Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a799535 authored by sailendrabathi's avatar sailendrabathi
Browse files

Use isCredentialSharedWithParent in LockSettingsService 

Created property isCredentialSharedWithParent in UserTypeDetails which
is true for managed and clone profiles. This is used in
LockSettingsService for sharing the locking credentials with its parent
user.

Bug: 214355283
Test: atest android.multiuser.cts.UserManagerTest
Test: atest LockSettingsServiceTests

Change-Id: I6ceaf498aadce7e713b20a4d24e4a29e812eb0ca
parent 00e99e74

core/api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -9526,6 +9526,7 @@ package android.os { 
    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public boolean hasUserRestrictionForUser(@NonNull String, @NonNull android.os.UserHandle);

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS, android.Manifest.permission.QUERY_USERS}) public boolean isAdminUser();

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public boolean isCloneProfile();

    method public boolean isCredentialSharedWithParent();

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS, android.Manifest.permission.QUERY_USERS}) public boolean isGuestUser();

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public boolean isManagedProfile(int);

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public boolean isMediaSharedWithParent();

core/java/android/os/IUserManager.aidl

+1 −0
Original line number Diff line number Diff line
@@ -111,6 +111,7 @@ interface IUserManager { 
    boolean isManagedProfile(int userId);

    boolean isCloneProfile(int userId);

    boolean isMediaSharedWithParent(int userId);

    boolean isCredentialSharedWithParent(int userId);

    boolean isDemoUser(int userId);

    boolean isPreCreated(int userId);

    UserInfo createProfileForUserEvenWhenDisallowedWithThrow(in String name, in String userType, int flags,

core/java/android/os/UserManager.java

+22 −0
Original line number Diff line number Diff line
@@ -4762,6 +4762,28 @@ public class UserManager { 
        }

    }



    /**

     * Returns {@code true} if the user shares lock settings credential with its parent user

     *

     * This API only works for {@link UserManager#isProfile() profiles}

     * and will always return false for any other user type.

     *

     * @hide

     */

    @SystemApi

    @UserHandleAware(

            requiresAnyOfPermissionsIfNotCallerProfileGroup = {

                    Manifest.permission.MANAGE_USERS,

                    Manifest.permission.INTERACT_ACROSS_USERS})

    @SuppressAutoDoc

    public boolean isCredentialSharedWithParent() {

        try {

            return mService.isCredentialSharedWithParent(mUserId);

        } catch (RemoteException re) {

            throw re.rethrowFromSystemServer();

        }

    }



    /**

     * Removes a user and all associated data.

     * @param userId the integer handle of the user.

core/java/com/android/internal/widget/LockPatternUtils.java

+29 −4
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ import android.compat.annotation.UnsupportedAppUsage; 
import android.content.ComponentName;

import android.content.ContentResolver;

import android.content.Context;

import android.content.pm.PackageManager;

import android.content.pm.UserInfo;

import android.os.Build;

import android.os.Handler;
@@ -65,6 +66,7 @@ import java.security.NoSuchAlgorithmException; 
import java.security.SecureRandom;

import java.util.ArrayList;

import java.util.Collection;

import java.util.HashMap;

import java.util.List;



/**
@@ -194,6 +196,8 @@ public class LockPatternUtils { 
    private final SparseLongArray mLockoutDeadlines = new SparseLongArray();

    private Boolean mHasSecureLockScreen;



    private HashMap<UserHandle, UserManager> mUserManagerCache = new HashMap<>();



    /**

     * Use {@link TrustManager#isTrustUsuallyManaged(int)}.

     *
@@ -265,6 +269,22 @@ public class LockPatternUtils { 
        return mUserManager;

    }



    private UserManager getUserManager(int userId) {

        UserHandle userHandle = UserHandle.of(userId);

        if (mUserManagerCache.containsKey(userHandle)) {

            return mUserManagerCache.get(userHandle);

        }



        try {

            Context userContext = mContext.createPackageContextAsUser("system", 0, userHandle);

            UserManager userManager = userContext.getSystemService(UserManager.class);

            mUserManagerCache.put(userHandle, userManager);

            return userManager;

        } catch (PackageManager.NameNotFoundException e) {

            throw new RuntimeException("Failed to create context for user " + userHandle, e);

        }

    }



    private TrustManager getTrustManager() {

        TrustManager trust = (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);

        if (trust == null) {
@@ -812,16 +832,17 @@ public class LockPatternUtils { 


    /**

     * Enables/disables the Separate Profile Challenge for this {@code userHandle}. This is a no-op

     * for user handles that do not belong to a managed profile.

     * for user handles that do not belong to a profile that shares credential with parent.

     * (managed profile and clone profile share lock credential with parent).

     *

     * @param userHandle Managed profile user id

     * @param enabled True if separate challenge is enabled

     * @param profilePassword Managed profile previous password. Null when {@code enabled} is

     * @param profilePassword Managed/Clone profile previous password. Null when {@code enabled} is

     *            true

     */

    public void setSeparateProfileChallengeEnabled(int userHandle, boolean enabled,

            LockscreenCredential profilePassword) {

        if (!isManagedProfile(userHandle)) {

        if (!isCredentialSharedWithParent(userHandle)) {

            return;

        }

        try {
@@ -837,7 +858,7 @@ public class LockPatternUtils { 
     * Returns true if {@code userHandle} is a managed profile with separate challenge.

     */

    public boolean isSeparateProfileChallengeEnabled(int userHandle) {

        return isManagedProfile(userHandle) && hasSeparateChallenge(userHandle);

        return isCredentialSharedWithParent(userHandle) && hasSeparateChallenge(userHandle);

    }



    /**
@@ -862,6 +883,10 @@ public class LockPatternUtils { 
        return info != null && info.isManagedProfile();

    }



    private boolean isCredentialSharedWithParent(int userHandle) {

        return getUserManager(userHandle).isCredentialSharedWithParent();

    }



    /**

     * Deserialize a pattern.

     * @param  bytes The pattern serialized with {@link #patternToByteArray}

services/core/java/com/android/server/locksettings/LockSettingsService.java

+127 −99

File changed.

Preview size limit exceeded, changes collapsed.