diff options
author | Paul Lawrence <paullawrence@google.com> | 2014-08-21 08:43:41 -0700 |
---|---|---|
committer | Paul Lawrence <paullawrence@google.com> | 2014-08-22 11:22:43 -0700 |
commit | 32d06732cdb7ee653a58e49a4dab13a780513db5 (patch) | |
tree | e7915fe34e031d09fa3e746f3504b22163b7ef99 /packages | |
parent | f9220b39533d18b6c79099c32522b3ff712ff89b (diff) | |
download | frameworks_base-32d06732cdb7ee653a58e49a4dab13a780513db5.zip frameworks_base-32d06732cdb7ee653a58e49a4dab13a780513db5.tar.gz frameworks_base-32d06732cdb7ee653a58e49a4dab13a780513db5.tar.bz2 |
Fix adb backup for encrypted case
New behavior. Backup no longer uses the encryption password. This is in
part because that is hard with patterns, in part because it is a security
issue - the off line backup is much easier to brute force than the phone.
Instead, we simply insist on an encryption password if your device is encrypted
and locked.
Bug: 17159330
Change-Id: Ia22f84722522abf0b569a3ef1e16ead5527c726d
Diffstat (limited to 'packages')
-rw-r--r-- | packages/BackupRestoreConfirmation/res/values/strings.xml | 2 | ||||
-rw-r--r-- | packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java | 28 |
2 files changed, 12 insertions, 18 deletions
diff --git a/packages/BackupRestoreConfirmation/res/values/strings.xml b/packages/BackupRestoreConfirmation/res/values/strings.xml index 5c90fd0..3fb3fd4 100644 --- a/packages/BackupRestoreConfirmation/res/values/strings.xml +++ b/packages/BackupRestoreConfirmation/res/values/strings.xml @@ -44,6 +44,8 @@ <string name="backup_enc_password_text">Please enter a password to use for encrypting the full backup data. If this is left blank, your current backup password will be used:</string> <!-- Text for message to user that they may optionally supply an encryption password to use for a full backup operation. --> <string name="backup_enc_password_optional">If you wish to encrypt the full backup data, enter a password below:</string> + <!-- Text for message to user that they must supply an encryption password to use for a full backup operation because their phone is locked. --> + <string name="backup_enc_password_required">Since your device is encrypted, you are required to encrypt your backup. Please enter a password below:</string> <!-- Text for message to user when performing a full restore operation, explaining that they must enter the password originally used to encrypt the full backup data. --> <string name="restore_enc_password_text">If the restore data is encrypted, please enter the password below:</string> diff --git a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java index 82ac8cb..c2bb90c 100644 --- a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java +++ b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java @@ -28,6 +28,7 @@ import android.os.Message; import android.os.RemoteException; import android.os.ServiceManager; import android.os.storage.IMountService; +import android.os.storage.StorageManager; import android.util.Log; import android.util.Slog; import android.view.View; @@ -182,25 +183,14 @@ public class BackupRestoreConfirmation extends Activity { // We vary the password prompt depending on whether one is predefined, and whether // the device is encrypted. mIsEncrypted = deviceIsEncrypted(); - if (mIsEncrypted) { - Log.d(TAG, "Device is encrypted: requiring encryption pw"); - TextView pwPrompt = (TextView) findViewById(R.id.password_desc); - // this password is mandatory; we hide the other options during backup - if (layoutId == R.layout.confirm_backup) { - pwPrompt.setText(R.string.device_encryption_backup_text); - TextView tv = (TextView) findViewById(R.id.enc_password); - tv.setVisibility(View.GONE); - tv = (TextView) findViewById(R.id.enc_password_desc); - tv.setVisibility(View.GONE); - } else { - pwPrompt.setText(R.string.device_encryption_restore_text); - } - } else if (!haveBackupPassword()) { + if (!haveBackupPassword()) { curPwDesc.setVisibility(View.GONE); mCurPassword.setVisibility(View.GONE); if (layoutId == R.layout.confirm_backup) { TextView encPwDesc = (TextView) findViewById(R.id.enc_password_desc); - encPwDesc.setText(R.string.backup_enc_password_optional); + encPwDesc.setText(mIsEncrypted + ? R.string.backup_enc_password_required + : R.string.backup_enc_password_optional); } } @@ -246,8 +236,7 @@ public class BackupRestoreConfirmation extends Activity { mDidAcknowledge = true; try { - CharSequence encPassword = (mIsEncrypted) - ? mCurPassword.getText() : mEncPassword.getText(); + CharSequence encPassword = mEncPassword.getText(); mBackupManager.acknowledgeFullBackupOrRestore(mToken, allow, String.valueOf(mCurPassword.getText()), @@ -261,7 +250,10 @@ public class BackupRestoreConfirmation extends Activity { boolean deviceIsEncrypted() { try { - return (mMountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE); + return mMountService.getEncryptionState() + != IMountService.ENCRYPTION_STATE_NONE + && mMountService.getPasswordType() + != StorageManager.CRYPT_TYPE_DEFAULT; } catch (Exception e) { // If we can't talk to the mount service we have a serious problem; fail // "secure" i.e. assuming that the device is encrypted. |