commit 5233950a6672e322b362c42eaef17991755193c3
author Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Fri Aug 25 17:28:53 2023 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Fri Aug 25 17:28:53 2023 +0000
tree 4aed4fc3983e183a3aabbd5c0b129288a7873dc0
parent 8c85c68c4724868f631e278fd14b4853646ea40b
parent a3e155e8060b3652baac209e4e48fa988e255206

Merge "RESTRICT AUTOMERGE Unset StrongAuthFlags when unlocking a user profile" into tm-dev

services/core/java/com/android/server/locksettings/LockSettingsService.java

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 78cffa6..62ae4aa 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -2992,9 +2992,19 @@
         }
         activateEscrowTokens(authToken, userId);
 
-        if (isProfileWithSeparatedLock(userId)) {
-            setDeviceUnlockedForUser(userId);
+        if (isCredentialSharableWithParent(userId)) {
+            if (getSeparateProfileChallengeEnabledInternal(userId)) {
+                setDeviceUnlockedForUser(userId);
+            } else {
+                // Here only clear StrongAuthFlags for a profile that has a unified challenge.
+                // StrongAuth for a profile with a separate challenge is handled differently and
+                // is cleared after the user successfully confirms the separate challenge to enter
+                // the profile. StrongAuth for the full user (e.g. userId 0) is also handled
+                // separately by Keyguard.
+                mStrongAuth.reportUnlock(userId);
+            }
         }
+
         mStrongAuth.reportSuccessfulStrongAuthUnlock(userId);
 
         onAuthTokenKnownForUser(userId, authToken);