Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b251fad0 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Don't unlock the work profile if it is turned off."

parents c34f7866 8e87af55

services/core/java/com/android/server/LockSettingsService.java

+3 −1
Original line number Diff line number Diff line
@@ -957,7 +957,9 @@ public class LockSettingsService extends ILockSettings.Stub { 
                    // Unlock managed profile with unified lock

                    if (pi.isManagedProfile()

                            && !mLockPatternUtils.isSeparateProfileChallengeEnabled(pi.id)

                            && mStorage.hasChildProfileLock(pi.id)) {

                            && mStorage.hasChildProfileLock(pi.id)

                            && mUserManager.isUserRunning(pi.id)

                            && !mUserManager.isUserUnlocked(pi.id)) {

                        unlockChildProfile(pi.id);

                    }

                }

services/tests/servicestests/src/com/android/server/BaseLockSettingsServiceTests.java

+24 −8
Original line number Diff line number Diff line
@@ -53,20 +53,22 @@ import org.mockito.stubbing.Answer; 


import java.io.File;

import java.util.Arrays;

import java.util.ArrayList;





public class BaseLockSettingsServiceTests extends AndroidTestCase {

    protected static final int PRIMARY_USER_ID = 0;

    protected static final int MANAGED_PROFILE_USER_ID = 12;

    protected static final int TURNED_OFF_PROFILE_USER_ID = 17;

    protected static final int SECONDARY_USER_ID = 20;



    private static final UserInfo PRIMARY_USER_INFO = new UserInfo(PRIMARY_USER_ID, null, null,

            UserInfo.FLAG_INITIALIZED | UserInfo.FLAG_ADMIN | UserInfo.FLAG_PRIMARY);

    private static final UserInfo MANAGED_PROFILE_INFO = new UserInfo(MANAGED_PROFILE_USER_ID, null,

            null, UserInfo.FLAG_INITIALIZED | UserInfo.FLAG_MANAGED_PROFILE);

    private static final UserInfo SECONDARY_USER_INFO = new UserInfo(SECONDARY_USER_ID, null, null,

            UserInfo.FLAG_INITIALIZED);



    private ArrayList<UserInfo> mPrimaryUserProfiles = new ArrayList<>();



    LockSettingsService mService;



    MockLockSettingsContext mContext;
@@ -106,13 +108,12 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { 
        mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils,

                mStorage, mGateKeeperService, mKeyStore, mStorageManager, mActivityManager);

        when(mUserManager.getUserInfo(eq(PRIMARY_USER_ID))).thenReturn(PRIMARY_USER_INFO);

        when(mUserManager.getProfiles(eq(PRIMARY_USER_ID))).thenReturn(Arrays.asList(

                new UserInfo[] {PRIMARY_USER_INFO, MANAGED_PROFILE_INFO}));

        when(mUserManager.getUserInfo(eq(MANAGED_PROFILE_USER_ID))).thenReturn(

                MANAGED_PROFILE_INFO);

        when(mUserManager.getProfileParent(eq(MANAGED_PROFILE_USER_ID))).thenReturn(

                PRIMARY_USER_INFO);

        mPrimaryUserProfiles.add(PRIMARY_USER_INFO);

        installChildProfile(MANAGED_PROFILE_USER_ID);

        installQuietModeChildProfile(TURNED_OFF_PROFILE_USER_ID);

        when(mUserManager.getProfiles(eq(PRIMARY_USER_ID))).thenReturn(mPrimaryUserProfiles);

        when(mUserManager.getUserInfo(eq(SECONDARY_USER_ID))).thenReturn(SECONDARY_USER_INFO);

        when(mUserManager.isUserRunning(eq(MANAGED_PROFILE_USER_ID))).thenReturn(true);



        when(mActivityManager.unlockUser(anyInt(), any(), any(), any())).thenAnswer(

                new Answer<Boolean>() {
@@ -132,6 +133,21 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { 
                new ComponentName("com.dummy.package", ".FakeDeviceOwner"));

    }



    private UserInfo installChildProfile(int profileId) {

        final UserInfo userInfo = new UserInfo(

            profileId, null, null, UserInfo.FLAG_INITIALIZED | UserInfo.FLAG_MANAGED_PROFILE);

        mPrimaryUserProfiles.add(userInfo);

        when(mUserManager.getUserInfo(eq(profileId))).thenReturn(userInfo);

        when(mUserManager.getProfileParent(eq(profileId))).thenReturn(PRIMARY_USER_INFO);

        return userInfo;

    }



    private UserInfo installQuietModeChildProfile(int profileId) {

        final UserInfo userInfo = installChildProfile(profileId);

        userInfo.flags |= UserInfo.FLAG_QUIET_MODE;

        return userInfo;

    }



    @Override

    protected void tearDown() throws Exception {

        super.tearDown();

services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java

+12 −1
Original line number Diff line number Diff line
@@ -98,12 +98,18 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
        mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null);

        final long primarySid = mGateKeeperService.getSecureUserId(PRIMARY_USER_ID);

        final long profileSid = mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID);

        final long turnedOffprofileSid =

                mGateKeeperService.getSecureUserId(TURNED_OFF_PROFILE_USER_ID);

        assertTrue(primarySid != 0);

        assertTrue(profileSid != 0);

        assertTrue(profileSid != primarySid);

        assertTrue(turnedOffprofileSid != 0);

        assertTrue(turnedOffprofileSid != primarySid);

        assertTrue(turnedOffprofileSid != profileSid);



        // clear auth token and wait for verify challenge from primary user to re-generate it.

        mGateKeeperService.clearAuthToken(MANAGED_PROFILE_USER_ID);

        mGateKeeperService.clearAuthToken(TURNED_OFF_PROFILE_USER_ID);

        // verify credential

        assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(

                UnifiedPassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID)
@@ -113,6 +119,9 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
        assertNotNull(mGateKeeperService.getAuthToken(MANAGED_PROFILE_USER_ID));

        assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID));



        // Verify that profile which arent't running (e.g. turn off work) don't get unlocked

        assertNull(mGateKeeperService.getAuthToken(TURNED_OFF_PROFILE_USER_ID));



        /* Currently in LockSettingsService.setLockCredential, unlockUser() is called with the new

         * credential as part of verifyCredential() before the new credential is committed in

         * StorageManager. So we relax the check in our mock StorageManager to allow that.
@@ -123,12 +132,14 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
                UnifiedPassword, PRIMARY_USER_ID);

        mStorageManager.setIgnoreBadUnlock(false);

        assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID));

        assertNull(mGateKeeperService.getAuthToken(TURNED_OFF_PROFILE_USER_ID));



        // Clear unified challenge

        mService.setLockCredential(null, LockPatternUtils.CREDENTIAL_TYPE_NONE, UnifiedPassword,

                PRIMARY_USER_ID);

        assertEquals(0, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID));

        assertEquals(0, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID));

        assertEquals(0, mGateKeeperService.getSecureUserId(TURNED_OFF_PROFILE_USER_ID));

    }



    public void testManagedProfileSeparateChallenge() throws RemoteException {