diff options
-rw-r--r-- | cmds/installd/commands.c | 118 | ||||
-rw-r--r-- | cmds/installd/installd.c | 24 | ||||
-rw-r--r-- | cmds/installd/installd.h | 19 | ||||
-rw-r--r-- | core/java/android/accounts/AccountManagerService.java | 8 | ||||
-rw-r--r-- | core/java/android/content/SyncStorageEngine.java | 4 | ||||
-rw-r--r-- | core/java/android/content/pm/ApplicationInfo.java | 10 | ||||
-rw-r--r-- | core/java/android/content/pm/PackageParser.java | 6 | ||||
-rw-r--r-- | core/java/android/os/Environment.java | 48 | ||||
-rw-r--r-- | core/java/android/os/RecoverySystem.java | 17 | ||||
-rw-r--r-- | core/res/res/values/attrs_manifest.xml | 8 | ||||
-rw-r--r-- | packages/SettingsProvider/AndroidManifest.xml | 2 | ||||
-rw-r--r-- | packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java | 5 | ||||
-rw-r--r-- | services/java/com/android/server/BackupManagerService.java | 2 | ||||
-rw-r--r-- | services/java/com/android/server/Installer.java | 49 | ||||
-rw-r--r-- | services/java/com/android/server/MasterClearReceiver.java | 6 | ||||
-rw-r--r-- | services/java/com/android/server/PackageManagerService.java | 58 | ||||
-rw-r--r-- | vpn/java/android/net/vpn/VpnManager.java | 3 |
17 files changed, 66 insertions, 321 deletions
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c index b8ba3f6..41f070c 100644 --- a/cmds/installd/commands.c +++ b/cmds/installd/commands.c @@ -16,7 +16,7 @@ #include "installd.h" -int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid) +int install(const char *pkgname, uid_t uid, gid_t gid) { char pkgdir[PKG_PATH_MAX]; char libdir[PKG_PATH_MAX]; @@ -27,17 +27,11 @@ int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid) } - if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { - if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) - return -1; - if (create_pkg_path(libdir, PKG_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX)) - return -1; - } else { - if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) - return -1; - if (create_pkg_path(libdir, PKG_SEC_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX)) - return -1; - } + if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) + return -1; + if (create_pkg_path(libdir, PKG_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX)) + return -1; + if (mkdir(pkgdir, 0751) < 0) { LOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno)); @@ -62,38 +56,27 @@ int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid) return 0; } -int uninstall(const char *pkgname, int encrypted_fs_flag) +int uninstall(const char *pkgname) { char pkgdir[PKG_PATH_MAX]; - if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { - if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) - return -1; - } else { - if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) - return -1; - } + if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) + return -1; /* delete contents AND directory, no exceptions */ return delete_dir_contents(pkgdir, 1, 0); } -int renamepkg(const char *oldpkgname, const char *newpkgname, int encrypted_fs_flag) +int renamepkg(const char *oldpkgname, const char *newpkgname) { char oldpkgdir[PKG_PATH_MAX]; char newpkgdir[PKG_PATH_MAX]; - if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { - if (create_pkg_path(oldpkgdir, PKG_DIR_PREFIX, oldpkgname, PKG_DIR_POSTFIX)) - return -1; - if (create_pkg_path(newpkgdir, PKG_DIR_PREFIX, newpkgname, PKG_DIR_POSTFIX)) - return -1; - } else { - if (create_pkg_path(oldpkgdir, PKG_SEC_DIR_PREFIX, oldpkgname, PKG_DIR_POSTFIX)) - return -1; - if (create_pkg_path(newpkgdir, PKG_SEC_DIR_PREFIX, newpkgname, PKG_DIR_POSTFIX)) - return -1; - } + if (create_pkg_path(oldpkgdir, PKG_DIR_PREFIX, oldpkgname, PKG_DIR_POSTFIX)) + return -1; + if (create_pkg_path(newpkgdir, PKG_DIR_PREFIX, newpkgname, PKG_DIR_POSTFIX)) + return -1; + if (rename(oldpkgdir, newpkgdir) < 0) { LOGE("cannot rename dir '%s' to '%s': %s\n", oldpkgdir, newpkgdir, strerror(errno)); @@ -102,41 +85,29 @@ int renamepkg(const char *oldpkgname, const char *newpkgname, int encrypted_fs_f return 0; } -int delete_user_data(const char *pkgname, int encrypted_fs_flag) +int delete_user_data(const char *pkgname) { char pkgdir[PKG_PATH_MAX]; - if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { - if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) - return -1; - } else { - if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) - return -1; - } + if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) + return -1; /* delete contents, excluding "lib", but not the directory itself */ return delete_dir_contents(pkgdir, 0, "lib"); } -int delete_cache(const char *pkgname, int encrypted_fs_flag) +int delete_cache(const char *pkgname) { char cachedir[PKG_PATH_MAX]; - if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { - if (create_pkg_path(cachedir, CACHE_DIR_PREFIX, pkgname, CACHE_DIR_POSTFIX)) - return -1; - } else { - if (create_pkg_path(cachedir, CACHE_SEC_DIR_PREFIX, pkgname, CACHE_DIR_POSTFIX)) - return -1; - } + if (create_pkg_path(cachedir, CACHE_DIR_PREFIX, pkgname, CACHE_DIR_POSTFIX)) + return -1; + /* delete contents, not the directory, no exceptions */ return delete_dir_contents(cachedir, 0, 0); } -/* TODO(oam): depending on use case (ecryptfs or dmcrypt) - * change implementation - */ static int disk_free() { struct statfs sfs; @@ -168,39 +139,6 @@ int free_cache(int free_size) LOGI("free_cache(%d) avail %d\n", free_size, avail); if (avail >= free_size) return 0; - /* First try encrypted dir */ - d = opendir(PKG_SEC_DIR_PREFIX); - if (d == NULL) { - LOGE("cannot open %s\n", PKG_SEC_DIR_PREFIX); - } else { - dfd = dirfd(d); - - while ((de = readdir(d))) { - if (de->d_type != DT_DIR) continue; - name = de->d_name; - - /* always skip "." and ".." */ - if (name[0] == '.') { - if (name[1] == 0) continue; - if ((name[1] == '.') && (name[2] == 0)) continue; - } - - subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY); - if (subfd < 0) continue; - - delete_dir_contents_fd(subfd, "cache"); - close(subfd); - - avail = disk_free(); - if (avail >= free_size) { - closedir(d); - return 0; - } - } - closedir(d); - } - - /* Next try unencrypted dir... */ d = opendir(PKG_DIR_PREFIX); if (d == NULL) { LOGE("cannot open %s\n", PKG_DIR_PREFIX); @@ -376,7 +314,7 @@ static int calculate_dir_size(int dfd) int get_size(const char *pkgname, const char *apkpath, const char *fwdlock_apkpath, - int *_codesize, int *_datasize, int *_cachesize, int encrypted_fs_flag) + int *_codesize, int *_datasize, int *_cachesize) { DIR *d; int dfd; @@ -411,14 +349,8 @@ int get_size(const char *pkgname, const char *apkpath, } } - if (encrypted_fs_flag == 0) { - if (create_pkg_path(path, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) { - goto done; - } - } else { - if (create_pkg_path(path, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) { - goto done; - } + if (create_pkg_path(path, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) { + goto done; } d = opendir(path); diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c index 882c493..f6ca998 100644 --- a/cmds/installd/installd.c +++ b/cmds/installd/installd.c @@ -29,7 +29,7 @@ static int do_ping(char **arg, char reply[REPLY_MAX]) static int do_install(char **arg, char reply[REPLY_MAX]) { - return install(arg[0], atoi(arg[1]), atoi(arg[2]), atoi(arg[3])); /* pkgname, uid, gid */ + return install(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */ } static int do_dexopt(char **arg, char reply[REPLY_MAX]) @@ -50,12 +50,12 @@ static int do_rm_dex(char **arg, char reply[REPLY_MAX]) static int do_remove(char **arg, char reply[REPLY_MAX]) { - return uninstall(arg[0], atoi(arg[1])); /* pkgname */ + return uninstall(arg[0]); /* pkgname */ } static int do_rename(char **arg, char reply[REPLY_MAX]) { - return renamepkg(arg[0], arg[1], atoi(arg[2])); /* oldpkgname, newpkgname */ + return renamepkg(arg[0], arg[1]); /* oldpkgname, newpkgname */ } static int do_free_cache(char **arg, char reply[REPLY_MAX]) /* TODO int:free_size */ @@ -65,7 +65,7 @@ static int do_free_cache(char **arg, char reply[REPLY_MAX]) /* TODO int:free_siz static int do_rm_cache(char **arg, char reply[REPLY_MAX]) { - return delete_cache(arg[0], atoi(arg[1])); /* pkgname */ + return delete_cache(arg[0]); /* pkgname */ } static int do_protect(char **arg, char reply[REPLY_MAX]) @@ -81,7 +81,7 @@ static int do_get_size(char **arg, char reply[REPLY_MAX]) int res = 0; /* pkgdir, apkpath */ - res = get_size(arg[0], arg[1], arg[2], &codesize, &datasize, &cachesize, atoi(arg[3])); + res = get_size(arg[0], arg[1], arg[2], &codesize, &datasize, &cachesize); sprintf(reply,"%d %d %d", codesize, datasize, cachesize); return res; @@ -89,7 +89,7 @@ static int do_get_size(char **arg, char reply[REPLY_MAX]) static int do_rm_user_data(char **arg, char reply[REPLY_MAX]) { - return delete_user_data(arg[0], atoi(arg[1])); /* pkgname */ + return delete_user_data(arg[0]); /* pkgname */ } static int do_movefiles(char **arg, char reply[REPLY_MAX]) @@ -105,17 +105,17 @@ struct cmdinfo { struct cmdinfo cmds[] = { { "ping", 0, do_ping }, - { "install", 4, do_install }, + { "install", 3, do_install }, { "dexopt", 3, do_dexopt }, { "movedex", 2, do_move_dex }, { "rmdex", 1, do_rm_dex }, - { "remove", 2, do_remove }, - { "rename", 3, do_rename }, + { "remove", 1, do_remove }, + { "rename", 2, do_rename }, { "freecache", 1, do_free_cache }, - { "rmcache", 2, do_rm_cache }, + { "rmcache", 1, do_rm_cache }, { "protect", 2, do_protect }, - { "getsize", 4, do_get_size }, - { "rmuserdata", 2, do_rm_user_data }, + { "getsize", 3, do_get_size }, + { "rmuserdata", 1, do_rm_user_data }, { "movefiles", 0, do_movefiles }, }; diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h index 8e4adb1..cfcdb98 100644 --- a/cmds/installd/installd.h +++ b/cmds/installd/installd.h @@ -48,23 +48,16 @@ /* elements combined with a valid package name to form paths */ #define PKG_DIR_PREFIX "/data/data/" -#define PKG_SEC_DIR_PREFIX "/data/secure/data/" #define PKG_DIR_POSTFIX "" #define PKG_LIB_PREFIX "/data/data/" -#define PKG_SEC_LIB_PREFIX "/data/secure/data/" #define PKG_LIB_POSTFIX "/lib" #define CACHE_DIR_PREFIX "/data/data/" -#define CACHE_SEC_DIR_PREFIX "/data/secure/data/" #define CACHE_DIR_POSTFIX "/cache" #define APK_DIR_PREFIX "/data/app/" -/* Encrypted File SYstems constants */ -#define USE_ENCRYPTED_FS 1 -#define USE_UNENCRYPTED_FS 0 - /* other handy constants */ #define PROTECTED_DIR_PREFIX "/data/app-private/" @@ -96,16 +89,16 @@ int delete_dir_contents_fd(int dfd, const char *name); /* commands.c */ -int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid); -int uninstall(const char *pkgname, int encrypted_fs_flag); -int renamepkg(const char *oldpkgname, const char *newpkgname, int encrypted_fs_flag); -int delete_user_data(const char *pkgname, int encrypted_fs_flag); -int delete_cache(const char *pkgname, int encrypted_fs_flag); +int install(const char *pkgname, uid_t uid, gid_t gid); +int uninstall(const char *pkgname); +int renamepkg(const char *oldpkgname, const char *newpkgname); +int delete_user_data(const char *pkgname); +int delete_cache(const char *pkgname); int move_dex(const char *src, const char *dst); int rm_dex(const char *path); int protect(char *pkgname, gid_t gid); int get_size(const char *pkgname, const char *apkpath, const char *fwdlock_apkpath, - int *codesize, int *datasize, int *cachesize, int encrypted_fs_flag); + int *codesize, int *datasize, int *cachesize); int free_cache(int free_size); int dexopt(const char *apk_path, uid_t uid, int is_public); int movefiles(); diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java index 1d9e0f1..1cd7aa7 100644 --- a/core/java/android/accounts/AccountManagerService.java +++ b/core/java/android/accounts/AccountManagerService.java @@ -1483,13 +1483,7 @@ public class AccountManagerService } private static String getDatabaseName() { - if(Environment.isEncryptedFilesystemEnabled()) { - // Hard-coded path in case of encrypted file system - return Environment.getSystemSecureDirectory().getPath() + File.separator + DATABASE_NAME; - } else { - // Regular path in case of non-encrypted file system - return DATABASE_NAME; - } + return DATABASE_NAME; } private class DatabaseHelper extends SQLiteOpenHelper { diff --git a/core/java/android/content/SyncStorageEngine.java b/core/java/android/content/SyncStorageEngine.java index daad95c..6a959ae 100644 --- a/core/java/android/content/SyncStorageEngine.java +++ b/core/java/android/content/SyncStorageEngine.java @@ -312,9 +312,7 @@ public class SyncStorageEngine extends Handler { if (sSyncStorageEngine != null) { return; } - // This call will return the correct directory whether Encrypted File Systems is - // enabled or not. - File dataDir = Environment.getSecureDataDirectory(); + File dataDir = Environment.getDataDirectory(); sSyncStorageEngine = new SyncStorageEngine(context, dataDir); } diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java index ae38af6..480504d 100644 --- a/core/java/android/content/pm/ApplicationInfo.java +++ b/core/java/android/content/pm/ApplicationInfo.java @@ -249,16 +249,6 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { public static final int FLAG_RESTORE_ANY_VERSION = 1<<17; /** - * Value for {@link #flags}: this is true if the application has set - * its android:neverEncrypt to true, false otherwise. It is used to specify - * that this package specifically "opts-out" of a secured file system solution, - * and will always store its data in-the-clear. - * - * {@hide} - */ - public static final int FLAG_NEVER_ENCRYPT = 1<<18; - - /** * Value for {@link #flags}: Set to true if the application has been * installed using the forward lock option. * diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java index fb52d2e..09a783d 100644 --- a/core/java/android/content/pm/PackageParser.java +++ b/core/java/android/content/pm/PackageParser.java @@ -1539,12 +1539,6 @@ public class PackageParser { ai.flags |= ApplicationInfo.FLAG_TEST_ONLY; } - if (sa.getBoolean( - com.android.internal.R.styleable.AndroidManifestApplication_neverEncrypt, - false)) { - ai.flags |= ApplicationInfo.FLAG_NEVER_ENCRYPT; - } - String str; str = sa.getNonConfigurationString( com.android.internal.R.styleable.AndroidManifestApplication_permission, 0); diff --git a/core/java/android/os/Environment.java b/core/java/android/os/Environment.java index a9831aa..eab1627 100644 --- a/core/java/android/os/Environment.java +++ b/core/java/android/os/Environment.java @@ -28,8 +28,6 @@ public class Environment { private static final File ROOT_DIRECTORY = getDirectory("ANDROID_ROOT", "/system"); - private static final String SYSTEM_PROPERTY_EFS_ENABLED = "persist.security.efs.enabled"; - private static IMountService mMntSvc = null; /** @@ -39,55 +37,9 @@ public class Environment { return ROOT_DIRECTORY; } - /** - * Gets the system directory available for secure storage. - * If Encrypted File system is enabled, it returns an encrypted directory (/data/secure/system). - * Otherwise, it returns the unencrypted /data/system directory. - * @return File object representing the secure storage system directory. - * @hide - */ - public static File getSystemSecureDirectory() { - if (isEncryptedFilesystemEnabled()) { - return new File(SECURE_DATA_DIRECTORY, "system"); - } else { - return new File(DATA_DIRECTORY, "system"); - } - } - - /** - * Gets the data directory for secure storage. - * If Encrypted File system is enabled, it returns an encrypted directory (/data/secure). - * Otherwise, it returns the unencrypted /data directory. - * @return File object representing the data directory for secure storage. - * @hide - */ - public static File getSecureDataDirectory() { - if (isEncryptedFilesystemEnabled()) { - return SECURE_DATA_DIRECTORY; - } else { - return DATA_DIRECTORY; - } - } - - /** - * Returns whether the Encrypted File System feature is enabled on the device or not. - * @return <code>true</code> if Encrypted File System feature is enabled, <code>false</code> - * if disabled. - * @hide - */ - public static boolean isEncryptedFilesystemEnabled() { - return SystemProperties.getBoolean(SYSTEM_PROPERTY_EFS_ENABLED, false); - } - private static final File DATA_DIRECTORY = getDirectory("ANDROID_DATA", "/data"); - /** - * @hide - */ - private static final File SECURE_DATA_DIRECTORY - = getDirectory("ANDROID_SECURE_DATA", "/data/secure"); - private static final File EXTERNAL_STORAGE_DIRECTORY = getDirectory("EXTERNAL_STORAGE", "/sdcard"); diff --git a/core/java/android/os/RecoverySystem.java b/core/java/android/os/RecoverySystem.java index 1b103aa..b3ec114 100644 --- a/core/java/android/os/RecoverySystem.java +++ b/core/java/android/os/RecoverySystem.java @@ -352,23 +352,6 @@ public class RecoverySystem { } /** - * Reboot into the recovery system to wipe the /data partition and toggle - * Encrypted File Systems on/off. - * @param extras to add to the RECOVERY_COMPLETED intent after rebooting. - * @throws IOException if something goes wrong. - * - * @hide - */ - public static void rebootToggleEFS(Context context, boolean efsEnabled) - throws IOException { - if (efsEnabled) { - bootCommand(context, "--set_encrypted_filesystem=on"); - } else { - bootCommand(context, "--set_encrypted_filesystem=off"); - } - } - - /** * Reboot into the recovery system with the supplied argument. * @param arg to pass to the recovery utility. * @throws IOException if something goes wrong. diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml index fc5edb3..959a9db 100644 --- a/core/res/res/values/attrs_manifest.xml +++ b/core/res/res/values/attrs_manifest.xml @@ -79,13 +79,6 @@ by applications. --> <attr name="allowClearUserData" format="boolean" /> - <!-- Option to let applications specify that user data should - never be encrypted if an Encrypted File System solution - is enabled. Specifically, this is an "opt-out" feature, meaning - that, by default, user data will be encrypted if the EFS feature - is enabled. --> - <attr name="neverEncrypt" format="boolean" /> - <!-- Option to indicate this application is only for testing purposes. For example, it may expose functionality or data outside of itself that would cause a security hole, but is useful for testing. This @@ -719,7 +712,6 @@ <attr name="killAfterRestore" /> <attr name="restoreNeedsApplication" /> <attr name="restoreAnyVersion" /> - <attr name="neverEncrypt" /> </declare-styleable> <!-- The <code>permission</code> tag declares a security permission that can be diff --git a/packages/SettingsProvider/AndroidManifest.xml b/packages/SettingsProvider/AndroidManifest.xml index dd0d064..d057ab7 100644 --- a/packages/SettingsProvider/AndroidManifest.xml +++ b/packages/SettingsProvider/AndroidManifest.xml @@ -8,8 +8,6 @@ android:backupAgent="SettingsBackupAgent" android:killAfterRestore="false" android:icon="@drawable/ic_launcher_settings"> - - <!-- todo add: android:neverEncrypt="true" --> <provider android:name="SettingsProvider" android:authorities="settings" android:multiprocess="false" diff --git a/packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java b/packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java index eeafd5a..5672a01 100644 --- a/packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java +++ b/packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java @@ -52,11 +52,8 @@ public class VpnServiceBinder extends Service { // The actual implementation is delegated to the VpnService class. private VpnService<? extends VpnProfile> mService; - // TODO(oam): Test VPN when EFS is enabled (will do later)... private static String getStateFilePath() { - // This call will return the correcu directory whether Encrypted FS is enabled or not - // Disabled: /data/misc/vpn/.states Enabled: /data/secure/misc/vpn/.states - return Environment.getSecureDataDirectory().getPath() + STATES_FILE_RELATIVE_PATH; + return Environment.getDataDirectory().getPath() + STATES_FILE_RELATIVE_PATH; } private final IBinder mBinder = new IVpnService.Stub() { diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java index 7607c74..6c1fa60 100644 --- a/services/java/com/android/server/BackupManagerService.java +++ b/services/java/com/android/server/BackupManagerService.java @@ -377,7 +377,7 @@ class BackupManagerService extends IBackupManager.Stub { Settings.Secure.BACKUP_AUTO_RESTORE, 1) != 0; // If Encrypted file systems is enabled or disabled, this call will return the // correct directory. - mBaseStateDir = new File(Environment.getSecureDataDirectory(), "backup"); + mBaseStateDir = new File(Environment.getDataDirectory(), "backup"); mBaseStateDir.mkdirs(); mDataDir = Environment.getDownloadCacheDirectory(); diff --git a/services/java/com/android/server/Installer.java b/services/java/com/android/server/Installer.java index 1f34eba..2eaa58c 100644 --- a/services/java/com/android/server/Installer.java +++ b/services/java/com/android/server/Installer.java @@ -166,17 +166,11 @@ class Installer { } } - public int install(String name, boolean useEncryptedFilesystem, int uid, int gid) { + public int install(String name, int uid, int gid) { StringBuilder builder = new StringBuilder("install"); builder.append(' '); builder.append(name); builder.append(' '); - if (useEncryptedFilesystem) { - builder.append('1'); - } else { - builder.append('0'); - } - builder.append(' '); builder.append(uid); builder.append(' '); builder.append(gid); @@ -209,57 +203,33 @@ class Installer { return execute(builder.toString()); } - public int remove(String name, boolean useEncryptedFilesystem) { + public int remove(String name) { StringBuilder builder = new StringBuilder("remove"); builder.append(' '); builder.append(name); - builder.append(' '); - if (useEncryptedFilesystem) { - builder.append('1'); - } else { - builder.append('0'); - } return execute(builder.toString()); } - public int rename(String oldname, String newname, boolean useEncryptedFilesystem) { + public int rename(String oldname, String newname) { StringBuilder builder = new StringBuilder("rename"); builder.append(' '); builder.append(oldname); builder.append(' '); builder.append(newname); - builder.append(' '); - if (useEncryptedFilesystem) { - builder.append('1'); - } else { - builder.append('0'); - } return execute(builder.toString()); } - public int deleteCacheFiles(String name, boolean useEncryptedFilesystem) { + public int deleteCacheFiles(String name) { StringBuilder builder = new StringBuilder("rmcache"); builder.append(' '); builder.append(name); - builder.append(' '); - if (useEncryptedFilesystem) { - builder.append('1'); - } else { - builder.append('0'); - } return execute(builder.toString()); } - public int clearUserData(String name, boolean useEncryptedFilesystem) { + public int clearUserData(String name) { StringBuilder builder = new StringBuilder("rmuserdata"); builder.append(' '); builder.append(name); - builder.append(' '); - if (useEncryptedFilesystem) { - builder.append('1'); - } else { - builder.append('0'); - } return execute(builder.toString()); } @@ -293,7 +263,7 @@ class Installer { } public int getSizeInfo(String pkgName, String apkPath, - String fwdLockApkPath, PackageStats pStats, boolean useEncryptedFilesystem) { + String fwdLockApkPath, PackageStats pStats) { StringBuilder builder = new StringBuilder("getsize"); builder.append(' '); builder.append(pkgName); @@ -301,13 +271,6 @@ class Installer { builder.append(apkPath); builder.append(' '); builder.append(fwdLockApkPath != null ? fwdLockApkPath : "!"); - builder.append(' '); - if (useEncryptedFilesystem) { - builder.append('1'); - } else { - builder.append('0'); - } - String s = transaction(builder.toString()); String res[] = s.split(" "); diff --git a/services/java/com/android/server/MasterClearReceiver.java b/services/java/com/android/server/MasterClearReceiver.java index 4d04cee..27a8a74 100644 --- a/services/java/com/android/server/MasterClearReceiver.java +++ b/services/java/com/android/server/MasterClearReceiver.java @@ -39,11 +39,7 @@ public class MasterClearReceiver extends BroadcastReceiver { try { Slog.w(TAG, "!!! FACTORY RESET !!!"); - if (intent.hasExtra("enableEFS")) { - RecoverySystem.rebootToggleEFS(context, intent.getBooleanExtra("enableEFS", false)); - } else { - RecoverySystem.rebootWipeUserData(context); - } + RecoverySystem.rebootWipeUserData(context); Log.wtf(TAG, "Still running after master clear?!"); } catch (IOException e) { Slog.e(TAG, "Can't perform master clear/factory reset", e); diff --git a/services/java/com/android/server/PackageManagerService.java b/services/java/com/android/server/PackageManagerService.java index 33a824b..79b012b 100644 --- a/services/java/com/android/server/PackageManagerService.java +++ b/services/java/com/android/server/PackageManagerService.java @@ -147,8 +147,6 @@ class PackageManagerService extends IPackageManager.Stub { private static final boolean GET_CERTIFICATES = true; - private static final String SYSTEM_PROPERTY_EFS_ENABLED = "persist.security.efs.enabled"; - private static final int REMOVE_EVENTS = FileObserver.CLOSE_WRITE | FileObserver.DELETE | FileObserver.MOVED_FROM; private static final int ADD_EVENTS = @@ -201,10 +199,6 @@ class PackageManagerService extends IPackageManager.Stub { // This is where all application persistent data goes. final File mAppDataDir; - // If Encrypted File System feature is enabled, all application persistent data - // should go here instead. - final File mSecureAppDataDir; - // This is the object monitoring the framework dir. final FileObserver mFrameworkInstallObserver; @@ -717,7 +711,6 @@ class PackageManagerService extends IPackageManager.Stub { File dataDir = Environment.getDataDirectory(); mAppDataDir = new File(dataDir, "data"); - mSecureAppDataDir = new File(dataDir, "secure/data"); mDrmAppPrivateInstallDir = new File(dataDir, "app-private"); if (mInstaller == null) { @@ -727,7 +720,6 @@ class PackageManagerService extends IPackageManager.Stub { File miscDir = new File(dataDir, "misc"); miscDir.mkdirs(); mAppDataDir.mkdirs(); - mSecureAppDataDir.mkdirs(); mDrmAppPrivateInstallDir.mkdirs(); } @@ -888,9 +880,7 @@ class PackageManagerService extends IPackageManager.Stub { + " no longer exists; wiping its data"; reportSettingsProblem(Log.WARN, msg); if (mInstaller != null) { - // XXX how to set useEncryptedFSDir for packages that - // are not encrypted? - mInstaller.remove(ps.name, true); + mInstaller.remove(ps.name); } } } @@ -960,8 +950,7 @@ class PackageManagerService extends IPackageManager.Stub { void cleanupInstallFailedPackage(PackageSetting ps) { Slog.i(TAG, "Cleaning up incompletely installed app: " + ps.name); if (mInstaller != null) { - boolean useSecureFS = useEncryptedFilesystemForPackage(ps.pkg); - int retCode = mInstaller.remove(ps.name, useSecureFS); + int retCode = mInstaller.remove(ps.name); if (retCode < 0) { Slog.w(TAG, "Couldn't remove app data directory for package: " + ps.name + ", retcode=" + retCode); @@ -2616,11 +2605,6 @@ class PackageManagerService extends IPackageManager.Stub { return performed ? DEX_OPT_PERFORMED : DEX_OPT_SKIPPED; } - - private static boolean useEncryptedFilesystemForPackage(PackageParser.Package pkg) { - return Environment.isEncryptedFilesystemEnabled() && - ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_NEVER_ENCRYPT) == 0); - } private boolean verifyPackageUpdate(PackageSetting oldPkg, PackageParser.Package newPkg) { if ((oldPkg.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0) { @@ -2638,14 +2622,7 @@ class PackageManagerService extends IPackageManager.Stub { } private File getDataPathForPackage(PackageParser.Package pkg) { - boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(pkg); - File dataPath; - if (useEncryptedFSDir) { - dataPath = new File(mSecureAppDataDir, pkg.packageName); - } else { - dataPath = new File(mAppDataDir, pkg.packageName); - } - return dataPath; + return new File(mAppDataDir, pkg.packageName); } private PackageParser.Package scanPackageLI(PackageParser.Package pkg, @@ -2997,7 +2974,6 @@ class PackageManagerService extends IPackageManager.Stub { pkg.applicationInfo.dataDir = dataPath.getPath(); } else { // This is a normal package, need to make its data directory. - boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(pkg); dataPath = getDataPathForPackage(pkg); boolean uidError = false; @@ -3014,7 +2990,7 @@ class PackageManagerService extends IPackageManager.Stub { // If this is a system app, we can at least delete its // current data so the application will still work. if (mInstaller != null) { - int ret = mInstaller.remove(pkgName, useEncryptedFSDir); + int ret = mInstaller.remove(pkgName); if (ret >= 0) { // Old data gone! String msg = "System package " + pkg.packageName @@ -3025,7 +3001,7 @@ class PackageManagerService extends IPackageManager.Stub { recovered = true; // And now re-install the app. - ret = mInstaller.install(pkgName, useEncryptedFSDir, pkg.applicationInfo.uid, + ret = mInstaller.install(pkgName, pkg.applicationInfo.uid, pkg.applicationInfo.uid); if (ret == -1) { // Ack should not happen! @@ -3065,7 +3041,7 @@ class PackageManagerService extends IPackageManager.Stub { Log.v(TAG, "Want this data dir: " + dataPath); //invoke installer to