From 32d06732cdb7ee653a58e49a4dab13a780513db5 Mon Sep 17 00:00:00 2001
From: Paul Lawrence <paullawrence@google.com>
Date: Thu, 21 Aug 2014 08:43:41 -0700
Subject: Fix adb backup for encrypted case

New behavior. Backup no longer uses the encryption password. This is in
part because that is hard with patterns, in part because it is a security
issue - the off line backup is much easier to brute force than the phone.

Instead, we simply insist on an encryption password if your device is encrypted
and locked.

Bug: 17159330
Change-Id: Ia22f84722522abf0b569a3ef1e16ead5527c726d
---
 .../res/values/strings.xml                         |  2 ++
 .../backupconfirm/BackupRestoreConfirmation.java   | 28 ++++++++--------------
 2 files changed, 12 insertions(+), 18 deletions(-)

(limited to 'packages/BackupRestoreConfirmation')

diff --git a/packages/BackupRestoreConfirmation/res/values/strings.xml b/packages/BackupRestoreConfirmation/res/values/strings.xml
index 5c90fd0..3fb3fd4 100644
--- a/packages/BackupRestoreConfirmation/res/values/strings.xml
+++ b/packages/BackupRestoreConfirmation/res/values/strings.xml
@@ -44,6 +44,8 @@
     <string name="backup_enc_password_text">Please enter a password to use for encrypting the full backup data. If this is left blank, your current backup password will be used:</string>
     <!-- Text for message to user that they may optionally supply an encryption password to use for a full backup operation. -->
     <string name="backup_enc_password_optional">If you wish to encrypt the full backup data, enter a password below:</string>
+    <!-- Text for message to user that they must supply an encryption password to use for a full backup operation because their phone is locked. -->
+    <string name="backup_enc_password_required">Since your device is encrypted, you are required to encrypt your backup. Please enter a password below:</string>
 
     <!-- Text for message to user when performing a full restore operation, explaining that they must enter the password originally used to encrypt the full backup data. -->
     <string name="restore_enc_password_text">If the restore data is encrypted, please enter the password below:</string>
diff --git a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java
index 82ac8cb..c2bb90c 100644
--- a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java
+++ b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java
@@ -28,6 +28,7 @@ import android.os.Message;
 import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.os.storage.IMountService;
+import android.os.storage.StorageManager;
 import android.util.Log;
 import android.util.Slog;
 import android.view.View;
@@ -182,25 +183,14 @@ public class BackupRestoreConfirmation extends Activity {
         // We vary the password prompt depending on whether one is predefined, and whether
         // the device is encrypted.
         mIsEncrypted = deviceIsEncrypted();
-        if (mIsEncrypted) {
-            Log.d(TAG, "Device is encrypted: requiring encryption pw");
-            TextView pwPrompt = (TextView) findViewById(R.id.password_desc);
-            // this password is mandatory; we hide the other options during backup
-            if (layoutId == R.layout.confirm_backup) {
-                pwPrompt.setText(R.string.device_encryption_backup_text);
-                TextView tv = (TextView) findViewById(R.id.enc_password);
-                tv.setVisibility(View.GONE);
-                tv = (TextView) findViewById(R.id.enc_password_desc);
-                tv.setVisibility(View.GONE);
-            } else {
-                pwPrompt.setText(R.string.device_encryption_restore_text);
-            }
-        } else if (!haveBackupPassword()) {
+        if (!haveBackupPassword()) {
             curPwDesc.setVisibility(View.GONE);
             mCurPassword.setVisibility(View.GONE);
             if (layoutId == R.layout.confirm_backup) {
                 TextView encPwDesc = (TextView) findViewById(R.id.enc_password_desc);
-                encPwDesc.setText(R.string.backup_enc_password_optional);
+                encPwDesc.setText(mIsEncrypted
+                                  ? R.string.backup_enc_password_required
+                                  : R.string.backup_enc_password_optional);
             }
         }
 
@@ -246,8 +236,7 @@ public class BackupRestoreConfirmation extends Activity {
             mDidAcknowledge = true;
 
             try {
-                CharSequence encPassword = (mIsEncrypted)
-                        ? mCurPassword.getText() : mEncPassword.getText();
+                CharSequence encPassword = mEncPassword.getText();
                 mBackupManager.acknowledgeFullBackupOrRestore(mToken,
                         allow,
                         String.valueOf(mCurPassword.getText()),
@@ -261,7 +250,10 @@ public class BackupRestoreConfirmation extends Activity {
 
     boolean deviceIsEncrypted() {
         try {
-            return (mMountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE);
+            return mMountService.getEncryptionState()
+                     != IMountService.ENCRYPTION_STATE_NONE
+                && mMountService.getPasswordType()
+                     != StorageManager.CRYPT_TYPE_DEFAULT;
         } catch (Exception e) {
             // If we can't talk to the mount service we have a serious problem; fail
             // "secure" i.e. assuming that the device is encrypted.
-- 
cgit v1.1