fix: handle SIM PIN decryption on devices without FBE support

* Although, Android 13 removed support for full-disk encryption entirely, we shouldn't assume that all legacy devices will upgrade to file-based encryption. * The following patch set will fix decryption of the PIN storage during Direct Boot mode on devices without "fileencryption=" clause present in their fstab file. The DevicePolicyManager will return unsupported encryption status for those devices, so the UserAuthenticationObserverService should be started, otherwise we'll mark all SIM PIN codes as corrupted since we attempt to start decryption before the hardware-backed KeyStore was unlocked. Signed-off-by: iusmac <[email protected]>
iusmac · Jun 24, 2024 · 6cb9afa · 6cb9afa
1 parent 3a36fdc
commit 6cb9afa
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/src/com/github/iusmac/sevensim/SystemBroadcastReceiver.java b/src/com/github/iusmac/sevensim/SystemBroadcastReceiver.java
@@ -57,9 +57,6 @@ public void onReceive(final Context context, final Intent intent) {
                 // This also ensures proper app backup data restore
                 mLauncherIconVisibilityManagerProvider.get().updateVisibility();
 
-                final int encryptionStatus = Utils.IS_AT_LEAST_T ? -1 :
-                    mDevicePolicyManagerProvider.get().getStorageEncryptionStatus();
-
                 // Need to reschedule the next weekly repeat schedule processing iteration again, as
                 // it was already done during Direct Boot mode when the LOCKED_BOOT_COMPLETED event
                 // fired, but the scheduler did not have access to the SIM PIN storage, which is
@@ -69,7 +66,7 @@ public void onReceive(final Context context, final Intent intent) {
                 // is delivered right after the LOCKED_BOOT_COMPLETED event and the user is still
                 // locked. Thus, we need to wait for the user to unlock the device in order to
                 // access the user authentication bound secret key
-                switch (encryptionStatus) {
+                switch (mDevicePolicyManagerProvider.get().getStorageEncryptionStatus()) {
                     case DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED:
                     case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
                     case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY: