commit 83b559ced41c1be0d7a65ba99e179efd79d8d257
author Jeff Sharkey <jsharkey@android.com> Tue Sep 12 16:30:52 2017 -0600
committer Jeff Sharkey <jsharkey@android.com> Tue Sep 12 17:24:06 2017 -0600
tree c3123b6c885d67c054b33267b5a8f902b13afba2
parent ec4fda24593e758029504e1be4bba4cbc6668160

Move all crypto commands over to Binder.

Prefix FDE related commands with "fde" to make it clear which devices
they apply to.  This will also make it easier to remove once FDE
is fully deprecated in a future release.

To emulate the single-threaded nature of the old socket, introduce a
lock that is acquired for all encryption related methods.

Sprinkle some "const" around older files to make C++ happy.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I0a6ec6e3660bbddc61424c344ff6ac6da953ccf0

binder/android/os/IVold.aidl

diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index d945357..e8a8f2a 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -50,6 +50,49 @@
     FileDescriptor mountAppFuse(int uid, int pid, int mountId);
     void unmountAppFuse(int uid, int pid, int mountId);
 
+    void fdeCheckPassword(@utf8InCpp String password);
+    void fdeRestart();
+    int fdeComplete();
+    void fdeEnable(int passwordType, @utf8InCpp String password, int encryptionFlags);
+    void fdeChangePassword(int passwordType, @utf8InCpp String password);
+    void fdeVerifyPassword(@utf8InCpp String password);
+    @utf8InCpp String fdeGetField(@utf8InCpp String key);
+    void fdeSetField(@utf8InCpp String key, @utf8InCpp String value);
+    int fdeGetPasswordType();
+    @utf8InCpp String fdeGetPassword();
+    void fdeClearPassword();
+
+    void fbeEnable();
+
+    void mountDefaultEncrypted();
+    void initUser0();
+    boolean isConvertibleToFbe();
+
+    void createUserKey(int userId, int userSerial, boolean ephemeral);
+    void destroyUserKey(int userId);
+
+    void addUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+    void fixateNewestUserKeyAuth(int userId);
+
+    void unlockUserKey(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+    void lockUserKey(int userId);
+
+    void prepareUserStorage(@nullable @utf8InCpp String uuid, int userId, int userSerial, int storageFlags);
+    void destroyUserStorage(@nullable @utf8InCpp String uuid, int userId, int storageFlags);
+
+    void secdiscard(@utf8InCpp String path);
+
+    const int ENCRYPTION_FLAG_WIPE = 1;
+    const int ENCRYPTION_FLAG_IN_PLACE = 2;
+    const int ENCRYPTION_FLAG_NO_UI = 4;
+
+    const int ENCRYPTION_STATE_NONE = 1;
+    const int ENCRYPTION_STATE_OK = 0;
+    const int ENCRYPTION_STATE_ERROR_UNKNOWN = -1;
+    const int ENCRYPTION_STATE_ERROR_INCOMPLETE = -2;
+    const int ENCRYPTION_STATE_ERROR_INCONSISTENT = -3;
+    const int ENCRYPTION_STATE_ERROR_CORRUPT = -4;
+
     const int FSTRIM_FLAG_DEEP_TRIM = 1;
     const int FSTRIM_FLAG_BENCHMARK_AFTER = 2;
 
@@ -60,6 +103,14 @@
     const int PARTITION_TYPE_PRIVATE = 1;
     const int PARTITION_TYPE_MIXED = 2;
 
+    const int PASSWORD_TYPE_PASSWORD = 0;
+    const int PASSWORD_TYPE_DEFAULT = 1;
+    const int PASSWORD_TYPE_PIN = 2;
+    const int PASSWORD_TYPE_PATTERN = 3;
+
+    const int STORAGE_FLAG_DE = 1;
+    const int STORAGE_FLAG_CE = 2;
+
     const int REMOUNT_MODE_NONE = 0;
     const int REMOUNT_MODE_DEFAULT = 1;
     const int REMOUNT_MODE_READ = 2;