Added 'EncryptWipeStorage' API to MountService API

The EncryptWipeStorage API is used to create a new ext4 file system on the userdata partition, instead of the existing one, and encrypt it. This as opposed to the way EncryptStorage API works, which encrypts the existing file system as is ('inplace'). The 'wipe' option is already supported in the underlying Cryptfs implementation. Also in this change, new values that can be returned by 'getEncryptionState' API are declared. These values reflects the state of the MDTP activation, together with the general encryption state, in case that MDTP is activated. - ENCRYPTION_STATE_OK_MDTP_ACTIVATED - means that the crypto state is ok, and MDTP is activated. - ENCRYPTION_STATE_ERROR_MDTP_ACTIVATED - means that the crypto state is bad, and MDTP is activated. Change-Id: Ide628a8cf6499bc2216b08c22479a37133bebb03
author: Amit Blay <ablay@codeaurora.org> 2015-09-02 08:31:53 +0300
committer: Linux Build Service Account <lnxbuild@localhost> 2015-10-06 03:28:26 -0600
commit: 407e8a9b46e09b369cd1758ed1a55faffbd2df11 (patch)
tree: cd9f501868b38d45f06d982d9b56826fb83ee745
parent: eb4fa8cd3f2fa5a0181d4711e458d4e0e64c1ee1 (diff)
download: frameworks_base-407e8a9b46e09b369cd1758ed1a55faffbd2df11.zip
frameworks_base-407e8a9b46e09b369cd1758ed1a55faffbd2df11.tar.gz
frameworks_base-407e8a9b46e09b369cd1758ed1a55faffbd2df11.tar.bz2
4 files changed, 75 insertions, 3 deletions
diff --git a/core/java/android/os/storage/IMountService.java b/core/java/android/os/storage/IMountService.java
index fce09dd..8a4bc31 100644
--- a/core/java/android/os/storage/IMountService.java
+++ b/core/java/android/os/storage/IMountService.java
@@ -645,6 +645,24 @@ public interface IMountService extends IInterface {
                 return _result;
             }
 
+            public int encryptWipeStorage(int type, String password) throws RemoteException {
+                Parcel _data = Parcel.obtain();
+                Parcel _reply = Parcel.obtain();
+                int _result;
+                try {
+                    _data.writeInterfaceToken(DESCRIPTOR);
+                    _data.writeInt(type);
+                    _data.writeString(password);
+                    mRemote.transact(Stub.TRANSACTION_encryptWipeStorage, _data, _reply, 0);
+                    _reply.readException();
+                    _result = _reply.readInt();
+                } finally {
+                    _reply.recycle();
+                    _data.recycle();
+                }
+                return _result;
+            }
+
             public int changeEncryptionPassword(int type, String password) throws RemoteException {
                 Parcel _data = Parcel.obtain();
                 Parcel _reply = Parcel.obtain();
@@ -1295,6 +1313,8 @@ public interface IMountService extends IInterface {
         static final int TRANSACTION_benchmark = IBinder.FIRST_CALL_TRANSACTION + 59;
         static final int TRANSACTION_setDebugFlags = IBinder.FIRST_CALL_TRANSACTION + 60;
 
+        static final int TRANSACTION_encryptWipeStorage = IBinder.FIRST_CALL_TRANSACTION + 61;
+
         /**
          * Cast an IBinder object into an IMountService interface, generating a
          * proxy if needed.
@@ -1597,6 +1617,15 @@ public interface IMountService extends IInterface {
                     reply.writeInt(result);
                     return true;
                 }
+                case TRANSACTION_encryptWipeStorage: {
+                    data.enforceInterface(DESCRIPTOR);
+                    int type = data.readInt();
+                    String password = data.readString();
+                    int result = encryptWipeStorage(type, password);
+                    reply.writeNoException();
+                    reply.writeInt(result);
+                    return true;
+                }
                 case TRANSACTION_changeEncryptionPassword: {
                     data.enforceInterface(DESCRIPTOR);
                     int type = data.readInt();
@@ -2016,7 +2045,8 @@ public interface IMountService extends IInterface {
      * Returns whether or not the external storage is emulated.
      */
     public boolean isExternalStorageEmulated() throws RemoteException;
-
+    /** The volume has been encrypted succesfully and MDTP state is 'activated'. */
+    static final int ENCRYPTION_STATE_OK_MDTP_ACTIVATED = 2;
     /** The volume is not encrypted. */
     static final int ENCRYPTION_STATE_NONE = 1;
     /** The volume has been encrypted succesfully. */
@@ -2029,6 +2059,8 @@ public interface IMountService extends IInterface {
     static final int ENCRYPTION_STATE_ERROR_INCONSISTENT = -3;
     /** Underlying data is corrupt */
     static final int ENCRYPTION_STATE_ERROR_CORRUPT = -4;
+    /** The volume is in a bad state and MDTP state is 'activated'.*/
+    static final int ENCRYPTION_STATE_ERROR_MDTP_ACTIVATED = -5;
 
