Use the correct method to check if device is encrypted

DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.

Check if the device is encrypted by some means, instead.

Also fix a SecurityException when Device Admin queries encryption state
(recent regression)

Bug: 17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea

1 files changed, 8 insertions, 3 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index fc5c053..fe4b7b9 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3390,9 +3390,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     private int getEncryptionStatus() {
         String status = SystemProperties.get("ro.crypto.state", "unsupported");
         if ("encrypted".equalsIgnoreCase(status)) {
-            return LockPatternUtils.isDeviceEncrypted()
-                    ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
-                    : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
+            final long token = Binder.clearCallingIdentity();
+            try {
+                return LockPatternUtils.isDeviceEncrypted()
+                        ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
+                        : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
+            } finally {
+                Binder.restoreCallingIdentity(token);
+            }
         } else if ("unencrypted".equalsIgnoreCase(status)) {
             return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
         } else {