DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.
Check if the device is encrypted by some means, instead.
Also fix a SecurityException when Device Admin queries encryption state
(recent regression)
Bug:
17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
/** Update the encryption password if it is enabled **/
private void updateEncryptionPassword(final int type, final String password) {
/** Update the encryption password if it is enabled **/
private void updateEncryptionPassword(final int type, final String password) {
- DevicePolicyManager dpm = getDevicePolicyManager();
- if (dpm.getStorageEncryptionStatus(getCurrentOrCallingUserId())
- != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) {
+ if (!isDeviceEncryptionEnabled()) {
final IBinder service = ServiceManager.getService("mount");
if (service == null) {
Log.e(TAG, "Could not find the mount service to update the encryption password");
final IBinder service = ServiceManager.getService("mount");
if (service == null) {
Log.e(TAG, "Could not find the mount service to update the encryption password");
private int getEncryptionStatus() {
String status = SystemProperties.get("ro.crypto.state", "unsupported");
if ("encrypted".equalsIgnoreCase(status)) {
private int getEncryptionStatus() {
String status = SystemProperties.get("ro.crypto.state", "unsupported");
if ("encrypted".equalsIgnoreCase(status)) {
- return LockPatternUtils.isDeviceEncrypted()
- ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
- : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
+ final long token = Binder.clearCallingIdentity();
+ try {
+ return LockPatternUtils.isDeviceEncrypted()
+ ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
+ : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
+ } finally {
+ Binder.restoreCallingIdentity(token);
+ }
} else if ("unencrypted".equalsIgnoreCase(status)) {
return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
} else {
} else if ("unencrypted".equalsIgnoreCase(status)) {
return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
} else {