     /**
      * Determines the encryption state of the volume.
@@ -2047,6 +2079,11 @@ public interface IMountService extends IInterface {
     public int encryptStorage(int type, String password) throws RemoteException;
 
     /**
+     * Encrypts and wipes storage.
+     */
+    public int encryptWipeStorage(int type, String password) throws RemoteException;
+
+    /**
      * Changes the encryption password.
      */
     public int changeEncryptionPassword(int type, String password)
diff --git a/include/storage/IMountService.h b/include/storage/IMountService.h
index c3d34d8..b04be8a 100644
--- a/include/storage/IMountService.h
+++ b/include/storage/IMountService.h
@@ -71,6 +71,7 @@ public:
     virtual bool getMountedObbPath(const String16& filename, String16& path) = 0;
     virtual int32_t decryptStorage(const String16& password) = 0;
     virtual int32_t encryptStorage(const String16& password) = 0;
+    virtual int32_t encryptWipeStorage(const String16& password) = 0;
 };
 
 // ----------------------------------------------------------------------------
diff --git a/libs/storage/IMountService.cpp b/libs/storage/IMountService.cpp
index c643ed0..f7379b6 100644
--- a/libs/storage/IMountService.cpp
+++ b/libs/storage/IMountService.cpp
@@ -50,6 +50,7 @@ enum {
     TRANSACTION_isExternalStorageEmulated,
     TRANSACTION_decryptStorage,
     TRANSACTION_encryptStorage,
+    TRANSACTION_encryptWipeStorage = IBinder::FIRST_CALL_TRANSACTION + 61,
 };
 
 class BpMountService: public BpInterface<IMountService>
@@ -551,6 +552,23 @@ public:
         }
         return reply.readInt32();
     }
+
+    int32_t encryptWipeStorage(const String16& password)
+    {
+        Parcel data, reply;
+        data.writeInterfaceToken(IMountService::getInterfaceDescriptor());
+        data.writeString16(password);
+        if (remote()->transact(TRANSACTION_encryptWipeStorage, data, &reply) != NO_ERROR) {
+            ALOGD("encryptWipeStorage could not contact remote\n");
+            return -1;
+        }
+        int32_t err = reply.readExceptionCode();
+        if (err < 0) {
+            ALOGD("encryptWipeStorage caught exception %d\n", err);
+            return err;
+        }
+        return reply.readInt32();
+    }
 };
 
 IMPLEMENT_META_INTERFACE(MountService, "IMountService")
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index 2b12054..620bc29 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -2394,7 +2394,7 @@ class MountService extends IMountService.Stub
         }
     }
 
-    public int encryptStorage(int type, String password) {
+    private int encryptStorageExtended(int type, String password, boolean wipe) {
         if (TextUtils.isEmpty(password) && type != StorageManager.CRYPT_TYPE_DEFAULT) {
             throw new IllegalArgumentException("password cannot be empty");
         }
@@ -2409,7 +2409,7 @@ class MountService extends IMountService.Stub
         }
 
         try {
-            mCryptConnector.execute("cryptfs", "enablecrypto", "inplace", CRYPTO_TYPES[type],
+            mCryptConnector.execute("cryptfs", "enablecrypto", wipe ? "wipe" : "inplace", CRYPTO_TYPES[type],
                                new SensitiveArg(password));
         } catch (NativeDaemonConnectorException e) {
             // Encryption failed
@@ -2419,6 +2419,22 @@ class MountService extends IMountService.Stub
         return 0;
     }
 
+    /** Encrypt Storage given a password.
+     *  @param type The password type.
+     *  @param password The password to be used in encryption.
+     */
+    public int encryptStorage(int type, String password) {
+        return encryptStorageExtended(type, password, false);
+    }
+
+    /** Encrypt Storage given a password after wiping it.
+     *  @param type The password type.
+     *  @param password The password to be used in encryption.
+     */
+    public int encryptWipeStorage(int type, String password) {
+        return encryptStorageExtended(type, password, true);
+    }
+
     /** Set the password for encrypting the master key.
      *  @param type One of the CRYPTO_TYPE_XXX consts defined in StorageManager.
      *  @param password The password to set.
author	Amit Blay <ablay@codeaurora.org>	2015-09-02 08:31:53 +0300
committer	Linux Build Service Account <lnxbuild@localhost>	2015-10-06 03:28:26 -0600
commit	407e8a9b46e09b369cd1758ed1a55faffbd2df11 (patch)
tree	cd9f501868b38d45f06d982d9b56826fb83ee745
parent	eb4fa8cd3f2fa5a0181d4711e458d4e0e64c1ee1 (diff)
download	frameworks_base-407e8a9b46e09b369cd1758ed1a55faffbd2df11.zip frameworks_base-407e8a9b46e09b369cd1758ed1a55faffbd2df11.tar.gz frameworks_base-407e8a9b46e09b369cd1758ed1a55faffbd2df11.tar.bz2