Don't unlock the work profile if it is turned off.

                    // Unlock managed profile with unified lock

                    if (pi.isManagedProfile()

                            && !mLockPatternUtils.isSeparateProfileChallengeEnabled(pi.id)

                            && mStorage.hasChildProfileLock(pi.id)) {

                            && mStorage.hasChildProfileLock(pi.id)

                            && mUserManager.isUserRunning(pi.id)

                            && !mUserManager.isUserUnlocked(pi.id)) {

                        unlockChildProfile(pi.id);

                    }

                }

import java.io.File;

import java.util.Arrays;

import java.util.ArrayList;

public class BaseLockSettingsServiceTests extends AndroidTestCase {

    protected static final int PRIMARY_USER_ID = 0;

    protected static final int MANAGED_PROFILE_USER_ID = 12;

    protected static final int TURNED_OFF_PROFILE_USER_ID = 17;

    protected static final int SECONDARY_USER_ID = 20;

    private static final UserInfo PRIMARY_USER_INFO = new UserInfo(PRIMARY_USER_ID, null, null,

            UserInfo.FLAG_INITIALIZED | UserInfo.FLAG_ADMIN | UserInfo.FLAG_PRIMARY);

    private static final UserInfo MANAGED_PROFILE_INFO = new UserInfo(MANAGED_PROFILE_USER_ID, null,

            null, UserInfo.FLAG_INITIALIZED | UserInfo.FLAG_MANAGED_PROFILE);

    private static final UserInfo SECONDARY_USER_INFO = new UserInfo(SECONDARY_USER_ID, null, null,

            UserInfo.FLAG_INITIALIZED);

    private ArrayList<UserInfo> mPrimaryUserProfiles = new ArrayList<>();

    LockSettingsService mService;

    MockLockSettingsContext mContext;

        mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils,

                mStorage, mGateKeeperService, mKeyStore, mStorageManager, mActivityManager);

        when(mUserManager.getUserInfo(eq(PRIMARY_USER_ID))).thenReturn(PRIMARY_USER_INFO);

        when(mUserManager.getProfiles(eq(PRIMARY_USER_ID))).thenReturn(Arrays.asList(

                new UserInfo[] {PRIMARY_USER_INFO, MANAGED_PROFILE_INFO}));

        when(mUserManager.getUserInfo(eq(MANAGED_PROFILE_USER_ID))).thenReturn(

                MANAGED_PROFILE_INFO);

        when(mUserManager.getProfileParent(eq(MANAGED_PROFILE_USER_ID))).thenReturn(

                PRIMARY_USER_INFO);

        mPrimaryUserProfiles.add(PRIMARY_USER_INFO);

        installChildProfile(MANAGED_PROFILE_USER_ID);

        installQuietModeChildProfile(TURNED_OFF_PROFILE_USER_ID);

        when(mUserManager.getProfiles(eq(PRIMARY_USER_ID))).thenReturn(mPrimaryUserProfiles);

        when(mUserManager.getUserInfo(eq(SECONDARY_USER_ID))).thenReturn(SECONDARY_USER_INFO);

        when(mUserManager.isUserRunning(eq(MANAGED_PROFILE_USER_ID))).thenReturn(true);

        when(mActivityManager.unlockUser(anyInt(), any(), any(), any())).thenAnswer(

                new Answer<Boolean>() {

                new ComponentName("com.dummy.package", ".FakeDeviceOwner"));

    }

    private UserInfo installChildProfile(int profileId) {

        final UserInfo userInfo = new UserInfo(

            profileId, null, null, UserInfo.FLAG_INITIALIZED | UserInfo.FLAG_MANAGED_PROFILE);

        mPrimaryUserProfiles.add(userInfo);

        when(mUserManager.getUserInfo(eq(profileId))).thenReturn(userInfo);

        when(mUserManager.getProfileParent(eq(profileId))).thenReturn(PRIMARY_USER_INFO);

        return userInfo;

    }

    private UserInfo installQuietModeChildProfile(int profileId) {

        final UserInfo userInfo = installChildProfile(profileId);

        userInfo.flags |= UserInfo.FLAG_QUIET_MODE;

        return userInfo;

    }

    @Override

    protected void tearDown() throws Exception {

        super.tearDown();

        mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null);

        final long primarySid = mGateKeeperService.getSecureUserId(PRIMARY_USER_ID);

        final long profileSid = mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID);

        final long turnedOffprofileSid =

                mGateKeeperService.getSecureUserId(TURNED_OFF_PROFILE_USER_ID);

        assertTrue(primarySid != 0);

        assertTrue(profileSid != 0);

        assertTrue(profileSid != primarySid);

        assertTrue(turnedOffprofileSid != 0);

        assertTrue(turnedOffprofileSid != primarySid);

        assertTrue(turnedOffprofileSid != profileSid);

        // clear auth token and wait for verify challenge from primary user to re-generate it.

        mGateKeeperService.clearAuthToken(MANAGED_PROFILE_USER_ID);

        mGateKeeperService.clearAuthToken(TURNED_OFF_PROFILE_USER_ID);

        // verify credential

        assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(

                UnifiedPassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID)

        assertNotNull(mGateKeeperService.getAuthToken(MANAGED_PROFILE_USER_ID));

        assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID));

        // Verify that profile which arent't running (e.g. turn off work) don't get unlocked

        assertNull(mGateKeeperService.getAuthToken(TURNED_OFF_PROFILE_USER_ID));

        /* Currently in LockSettingsService.setLockCredential, unlockUser() is called with the new

         * credential as part of verifyCredential() before the new credential is committed in

         * StorageManager. So we relax the check in our mock StorageManager to allow that.

                UnifiedPassword, PRIMARY_USER_ID);

        mStorageManager.setIgnoreBadUnlock(false);

        assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID));

        assertNull(mGateKeeperService.getAuthToken(TURNED_OFF_PROFILE_USER_ID));

        // Clear unified challenge

        mService.setLockCredential(null, LockPatternUtils.CREDENTIAL_TYPE_NONE, UnifiedPassword,

                PRIMARY_USER_ID);

        assertEquals(0, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID));

        assertEquals(0, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID));

        assertEquals(0, mGateKeeperService.getSecureUserId(TURNED_OFF_PROFILE_USER_ID));

    }

    public void testManagedProfileSeparateChallenge() throws RemoteException {