Enable Work Profile passphrase verify/write with FBE (07b668e3) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/LockSettingsStorage.java

+7 −0

Original line number	Diff line number	Diff line
		@@ -25,6 +25,7 @@ import android.database.Cursor;
		import android.database.sqlite.SQLiteDatabase;
		import android.database.sqlite.SQLiteOpenHelper;
		import android.os.Environment;
		import android.os.SystemProperties;
		import android.os.UserManager;
		import android.util.ArrayMap;
		import android.util.Log;
		@@ -386,6 +387,12 @@ class LockSettingsStorage {
		}

		private int getUserParentOrSelfId(int userId) {
		// Device supports File Based Encryption, and lock is applied per-user
		if ("file".equals(SystemProperties.get("ro.crypto.type", "none"))) {
		return userId;
		}
		// Device uses Block Based Encryption, and the parent user's lock is used for the whole
		// device.
		if (userId != 0) {
		final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE);
		final UserInfo pi = um.getProfileParent(userId);

+4 −1

Original line number	Diff line number	Diff line
		@@ -3700,7 +3700,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return;
		}
		enforceCrossUserPermission(userHandle);
		// Managed Profile password can only be changed when file based encryption is present.
		if (!"file".equals(SystemProperties.get("ro.crypto.type", "none"))) {
		enforceNotManagedProfile(userHandle, "set the active password");
		}

		mContext.enforceCallingOrSelfPermission(
		android.Manifest.permission.BIND_DEVICE_ADMIN, null);