summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--cmds/installd/commands.c118
-rw-r--r--cmds/installd/installd.c24
-rw-r--r--cmds/installd/installd.h19
-rw-r--r--core/java/android/accounts/AccountManagerService.java8
-rw-r--r--core/java/android/content/SyncStorageEngine.java4
-rw-r--r--core/java/android/content/pm/ApplicationInfo.java10
-rw-r--r--core/java/android/content/pm/PackageParser.java6
-rw-r--r--core/java/android/os/Environment.java48
-rw-r--r--core/java/android/os/RecoverySystem.java17
-rw-r--r--core/res/res/values/attrs_manifest.xml8
-rw-r--r--packages/SettingsProvider/AndroidManifest.xml2
-rw-r--r--packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java5
-rw-r--r--services/java/com/android/server/BackupManagerService.java2
-rw-r--r--services/java/com/android/server/Installer.java49
-rw-r--r--services/java/com/android/server/MasterClearReceiver.java6
-rw-r--r--services/java/com/android/server/PackageManagerService.java58
-rw-r--r--vpn/java/android/net/vpn/VpnManager.java3
17 files changed, 66 insertions, 321 deletions
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
index b8ba3f6..41f070c 100644
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@@ -16,7 +16,7 @@
#include "installd.h"
-int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid)
+int install(const char *pkgname, uid_t uid, gid_t gid)
{
char pkgdir[PKG_PATH_MAX];
char libdir[PKG_PATH_MAX];
@@ -27,17 +27,11 @@ int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid)
}
- if (encrypted_fs_flag == USE_UNENCRYPTED_FS) {
- if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
- return -1;
- if (create_pkg_path(libdir, PKG_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX))
- return -1;
- } else {
- if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
- return -1;
- if (create_pkg_path(libdir, PKG_SEC_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX))
- return -1;
- }
+ if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
+ return -1;
+ if (create_pkg_path(libdir, PKG_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX))
+ return -1;
+
if (mkdir(pkgdir, 0751) < 0) {
LOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
@@ -62,38 +56,27 @@ int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid)
return 0;
}
-int uninstall(const char *pkgname, int encrypted_fs_flag)
+int uninstall(const char *pkgname)
{
char pkgdir[PKG_PATH_MAX];
- if (encrypted_fs_flag == USE_UNENCRYPTED_FS) {
- if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
- return -1;
- } else {
- if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
- return -1;
- }
+ if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
+ return -1;
/* delete contents AND directory, no exceptions */
return delete_dir_contents(pkgdir, 1, 0);
}
-int renamepkg(const char *oldpkgname, const char *newpkgname, int encrypted_fs_flag)
+int renamepkg(const char *oldpkgname, const char *newpkgname)
{
char oldpkgdir[PKG_PATH_MAX];
char newpkgdir[PKG_PATH_MAX];
- if (encrypted_fs_flag == USE_UNENCRYPTED_FS) {
- if (create_pkg_path(oldpkgdir, PKG_DIR_PREFIX, oldpkgname, PKG_DIR_POSTFIX))
- return -1;
- if (create_pkg_path(newpkgdir, PKG_DIR_PREFIX, newpkgname, PKG_DIR_POSTFIX))
- return -1;
- } else {
- if (create_pkg_path(oldpkgdir, PKG_SEC_DIR_PREFIX, oldpkgname, PKG_DIR_POSTFIX))
- return -1;
- if (create_pkg_path(newpkgdir, PKG_SEC_DIR_PREFIX, newpkgname, PKG_DIR_POSTFIX))
- return -1;
- }
+ if (create_pkg_path(oldpkgdir, PKG_DIR_PREFIX, oldpkgname, PKG_DIR_POSTFIX))
+ return -1;
+ if (create_pkg_path(newpkgdir, PKG_DIR_PREFIX, newpkgname, PKG_DIR_POSTFIX))
+ return -1;
+
if (rename(oldpkgdir, newpkgdir) < 0) {
LOGE("cannot rename dir '%s' to '%s': %s\n", oldpkgdir, newpkgdir, strerror(errno));
@@ -102,41 +85,29 @@ int renamepkg(const char *oldpkgname, const char *newpkgname, int encrypted_fs_f
return 0;
}
-int delete_user_data(const char *pkgname, int encrypted_fs_flag)
+int delete_user_data(const char *pkgname)
{
char pkgdir[PKG_PATH_MAX];
- if (encrypted_fs_flag == USE_UNENCRYPTED_FS) {
- if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
- return -1;
- } else {
- if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
