diff options
| author | Christopher Tate <ctate@google.com> | 2011-07-19 16:32:49 -0700 |
|---|---|---|
| committer | Christopher Tate <ctate@google.com> | 2011-07-28 16:01:20 -0700 |
| commit | 2efd2dbbac9eac89620683696c6076463c3a1cd6 (patch) | |
| tree | ca48adf4208daee43a4444a0fdb61fcb939858c5 /packages/BackupRestoreConfirmation/src | |
| parent | b7d95a46dfacf04896d5b084f13bcbe6eab33633 (diff) | |
Support full-backup encryption and global backup password
If the user has supplied a backup password in Settings, that password
is validated during the full backup process and is used as an encryption
key for encoding the backed-up data itself. This is the fundamental
mechanism whereby users can secure their data even against malicious
parties getting physical unlocked access to their device.
Technically the user-supplied password is not used as the encryption
key for the backed-up data itself. What is actually done is that a
random key is generated to use as the raw encryption key. THAT key,
in turn, is encrypted with the user-supplied password (after random
salting and key expansion with PBKDF2). The encrypted master key
and a checksum are stored in the backup header. At restore time,
the user supplies their password, which allows the system to decrypt
the master key, which in turn allows the decryption of the backup
data itself.
The checksum is part of the archive in order to permit validation
of the user-supplied password. The checksum is the result of running
the user-supplied password through PBKDF2 with a randomly selected
salt. At restore time, the proposed password is run through PBKDF2
with the salt described by the archive header. If the result does
not match the archive's stated checksum, then the user has supplied
the wrong decryption password.
Also, suppress backup consideration for a few packages whose
data is either nonexistent or inapplicable across devices or
factory reset operations.
Bug 4901637
Change-Id: Id0cc9d0fdfc046602b129f273d48e23b7a14df36
Diffstat (limited to 'packages/BackupRestoreConfirmation/src')
| -rw-r--r-- | packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java index ed413e693701..fad58b9b3df5 100644 --- a/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java +++ b/packages/BackupRestoreConfirmation/src/com/android/backupconfirm/BackupRestoreConfirmation.java @@ -126,7 +126,7 @@ public class BackupRestoreConfirmation extends Activity { final Intent intent = getIntent(); final String action = intent.getAction(); - int layoutId; + final int layoutId; if (action.equals(FullBackup.FULL_BACKUP_INTENT_ACTION)) { layoutId = R.layout.confirm_backup; } else if (action.equals(FullBackup.FULL_RESTORE_INTENT_ACTION)) { @@ -156,6 +156,20 @@ public class BackupRestoreConfirmation extends Activity { mAllowButton = (Button) findViewById(R.id.button_allow); mDenyButton = (Button) findViewById(R.id.button_deny); + // For full backup, we vary the password prompt text depending on whether one is predefined + if (layoutId == R.layout.confirm_backup) { + TextView pwDesc = (TextView) findViewById(R.id.password_desc); + try { + if (mBackupManager.hasBackupPassword()) { + pwDesc.setText(R.string.backup_password_text); + } else { + pwDesc.setText(R.string.backup_password_optional); + } + } catch (RemoteException e) { + // TODO: bail gracefully + } + } + mAllowButton.setOnClickListener(new View.OnClickListener() { @Override public void onClick(View v) { @@ -188,8 +202,11 @@ public class BackupRestoreConfirmation extends Activity { void sendAcknowledgement(int token, boolean allow, IFullBackupRestoreObserver observer) { if (!mDidAcknowledge) { mDidAcknowledge = true; + try { - mBackupManager.acknowledgeFullBackupOrRestore(mToken, true, mObserver); + TextView pwView = (TextView) findViewById(R.id.password); + mBackupManager.acknowledgeFullBackupOrRestore(mToken, allow, + String.valueOf(pwView.getText()), mObserver); } catch (RemoteException e) { // TODO: bail gracefully if we can't contact the backup manager } |