Clear the password reset token when the device owner is removed. (6322093f) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+4 −0

Original line number	Original line	Diff line number	Diff line
	@@ -8008,6 +8008,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	"clearDeviceOwner can only be called by the device owner");		"clearDeviceOwner can only be called by the device owner");
	}		}
	enforceUserUnlocked(deviceOwnerUserId);		enforceUserUnlocked(deviceOwnerUserId);
			DevicePolicyData policy = getUserData(deviceOwnerUserId);
			if (policy.mPasswordTokenHandle != 0) {
			mLockPatternUtils.removeEscrowToken(policy.mPasswordTokenHandle, deviceOwnerUserId);
			}

	final ActiveAdmin admin = getDeviceOwnerAdminLocked();		final ActiveAdmin admin = getDeviceOwnerAdminLocked();
	long ident = mInjector.binderClearCallingIdentity();		long ident = mInjector.binderClearCallingIdentity();

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

+39 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1212,6 +1212,45 @@ public class DevicePolicyManagerTest extends DpmTestBase {
	assertTrue(dpm.isDeviceManaged());		assertTrue(dpm.isDeviceManaged());
	}		}

			/**
			* Test for: {@link DevicePolicyManager#clearDeviceOwnerApp(String)}
			*
			* Validates that when the device owner is removed, the reset password token is cleared
			*/
			public void testClearDeviceOwner_clearResetPasswordToken() throws Exception {
			mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
			mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
			mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;

			// Install admin1 on system user
			setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);

			// Set admin1 to active admin and device owner
			dpm.setActiveAdmin(admin1, /* replace =*/ false);
			dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM);

			// Add reset password token
			final long handle = 12000;
			final byte[] token = new byte[32];
			when(getServices().lockPatternUtils.addEscrowToken(eq(token), eq(UserHandle.USER_SYSTEM),
			nullable(EscrowTokenStateChangeCallback.class)))
			.thenReturn(handle);
			assertTrue(dpm.setResetPasswordToken(admin1, token));

			// Assert reset password token is active
			when(getServices().lockPatternUtils.isEscrowTokenActive(eq(handle),
			eq(UserHandle.USER_SYSTEM)))
			.thenReturn(true);
			assertTrue(dpm.isResetPasswordTokenActive(admin1));

			// Remove the device owner
			dpm.clearDeviceOwnerApp(admin1.getPackageName());

			// Verify password reset password token was removed
			verify(getServices().lockPatternUtils).removeEscrowToken(eq(handle),
			eq(UserHandle.USER_SYSTEM));
			}

	public void testSetProfileOwner() throws Exception {		public void testSetProfileOwner() throws Exception {
	setAsProfileOwner(admin1);		setAsProfileOwner(admin1);