- return -1;
- }
+ if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX))
+ return -1;
/* delete contents, excluding "lib", but not the directory itself */
return delete_dir_contents(pkgdir, 0, "lib");
}
-int delete_cache(const char *pkgname, int encrypted_fs_flag)
+int delete_cache(const char *pkgname)
{
char cachedir[PKG_PATH_MAX];
- if (encrypted_fs_flag == USE_UNENCRYPTED_FS) {
- if (create_pkg_path(cachedir, CACHE_DIR_PREFIX, pkgname, CACHE_DIR_POSTFIX))
- return -1;
- } else {
- if (create_pkg_path(cachedir, CACHE_SEC_DIR_PREFIX, pkgname, CACHE_DIR_POSTFIX))
- return -1;
- }
+ if (create_pkg_path(cachedir, CACHE_DIR_PREFIX, pkgname, CACHE_DIR_POSTFIX))
+ return -1;
+
/* delete contents, not the directory, no exceptions */
return delete_dir_contents(cachedir, 0, 0);
}
-/* TODO(oam): depending on use case (ecryptfs or dmcrypt)
- * change implementation
- */
static int disk_free()
{
struct statfs sfs;
@@ -168,39 +139,6 @@ int free_cache(int free_size)
LOGI("free_cache(%d) avail %d\n", free_size, avail);
if (avail >= free_size) return 0;
- /* First try encrypted dir */
- d = opendir(PKG_SEC_DIR_PREFIX);
- if (d == NULL) {
- LOGE("cannot open %s\n", PKG_SEC_DIR_PREFIX);
- } else {
- dfd = dirfd(d);
-
- while ((de = readdir(d))) {
- if (de->d_type != DT_DIR) continue;
- name = de->d_name;
-
- /* always skip "." and ".." */
- if (name[0] == '.') {
- if (name[1] == 0) continue;
- if ((name[1] == '.') && (name[2] == 0)) continue;
- }
-
- subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
- if (subfd < 0) continue;
-
- delete_dir_contents_fd(subfd, "cache");
- close(subfd);
-
- avail = disk_free();
- if (avail >= free_size) {
- closedir(d);
- return 0;
- }
- }
- closedir(d);
- }
-
- /* Next try unencrypted dir... */
d = opendir(PKG_DIR_PREFIX);
if (d == NULL) {
LOGE("cannot open %s\n", PKG_DIR_PREFIX);
@@ -376,7 +314,7 @@ static int calculate_dir_size(int dfd)
int get_size(const char *pkgname, const char *apkpath,
const char *fwdlock_apkpath,
- int *_codesize, int *_datasize, int *_cachesize, int encrypted_fs_flag)
+ int *_codesize, int *_datasize, int *_cachesize)
{
DIR *d;
int dfd;
@@ -411,14 +349,8 @@ int get_size(const char *pkgname, const char *apkpath,
}
}
- if (encrypted_fs_flag == 0) {
- if (create_pkg_path(path, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) {
- goto done;
- }
- } else {
- if (create_pkg_path(path, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) {
- goto done;
- }
+ if (create_pkg_path(path, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) {
+ goto done;
}
d = opendir(path);
diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c
index 882c493..f6ca998 100644
--- a/cmds/installd/installd.c
+++ b/cmds/installd/installd.c
@@ -29,7 +29,7 @@ static int do_ping(char **arg, char reply[REPLY_MAX])
static int do_install(char **arg, char reply[REPLY_MAX])
{
- return install(arg[0], atoi(arg[1]), atoi(arg[2]), atoi(arg[3])); /* pkgname, uid, gid */
+ return install(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */
}
static int do_dexopt(char **arg, char reply[REPLY_MAX])
@@ -50,12 +50,12 @@ static int do_rm_dex(char **arg, char reply[REPLY_MAX])
static int do_remove(char **arg, char reply[REPLY_MAX])
{
- return uninstall(arg[0], atoi(arg[1])); /* pkgname */
+ return uninstall(arg[0]); /* pkgname */
}
static int do_rename(char **arg, char reply[REPLY_MAX])
{
- return renamepkg(arg[0], arg[1], atoi(arg[2])); /* oldpkgname, newpkgname */
+ return renamepkg(arg[0], arg[1]); /* oldpkgname, newpkgname */
}
static int do_free_cache(char **arg, char reply[REPLY_MAX]) /* TODO int:free_size */
@@ -65,7 +65,7 @@ static int do_free_cache(char **arg, char reply[REPLY_MAX]) /* TODO int:free_siz
static int do_rm_cache(char **arg, char reply[REPLY_MAX])
{
- return delete_cache(arg[0], atoi(arg[1])); /* pkgname */
+ return delete_cache(arg[0]); /* pkgname */
}
static int do_protect(char **arg, char reply[REPLY_MAX])
@@ -81,7 +81,7 @@ static int do_get_size(char **arg, char reply[REPLY_MAX])
int res = 0;
/* pkgdir, apkpath */
- res = get_size(arg[0], arg[1], arg[2], &codesize, &datasize, &cachesize, atoi(arg[3]));
