Keymaster init for work profile
Changes:
(1) When unified work challenge is enabled and screen lock is secure
- Store work profile secure key in primary profile
- When primary user keystore unlocked, unlock work profile keystore
- When primary user change lock to none, remove work secure key
(2) When unified work challenge is enabled but screen lock is not secure
- When screen lock changes to secure, store work secure key in primary
(3) When user changes work challenge from unified to separated
- Remove work secure key in primary
(4) When user changes work challenge from separate to unified
- Do (1) and (2)
Bug: 27460698
Change-Id: Id7464c178e6ea7b561643477e7cd84f963048c87
diff --git a/src/com/android/settings/ChooseLockGeneric.java b/src/com/android/settings/ChooseLockGeneric.java
index 5eb17b2..edd59af 100644
--- a/src/com/android/settings/ChooseLockGeneric.java
+++ b/src/com/android/settings/ChooseLockGeneric.java
@@ -206,7 +206,11 @@
} else if (!mWaitingForConfirmation) {
ChooseLockSettingsHelper helper =
new ChooseLockSettingsHelper(this.getActivity(), this);
- if (!helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
+ boolean managedProfileWithUnifiedLock = Utils
+ .isManagedProfile(UserManager.get(getActivity()), mUserId)
+ && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId);
+ if (managedProfileWithUnifiedLock
+ || !helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
getString(R.string.unlock_set_unlock_launch_picker_title), true, mUserId)) {
mPasswordConfirmed = true; // no password set, so no need to confirm
updatePreferencesOrFinish();
@@ -592,7 +596,7 @@
}
if (quality == DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
- mLockPatternUtils.setSeparateProfileChallengeEnabled(mUserId, true);
+ mLockPatternUtils.setSeparateProfileChallengeEnabled(mUserId, true, mUserPassword);
mChooseLockSettingsHelper.utils().clearLock(mUserId);
mChooseLockSettingsHelper.utils().setLockScreenDisabled(disabled, mUserId);
removeAllFingerprintTemplatesAndFinish();
diff --git a/src/com/android/settings/SaveChosenLockWorkerBase.java b/src/com/android/settings/SaveChosenLockWorkerBase.java
index 39620d5..7ce7a90 100644
--- a/src/com/android/settings/SaveChosenLockWorkerBase.java
+++ b/src/com/android/settings/SaveChosenLockWorkerBase.java
@@ -68,7 +68,6 @@
mHasChallenge = hasChallenge;
mChallenge = challenge;
// This will be a no-op for non managed profiles.
- mUtils.setSeparateProfileChallengeEnabled(mUserId, true);
mWasSecureBefore = mUtils.isSecure(mUserId);
Context context = getContext();
diff --git a/src/com/android/settings/SecuritySettings.java b/src/com/android/settings/SecuritySettings.java
index 32cd348..c1b7c6c 100644
--- a/src/com/android/settings/SecuritySettings.java
+++ b/src/com/android/settings/SecuritySettings.java
@@ -697,8 +697,8 @@
private void unifyLocks() {
int profileQuality =
mLockPatternUtils.getKeyguardStoredPasswordQuality(mProfileChallengeUserId);
- mLockPatternUtils.clearLock(mProfileChallengeUserId);
- mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false);
+ mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false,
+ mCurrentProfilePassword);
if (profileQuality == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING) {
mLockPatternUtils.saveLockPattern(
LockPatternUtils.stringToPattern(mCurrentProfilePassword),
@@ -716,14 +716,13 @@
}
private void unifyUncompliantLocks() {
- mLockPatternUtils.clearLock(mProfileChallengeUserId);
- mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false);
+ mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false,
+ mCurrentProfilePassword);
startFragment(this, "com.android.settings.ChooseLockGeneric$ChooseLockGenericFragment",
R.string.lock_settings_picker_title, SET_OR_CHANGE_LOCK_METHOD_REQUEST, null);
}
private void ununifyLocks() {
- mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, true);
Bundle extras = new Bundle();
extras.putInt(Intent.EXTRA_USER_ID, mProfileChallengeUserId);
startFragment(this,