Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a1771110 authored by Clara Bayarri's avatar Clara Bayarri
Browse files

Create Work Challenge per-user condition 

Change the current static condition to a per-user condition so we
can check and enable/disable the work challenge properly. Also add
an isAllowed API, as the Work Challenge can only be used when the
user's DPC targets N or above to maintain backwards compatibility.

Change-Id: I0cb8b475838816801868ffb24726407aa257b4de
parent 2d12690d

core/java/android/app/admin/DevicePolicyManager.java

+16 −0
Original line number Diff line number Diff line
@@ -940,6 +940,22 @@ public class DevicePolicyManager { 
        return false;

    }



    /**

     * Returns true if the Profile Challenge is available to use for the given profile user.

     *

     * @hide

     */

    public boolean isSeparateProfileChallengeAllowed(int userHandle) {

        if (mService != null) {

            try {

                return mService.isSeparateProfileChallengeAllowed(userHandle);

            } catch (RemoteException e) {

                Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e);

            }

        }

        return false;

    }



    /**

     * Constant for {@link #setPasswordQuality}: the policy has no requirements

     * for the password.  Note that quality constants are ordered so that higher

core/java/android/app/admin/IDevicePolicyManager.aidl

+2 −0
Original line number Diff line number Diff line
@@ -256,4 +256,6 @@ interface IDevicePolicyManager { 


    String getShortSupportMessageForUser(in ComponentName admin, int userHandle);

    String getLongSupportMessageForUser(in ComponentName admin, int userHandle);



    boolean isSeparateProfileChallengeAllowed(int userHandle);

}

core/java/com/android/internal/widget/LockPatternUtils.java

+45 −4
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ import android.app.trust.TrustManager; 
import android.content.ComponentName;

import android.content.ContentResolver;

import android.content.Context;

import android.content.pm.UserInfo;

import android.os.AsyncTask;

import android.os.Handler;

import android.os.IBinder;
@@ -34,6 +35,7 @@ import android.os.ServiceManager; 
import android.os.SystemClock;

import android.os.SystemProperties;

import android.os.UserHandle;

import android.os.UserManager;

import android.os.storage.IMountService;

import android.os.storage.StorageManager;

import android.provider.Settings;
@@ -135,6 +137,8 @@ public class LockPatternUtils { 


    private static final String ENABLED_TRUST_AGENTS = "lockscreen.enabledtrustagents";



    private static final String SEPARATE_PROFILE_CHALLENGE_KEY = "lockscreen.profilechallenge";



    // Maximum allowed number of repeated or ordered characters in a sequence before we'll

    // consider it a complex PIN/password.

    public static final int MAX_ALLOWED_SEQUENCE = 3;
@@ -143,6 +147,7 @@ public class LockPatternUtils { 
    private final ContentResolver mContentResolver;

    private DevicePolicyManager mDevicePolicyManager;

    private ILockSettings mLockSettingsService;

    private UserManager mUserManager;





    public static final class RequestThrottledException extends Exception {
@@ -173,6 +178,13 @@ public class LockPatternUtils { 
        return mDevicePolicyManager;

    }



    private UserManager getUserManager() {

        if (mUserManager == null) {

            mUserManager = UserManager.get(mContext);

        }

        return mUserManager;

    }



    private TrustManager getTrustManager() {

        TrustManager trust = (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);

        if (trust == null) {
@@ -865,6 +877,39 @@ public class LockPatternUtils { 
                DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userHandle);

    }



    /**

     * Enables/disables the Separate Profile Challenge for this {@param userHandle}. This is a no-op

     * for user handles that do not belong to a managed profile.

     */

    public void setSeparateProfileChallengeEnabled(int userHandle, boolean enabled) {

        UserInfo info = getUserManager().getUserInfo(userHandle);

        if (info.isManagedProfile()) {

            setBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, enabled, userHandle);

        }

    }



    /**

     * Retrieves whether the Separate Profile Challenge is enabled for this {@param userHandle}.

     */

    public boolean isSeparateProfileChallengeEnabled(int userHandle) {

        UserInfo info = getUserManager().getUserInfo(userHandle);

        if (!info.isManagedProfile()) {

            return false;

        }

        return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userHandle);

    }



    /**

     * Retrieves whether the current DPM allows use of the Profile Challenge.

     */

    public boolean isSeparateProfileChallengeAllowed(int userHandle) {

        UserInfo info = getUserManager().getUserInfo(userHandle);

        if (!info.isManagedProfile()) {

            return false;

        }

        return getDevicePolicyManager().isSeparateProfileChallengeAllowed(userHandle);

    }



    /**

     * Deserialize a pattern.

     * @param string The pattern serialized with {@link #patternToString}
@@ -1288,10 +1333,6 @@ public class LockPatternUtils { 
        }

    }



    public static boolean isSeparateWorkChallengeEnabled() {

        return StorageManager.isFileBasedEncryptionEnabled();

    }



    public void registerStrongAuthTracker(final StrongAuthTracker strongAuthTracker) {

        try {

            getLockSettings().registerStrongAuthTracker(strongAuthTracker.mStub);

packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java

+3 −4
Original line number Diff line number Diff line
@@ -744,8 +744,7 @@ public class KeyguardViewMediator extends SystemUI { 


        long timeout;



        UserInfo user = UserManager.get(mContext).getUserInfo(userId);

        if ((!user.isManagedProfile() && LockPatternUtils.isSeparateWorkChallengeEnabled())

        if ((mLockPatternUtils.isSeparateProfileChallengeEnabled(userId))

                || policyTimeout <= 0) {

            timeout = lockAfterTimeout;

        } else {
@@ -785,9 +784,9 @@ public class KeyguardViewMediator extends SystemUI { 
    private void doKeyguardLaterLockedForChildProfiles() {

        UserManager um = UserManager.get(mContext);

        List<UserInfo> profiles = um.getEnabledProfiles(UserHandle.myUserId());

        if (LockPatternUtils.isSeparateWorkChallengeEnabled() && profiles.size() > 1) {

        if (profiles.size() > 1) {

            for (UserInfo info : profiles) {

                if (info.id != UserHandle.myUserId() && info.isManagedProfile()) {

                if (mLockPatternUtils.isSeparateProfileChallengeEnabled(info.id)) {

                    long userTimeout = getLockTimeout(info.id);

                    long userWhen = SystemClock.elapsedRealtime() + userTimeout;

                    Intent lockIntent = new Intent(DELAYED_LOCK_PROFILE_ACTION);

services/core/java/com/android/server/LockSettingsService.java

+1 −1
Original line number Diff line number Diff line
@@ -695,7 +695,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            unlockUser(userId, token);



            UserInfo info = UserManager.get(mContext).getUserInfo(userId);

            if (LockPatternUtils.isSeparateWorkChallengeEnabled() && info.isManagedProfile()) {

            if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {

                TrustManager trustManager =

                        (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);

                trustManager.setDeviceLockedForUser(userId, false);