Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a8da6974 authored by Pavel Grafov's avatar Pavel Grafov
Browse files

Don't lock the profile after setting work challenge. 

In TrustManager user state defaults to "locked", so previously
the profile would become locked after work challenge is enabled.

Test: manual
Bug: 121256032
Change-Id: Ic0f5b075b85ca66c28d51830b47ed015c10da45c
parent 2adc431b

services/core/java/com/android/server/locksettings/LockSettingsService.java

+11 −6
Original line number Diff line number Diff line
@@ -1346,6 +1346,10 @@ public class LockSettingsService extends ILockSettings.Stub { 
            setSeparateProfileChallengeEnabledLocked(userId, true, null);

            notifyPasswordChanged(userId);

        }

        if (mUserManager.getUserInfo(userId).isManagedProfile()) {

            // Make sure the profile doesn't get locked straight after setting work challenge.

            setDeviceUnlockedForUser(userId);

        }

        notifySeparateProfileChallengeChanged(userId);

    }
@@ -1835,9 +1839,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            unlockUser(userId, response.getPayload(), secretFromCredential(credential));



            if (isManagedProfileWithSeparatedLock(userId)) {

                TrustManager trustManager =

                        (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);

                trustManager.setDeviceLockedForUser(userId, false);

                setDeviceUnlockedForUser(userId);

            }

            int reEnrollQuality = storedHash.type == CREDENTIAL_TYPE_PATTERN

                    ? DevicePolicyManager.PASSWORD_QUALITY_SOMETHING
@@ -2465,9 +2467,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            activateEscrowTokens(authResult.authToken, userId);



            if (isManagedProfileWithSeparatedLock(userId)) {

                TrustManager trustManager =

                        (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);

                trustManager.setDeviceLockedForUser(userId, false);

                setDeviceUnlockedForUser(userId);

            }

            mStrongAuth.reportSuccessfulStrongAuthUnlock(userId);
@@ -2481,6 +2481,11 @@ public class LockSettingsService extends ILockSettings.Stub { 
        return response;

    }



    private void setDeviceUnlockedForUser(int userId) {

        final TrustManager trustManager = mContext.getSystemService(TrustManager.class);

        trustManager.setDeviceLockedForUser(userId, false);

    }



    /**

     * Change the user's lockscreen password by creating a new SP blob and update the handle, based

     * on an existing authentication token. Even though a new SP blob is created, the underlying