Apps on SD card.
Added support for retrieving and generating keys as Hex Strings.
Using keys to mount encrypted FS.
diff --git a/keystore/tests/src/android/security/SystemKeyStoreTest.java b/keystore/tests/src/android/security/SystemKeyStoreTest.java
index bbeceeb7..a9e2687 100644
--- a/keystore/tests/src/android/security/SystemKeyStoreTest.java
+++ b/keystore/tests/src/android/security/SystemKeyStoreTest.java
@@ -60,7 +60,7 @@
public void testBasicAccess() throws Exception {
try {
- byte[] newKey = mSysKeyStore.generateNewKey(128, "AES", keyName);
+ byte[] newKey = mSysKeyStore.generateNewKey(128, "Blowfish", keyName);
assertNotNull(newKey);
byte[] recKey = mSysKeyStore.retrieveKey(keyName);
assertEquals(newKey.length, recKey.length);
diff --git a/services/java/com/android/server/PackageManagerService.java b/services/java/com/android/server/PackageManagerService.java
index 170477f..65dc266 100644
--- a/services/java/com/android/server/PackageManagerService.java
+++ b/services/java/com/android/server/PackageManagerService.java
@@ -75,6 +75,7 @@
import android.os.ServiceManager;
import android.os.SystemClock;
import android.os.SystemProperties;
+import android.security.SystemKeyStore;
import android.util.*;
import android.view.Display;
import android.view.WindowManager;
@@ -89,6 +90,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
+import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -7439,7 +7441,8 @@
// ------- apps on sdcard specific code -------
static final boolean DEBUG_SD_INSTALL = false;
- final private String mSdEncryptKey = "none";
+ final private String mSdEncryptKey = "AppsOnSD";
+ final private String mSdEncryptAlg = "Blowfish";
private MountService getMountService() {
return (MountService) ServiceManager.getService("mount");
@@ -7457,10 +7460,25 @@
String cachePath = null;
// Remove any pending destroy messages
mHandler.removeMessages(DESTROY_SD_CONTAINER, pkgName);
+ String sdEncKey;
+ try {
+ sdEncKey = SystemKeyStore.getInstance().retrieveKeyHexString(mSdEncryptKey);
+ if (sdEncKey == null) {
+ sdEncKey = SystemKeyStore.getInstance().
+ generateNewKeyHexString(128, mSdEncryptAlg, mSdEncryptKey);
+ if (sdEncKey == null) {
+ Log.e(TAG, "Failed to create encryption keys for package: " + pkgName + ".");
+ return null;
+ }
+ }
+ } catch (NoSuchAlgorithmException nsae) {
+ Log.e(TAG, "Failed to create encryption keys with exception: " + nsae);
+ return null;
+ }
try {
cachePath = mountService.createSecureContainer(pkgName,
mbLen,
- "vfat", mSdEncryptKey, Process.SYSTEM_UID);
+ "vfat", sdEncKey, Process.SYSTEM_UID);
if (DEBUG_SD_INSTALL) Log.i(TAG, "Trying to install " + pkgName + ", cachePath =" + cachePath);
return cachePath;
} catch(IllegalStateException e) {
@@ -7477,7 +7495,7 @@
try {
cachePath = mountService.createSecureContainer(pkgName,
mbLen,
- "vfat", mSdEncryptKey, Process.SYSTEM_UID);
+ "vfat", sdEncKey, Process.SYSTEM_UID);
if (DEBUG_SD_INSTALL) Log.i(TAG, "Trying to install again " + pkgName + ", cachePath =" + cachePath);
return cachePath;
} catch(IllegalStateException e) {
@@ -7487,8 +7505,13 @@
}
private String mountSdDir(String pkgName, int ownerUid) {
+ String sdEncKey = SystemKeyStore.getInstance().retrieveKeyHexString(mSdEncryptKey);
+ if (sdEncKey == null) {
+ Log.e(TAG, "Failed to retrieve encryption keys to mount package code: " + pkgName + ".");
+ return null;
+ }
try {
- return getMountService().mountSecureContainer(pkgName, mSdEncryptKey, ownerUid);
+ return getMountService().mountSecureContainer(pkgName, sdEncKey, ownerUid);
} catch (IllegalStateException e) {
Log.i(TAG, "Failed to mount container for pkg : " + pkgName + " exception : " + e);
}