+ res = get_size(arg[0], arg[1], arg[2], &codesize, &datasize, &cachesize);
sprintf(reply,"%d %d %d", codesize, datasize, cachesize);
return res;
@@ -89,7 +89,7 @@ static int do_get_size(char **arg, char reply[REPLY_MAX])
static int do_rm_user_data(char **arg, char reply[REPLY_MAX])
{
- return delete_user_data(arg[0], atoi(arg[1])); /* pkgname */
+ return delete_user_data(arg[0]); /* pkgname */
}
static int do_movefiles(char **arg, char reply[REPLY_MAX])
@@ -105,17 +105,17 @@ struct cmdinfo {
struct cmdinfo cmds[] = {
{ "ping", 0, do_ping },
- { "install", 4, do_install },
+ { "install", 3, do_install },
{ "dexopt", 3, do_dexopt },
{ "movedex", 2, do_move_dex },
{ "rmdex", 1, do_rm_dex },
- { "remove", 2, do_remove },
- { "rename", 3, do_rename },
+ { "remove", 1, do_remove },
+ { "rename", 2, do_rename },
{ "freecache", 1, do_free_cache },
- { "rmcache", 2, do_rm_cache },
+ { "rmcache", 1, do_rm_cache },
{ "protect", 2, do_protect },
- { "getsize", 4, do_get_size },
- { "rmuserdata", 2, do_rm_user_data },
+ { "getsize", 3, do_get_size },
+ { "rmuserdata", 1, do_rm_user_data },
{ "movefiles", 0, do_movefiles },
};
diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h
index 8e4adb1..cfcdb98 100644
--- a/cmds/installd/installd.h
+++ b/cmds/installd/installd.h
@@ -48,23 +48,16 @@
/* elements combined with a valid package name to form paths */
#define PKG_DIR_PREFIX "/data/data/"
-#define PKG_SEC_DIR_PREFIX "/data/secure/data/"
#define PKG_DIR_POSTFIX ""
#define PKG_LIB_PREFIX "/data/data/"
-#define PKG_SEC_LIB_PREFIX "/data/secure/data/"
#define PKG_LIB_POSTFIX "/lib"
#define CACHE_DIR_PREFIX "/data/data/"
-#define CACHE_SEC_DIR_PREFIX "/data/secure/data/"
#define CACHE_DIR_POSTFIX "/cache"
#define APK_DIR_PREFIX "/data/app/"
-/* Encrypted File SYstems constants */
-#define USE_ENCRYPTED_FS 1
-#define USE_UNENCRYPTED_FS 0
-
/* other handy constants */
#define PROTECTED_DIR_PREFIX "/data/app-private/"
@@ -96,16 +89,16 @@ int delete_dir_contents_fd(int dfd, const char *name);
/* commands.c */
-int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid);
-int uninstall(const char *pkgname, int encrypted_fs_flag);
-int renamepkg(const char *oldpkgname, const char *newpkgname, int encrypted_fs_flag);
-int delete_user_data(const char *pkgname, int encrypted_fs_flag);
-int delete_cache(const char *pkgname, int encrypted_fs_flag);
+int install(const char *pkgname, uid_t uid, gid_t gid);
+int uninstall(const char *pkgname);
+int renamepkg(const char *oldpkgname, const char *newpkgname);
+int delete_user_data(const char *pkgname);
+int delete_cache(const char *pkgname);
int move_dex(const char *src, const char *dst);
int rm_dex(const char *path);
int protect(char *pkgname, gid_t gid);
int get_size(const char *pkgname, const char *apkpath, const char *fwdlock_apkpath,
- int *codesize, int *datasize, int *cachesize, int encrypted_fs_flag);
+ int *codesize, int *datasize, int *cachesize);
int free_cache(int free_size);
int dexopt(const char *apk_path, uid_t uid, int is_public);
int movefiles();
diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java
index 1d9e0f1..1cd7aa7 100644
--- a/core/java/android/accounts/AccountManagerService.java
+++ b/core/java/android/accounts/AccountManagerService.java
@@ -1483,13 +1483,7 @@ public class AccountManagerService
}
private static String getDatabaseName() {
- if(Environment.isEncryptedFilesystemEnabled()) {
- // Hard-coded path in case of encrypted file system
- return Environment.getSystemSecureDirectory().getPath() + File.separator + DATABASE_NAME;
- } else {
- // Regular path in case of non-encrypted file system
- return DATABASE_NAME;
- }
+ return DATABASE_NAME;
}
private class DatabaseHelper extends SQLiteOpenHelper {
diff --git a/core/java/android/content/SyncStorageEngine.java b/core/java/android/content/SyncStorageEngine.java
index daad95c..6a959ae 100644
--- a/core/java/android/content/SyncStorageEngine.java
+++ b/core/java/android/content/SyncStorageEngine.java
@@ -312,9 +312,7 @@ public class SyncStorageEngine extends Handler {
if (sSyncStorageEngine != null) {
return;
}
- // This call will return the correct directory whether Encrypted File Systems is
- // enabled or not.
