Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3adb65b8 authored by Jigar Thakkar's avatar Jigar Thakkar
Browse files

Disable strong auth for all profiles after successful unlock 

The change generalizes the workflow to disable strong auth requirements
for all profiles that require authentication to disable quiet mode,
once a successful unlock has happened through CDCA.
Currently, the call to disable the strong auth requirements is only
being done for work-profile.

Test: Tested locally on device with private space setup with a separate
challenge and tested the strong auth tracker values post this change.
Bug: 312184187

Change-Id: Ib41c51d1df78eea9415d72724b8cc693344e2c26
parent 72d638e6

src/com/android/settings/password/ConfirmDeviceCredentialUtils.java

+34 −4
Original line number Diff line number Diff line
@@ -23,6 +23,8 @@ import android.app.IActivityManager; 
import android.app.admin.DevicePolicyManager;

import android.content.Intent;

import android.content.IntentSender;

import android.content.pm.UserInfo;

import android.content.pm.UserProperties;

import android.os.RemoteException;

import android.os.UserManager;

import android.view.View;
@@ -68,15 +70,43 @@ public class ConfirmDeviceCredentialUtils { 
            DevicePolicyManager dpm, int userId, boolean isStrongAuth) {

        if (isStrongAuth) {

            utils.reportSuccessfulPasswordAttempt(userId);

            if (isBiometricUnlockEnabledForPrivateSpace()) {

                final UserInfo userInfo = userManager.getUserInfo(userId);

                if (userInfo != null) {

                    if (isProfileThatAlwaysRequiresAuthToDisableQuietMode(userManager, userInfo)

                            || userInfo.isManagedProfile()) {

                        // Keyguard is responsible to disable StrongAuth for primary user. Disable

                        // StrongAuth for profile challenges only here.

                        utils.userPresent(userId);

                    }

                }

            }

        } else {

            dpm.reportSuccessfulBiometricAttempt(userId);

        }

        if (!isBiometricUnlockEnabledForPrivateSpace()) {

            if (userManager.isManagedProfile(userId)) {

            // Keyguard is responsible to disable StrongAuth for primary user. Disable StrongAuth

            // for work challenge only here.

                // Disable StrongAuth for work challenge only here.

                utils.userPresent(userId);

            }

        }

    }



    /**

     * Returns true if the userInfo passed as the parameter corresponds to a profile that always

     * requires auth to disable quiet mode and false otherwise

     */

    private static boolean isProfileThatAlwaysRequiresAuthToDisableQuietMode(

            UserManager userManager, @NonNull UserInfo userInfo) {

        final UserProperties userProperties =

                    userManager.getUserProperties(userInfo.getUserHandle());

        return userProperties.isAuthAlwaysRequiredToDisableQuietMode() && userInfo.isProfile();

    }



    private static boolean isBiometricUnlockEnabledForPrivateSpace() {

        return android.os.Flags.allowPrivateProfile()

                && android.multiuser.Flags.enableBiometricsToUnlockPrivateSpace();

    }



    /**

     * Request hiding soft-keyboard before animating away credential UI, in case IME