Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c548977e authored by Rubin Xu's avatar Rubin Xu
Browse files

Confirm parent user's credential when setting lock for profile 

When a DPC fires ACTION_SET_NEW_PASSWORD to set a work challenge
for an existing work profile with unified challenge, require the
user to confirm exisiting device lock first. This is not only for
increased security, but also a functionality requirement: the
system can only re-derive the current work profile password needed
by the password change after a fresh confirm credential operation.

Test: Add device lock, create work profile, then execute:
      adb shell su 1010000 am start --user 10 -a android.app.action.SET_NEW_PASSWORD
      Verify the device is prompting for current password.
Bug: 65910682
Change-Id: Ib4b4c88c1551cfff626f707d5f3182160a1ec46c
parent d7ea524e

src/com/android/settings/password/ChooseLockGeneric.java

+2 −1
Original line number Diff line number Diff line
@@ -236,7 +236,8 @@ public class ChooseLockGeneric extends SettingsActivity { 
                boolean managedProfileWithUnifiedLock =

                        UserManager.get(getActivity()).isManagedProfile(mUserId)

                        && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId);

                if (managedProfileWithUnifiedLock

                boolean skipConfirmation = managedProfileWithUnifiedLock && !mIsSetNewPassword;

                if (skipConfirmation

                        || !helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,

                        getString(R.string.unlock_set_unlock_launch_picker_title), true, mUserId)) {

                    mPasswordConfirmed = true; // no password set, so no need to confirm