Introduce DISALLOW_UNIFIED_PASSWORD. (c4f87e9c) · Commits · e / os / android_frameworks_base

api/current.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -6418,6 +6418,7 @@ package android.app.admin {
		method public boolean isResetPasswordTokenActive(android.content.ComponentName);
		method public boolean isSecurityLoggingEnabled(android.content.ComponentName);
		method public boolean isUninstallBlocked(android.content.ComponentName, java.lang.String);
		method public boolean isUsingUnifiedPassword(android.content.ComponentName);
		method public void lockNow();
		method public void lockNow(int);
		method public boolean logoutUser(android.content.ComponentName);
		@@ -32123,6 +32124,7 @@ package android.os {
		field public static final java.lang.String DISALLOW_SHARE_LOCATION = "no_share_location";
		field public static final java.lang.String DISALLOW_SMS = "no_sms";
		field public static final java.lang.String DISALLOW_SYSTEM_ERROR_DIALOGS = "no_system_error_dialogs";
		field public static final java.lang.String DISALLOW_UNIFIED_PASSWORD = "no_unified_password";
		field public static final java.lang.String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps";
		field public static final java.lang.String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone";
		field public static final java.lang.String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer";

+22 −0

Original line number	Diff line number	Diff line
		@@ -2664,6 +2664,28 @@ public class DevicePolicyManager {
		return false;
		}

		/**
		* When called by a profile owner of a managed profile returns true if the profile uses unified
		* challenge with its parent user.
		*
		* <strong>Note: This method is not concerned with password quality and will return false if
		* the profile has empty password as a separate challenge.
		*
		* @param admin Which {@link DeviceAdminReceiver} this request is associated with.
		* @throws SecurityException if {@code admin} is not a profile owner of a managed profile.
		* @see UserManager#DISALLOW_UNIFIED_PASSWORD
		*/
		public boolean isUsingUnifiedPassword(@NonNull ComponentName admin) {
		if (mService != null) {
		try {
		return mService.isUsingUnifiedPassword(admin);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}
		return true;
		}

		/**
		* Determine whether the current profile password the user has set is sufficient
		* to meet the policy requirements (e.g. quality, minimum length) that have been

+1 −0

Original line number	Diff line number	Diff line
		@@ -80,6 +80,7 @@ interface IDevicePolicyManager {

		boolean isActivePasswordSufficient(int userHandle, boolean parent);
		boolean isProfileActivePasswordSufficientForParent(int userHandle);
		boolean isUsingUnifiedPassword(in ComponentName admin);
		int getCurrentFailedPasswordAttempts(int userHandle, boolean parent);
		int getProfileWithMinimumFailedPasswordsForWipe(int userHandle, boolean parent);

+19 −0

Original line number	Diff line number	Diff line
		@@ -773,6 +773,25 @@ public class UserManager {
		@SystemApi
		public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock";

		/**
		* Specifies that the managed profile is not allowed to have unified lock screen challenge with
		* the primary user.
		*
		* <p><strong>Note:</strong> Setting this restriction alone doesn't automatically set a
		* separate challenge. Profile owner can ask the user to set a new password using
		* {@link DevicePolicyManager#ACTION_SET_NEW_PASSWORD} and verify it using
		* {@link DevicePolicyManager#isUsingUnifiedPassword(ComponentName)}.
		*
		* <p>Can be set by profile owners. It only has effect on managed profiles when set by managed
		* profile owner. Has no effect on non-managed profiles or users.
		* <p>Key for user restrictions.
		* <p>Type: Boolean
		* @see DevicePolicyManager#addUserRestriction(ComponentName, String)
		* @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
		* @see #getUserRestrictions()
		*/
		public static final String DISALLOW_UNIFIED_PASSWORD = "no_unified_password";

		/**
		* Allows apps in the parent profile to handle web links from the managed profile.
		*

+4 −3

Original line number	Diff line number	Diff line
		@@ -27,7 +27,6 @@ import android.content.ContentResolver;
		import android.content.Context;
		import android.content.pm.UserInfo;
		import android.os.AsyncTask;
		import android.os.Build;
		import android.os.Handler;
		import android.os.IBinder;
		import android.os.Looper;
		@@ -35,7 +34,6 @@ import android.os.Message;
		import android.os.RemoteException;
		import android.os.ServiceManager;
		import android.os.SystemClock;
		import android.os.SystemProperties;
		import android.os.UserHandle;
		import android.os.UserManager;
		import android.os.storage.IStorageManager;
		@@ -964,9 +962,12 @@ public class LockPatternUtils {

		/**
		* Retrieves whether the current profile and device locks can be unified.
		* @param userHandle profile user handle.
		*/
		public boolean isSeparateProfileChallengeAllowedToUnify(int userHandle) {
		return getDevicePolicyManager().isProfileActivePasswordSufficientForParent(userHandle);
		return getDevicePolicyManager().isProfileActivePasswordSufficientForParent(userHandle)
		&& !getUserManager().hasUserRestriction(
		UserManager.DISALLOW_UNIFIED_PASSWORD, UserHandle.of(userHandle));
		}

		private boolean hasSeparateChallenge(int userHandle) {