- File dataDir = Environment.getSecureDataDirectory();
+ File dataDir = Environment.getDataDirectory();
sSyncStorageEngine = new SyncStorageEngine(context, dataDir);
}
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index ae38af6..480504d 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -249,16 +249,6 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
public static final int FLAG_RESTORE_ANY_VERSION = 1<<17;
/**
- * Value for {@link #flags}: this is true if the application has set
- * its android:neverEncrypt to true, false otherwise. It is used to specify
- * that this package specifically "opts-out" of a secured file system solution,
- * and will always store its data in-the-clear.
- *
- * {@hide}
- */
- public static final int FLAG_NEVER_ENCRYPT = 1<<18;
-
- /**
* Value for {@link #flags}: Set to true if the application has been
* installed using the forward lock option.
*
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index fb52d2e..09a783d 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -1539,12 +1539,6 @@ public class PackageParser {
ai.flags |= ApplicationInfo.FLAG_TEST_ONLY;
}
- if (sa.getBoolean(
- com.android.internal.R.styleable.AndroidManifestApplication_neverEncrypt,
- false)) {
- ai.flags |= ApplicationInfo.FLAG_NEVER_ENCRYPT;
- }
-
String str;
str = sa.getNonConfigurationString(
com.android.internal.R.styleable.AndroidManifestApplication_permission, 0);
diff --git a/core/java/android/os/Environment.java b/core/java/android/os/Environment.java
index a9831aa..eab1627 100644
--- a/core/java/android/os/Environment.java
+++ b/core/java/android/os/Environment.java
@@ -28,8 +28,6 @@ public class Environment {
private static final File ROOT_DIRECTORY
= getDirectory("ANDROID_ROOT", "/system");
- private static final String SYSTEM_PROPERTY_EFS_ENABLED = "persist.security.efs.enabled";
-
private static IMountService mMntSvc = null;
/**
@@ -39,55 +37,9 @@ public class Environment {
return ROOT_DIRECTORY;
}
- /**
- * Gets the system directory available for secure storage.
- * If Encrypted File system is enabled, it returns an encrypted directory (/data/secure/system).
- * Otherwise, it returns the unencrypted /data/system directory.
- * @return File object representing the secure storage system directory.
- * @hide
- */
- public static File getSystemSecureDirectory() {
- if (isEncryptedFilesystemEnabled()) {
- return new File(SECURE_DATA_DIRECTORY, "system");
- } else {
- return new File(DATA_DIRECTORY, "system");
- }
- }
-
- /**
- * Gets the data directory for secure storage.
- * If Encrypted File system is enabled, it returns an encrypted directory (/data/secure).
- * Otherwise, it returns the unencrypted /data directory.
- * @return File object representing the data directory for secure storage.
- * @hide
- */
- public static File getSecureDataDirectory() {
- if (isEncryptedFilesystemEnabled()) {
- return SECURE_DATA_DIRECTORY;
- } else {
- return DATA_DIRECTORY;
- }
- }
-
- /**
- * Returns whether the Encrypted File System feature is enabled on the device or not.
- * @return <code>true</code> if Encrypted File System feature is enabled, <code>false</code>
- * if disabled.
- * @hide
- */
- public static boolean isEncryptedFilesystemEnabled() {
- return SystemProperties.getBoolean(SYSTEM_PROPERTY_EFS_ENABLED, false);
- }
-
private static final File DATA_DIRECTORY
= getDirectory("ANDROID_DATA", "/data");
- /**
- * @hide
- */
- private static final File SECURE_DATA_DIRECTORY
- = getDirectory("ANDROID_SECURE_DATA", "/data/secure");
-
private static final File EXTERNAL_STORAGE_DIRECTORY
= getDirectory("EXTERNAL_STORAGE", "/sdcard");
diff --git a/core/java/android/os/RecoverySystem.java b/core/java/android/os/RecoverySystem.java
index 1b103aa..b3ec114 100644
--- a/core/java/android/os/RecoverySystem.java
+++ b/core/java/android/os/RecoverySystem.java
@@ -352,23 +352,6 @@ public class RecoverySystem {
}
/**
- * Reboot into the recovery system to wipe the /data partition and toggle
- * Encrypted File Systems on/off.