do the actual installation if (mInstaller != null) { - int ret = mInstaller.install(pkgName, useEncryptedFSDir, pkg.applicationInfo.uid, + int ret = mInstaller.install(pkgName, pkg.applicationInfo.uid, pkg.applicationInfo.uid); if(ret < 0) { // Error from installer @@ -6030,9 +6006,8 @@ class PackageManagerService extends IPackageManager.Stub { deletedPs = mSettings.mPackages.get(packageName); } if ((flags&PackageManager.DONT_DELETE_DATA) == 0) { - boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p); if (mInstaller != null) { - int retCode = mInstaller.remove(packageName, useEncryptedFSDir); + int retCode = mInstaller.remove(packageName); if (retCode < 0) { Slog.w(TAG, "Couldn't remove app data or cache directory for package: " + packageName + ", retcode=" + retCode); @@ -6271,7 +6246,6 @@ class PackageManagerService extends IPackageManager.Stub { p = ps.pkg; } } - boolean useEncryptedFSDir = false; if(!dataOnly) { //need to check this only for fully installed applications @@ -6284,10 +6258,9 @@ class PackageManagerService extends IPackageManager.Stub { Slog.w(TAG, "Package " + packageName + " has no applicationInfo."); return false; } - useEncryptedFSDir = useEncryptedFilesystemForPackage(p); } if (mInstaller != null) { - int retCode = mInstaller.clearUserData(packageName, useEncryptedFSDir); + int retCode = mInstaller.clearUserData(packageName); if (retCode < 0) { Slog.w(TAG, "Couldn't remove cache files for package: " + packageName); @@ -6338,9 +6311,8 @@ class PackageManagerService extends IPackageManager.Stub { Slog.w(TAG, "Package " + packageName + " has no applicationInfo."); return false; } - boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p); if (mInstaller != null) { - int retCode = mInstaller.deleteCacheFiles(packageName, useEncryptedFSDir); + int retCode = mInstaller.deleteCacheFiles(packageName); if (retCode < 0) { Slog.w(TAG, "Couldn't remove cache files for package: " + packageName); @@ -6402,10 +6374,9 @@ class PackageManagerService extends IPackageManager.Stub { } publicSrcDir = isForwardLocked(p) ? applicationInfo.publicSourceDir : null; } - boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p); if (mInstaller != null) { int res = mInstaller.getSizeInfo(packageName, p.mPath, - publicSrcDir, pStats, useEncryptedFSDir); + publicSrcDir, pStats); if (res < 0) { return false; } else { @@ -7539,8 +7510,7 @@ class PackageManagerService extends IPackageManager.Stub { void setFlags(int pkgFlags) { this.pkgFlags = (pkgFlags & ApplicationInfo.FLAG_SYSTEM) | (pkgFlags & ApplicationInfo.FLAG_FORWARD_LOCK) | - (pkgFlags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) | - (pkgFlags & ApplicationInfo.FLAG_NEVER_ENCRYPT); + (pkgFlags & ApplicationInfo.FLAG_EXTERNAL_STORAGE); } } @@ -7798,17 +7768,11 @@ class PackageManagerService extends IPackageManager.Stub { File dataDir = Environment.getDataDirectory(); File systemDir = new File(dataDir, "system"); // TODO(oam): This secure dir creation needs to be moved somewhere else (later) - File systemSecureDir = new File(dataDir, "secure/system"); systemDir.mkdirs(); - systemSecureDir.mkdirs(); FileUtils.setPermissions(systemDir.toString(), FileUtils.S_IRWXU|FileUtils.S_IRWXG |FileUtils.S_IROTH|FileUtils.S_IXOTH, -1, -1); - FileUtils.setPermissions(systemSecureDir.toString(), - FileUtils.S_IRWXU|FileUtils.S_IRWXG - |FileUtils.S_IROTH|FileUtils.S_IXOTH, - -1, -1); mSettingsFilename = new File(systemDir, "packages.xml"); mBackupSettingsFilename = new File(systemDir, "packages-backup.xml"); mPackageListFilename = new File(systemDir, "packages.list"); diff --git a/vpn/java/android/net/vpn/VpnManager.java b/vpn/java/android/net/vpn/VpnManager.java index ce40b5d..ce522c8 100644 --- a/vpn/java/android/net/vpn/VpnManager.java +++ b/vpn/java/android/net/vpn/VpnManager.java @@ -85,8 +85,7 @@ public class VpnManager { // TODO(oam): Test VPN when EFS is enabled (will do later)... public static String getProfilePath() { - // This call will return the correct path if Encrypted FS is enabled or not. - return Environment.getSecureDataDirectory().getPath() + PROFILES_PATH; + return Environment.getDataDirectory().getPath() + PROFILES_PATH; } /** |