设置-安全-手机加密功能讲解
设置-安全-手机加密功能讲解
|
加密 手机上的所有数据,包括 Google 帐户、应用数据、音乐和其他媒体信息、已下载的信息等。如果执行了加密操作,您每次开机时都必须输入数字 PIN 或密码。
请注意,上述 PIN 或密码与您在未加密状态下解锁手机时所用的相同,无法单独设置。
警告
如果您的手机遭窃,加密可提供额外保护,某些组织可能要求或建议使用加密。在启用加密前,请先咨询您的系统管理员。很多情况下,您设置的加密 PIN 或密码是由系统管理员控制的。
在启用加密前,请做好以下准备:
(1) 设置锁定屏幕 PIN 或密码。
(2) 为电池充电。
(3) 为手机插上电源。
(4) 安排一个小时或更长时间进行加密过程,切勿中断此过程,否则会丢失部分或全部数据。
准备好启用加密后,请执行以下操作:
(1) 在主屏幕或 “ 所有应用 ” 屏幕中,触摸 “ 设置 ” 图标 。
个人 > 安全 > 加密 > 加密手机 。
(3) 请仔细阅读关于加密的信息。
加密手机
警告
加密手机
继续
加密手机
此时加密过程开始,屏幕上会显示其进度。加密过程可能需要一个小时或更长时间,在此期间,您的手机可能会多次重新启动。
加密完成后,系统会提示您输入 PIN 或密码。
以后,您每次开机时都需要输入 PIN 或密码才能解密。
2 、重置手机后,用户需要重新输入首次设置手机时需要输入的相同信息。如果用户一直是将数据备份到 Google 帐户的,则可通过设置过程中的某个选项恢复这些数据。
|
代码的解析:
一、加密的几种状态
http://osxr.org/android/source/frameworks/base/core/java/android/app/admin/DevicePolicyManager.java#1142
1117 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
1118 * indicating that encryption is not supported.
1119 */
1120 public static final int ENCRYPTION_STATUS_UNSUPPORTED = 0;
1122 /**
1123 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
1124 * indicating that encryption is supported, but is not currently active.
1125 */
1126 public static final int ENCRYPTION_STATUS_INACTIVE = 1;
1128 /**
1129 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
1130 * indicating that encryption is not currently active, but is currently
1131 * being activated. This is only reported by devices that support
1132 * encryption of data and only when the storage is currently
1133 * undergoing a process of becoming encrypted. A device that must reboot and/or wipe data
1134 * to become encrypted will never return this value.
1135 */
1136 public static final int ENCRYPTION_STATUS_ACTIVATING = 2;
1138 /**
1139 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}:
1140 * indicating that encryption is active.
1141 */
1142 public static final int ENCRYPTION_STATUS_ACTIVE = 3;
二 、service的调用
http://osxr.org/android/source/frameworks/base/services/java/com/android/server/DevicePolicyManagerService.java#2029
2023 /**
2024 * Hook to low-levels: Reporting the current status of encryption.
2025 * @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED} or
2026 * {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE} or
2027 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}.
2028 */
2029 private int getEncryptionStatus() {
2030 String status = SystemProperties.get("ro.crypto.state", "unsupported");
2031 if ("encrypted".equalsIgnoreCase(status)) {
2032 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
2033 } else if ("unencrypted".equalsIgnoreCase(status)) {
2034 return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
2035 } else {
2036 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
2037 }
2038 }
2039
三、最后调用
http://osxr.org/android/source/frameworks/base/services/java/com/android/server/DevicePolicyManagerService.java#2029
2005 /**
2006 * Get the current encryption status of the device.
2007 */
2008 public int getStorageEncryptionStatus() {
2009 return getEncryptionStatus();
2010 }
四、settings的使用(一)
http://osxr.org/android/source/packages/apps/Settings/src/com/android/settings/SecuritySettings.java#0145
0140 // Add options for device encryption
0141 DevicePolicyManager dpm =
0142 (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
0144 if (UserId.myUserId() == 0) {
0145 switch (dpm.getStorageEncryptionStatus()) {
0146 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE:
0147 // The device is currently encrypted.
0148 addPreferencesFromResource(R.xml.security_settings_encrypted);
0149 break;
0150 case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
0151 // This device supports encryption but isn't encrypted.