- * @param extras to add to the RECOVERY_COMPLETED intent after rebooting.
- * @throws IOException if something goes wrong.
- *
- * @hide
- */
- public static void rebootToggleEFS(Context context, boolean efsEnabled)
- throws IOException {
- if (efsEnabled) {
- bootCommand(context, "--set_encrypted_filesystem=on");
- } else {
- bootCommand(context, "--set_encrypted_filesystem=off");
- }
- }
-
- /**
* Reboot into the recovery system with the supplied argument.
* @param arg to pass to the recovery utility.
* @throws IOException if something goes wrong.
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index fc5edb3..959a9db 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -79,13 +79,6 @@
by applications. -->
<attr name="allowClearUserData" format="boolean" />
- <!-- Option to let applications specify that user data should
- never be encrypted if an Encrypted File System solution
- is enabled. Specifically, this is an "opt-out" feature, meaning
- that, by default, user data will be encrypted if the EFS feature
- is enabled. -->
- <attr name="neverEncrypt" format="boolean" />
-
<!-- Option to indicate this application is only for testing purposes.
For example, it may expose functionality or data outside of itself
that would cause a security hole, but is useful for testing. This
@@ -719,7 +712,6 @@
<attr name="killAfterRestore" />
<attr name="restoreNeedsApplication" />
<attr name="restoreAnyVersion" />
- <attr name="neverEncrypt" />
</declare-styleable>
<!-- The <code>permission</code> tag declares a security permission that can be
diff --git a/packages/SettingsProvider/AndroidManifest.xml b/packages/SettingsProvider/AndroidManifest.xml
index dd0d064..d057ab7 100644
--- a/packages/SettingsProvider/AndroidManifest.xml
+++ b/packages/SettingsProvider/AndroidManifest.xml
@@ -8,8 +8,6 @@
android:backupAgent="SettingsBackupAgent"
android:killAfterRestore="false"
android:icon="@drawable/ic_launcher_settings">
-
- <!-- todo add: android:neverEncrypt="true" -->
<provider android:name="SettingsProvider" android:authorities="settings"
android:multiprocess="false"
diff --git a/packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java b/packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java
index eeafd5a..5672a01 100644
--- a/packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java
+++ b/packages/VpnServices/src/com/android/server/vpn/VpnServiceBinder.java
@@ -52,11 +52,8 @@ public class VpnServiceBinder extends Service {
// The actual implementation is delegated to the VpnService class.
private VpnService<? extends VpnProfile> mService;
- // TODO(oam): Test VPN when EFS is enabled (will do later)...
private static String getStateFilePath() {
- // This call will return the correcu directory whether Encrypted FS is enabled or not
- // Disabled: /data/misc/vpn/.states Enabled: /data/secure/misc/vpn/.states
- return Environment.getSecureDataDirectory().getPath() + STATES_FILE_RELATIVE_PATH;
+ return Environment.getDataDirectory().getPath() + STATES_FILE_RELATIVE_PATH;
}
private final IBinder mBinder = new IVpnService.Stub() {
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index 7607c74..6c1fa60 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -377,7 +377,7 @@ class BackupManagerService extends IBackupManager.Stub {
Settings.Secure.BACKUP_AUTO_RESTORE, 1) != 0;
// If Encrypted file systems is enabled or disabled, this call will return the
// correct directory.
