Use the correct method to check if device is encrypted

DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.

Check if the device is encrypted by some means, instead.

Also fix a SecurityException when Device Admin queries encryption state
(recent regression)

Bug: 17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea

diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 9a1c9fc..412b4d2 100644 (file)
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -728,12 +728,9 @@ public class LockPatternUtils {
 
     /** Update the encryption password if it is enabled **/
     private void updateEncryptionPassword(final int type, final String password) {
-        DevicePolicyManager dpm = getDevicePolicyManager();
-        if (dpm.getStorageEncryptionStatus(getCurrentOrCallingUserId())
-                != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) {
+        if (!isDeviceEncryptionEnabled()) {
             return;
         }
-
         final IBinder service = ServiceManager.getService("mount");
         if (service == null) {
             Log.e(TAG, "Could not find the mount service to update the encryption password");

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index fc5c053..fe4b7b9 100644 (file)
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3390,9 +3390,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     private int getEncryptionStatus() {
         String status = SystemProperties.get("ro.crypto.state", "unsupported");
         if ("encrypted".equalsIgnoreCase(status)) {
-            return LockPatternUtils.isDeviceEncrypted()
-                    ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
-                    : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
+            final long token = Binder.clearCallingIdentity();
+            try {
+                return LockPatternUtils.isDeviceEncrypted()
+                        ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
+                        : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
+            } finally {
+                Binder.restoreCallingIdentity(token);
+            }
         } else if ("unencrypted".equalsIgnoreCase(status)) {
             return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
         } else {