Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d022886c authored by Rafael Prado's avatar Rafael Prado
Browse files

Perform additional checks to determine canProfileOwnerResetPasswordWhenLocked... 

Perform additional checks to determine canProfileOwnerResetPasswordWhenLocked in coexistable variant.

Test: Manual with TestDPC: adding and activating a token enables "forgot password" for work profile.
Bug: 374727579
Bug: 336297680
Flag: android.app.admin.flags.reset_password_with_token_coexistence
Change-Id: Ic5c7a8222f7641a7e42122f06d6bb4251c8ccab5
parent 0c2402a3

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+32 −27
Original line number Original line Diff line number Diff line
@@ -19245,22 +19245,24 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

        }

    }

    }

















    private boolean isAnyResetPasswordTokenActiveForUser(int userId) {







    private boolean isAnyResetPasswordTokenActiveForUserLocked(int userId) {











        return mDevicePolicyEngine







        return mDevicePolicyEngine











                .getLocalPoliciesSetByAdmins(PolicyDefinition.RESET_PASSWORD_TOKEN, userId)







                .getLocalPoliciesSetByAdmins(PolicyDefinition.RESET_PASSWORD_TOKEN, userId)











                .values()







                .entrySet()











                .stream()







                .stream()











                .anyMatch((p) -> isResetPasswordTokenActiveForUserLocked(p.getValue(), userId));







                .anyMatch((e) -> {














                    EnforcingAdmin admin = e.getKey();














                    PolicyValue<Long> policyValue = e.getValue();














                    return isResetPasswordTokenActiveForUserLocked(policyValue.getValue(), userId)














                              && isEncryptionAware(admin.getPackageName(), userId);














                });











    }







    }



























    private boolean isResetPasswordTokenActiveForUserLocked(







    private boolean isResetPasswordTokenActiveForUserLocked(











            long passwordTokenHandle, int userHandle) {







            long passwordTokenHandle, int userHandle) {











        if (passwordTokenHandle != 0) {







        return passwordTokenHandle != 0 && mInjector.binderWithCleanCallingIdentity(() ->











            return mInjector.binderWithCleanCallingIdentity(() ->














                    mLockPatternUtils.isEscrowTokenActive(passwordTokenHandle, userHandle));







                    mLockPatternUtils.isEscrowTokenActive(passwordTokenHandle, userHandle));











    }







    }











        return false;














    }






























    @Override







    @Override











    public boolean resetPasswordWithToken(ComponentName admin, String callerPackageName,







    public boolean resetPasswordWithToken(ComponentName admin, String callerPackageName,










@@ -21108,10 +21110,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {









        Preconditions.checkCallAuthorization(isSystemUid(getCallerIdentity()),







        Preconditions.checkCallAuthorization(isSystemUid(getCallerIdentity()),











                String.format(NOT_SYSTEM_CALLER_MSG,







                String.format(NOT_SYSTEM_CALLER_MSG,











                        "call canProfileOwnerResetPasswordWhenLocked"));







                        "call canProfileOwnerResetPasswordWhenLocked"));














        synchronized (getLockObject()) {











            if (Flags.resetPasswordWithTokenCoexistence()) {







            if (Flags.resetPasswordWithTokenCoexistence()) {











            return isAnyResetPasswordTokenActiveForUser(userId);







                return isAnyResetPasswordTokenActiveForUserLocked(userId);











            }







            }











        synchronized (getLockObject()) {














            final ActiveAdmin poAdmin = getProfileOwnerAdminLocked(userId);







            final ActiveAdmin poAdmin = getProfileOwnerAdminLocked(userId);











            DevicePolicyData policy = getUserData(userId);







            DevicePolicyData policy = getUserData(userId);











            if (poAdmin == null







            if (poAdmin == null









@@ -21120,25 +21122,28 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {









                            policy.mPasswordTokenHandle, userId)) {







                            policy.mPasswordTokenHandle, userId)) {











                return false;







                return false;











            }







            }














            return isEncryptionAware(poAdmin.info.getPackageName(), userId);














        }














    }



























    private boolean isEncryptionAware(String packageName, int userId) {











        final ApplicationInfo poAppInfo;







        final ApplicationInfo poAppInfo;











        try {







        try {











                poAppInfo = mIPackageManager.getApplicationInfo(







            poAppInfo = mIPackageManager.getApplicationInfo(packageName, 0 /* flags */, userId);











                        poAdmin.info.getPackageName(), 0 /* flags */, userId);














        } catch (RemoteException e) {







        } catch (RemoteException e) {











                Slogf.e(LOG_TAG, "Failed to query PO app info", e);







            Slogf.e(LOG_TAG, "Failed to query PO / role holder's app info", e);











            return false;







            return false;











        }







        }











        if (poAppInfo == null) {







        if (poAppInfo == null) {











                Slogf.wtf(LOG_TAG, "Cannot find AppInfo for profile owner");







            Slogf.wtf(LOG_TAG, "Cannot find AppInfo for PO / role holder");











            return false;







            return false;











        }







        }











        if (!poAppInfo.isEncryptionAware()) {







        if (!poAppInfo.isEncryptionAware()) {











            return false;







            return false;











        }







        }











            Slogf.d(LOG_TAG, "PO should be able to reset password from direct boot");







        Slogf.d(LOG_TAG, "PO / role holder should be able to reset password from direct boot");











        return true;







        return true;











    }







    }











    }






























    @Override







    @Override











    public String getEnrollmentSpecificId(String callerPackage) {







    public String getEnrollmentSpecificId(String callerPackage) {