- mBaseStateDir = new File(Environment.getSecureDataDirectory(), "backup");
+ mBaseStateDir = new File(Environment.getDataDirectory(), "backup");
mBaseStateDir.mkdirs();
mDataDir = Environment.getDownloadCacheDirectory();
diff --git a/services/java/com/android/server/Installer.java b/services/java/com/android/server/Installer.java
index 1f34eba..2eaa58c 100644
--- a/services/java/com/android/server/Installer.java
+++ b/services/java/com/android/server/Installer.java
@@ -166,17 +166,11 @@ class Installer {
}
}
- public int install(String name, boolean useEncryptedFilesystem, int uid, int gid) {
+ public int install(String name, int uid, int gid) {
StringBuilder builder = new StringBuilder("install");
builder.append(' ');
builder.append(name);
builder.append(' ');
- if (useEncryptedFilesystem) {
- builder.append('1');
- } else {
- builder.append('0');
- }
- builder.append(' ');
builder.append(uid);
builder.append(' ');
builder.append(gid);
@@ -209,57 +203,33 @@ class Installer {
return execute(builder.toString());
}
- public int remove(String name, boolean useEncryptedFilesystem) {
+ public int remove(String name) {
StringBuilder builder = new StringBuilder("remove");
builder.append(' ');
builder.append(name);
- builder.append(' ');
- if (useEncryptedFilesystem) {
- builder.append('1');
- } else {
- builder.append('0');
- }
return execute(builder.toString());
}
- public int rename(String oldname, String newname, boolean useEncryptedFilesystem) {
+ public int rename(String oldname, String newname) {
StringBuilder builder = new StringBuilder("rename");
builder.append(' ');
builder.append(oldname);
builder.append(' ');
builder.append(newname);
- builder.append(' ');
- if (useEncryptedFilesystem) {
- builder.append('1');
- } else {
- builder.append('0');
- }
return execute(builder.toString());
}
- public int deleteCacheFiles(String name, boolean useEncryptedFilesystem) {
+ public int deleteCacheFiles(String name) {
StringBuilder builder = new StringBuilder("rmcache");
builder.append(' ');
builder.append(name);
- builder.append(' ');
- if (useEncryptedFilesystem) {
- builder.append('1');
- } else {
- builder.append('0');
- }
return execute(builder.toString());
}
- public int clearUserData(String name, boolean useEncryptedFilesystem) {
+ public int clearUserData(String name) {
StringBuilder builder = new StringBuilder("rmuserdata");
builder.append(' ');
builder.append(name);
- builder.append(' ');
- if (useEncryptedFilesystem) {
- builder.append('1');
- } else {
- builder.append('0');
- }
return execute(builder.toString());
}
@@ -293,7 +263,7 @@ class Installer {
}
public int getSizeInfo(String pkgName, String apkPath,
- String fwdLockApkPath, PackageStats pStats, boolean useEncryptedFilesystem) {
+ String fwdLockApkPath, PackageStats pStats) {
StringBuilder builder = new StringBuilder("getsize");
builder.append(' ');
builder.append(pkgName);
@@ -301,13 +271,6 @@ class Installer {
builder.append(apkPath);
builder.append(' ');
builder.append(fwdLockApkPath != null ? fwdLockApkPath : "!");
- builder.append(' ');
- if (useEncryptedFilesystem) {
- builder.append('1');
- } else {
- builder.append('0');
- }
-
String s = transaction(builder.toString());
String res[] = s.split(" ");
diff --git a/services/java/com/android/server/MasterClearReceiver.java b/services/java/com/android/server/MasterClearReceiver.java
index 4d04cee..27a8a74 100644
--- a/services/java/com/android/server/MasterClearReceiver.java
+++ b/services/java/com/android/server/MasterClearReceiver.java
@@ -39,11 +39,7 @@ public class MasterClearReceiver extends BroadcastReceiver {
try {
Slog.w(TAG, "!!! FACTORY RESET !!!");
- if (intent.hasExtra("enableEFS")) {
- RecoverySystem.rebootToggleEFS(context, intent.getBooleanExtra("enableEFS", false));
- } else {
- RecoverySystem.rebootWipeUserData(context);
- }
+ RecoverySystem.rebootWipeUserData(context);
Log.wtf(TAG, "Still running after master clear?!");
} catch (IOException e) {
Slog.e(TAG, "Can't perform master clear/factory reset", e);
diff --git a/services/java/com/android/server/PackageManagerService.java b/services/java/com/android/server/PackageManagerService.java
index 33a824b..79b012b 100644
--- a/services/java/com/android/server/PackageManagerService.java
+++ b/services/java/com/android/server/PackageManagerService.java
@@ -147,8 +147,6 @@ class PackageManagerService extends IPackageManager.Stub {
private static final boolean GET_CERTIFICATES = true;
- private static final String SYSTEM_PROPERTY_EFS_ENABLED = "persist.security.efs.enabled";
-
private static final int REMOVE_EVENTS =
FileObserver.CLOSE_WRITE | FileObserver.DELETE | FileObserver.MOVED_FROM;
private static final int ADD_EVENTS =
@@ -201,10 +199,6 @@ class PackageManagerService extends IPackageManager.Stub {
// This is where all application persistent data goes.
final File mAppDataDir;
- // If Encrypted File System feature is enabled, all application persistent data
- // should go here instead.
