Encrypted File Systems Project. Installer modifications.

Started to modify isntaller for data redirection to a secure location.
author: Oscar Montemayor <oam@google.com> 2009-11-18 10:14:20 -0800
committer: Oscar Montemayor <oam@google.com> 2009-11-24 11:44:19 -0800
commit: a8529f68671a8a118751cb6ad577f44eaf076b96 (patch)
tree: bf191767698261c9bdd7b599593f3177a188da7d /core/java
parent: 579d418db016a9ae87479da9e29d8827474d68f5 (diff)
download: frameworks_base-a8529f68671a8a118751cb6ad577f44eaf076b96.zip
frameworks_base-a8529f68671a8a118751cb6ad577f44eaf076b96.tar.gz
frameworks_base-a8529f68671a8a118751cb6ad577f44eaf076b96.tar.bz2
4 files changed, 97 insertions, 19 deletions
diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java
index 1a8d9b6..e6941e6 100644
--- a/core/java/android/accounts/AccountManagerService.java
+++ b/core/java/android/accounts/AccountManagerService.java
@@ -38,6 +38,7 @@ import android.database.sqlite.SQLiteDatabase;
 import android.database.sqlite.SQLiteOpenHelper;
 import android.os.Binder;
 import android.os.Bundle;
+import android.os.Environment;
 import android.os.Handler;
 import android.os.HandlerThread;
 import android.os.IBinder;
@@ -52,6 +53,7 @@ import android.text.TextUtils;
 import android.util.Log;
 import android.util.Pair;
 
+import java.io.File;
 import java.io.FileDescriptor;
 import java.io.PrintWriter;
 import java.util.ArrayList;
@@ -1322,9 +1324,20 @@ public class AccountManagerService
         }
     }
 
+    private static String getDatabaseName() {
+        if(Environment.isEncryptedFilesystemEnabled()) {
+            // Hard-coded path in case of encrypted file system
+            return Environment.getSystemSecureDirectory().getPath() + File.separator + DATABASE_NAME;
+        } else {
+            // Regular path in case of non-encrypted file system
+            return DATABASE_NAME;
+        }
+    }
+
     private class DatabaseHelper extends SQLiteOpenHelper {
+
         public DatabaseHelper(Context context) {
-            super(context, DATABASE_NAME, null, DATABASE_VERSION);
+            super(context, AccountManagerService.getDatabaseName(), null, DATABASE_VERSION);
         }
 
         @Override
diff --git a/core/java/android/app/ApplicationContext.java b/core/java/android/app/ApplicationContext.java
index 1e04abf..b3d16e9 100644
--- a/core/java/android/app/ApplicationContext.java
+++ b/core/java/android/app/ApplicationContext.java
@@ -466,14 +466,7 @@ class ApplicationContext extends Context {
 
     @Override
     public SQLiteDatabase openOrCreateDatabase(String name, int mode, CursorFactory factory) {
-        File dir = getDatabasesDir();
-        if (!dir.isDirectory() && dir.mkdir()) {
-            FileUtils.setPermissions(dir.getPath(),
-                FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IXOTH,
-                -1, -1);
-        }
-
-        File f = makeFilename(dir, name);
+        File f = validateFilePath(name, true);
         SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(f, factory);
         setFilePermissionsFromMode(f.getPath(), mode, 0);
         return db;
@@ -482,7 +475,7 @@ class ApplicationContext extends Context {
     @Override
     public boolean deleteDatabase(String name) {
         try {
-            File f = makeFilename(getDatabasesDir(), name);
+            File f = validateFilePath(name, false);
             return f.delete();
         } catch (Exception e) {
         }
@@ -491,7 +484,7 @@ class ApplicationContext extends Context {
 
     @Override
     public File getDatabasePath(String name) {
-        return makeFilename(getDatabasesDir(), name);
+        return validateFilePath(name, false);
     }
 
     @Override
@@ -1454,12 +1447,35 @@ class ApplicationContext extends Context {
         FileUtils.setPermissions(name, perms, -1, -1);
     }
 
+    private File validateFilePath(String name, boolean createDirectory) {
+        File dir;
+        File f;
+
+        if (name.charAt(0) == File.separatorChar) {
+            String dirPath = name.substring(0, name.lastIndexOf(File.separatorChar));
+            dir = new File(dirPath);
+            name = name.substring(name.lastIndexOf(File.separatorChar));
+            f = new File(dir, name);
+        } else {
+            dir = getDatabasesDir();
+            f = makeFilename(dir, name);
+        }
+
+        if (createDirectory && !dir.isDirectory() && dir.mkdir()) {
+            FileUtils.setPermissions(dir.getPath(),
+                FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IXOTH,
+                -1, -1);
+        }
+
+        return f;
+    }
+
     private File makeFilename(File base, String name) {
         if (name.indexOf(File.separatorChar) < 0) {
             return new File(base, name);
         }
         throw new IllegalArgumentException(
-            "File " + name + " contains a path separator");
+                "File " + name + " contains a path separator");
     }
 
