@Override
public Context createDeviceEncryptedStorageContext() {
- if (!StorageManager.isFileBasedEncryptionEnabled()) {
- return null;
- }
-
final int flags = (mFlags & ~Context.CONTEXT_CREDENTIAL_ENCRYPTED_STORAGE)
| Context.CONTEXT_DEVICE_ENCRYPTED_STORAGE;
return new ContextImpl(this, mMainThread, mPackageInfo, mActivityToken,
* Because device-encrypted data is available before user authentication,
* you should carefully consider what data you store using this Context.
* <p>
+ * If the underlying device does not have the ability to store
+ * device-encrypted and credential-encrypted data using different keys, then
+ * both storage areas will become available at the same time. They remain
+ * two distinct storage areas, and only the window of availability changes.
+ * <p>
* Each call to this method returns a new instance of a Context object;
* Context objects are not shared, however common state (ClassLoader, other
* Resources for the same configuration) may be so the Context itself can be
* fairly lightweight.
*
- * @return new Context or {@code null} if device-encrypted storage is not
- * supported or available on this device.
* @see #isDeviceEncryptedStorage()
*/
public abstract Context createDeviceEncryptedStorageContext();
* <em>only after</em> the user has entered their credentials (such as a
* lock pattern or PIN).
* <p>
+ * If the underlying device does not have the ability to store
+ * device-encrypted and credential-encrypted data using different keys, then
+ * both storage areas will become available at the same time. They remain
+ * two distinct storage areas, and only the window of availability changes.
+ * <p>
* Each call to this method returns a new instance of a Context object;
* Context objects are not shared, however common state (ClassLoader, other
* Resources for the same configuration) may be so the Context itself can be
OSDN Git Service