0152 addPreferencesFromResource(R.xml.security_settings_unencrypted);
0153 break;
0154 }
0155 }
四、setting的使用(二)
0017 package com.android.settings;
0019 import android.app.Activity;
0020 import android.app.Fragment;
0021 import android.app.StatusBarManager;
0022 import android.content.Context;
0023 import android.content.Intent;
0024 import android.os.Bundle;
0025 import android.os.Handler;
0026 import android.os.IBinder;
0027 import android.os.ServiceManager;
0028 import android.os.storage.IMountService;
0029 import android.util.Log;
0030 import android.view.LayoutInflater;
0031 import android.view.View;
0032 import android.view.ViewGroup;
0033 import android.widget.Button;
0035 public class CryptKeeperConfirm extends Fragment {
0037 public static class Blank extends Activity {
0038 private Handler mHandler = new Handler();
0040 @Override
0041 public void onCreate(Bundle savedInstanceState) {
0042 super.onCreate(savedInstanceState);
0044 setContentView(R.layout.crypt_keeper_blank);
0046 if (Utils.isMonkeyRunning()) {
0047 finish();
0048 }
0050 StatusBarManager sbm = (StatusBarManager) getSystemService(Context.STATUS_BAR_SERVICE);
0051 sbm.disable(StatusBarManager.DISABLE_EXPAND
0052 | StatusBarManager.DISABLE_NOTIFICATION_ICONS
0053 | StatusBarManager.DISABLE_NOTIFICATION_ALERTS
0054 | StatusBarManager.DISABLE_SYSTEM_INFO
0055 | StatusBarManager.DISABLE_HOME
0056 | StatusBarManager.DISABLE_RECENT
0057 | StatusBarManager.DISABLE_BACK);
0059 // Post a delayed message in 700 milliseconds to enable encryption.
0060 // NOTE: The animation on this activity is set for 500 milliseconds
0061 // I am giving it a little extra time to complete.
0062 mHandler.postDelayed(new Runnable() {
0063 public void run() {
0064 IBinder service = ServiceManager.getService("mount");
0065 if (service == null) {
0066 Log.e("CryptKeeper", "Failed to find the mount service");
0067 finish();
0068 return;
0069 }
0071 IMountService mountService = IMountService.Stub.asInterface(service);
0072 try {
0073 Bundle args = getIntent().getExtras();
0074 mountService.encryptStorage(args.getString("password"));
0075 } catch (Exception e) {
0076 Log.e("CryptKeeper", "Error while encrypting...", e);
0077 }
0078 }
0079 }, 700);
0080 }
0081 }
0083 private View mContentView;
0084 private Button mFinalButton;
0085 private Button.OnClickListener mFinalClickListener = new Button.OnClickListener() {
0087 public void onClick(View v) {
0088 if (Utils.isMonkeyRunning()) {
0089 return;
0090 }
0092 Intent intent = new Intent(getActivity(), Blank.class);
0093 intent.putExtras(getArguments());
0095 startActivity(intent);
0096 }
0097 };
0099 private void establishFinalConfirmationState() {
0100 mFinalButton = (Button) mContentView.findViewById(R.id.execute_encrypt);
0101 mFinalButton.setOnClickListener(mFinalClickListener);
0102 }
0104 @Override
0105 public View onCreateView(LayoutInflater inflater, ViewGroup container,
0106 Bundle savedInstanceState) {
0107 mContentView = inflater.inflate(R.layout.crypt_keeper_confirm, null);
0108 establishFinalConfirmationState();
0109 return mContentView;
0110 }
0111 }
<string name="crypt_keeper_desc" product="tablet" msgid="3839235202103924154">"您可以加密自己的帐户、设置、已下载的应用及其数据、媒体和其他文件。加密平板电脑后,您每次开机时都需要输入数字 PIN 或密码才能解密。取消加密的唯一方法就是恢复出厂设置,但这会清除平板电脑上的所有数据。"\n\n"加密过程需要 1 小时或更长时间。在开始加密前,电池必须有电,并且在加密完成前必须一直连接电源。如果您中断加密过程,则会丢失部分或全部数据。"</string>
<string name="crypt_keeper_button_text" product="default" msgid="2008346408473255519">"加密手机"</string>
五、encryptStorage的来源
http://osxr.org/android/source/frameworks/base/core/java/android/os/storage/IMountService.java#0628
public int encryptStorage(String password) throws RemoteException {
0629 Parcel _data = Parcel.obtain();
0630 Parcel _reply = Parcel.obtain();
0631 int _result;
0632 try {
0633 _data.writeInterfaceToken(DESCRIPTOR);
0634 _data.writeString(password);
0635 mRemote.transact(Stub.TRANSACTION_encryptStorage, _data, _reply, 0);
0636 _reply.readException();
0637 _result = _reply.readInt();
0638 } finally {
0639 _reply.recycle();
0640 _data.recycle();
0641 }
0642 return _result;
0643 }
0644
针对手机加密之后,不插SD卡,SHARED宏开启 是无法进行OTA升级的。所以对系统进行了优化,在检测到手机加密状态之后,把升级包copy到cache目录下面,然后进行升级。
主要是在framework/base/.../os/ RecoverySystem.java
在调用installpackage(context,filepackage)里面进行 处理
判断,删除Cache,复制文件。
