Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b3191254 authored by Pavel Grafov's avatar Pavel Grafov
Browse files

Don't attribute incorrect unified challenge attempt to profile. 

If the profile uses unified challenge and we attempt to check its
password instead of parent user's password (as would be the case in
the UI), we shouldn't try report this attempt sinse the user doesn't
have a real password of its own and SecurityException will be thrown
from DPMS.reportFailedPasswordAttempt.

Test: adb shell cmd lock_settings verify --user 10 --old 12368
Bug: 63295016
Change-Id: Ieb60a064a79095be9fde12cbd6ffca8076d769c3
(cherry picked from commit 01376594)
parent bfa0ed51

core/java/com/android/internal/widget/LockPatternUtils.java

+35 −26
Original line number Diff line number Diff line
@@ -909,8 +909,9 @@ public class LockPatternUtils { 
     */

    public void setSeparateProfileChallengeEnabled(int userHandle, boolean enabled,

            String managedUserPassword) {

        UserInfo info = getUserManager().getUserInfo(userHandle);

        if (info.isManagedProfile()) {

        if (!isManagedProfile(userHandle)) {

            return;

        }

        try {

            getLockSettings().setSeparateProfileChallengeEnabled(userHandle, enabled,

                    managedUserPassword);
@@ -919,34 +920,27 @@ public class LockPatternUtils { 
            Log.e(TAG, "Couldn't update work profile challenge enabled");

        }

    }

    }



    /**

     * Retrieves whether the Separate Profile Challenge is enabled for this {@param userHandle}.

     * Returns true if {@param userHandle} is a managed profile with separate challenge.

     */

    public boolean isSeparateProfileChallengeEnabled(int userHandle) {

        UserInfo info = getUserManager().getUserInfo(userHandle);

        if (info == null || !info.isManagedProfile()) {

            return false;

        }

        try {

            return getLockSettings().getSeparateProfileChallengeEnabled(userHandle);

        } catch (RemoteException e) {

            Log.e(TAG, "Couldn't get separate profile challenge enabled");

            // Default value is false

            return false;

        return isManagedProfile(userHandle) && hasSeparateChallenge(userHandle);

    }



    /**

     * Returns true if {@param userHandle} is a managed profile with unified challenge.

     */

    public boolean isManagedProfileWithUnifiedChallenge(int userHandle) {

        return isManagedProfile(userHandle) && !hasSeparateChallenge(userHandle);

    }



    /**

     * Retrieves whether the current DPM allows use of the Profile Challenge.

     */

    public boolean isSeparateProfileChallengeAllowed(int userHandle) {

        UserInfo info = getUserManager().getUserInfo(userHandle);

        if (info == null || !info.isManagedProfile()) {

            return false;

        }

        return getDevicePolicyManager().isSeparateProfileChallengeAllowed(userHandle);

        return isManagedProfile(userHandle)

                && getDevicePolicyManager().isSeparateProfileChallengeAllowed(userHandle);

    }



    /**
@@ -956,6 +950,21 @@ public class LockPatternUtils { 
        return getDevicePolicyManager().isProfileActivePasswordSufficientForParent(userHandle);

    }



    private boolean hasSeparateChallenge(int userHandle) {

        try {

            return getLockSettings().getSeparateProfileChallengeEnabled(userHandle);

        } catch (RemoteException e) {

            Log.e(TAG, "Couldn't get separate profile challenge enabled");

            // Default value is false

            return false;

        }

    }



    private boolean isManagedProfile(int userHandle) {

        final UserInfo info = getUserManager().getUserInfo(userHandle);

        return info != null && info.isManagedProfile();

    }



    /**

     * Deserialize a pattern.

     * @param string The pattern serialized with {@link #patternToString}

services/core/java/com/android/server/locksettings/LockSettingsShellCommand.java

+3 −1
Original line number Diff line number Diff line
@@ -168,7 +168,9 @@ class LockSettingsShellCommand extends ShellCommand { 
                    result = mLockPatternUtils.checkPattern(stringToPattern(mOld), mCurrentUserId);

                }

                if (!result) {

                    if (!mLockPatternUtils.isManagedProfileWithUnifiedChallenge(mCurrentUserId)) {

                        mLockPatternUtils.reportFailedPasswordAttempt(mCurrentUserId);

                    }

                    getOutPrintWriter().println("Old password '" + mOld + "' didn't match");

                }

                return result;