4 files changed, 75 insertions, 3 deletions

diff --git a/core/java/android/os/storage/IMountService.java b/core/java/android/os/storage/IMountService.java
index fce09dd..8a4bc31 100644
--- a/core/java/android/os/storage/IMountService.java
+++ b/core/java/android/os/storage/IMountService.java
@@ -645,6 +645,24 @@ public interface IMountService extends IInterface {
                 return _result;
             }
 
+            public int encryptWipeStorage(int type, String password) throws RemoteException {
+                Parcel _data = Parcel.obtain();
+                Parcel _reply = Parcel.obtain();
+                int _result;
+                try {
+                    _data.writeInterfaceToken(DESCRIPTOR);
+                    _data.writeInt(type);
+                    _data.writeString(password);
+                    mRemote.transact(Stub.TRANSACTION_encryptWipeStorage, _data, _reply, 0);
+                    _reply.readException();
+                    _result = _reply.readInt();
+                } finally {
+                    _reply.recycle();
+                    _data.recycle();
+                }
+                return _result;
+            }
+
             public int changeEncryptionPassword(int type, String password) throws RemoteException {
                 Parcel _data = Parcel.obtain();
                 Parcel _reply = Parcel.obtain();
@@ -1295,6 +1313,8 @@ public interface IMountService extends IInterface {
         static final int TRANSACTION_benchmark = IBinder.FIRST_CALL_TRANSACTION + 59;
         static final int TRANSACTION_setDebugFlags = IBinder.FIRST_CALL_TRANSACTION + 60;
 
+        static final int TRANSACTION_encryptWipeStorage = IBinder.FIRST_CALL_TRANSACTION + 61;
+
         /**
          * Cast an IBinder object into an IMountService interface, generating a
          * proxy if needed.
@@ -1597,6 +1617,15 @@ public interface IMountService extends IInterface {
                     reply.writeInt(result);
                     return true;
                 }
+                case TRANSACTION_encryptWipeStorage: {
+                    data.enforceInterface(DESCRIPTOR);
+                    int type = data.readInt();
+                    String password = data.readString();
+                    int result = encryptWipeStorage(type, password);
+                    reply.writeNoException();
+                    reply.writeInt(result);
+                    return true;
+                }
                 case TRANSACTION_changeEncryptionPassword: {
                     data.enforceInterface(DESCRIPTOR);
                     int type = data.readInt();
@@ -2016,7 +2045,8 @@ public interface IMountService extends IInterface {
      * Returns whether or not the external storage is emulated.
      */
     public boolean isExternalStorageEmulated() throws RemoteException;
-
+    /** The volume has been encrypted succesfully and MDTP state is 'activated'. */
+    static final int ENCRYPTION_STATE_OK_MDTP_ACTIVATED = 2;
     /** The volume is not encrypted. */
     static final int ENCRYPTION_STATE_NONE = 1;
     /** The volume has been encrypted succesfully. */
@@ -2029,6 +2059,8 @@ public interface IMountService extends IInterface {
     static final int ENCRYPTION_STATE_ERROR_INCONSISTENT = -3;
     /** Underlying data is corrupt */
     static final int ENCRYPTION_STATE_ERROR_CORRUPT = -4;
+    /** The volume is in a bad state and MDTP state is 'activated'.*/
+    static final int ENCRYPTION_STATE_ERROR_MDTP_ACTIVATED = -5;
 
     /**
      * Determines the encryption state of the volume.
@@ -2047,6 +2079,11 @@ public interface IMountService extends IInterface {
     public int encryptStorage(int type, String password) throws RemoteException;
 
     /**
+     * Encrypts and wipes storage.
+     */
+    public int encryptWipeStorage(int type, String password) throws RemoteException;
+
+    /**
      * Changes the encryption password.
      */
     public int changeEncryptionPassword(int type, String password)
diff --git a/include/storage/IMountService.h b/include/storage/IMountService.h
index c3d34d8..b04be8a 100644
--- a/include/storage/IMountService.h
+++ b/include/storage/IMountService.h
@@ -71,6 +71,7 @@ public:
     virtual bool getMountedObbPath(const String16& filename, String16& path) = 0;
     virtual int32_t decryptStorage(const String16& password) = 0;
     virtual int32_t encryptStorage(const String16& password) = 0;
+    virtual int32_t encryptWipeStorage(const String16& password) = 0;
 };
 
 // ----------------------------------------------------------------------------
diff --git a/libs/storage/IMountService.cpp b/libs/storage/IMountService.cpp
index c643ed0..f7379b6 100644
--- a/libs/storage/IMountService.cpp
+++ b/libs/storage/IMountService.cpp
@@ -50,6 +50,7 @@ enum {
     TRANSACTION_isExternalStorageEmulated,
     TRANSACTION_decryptStorage,
     TRANSACTION_encryptStorage,
+    TRANSACTION_encryptWipeStorage = IBinder::FIRST_CALL_TRANSACTION + 61,
 };
 
 class BpMountService: public BpInterface<IMountService>
@@ -551,6 +552,23 @@ public:
         }
         return reply.readInt32();
     }
+
+    int32_t encryptWipeStorage(const String16& password)
+    {
+        Parcel data, reply;
+        data.writeInterfaceToken(IMountService::getInterfaceDescriptor());
+        data.writeString16(password);
+        if (remote()->transact(TRANSACTION_encryptWipeStorage, data, &reply) != NO_ERROR) {
+            ALOGD("encryptWipeStorage could not contact remote\n");
+            return -1;
+        }
+        int32_t err = reply.readExceptionCode();
+        if (err < 0) {
+            ALOGD("encryptWipeStorage caught exception %d\n", err);
+            return err;
+        }
+        return reply.readInt32();
+    }
 };
 
 IMPLEMENT_META_INTERFACE(MountService, "IMountService")
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index 2b12054..620bc29 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -2394,7 +2394,7 @@ class MountService extends IMountService.Stub
         }
     }
 
-    public int encryptStorage(int type, String password) {
+    private int encryptStorageExtended(int type, String password, boolean wipe) {
         if (TextUtils.isEmpty(password) && type != StorageManager.CRYPT_TYPE_DEFAULT) {
             throw new IllegalArgumentException("password cannot be empty");
         }
@@ -2409,7 +2409,7 @@ class MountService extends IMountService.Stub
         }
 
         try {
-            mCryptConnector.execute("cryptfs", "enablecrypto", "inplace", CRYPTO_TYPES[type],
+            mCryptConnector.execute("cryptfs", "enablecrypto", wipe ? "wipe" : "inplace", CRYPTO_TYPES[type],
                                new SensitiveArg(password));
         } catch (NativeDaemonConnectorException e) {
             // Encryption failed
@@ -2419,6 +2419,22 @@ class MountService extends IMountService.Stub
         return 0;
     }
 
+    /** Encrypt Storage given a password.
+     *  @param type The password type.
+     *  @param password The password to be used in encryption.
+     */
+    public int encryptStorage(int type, String password) {
+        return encryptStorageExtended(type, password, false);
+    }
+
+    /** Encrypt Storage given a password after wiping it.
+     *  @param type The password type.
+     *  @param password The password to be used in encryption.
+     */
+    public int encryptWipeStorage(int type, String password) {
+        return encryptStorageExtended(type, password, true);
+    }
+
     /** Set the password for encrypting the master key.
      *  @param type One of the CRYPTO_TYPE_XXX consts defined in StorageManager.
      *  @param password The password to set.