     // ----------------------------------------------------------------------
diff --git a/core/java/android/content/SyncStorageEngine.java b/core/java/android/content/SyncStorageEngine.java
index be70909..b6bb7db 100644
--- a/core/java/android/content/SyncStorageEngine.java
+++ b/core/java/android/content/SyncStorageEngine.java
@@ -16,16 +16,11 @@
 
 package android.content;
 
-import com.android.internal.os.AtomicFile;
-import com.android.internal.util.ArrayUtils;
-import com.android.internal.util.FastXmlSerializer;
-
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmlpull.v1.XmlSerializer;
 
 import android.accounts.Account;
-import android.backup.IBackupManager;
 import android.database.Cursor;
 import android.database.sqlite.SQLiteDatabase;
 import android.database.sqlite.SQLiteException;
@@ -37,11 +32,15 @@ import android.os.Message;
 import android.os.Parcel;
 import android.os.RemoteCallbackList;
 import android.os.RemoteException;
-import android.os.ServiceManager;
+import android.os.SystemProperties;
 import android.util.Log;
 import android.util.SparseArray;
 import android.util.Xml;
 
+import com.android.internal.os.AtomicFile;
+import com.android.internal.util.ArrayUtils;
+import com.android.internal.util.FastXmlSerializer;
+
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@@ -258,7 +257,9 @@ public class SyncStorageEngine extends Handler {
 
         mCal = Calendar.getInstance(TimeZone.getTimeZone("GMT+0"));
 
-        File dataDir = Environment.getDataDirectory();
+        // This call will return the correct directory whether Encrypted File Systems is
+        // enabled or not.
+        File dataDir = Environment.getSecureDataDirectory();
         File systemDir = new File(dataDir, "system");
         File syncDir = new File(systemDir, "sync");
         mAccountInfoFile = new AtomicFile(new File(syncDir, "accounts.xml"));
diff --git a/core/java/android/os/Environment.java b/core/java/android/os/Environment.java
index f761e8e..6212b17 100644
--- a/core/java/android/os/Environment.java
+++ b/core/java/android/os/Environment.java
@@ -26,6 +26,8 @@ public class Environment {
     private static final File ROOT_DIRECTORY
             = getDirectory("ANDROID_ROOT", "/system");
 
+    private static final String SYSTEM_PROPERTY_EFS_ENABLED = "persist.security.efs.enabled";
+
     /**
      * Gets the Android root directory.
      */
@@ -33,9 +35,55 @@ public class Environment {
         return ROOT_DIRECTORY;
     }
 
+    /**
+     * Gets the system directory available for secure storage.
+     * If Encrypted File system is enabled, it returns an encrypted directory (/data/secure/system).
+     * Otherwise, it returns the unencrypted /data/system directory.
+     * @return File object representing the secure storage system directory.
+     * @hide
+     */
+    public static File getSystemSecureDirectory() {
+        if (isEncryptedFilesystemEnabled()) {
+            return new File(SECURE_DATA_DIRECTORY, "system");
+        } else {
+            return new File(DATA_DIRECTORY, "system");
+        }
+    }
+
+    /**
+     * Gets the data directory for secure storage.
+     * If Encrypted File system is enabled, it returns an encrypted directory (/data/secure).
+     * Otherwise, it returns the unencrypted /data directory.
+     * @return File object representing the data directory for secure storage.
+     * @hide
+     */
+    public static File getSecureDataDirectory() {
+        if (isEncryptedFilesystemEnabled()) {
+            return SECURE_DATA_DIRECTORY;
+        } else {
+            return DATA_DIRECTORY;
+        }
+    }
+
+    /**
+     * Returns whether the Encrypted File System feature is enabled on the device or not.
+     * @return <code>true</code> if Encrypted File System feature is enabled, <code>false</code>
+     * if disabled.
+     * @hide
+     */
+    public static boolean isEncryptedFilesystemEnabled() {
+        return SystemProperties.getBoolean(SYSTEM_PROPERTY_EFS_ENABLED, false);
+    }
+
     private static final File DATA_DIRECTORY
             = getDirectory("ANDROID_DATA", "/data");
 
+    /**
+     * @hide
+     */
+    private static final File SECURE_DATA_DIRECTORY
+            = getDirectory("ANDROID_SECURE_DATA", "/data/secure");
+
     private static final File EXTERNAL_STORAGE_DIRECTORY
             = getDirectory("EXTERNAL_STORAGE", "/sdcard");
author	Oscar Montemayor <oam@google.com>	2009-11-18 10:14:20 -0800
committer	Oscar Montemayor <oam@google.com>	2009-11-24 11:44:19 -0800
commit	a8529f68671a8a118751cb6ad577f44eaf076b96 (patch)
tree	bf191767698261c9bdd7b599593f3177a188da7d /core/java
parent	579d418db016a9ae87479da9e29d8827474d68f5 (diff)
download	frameworks_base-a8529f68671a8a118751cb6ad577f44eaf076b96.zip frameworks_base-a8529f68671a8a118751cb6ad577f44eaf076b96.tar.gz frameworks_base-a8529f68671a8a118751cb6ad577f44eaf076b96.tar.bz2