diff options
author | Christopher Tate <ctate@google.com> | 2011-10-10 13:51:12 -0700 |
---|---|---|
committer | Christopher Tate <ctate@google.com> | 2011-10-13 12:29:32 -0700 |
commit | 32418be49e5b61c2e9281528cb8fb67939e301e8 (patch) | |
tree | 6233d62e90ac6f418a4b6c620c85b0cb61b093a8 /packages/BackupRestoreConfirmation | |
parent | 3b16c9a5b4b1e12332ce8b3e9ccec60d6a5fc7bb (diff) | |
download | frameworks_base-32418be49e5b61c2e9281528cb8fb67939e301e8.zip frameworks_base-32418be49e5b61c2e9281528cb8fb67939e301e8.tar.gz frameworks_base-32418be49e5b61c2e9281528cb8fb67939e301e8.tar.bz2 |
Require device encryption password to perform adb backup/restore
This supersedes any backup-password that the user might supply. Per
design, the device encryption password is also always used to encrypt
the backup archive.
The CL introduces two new strings, used for prompting the user for
their device encryption password rather than their settings-defined
"backup password" when confirming a full backup or restore operation.
Bug 5382487
Change-Id: I0b03881b45437c944eaf636b6209278e1bba7a9f
Diffstat (limited to 'packages/BackupRestoreConfirmation')
-rw-r--r-- | packages/BackupRestoreConfirmation/res/values/strings.xml | 6 | ||||
-rw-r--r-- | packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java | 38 |
2 files changed, 40 insertions, 4 deletions
diff --git a/packages/BackupRestoreConfirmation/res/values/strings.xml b/packages/BackupRestoreConfirmation/res/values/strings.xml index e91c6e2..5c90fd0 100644 --- a/packages/BackupRestoreConfirmation/res/values/strings.xml +++ b/packages/BackupRestoreConfirmation/res/values/strings.xml @@ -35,8 +35,12 @@ <!-- Text for message to user that they must enter their predefined backup password in order to perform this operation. --> <string name="current_password_text">Please enter your current backup password below:</string> + <!-- Text for message to user that they must enter their device encryption password in order to perform this restore operation. --> + <string name="device_encryption_restore_text">Please enter your device encryption password below.</string> + <!-- Text for message to user that they must enter their device encryption password in order to perform this backup operation. --> + <string name="device_encryption_backup_text">Please enter your device encryption password below. This will also be used to encrypt the backup archive.</string> - <!-- Text for message to user that they can must enter an encryption password to use for the full backup operation. --> + <!-- Text for message to user that they must enter an encryption password to use for the full backup operation. --> <string name="backup_enc_password_text">Please enter a password to use for encrypting the full backup data. If this is left blank, your current backup password will be used:</string> <!-- Text for message to user that they may optionally supply an encryption password to use for a full backup operation. --> <string name="backup_enc_password_optional">If you wish to encrypt the full backup data, enter a password below:</string> diff --git a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java index fbdf3cc..7f1d059 100644 --- a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java +++ b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java @@ -27,6 +27,8 @@ import android.os.Handler; import android.os.Message; import android.os.RemoteException; import android.os.ServiceManager; +import android.os.storage.IMountService; +import android.util.Log; import android.util.Slog; import android.view.View; import android.widget.Button; @@ -60,8 +62,10 @@ public class BackupRestoreConfirmation extends Activity { Handler mHandler; IBackupManager mBackupManager; + IMountService mMountService; FullObserver mObserver; int mToken; + boolean mIsEncrypted; boolean mDidAcknowledge; TextView mStatusView; @@ -152,6 +156,7 @@ public class BackupRestoreConfirmation extends Activity { } mBackupManager = IBackupManager.Stub.asInterface(ServiceManager.getService(Context.BACKUP_SERVICE)); + mMountService = IMountService.Stub.asInterface(ServiceManager.getService("mount")); mHandler = new ObserverHandler(getApplicationContext()); final Object oldObserver = getLastNonConfigurationInstance(); @@ -174,8 +179,23 @@ public class BackupRestoreConfirmation extends Activity { mEncPassword = (TextView) findViewById(R.id.enc_password); TextView curPwDesc = (TextView) findViewById(R.id.password_desc); - // We vary the password prompt depending on whether one is predefined - if (!haveBackupPassword()) { + // We vary the password prompt depending on whether one is predefined, and whether + // the device is encrypted. + mIsEncrypted = deviceIsEncrypted(); + if (mIsEncrypted) { + Log.d(TAG, "Device is encrypted: requiring encryption pw"); + TextView pwPrompt = (TextView) findViewById(R.id.password_desc); + // this password is mandatory; we hide the other options during backup + if (layoutId == R.layout.confirm_backup) { + pwPrompt.setText(R.string.device_encryption_backup_text); + TextView tv = (TextView) findViewById(R.id.enc_password); + tv.setVisibility(View.GONE); + tv = (TextView) findViewById(R.id.enc_password_desc); + tv.setVisibility(View.GONE); + } else { + pwPrompt.setText(R.string.device_encryption_restore_text); + } + } else if (!haveBackupPassword()) { curPwDesc.setVisibility(View.GONE); mCurPassword.setVisibility(View.GONE); if (layoutId == R.layout.confirm_backup) { @@ -226,10 +246,12 @@ public class BackupRestoreConfirmation extends Activity { mDidAcknowledge = true; try { + CharSequence encPassword = (mIsEncrypted) + ? mCurPassword.getText() : mEncPassword.getText(); mBackupManager.acknowledgeFullBackupOrRestore(mToken, allow, String.valueOf(mCurPassword.getText()), - String.valueOf(mEncPassword.getText()), + String.valueOf(encPassword), mObserver); } catch (RemoteException e) { // TODO: bail gracefully if we can't contact the backup manager @@ -237,6 +259,16 @@ public class BackupRestoreConfirmation extends Activity { } } + boolean deviceIsEncrypted() { + try { + return (mMountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE); + } catch (Exception e) { + // If we can't talk to the mount service we have a serious problem; fail + // "secure" i.e. assuming that the device is encrypted. + return true; + } + } + boolean haveBackupPassword() { try { return mBackupManager.hasBackupPassword(); |