- final File mSecureAppDataDir;
-
// This is the object monitoring the framework dir.
final FileObserver mFrameworkInstallObserver;
@@ -717,7 +711,6 @@ class PackageManagerService extends IPackageManager.Stub {
File dataDir = Environment.getDataDirectory();
mAppDataDir = new File(dataDir, "data");
- mSecureAppDataDir = new File(dataDir, "secure/data");
mDrmAppPrivateInstallDir = new File(dataDir, "app-private");
if (mInstaller == null) {
@@ -727,7 +720,6 @@ class PackageManagerService extends IPackageManager.Stub {
File miscDir = new File(dataDir, "misc");
miscDir.mkdirs();
mAppDataDir.mkdirs();
- mSecureAppDataDir.mkdirs();
mDrmAppPrivateInstallDir.mkdirs();
}
@@ -888,9 +880,7 @@ class PackageManagerService extends IPackageManager.Stub {
+ " no longer exists; wiping its data";
reportSettingsProblem(Log.WARN, msg);
if (mInstaller != null) {
- // XXX how to set useEncryptedFSDir for packages that
- // are not encrypted?
- mInstaller.remove(ps.name, true);
+ mInstaller.remove(ps.name);
}
}
}
@@ -960,8 +950,7 @@ class PackageManagerService extends IPackageManager.Stub {
void cleanupInstallFailedPackage(PackageSetting ps) {
Slog.i(TAG, "Cleaning up incompletely installed app: " + ps.name);
if (mInstaller != null) {
- boolean useSecureFS = useEncryptedFilesystemForPackage(ps.pkg);
- int retCode = mInstaller.remove(ps.name, useSecureFS);
+ int retCode = mInstaller.remove(ps.name);
if (retCode < 0) {
Slog.w(TAG, "Couldn't remove app data directory for package: "
+ ps.name + ", retcode=" + retCode);
@@ -2616,11 +2605,6 @@ class PackageManagerService extends IPackageManager.Stub {
return performed ? DEX_OPT_PERFORMED : DEX_OPT_SKIPPED;
}
-
- private static boolean useEncryptedFilesystemForPackage(PackageParser.Package pkg) {
- return Environment.isEncryptedFilesystemEnabled() &&
- ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_NEVER_ENCRYPT) == 0);
- }
private boolean verifyPackageUpdate(PackageSetting oldPkg, PackageParser.Package newPkg) {
if ((oldPkg.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0) {
@@ -2638,14 +2622,7 @@ class PackageManagerService extends IPackageManager.Stub {
}
private File getDataPathForPackage(PackageParser.Package pkg) {
- boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(pkg);
- File dataPath;
- if (useEncryptedFSDir) {
- dataPath = new File(mSecureAppDataDir, pkg.packageName);
- } else {
- dataPath = new File(mAppDataDir, pkg.packageName);
- }
- return dataPath;
+ return new File(mAppDataDir, pkg.packageName);
}
private PackageParser.Package scanPackageLI(PackageParser.Package pkg,
@@ -2997,7 +2974,6 @@ class PackageManagerService extends IPackageManager.Stub {
pkg.applicationInfo.dataDir = dataPath.getPath();
} else {
// This is a normal package, need to make its data directory.
- boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(pkg);
dataPath = getDataPathForPackage(pkg);
boolean uidError = false;
@@ -3014,7 +2990,7 @@ class PackageManagerService extends IPackageManager.Stub {
// If this is a system app, we can at least delete its
// current data so the application will still work.
if (mInstaller != null) {
- int ret = mInstaller.remove(pkgName, useEncryptedFSDir);
+ int ret = mInstaller.remove(pkgName);
if (ret >= 0) {
// Old data gone!
String msg = "System package " + pkg.packageName
@@ -3025,7 +3001,7 @@ class PackageManagerService extends IPackageManager.Stub {
recovered = true;
// And now re-install the app.
- ret = mInstaller.install(pkgName, useEncryptedFSDir, pkg.applicationInfo.uid,
+ ret = mInstaller.install(pkgName, pkg.applicationInfo.uid,
pkg.applicationInfo.uid);
if (ret == -1) {
// Ack should not happen!
