ACTIVATING = 2; /** - * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryption}: + * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: * indicating that encryption is active. */ - public static final int ENCRYPTION_STATUS_ACTIVE = 4; + public static final int ENCRYPTION_STATUS_ACTIVE = 3; /** * Activity action: begin the process of encrypting data on the device. This activity should @@ -1139,14 +1133,7 @@ public class DevicePolicyManager { /** * Called by an application that is administering the device to - * request that the storage system be encrypted. Depending - * on the returned status code, the caller may proceed in different - * ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the - * storage system does not support encryption. If the - * result is {@link #ENCRYPTION_STATUS_REQUESTED}, use {@link - * #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the - * storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or - * {@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required. + * request that the storage system be encrypted. * * <p>When multiple device administrators attempt to control device * encryption, the most secure, supported setting will always be @@ -1167,7 +1154,10 @@ public class DevicePolicyManager { * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param encrypt true to request encryption, false to release any previous request - * @return current status of encryption + * @return the new request status (for all active admins) - will be one of + * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, or + * {@link #ENCRYPTION_STATUS_ACTIVE}. This is the value of the requests; Use + * {@link #getStorageEncryptionStatus()} to query the actual device state. */ public int setStorageEncryption(ComponentName admin, boolean encrypt) { if (mService != null) { @@ -1182,12 +1172,14 @@ public class DevicePolicyManager { /** * Called by an application that is administering the device to - * determine the encryption status of a specific storage system. + * determine the requested setting for secure storage. * - * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - * @return current status of encryption + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. If null, + * this will return the requested encryption setting as an aggregate of all active + * administrators. + * @return true if the admin(s) are requesting encryption, false if not. */ - public int getStorageEncryption(ComponentName admin) { + public boolean getStorageEncryption(ComponentName admin) { if (mService != null) { try { return mService.getStorageEncryption(admin); @@ -1195,6 +1187,33 @@ public class DevicePolicyManager { Log.w(TAG, "Failed talking with device policy service", e); } } + return false; + } + + /** + * Called by an application that is administering the device to + * determine the current encryption status of the device. + * + * Depending on the returned status code, the caller may proceed in different + * ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the + * storage system does not support encryption. If the + * result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link + * #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the + * storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or + * {@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required. + * + * @return current status of encryption. The value will be one of + * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, + * {@link #ENCRYPTION_STATUS_ACTIVATING}, or{@link #ENCRYPTION_STATUS_ACTIVE}. + */ + public int getStorageEncryptionStatus() { + if (mService != null) { + try { + return mService.getStorageEncryptionStatus(); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy service", e); + } + } return ENCRYPTION_STATUS_UNSUPPORTED; } diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index d3b5cf3..e8caca1 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -76,7 +76,8 @@ interface IDevicePolicyManager { ComponentName getGlobalProxyAdmin(); int setStorageEncryption(in ComponentName who, boolean encrypt); - int getStorageEncryption(in ComponentName who); + boolean getStorageEncryption(in ComponentName who); + int getStorageEncryptionStatus(); void setActiveAdmin(in ComponentName policyReceiver, boolean refreshing); boolean isAdminActive(in ComponentName policyReceiver); diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java index c0ce256..8a9e351 100644 --- a/services/java/com/android/server/DevicePolicyManagerService.java +++ b/services/java/com/android/server/DevicePolicyManagerService.java @@ -145,6 +145,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int maximumFailedPasswordsForWipe = 0; long passwordExpirationTimeout = 0L; long passwordExpirationDate = 0L; + boolean encryptionRequested = false; // TODO: review implementation decisions with frameworks team boolean specifiesGlobalProxy = false; @@ -242,6 +243,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { out.attribute(null, "value", Long.toString(passwordExpirationDate)); out.endTag(null, "password-expiration-date"); } + if (encryptionRequested) { + out.startTag(null, "encryption-requested"); + out.attribute(null, "value", Boolean.toString(encryptionRequested)); + out.endTag(null, "encryption-requested"); + } } void readFromXml(XmlPullParser parser) @@ -290,7 +296,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { maximumFailedPasswordsForWipe = Integer.parseInt( parser.getAttributeValue(null, "value")); } else if ("specifies-global-proxy".equals(tag)) { - specifiesGlobalProxy = Boolean.getBoolean( + specifiesGlobalProxy = Boolean.parseBoolean( parser.getAttributeValue(null, "value")); } else if ("global-proxy-spec".equals(tag)) { globalProxySpec = @@ -304,6 +310,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } else if ("password-expiration-date".equals(tag)) { passwordExpirationDate = Long.parseLong( parser.getAttributeValue(null, "value")); + } else if ("encryption-requested".equals(tag)) { + encryptionRequested = Boolean.parseBoolean( + parser.getAttributeValue(null, "value")); } else { Slog.w(TAG, "Unknown admin tag: " + tag); } @@ -356,6 +365,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { pw.print(prefix); pw.print("globalProxyEclusionList="); pw.println(globalProxyExclusionList); } + pw.print(prefix); pw.print("encryptionRequested="); + pw.println(encryptionRequested); } } @@ -1823,7 +1834,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } /** - * Set the storage encryption request. + * Set the storage encryption request for a single admin. Returns the new total request + * status (for all admins). */ public int setStorageEncryption(ComponentName who, boolean encrypt) { synchronized (this) { @@ -1834,29 +1846,94 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { ActiveAdmin ap = getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_ENCRYPTED_STORAGE); - // TODO: (1) Record the value for the admin so it's sticky - // TODO: (2) Compute "max" for all admins (if any admin requests encryption, then - // we enable it. - // TODO: (3) Work with filesystem / mount service to start/stop encryption - return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; + // Quick exit: If the filesystem does not support encryption, we can exit early. + if (!isEncryptionSupported()) { + return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; + } + + // (1) Record the value for the admin so it's sticky + if (ap.encryptionRequested != encrypt) { + ap.encryptionRequested = encrypt; + saveSettingsLocked(); + } + + // (2) Compute "max" for all admins + boolean newRequested = false; + final int N = mAdminList.size(); + for (int i = 0; i < N; i++) { + newRequested |= mAdminList.get(i).encryptionRequested; + } + + // Notify OS of new request + setEncryptionRequested(newRequested); + + // Return the new global request status + return newRequested + ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE + : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; } } /** - * Get the current storage encryption status for a given storage domain. + * Get the current storage encryption request status for a given admin, or aggregate of all + * active admins. */ - public int getStorageEncryption(ComponentName who) { + public boolean getStorageEncryption(ComponentName who) { synchronized (this) { // Check for permissions if a particular caller is specified if (who != null) { - getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_ENCRYPTED_STORAGE); + // When checking for a single caller, status is based on caller's request + ActiveAdmin ap = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_ENCRYPTED_STORAGE); + return ap.encryptionRequested; } - // TODO: Work with filesystem / mount service to query encryption status - return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; + // If no particular caller is specified, return the aggregate set of requests. + // This is short circuited by returning true on the first hit. + final int N = mAdminList.size(); + for (int i = 0; i < N; i++) { + if (mAdminList.get(i).encryptionRequested) { + return true; + } + } + return false; } } + /** + * Get the current encryption status of the device. + */ + public int getStorageEncryptionStatus() { + return getEncryptionStatus(); + } + + /** + * Hook to low-levels: This should report if the filesystem supports encrypted storage. + */ + private boolean isEncryptionSupported() { + // Note, this can be implemented as + // return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; + // But is provided as a separate internal method if there's a faster way to do a + // simple check for supported-or-not. + return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; + } + + /** + * Hook to low-levels: Reporting the current status of encryption. + * @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED} or + * {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE} or + * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}. + */ + private int getEncryptionStatus() { + return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; + } + + /** + * Hook to low-levels: If needed, record the new admin setting for encryption. + */ + private void setEncryptionRequested(boolean encrypt) { + } + @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) |