Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d022886c authored by Rafael Prado's avatar Rafael Prado
Browse files

Perform additional checks to determine canProfileOwnerResetPasswordWhenLocked... 

Perform additional checks to determine canProfileOwnerResetPasswordWhenLocked in coexistable variant.

Test: Manual with TestDPC: adding and activating a token enables "forgot password" for work profile.
Bug: 374727579
Bug: 336297680
Flag: android.app.admin.flags.reset_password_with_token_coexistence
Change-Id: Ic5c7a8222f7641a7e42122f06d6bb4251c8ccab5
parent 0c2402a3

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+32 −27
Original line number Diff line number Diff line
@@ -19245,22 +19245,24 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

    }













    private boolean isAnyResetPasswordTokenActiveForUser(int userId) {













    private boolean isAnyResetPasswordTokenActiveForUserLocked(int userId) {















        return mDevicePolicyEngine















                .getLocalPoliciesSetByAdmins(PolicyDefinition.RESET_PASSWORD_TOKEN, userId)













                .values()













                .entrySet()















                .stream()













                .anyMatch((p) -> isResetPasswordTokenActiveForUserLocked(p.getValue(), userId));













                .anyMatch((e) -> {













                    EnforcingAdmin admin = e.getKey();













                    PolicyValue<Long> policyValue = e.getValue();













                    return isResetPasswordTokenActiveForUserLocked(policyValue.getValue(), userId)













                              && isEncryptionAware(admin.getPackageName(), userId);













                });















    }





























    private boolean isResetPasswordTokenActiveForUserLocked(















            long passwordTokenHandle, int userHandle) {













        if (passwordTokenHandle != 0) {













            return mInjector.binderWithCleanCallingIdentity(() ->













        return passwordTokenHandle != 0 && mInjector.binderWithCleanCallingIdentity(() ->















                    mLockPatternUtils.isEscrowTokenActive(passwordTokenHandle, userHandle));















    }













        return false;













    }





























    @Override















    public boolean resetPasswordWithToken(ComponentName admin, String callerPackageName,










@@ -21108,10 +21110,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        Preconditions.checkCallAuthorization(isSystemUid(getCallerIdentity()),















                String.format(NOT_SYSTEM_CALLER_MSG,















                        "call canProfileOwnerResetPasswordWhenLocked"));













        synchronized (getLockObject()) {















            if (Flags.resetPasswordWithTokenCoexistence()) {













            return isAnyResetPasswordTokenActiveForUser(userId);













                return isAnyResetPasswordTokenActiveForUserLocked(userId);















            }













        synchronized (getLockObject()) {















            final ActiveAdmin poAdmin = getProfileOwnerAdminLocked(userId);















            DevicePolicyData policy = getUserData(userId);















            if (poAdmin == null









@@ -21120,25 +21122,28 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                            policy.mPasswordTokenHandle, userId)) {















                return false;















            }













            return isEncryptionAware(poAdmin.info.getPackageName(), userId);













        }













    }

























    private boolean isEncryptionAware(String packageName, int userId) {















        final ApplicationInfo poAppInfo;















        try {













                poAppInfo = mIPackageManager.getApplicationInfo(













                        poAdmin.info.getPackageName(), 0 /* flags */, userId);













            poAppInfo = mIPackageManager.getApplicationInfo(packageName, 0 /* flags */, userId);















        } catch (RemoteException e) {













                Slogf.e(LOG_TAG, "Failed to query PO app info", e);













            Slogf.e(LOG_TAG, "Failed to query PO / role holder's app info", e);















            return false;















        }















        if (poAppInfo == null) {













                Slogf.wtf(LOG_TAG, "Cannot find AppInfo for profile owner");













            Slogf.wtf(LOG_TAG, "Cannot find AppInfo for PO / role holder");















            return false;















        }















        if (!poAppInfo.isEncryptionAware()) {















            return false;















        }













            Slogf.d(LOG_TAG, "PO should be able to reset password from direct boot");













        Slogf.d(LOG_TAG, "PO / role holder should be able to reset password from direct boot");















        return true;















    }













    }





























    @Override















    public String getEnrollmentSpecificId(String callerPackage) {