Move all crypto commands over to Binder.
Prefix FDE related commands with "fde" to make it clear which devices
they apply to. This will also make it easier to remove once FDE
is fully deprecated in a future release.
To emulate the single-threaded nature of the old socket, introduce a
lock that is acquired for all encryption related methods.
Sprinkle some "const" around older files to make C++ happy.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I0a6ec6e3660bbddc61424c344ff6ac6da953ccf0
diff --git a/VoldNativeService.h b/VoldNativeService.h
index f412bfc..50244d2 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -63,6 +63,44 @@
binder::Status mountAppFuse(int32_t uid, int32_t pid, int32_t mountId,
android::base::unique_fd* _aidl_return);
binder::Status unmountAppFuse(int32_t uid, int32_t pid, int32_t mountId);
+
+ binder::Status fdeCheckPassword(const std::string& password);
+ binder::Status fdeRestart();
+ binder::Status fdeComplete(int32_t* _aidl_return);
+ binder::Status fdeEnable(int32_t passwordType,
+ const std::string& password, int32_t encryptionFlags);
+ binder::Status fdeChangePassword(int32_t passwordType,
+ const std::string& password);
+ binder::Status fdeVerifyPassword(const std::string& password);
+ binder::Status fdeGetField(const std::string& key, std::string* _aidl_return);
+ binder::Status fdeSetField(const std::string& key, const std::string& value);
+ binder::Status fdeGetPasswordType(int32_t* _aidl_return);
+ binder::Status fdeGetPassword(std::string* _aidl_return);
+ binder::Status fdeClearPassword();
+
+ binder::Status fbeEnable();
+
+ binder::Status mountDefaultEncrypted();
+ binder::Status initUser0();
+ binder::Status isConvertibleToFbe(bool* _aidl_return);
+
+ binder::Status createUserKey(int32_t userId, int32_t userSerial, bool ephemeral);
+ binder::Status destroyUserKey(int32_t userId);
+
+ binder::Status addUserKeyAuth(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret);
+ binder::Status fixateNewestUserKeyAuth(int32_t userId);
+
+ binder::Status unlockUserKey(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret);
+ binder::Status lockUserKey(int32_t userId);
+
+ binder::Status prepareUserStorage(const std::unique_ptr<std::string>& uuid,
+ int32_t userId, int32_t userSerial, int32_t flags);
+ binder::Status destroyUserStorage(const std::unique_ptr<std::string>& uuid,
+ int32_t userId, int32_t flags);
+
+ binder::Status secdiscard(const std::string& path);
};
} // namespace vold