@@ -3065,7 +3041,7 @@ class PackageManagerService extends IPackageManager.Stub {
Log.v(TAG, "Want this data dir: " + dataPath);
//invoke installer to do the actual installation
if (mInstaller != null) {
- int ret = mInstaller.install(pkgName, useEncryptedFSDir, pkg.applicationInfo.uid,
+ int ret = mInstaller.install(pkgName, pkg.applicationInfo.uid,
pkg.applicationInfo.uid);
if(ret < 0) {
// Error from installer
@@ -6030,9 +6006,8 @@ class PackageManagerService extends IPackageManager.Stub {
deletedPs = mSettings.mPackages.get(packageName);
}
if ((flags&PackageManager.DONT_DELETE_DATA) == 0) {
- boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p);
if (mInstaller != null) {
- int retCode = mInstaller.remove(packageName, useEncryptedFSDir);
+ int retCode = mInstaller.remove(packageName);
if (retCode < 0) {
Slog.w(TAG, "Couldn't remove app data or cache directory for package: "
+ packageName + ", retcode=" + retCode);
@@ -6271,7 +6246,6 @@ class PackageManagerService extends IPackageManager.Stub {
p = ps.pkg;
}
}
- boolean useEncryptedFSDir = false;
if(!dataOnly) {
//need to check this only for fully installed applications
@@ -6284,10 +6258,9 @@ class PackageManagerService extends IPackageManager.Stub {
Slog.w(TAG, "Package " + packageName + " has no applicationInfo.");
return false;
}
- useEncryptedFSDir = useEncryptedFilesystemForPackage(p);
}
if (mInstaller != null) {
- int retCode = mInstaller.clearUserData(packageName, useEncryptedFSDir);
+ int retCode = mInstaller.clearUserData(packageName);
if (retCode < 0) {
Slog.w(TAG, "Couldn't remove cache files for package: "
+ packageName);
@@ -6338,9 +6311,8 @@ class PackageManagerService extends IPackageManager.Stub {
Slog.w(TAG, "Package " + packageName + " has no applicationInfo.");
return false;
}
- boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p);
if (mInstaller != null) {
- int retCode = mInstaller.deleteCacheFiles(packageName, useEncryptedFSDir);
+ int retCode = mInstaller.deleteCacheFiles(packageName);
if (retCode < 0) {
Slog.w(TAG, "Couldn't remove cache files for package: "
+ packageName);
@@ -6402,10 +6374,9 @@ class PackageManagerService extends IPackageManager.Stub {
}
publicSrcDir = isForwardLocked(p) ? applicationInfo.publicSourceDir : null;
}
- boolean useEncryptedFSDir = useEncryptedFilesystemForPackage(p);
if (mInstaller != null) {
int res = mInstaller.getSizeInfo(packageName, p.mPath,
- publicSrcDir, pStats, useEncryptedFSDir);
+ publicSrcDir, pStats);
if (res < 0) {
return false;
} else {
@@ -7539,8 +7510,7 @@ class PackageManagerService extends IPackageManager.Stub {
void setFlags(int pkgFlags) {
this.pkgFlags = (pkgFlags & ApplicationInfo.FLAG_SYSTEM) |
(pkgFlags & ApplicationInfo.FLAG_FORWARD_LOCK) |
- (pkgFlags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) |
- (pkgFlags & ApplicationInfo.FLAG_NEVER_ENCRYPT);
+ (pkgFlags & ApplicationInfo.FLAG_EXTERNAL_STORAGE);
}
}
@@ -7798,17 +7768,11 @@ class PackageManagerService extends IPackageManager.Stub {
File dataDir = Environment.getDataDirectory();
File systemDir = new File(dataDir, "system");
// TODO(oam): This secure dir creation needs to be moved somewhere else (later)
- File systemSecureDir = new File(dataDir, "secure/system");
systemDir.mkdirs();
- systemSecureDir.mkdirs();
FileUtils.setPermissions(systemDir.toString(),
FileUtils.S_IRWXU|FileUtils.S_IRWXG
|FileUtils.S_IROTH|FileUtils.S_IXOTH,
-1, -1);
- FileUtils.setPermissions(systemSecureDir.toString(),
- FileUtils.S_IRWXU|FileUtils.S_IRWXG
- |FileUtils.S_IROTH|FileUtils.S_IXOTH,
- -1, -1);
mSettingsFilename = new File(systemDir, "packages.xml");
mBackupSettingsFilename = new File(systemDir, "packages-backup.xml");
mPackageListFilename = new File(systemDir, "packages.list");
diff --git a/vpn/java/android/net/vpn/VpnManager.java b/vpn/java/android/net/vpn/VpnManager.java
index ce40b5d..ce522c8 100644
--- a/vpn/java/android/net/vpn/VpnManager.java
+++ b/vpn/java/android/net/vpn/VpnManager.java
@@ -85,8 +85,7 @@ public class VpnManager {
// TODO(oam): Test VPN when EFS is enabled (will do later)...
public static String getProfilePath() {
- // This call will return the correct path if Encrypted FS is enabled or not.
- return Environment.getSecureDataDirectory().getPath() + PROFILES_PATH;
+ return Environment.getDataDirectory().getPath() + PROFILES_PATH;
}
/**