Do not allow DPM.resetPassword() when child profile exists or user is locked

     * <em>Note: This API has been limited as of {@link android.os.Build.VERSION_CODES#N} for

     * device admins that are not device owner and not profile owner.

     * The password can now only be changed if there is currently no password set.  Device owner

     * and profile owner can still do this.</em>

     * and profile owner can still do this when user is unlocked and does not have a managed

     * profile.</em>

     * <p>

     * The given password must be sufficient for the current password quality and length constraints

     * as returned by {@link #getPasswordQuality(ComponentName)} and

     *         current constraints or if the user has not been decrypted yet.

     * @throws SecurityException if the calling application does not own an active administrator

     *             that uses {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD}

     * @throws IllegalStateException if the calling user is locked or has a managed profile.

     */

    public boolean resetPassword(String password, int flags) {

        throwIfParentInstance("resetPassword");

            // If caller has PO (or DO) it can change the password, so see if that's the case first.

            ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked(

                    null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid);

            final boolean preN = getTargetSdk(admin.info.getPackageName(),

                    userHandle) <= android.os.Build.VERSION_CODES.M;

            if (admin == null) {

                // Otherwise, make sure the caller has any active admin with the right policy.

                admin = getActiveAdminForCallerLocked(null,

                        DeviceAdminInfo.USES_POLICY_RESET_PASSWORD);

                final boolean preN = getTargetSdk(admin.info.getPackageName(), userHandle)

                        <= android.os.Build.VERSION_CODES.M;

                // As of N, password resetting to empty/null is not allowed anymore.

                // TODO Should we allow DO/PO to set an empty password?

                if (TextUtils.isEmpty(password)) {

                    }

                }

            }

            // Do not allow to reset password when current user has a managed profile

            if (!isManagedProfile(userHandle)) {

                for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) {

                    if (userInfo.isManagedProfile()) {

                        if (!preN) {

                            throw new IllegalStateException(

                                    "Cannot reset password on user has managed profile");

                        } else {

                            Slog.e(LOG_TAG, "Cannot reset password on user has managed profile");

                            return false;

                        }

                    }

                }

            }

            // Do not allow to reset password when user is locked

            if (!mUserManager.isUserUnlocked(userHandle)) {

                if (!preN) {

                    throw new IllegalStateException("Cannot reset password when user is locked");

                } else {

                    Slog.e(LOG_TAG, "Cannot reset password when user is locked");

                    return false;

                }

            }

            quality = getPasswordQuality(null, userHandle, /* parent */ false);

            if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) {

                quality = DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;