commit d4d9c4fe59579625875bcb6a938021818331d2df
author Jigar Thakkar <jigarthakkar@google.com> Tue Jan 09 16:49:31 2024 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Tue Jan 09 16:49:31 2024 +0000
tree 5e400a22131c09eeb8d44984cfee48d6161d4adb
parent d92f82b437faad1c1ea4233d0c5f069450e3832d
parent 3adb65b84d5c8b9d724ad424f5ae9f3158765446

Merge "Disable strong auth for all profiles after successful unlock" into main

src/com/android/settings/password/ConfirmDeviceCredentialUtils.java

diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java b/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java
index 4778c03..32e7489 100644
--- a/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java
@@ -23,6 +23,8 @@
 import android.app.admin.DevicePolicyManager;
 import android.content.Intent;
 import android.content.IntentSender;
+import android.content.pm.UserInfo;
+import android.content.pm.UserProperties;
 import android.os.RemoteException;
 import android.os.UserManager;
 import android.view.View;
@@ -68,17 +70,45 @@
             DevicePolicyManager dpm, int userId, boolean isStrongAuth) {
         if (isStrongAuth) {
             utils.reportSuccessfulPasswordAttempt(userId);
+            if (isBiometricUnlockEnabledForPrivateSpace()) {
+                final UserInfo userInfo = userManager.getUserInfo(userId);
+                if (userInfo != null) {
+                    if (isProfileThatAlwaysRequiresAuthToDisableQuietMode(userManager, userInfo)
+                            || userInfo.isManagedProfile()) {
+                        // Keyguard is responsible to disable StrongAuth for primary user. Disable
+                        // StrongAuth for profile challenges only here.
+                        utils.userPresent(userId);
+                    }
+                }
+            }
         } else {
             dpm.reportSuccessfulBiometricAttempt(userId);
         }
-        if (userManager.isManagedProfile(userId)) {
-            // Keyguard is responsible to disable StrongAuth for primary user. Disable StrongAuth
-            // for work challenge only here.
-            utils.userPresent(userId);
+        if (!isBiometricUnlockEnabledForPrivateSpace()) {
+            if (userManager.isManagedProfile(userId)) {
+                // Disable StrongAuth for work challenge only here.
+                utils.userPresent(userId);
+            }
         }
     }
 
     /**
+     * Returns true if the userInfo passed as the parameter corresponds to a profile that always
+     * requires auth to disable quiet mode and false otherwise
+     */
+    private static boolean isProfileThatAlwaysRequiresAuthToDisableQuietMode(
+            UserManager userManager, @NonNull UserInfo userInfo) {
+        final UserProperties userProperties =
+                    userManager.getUserProperties(userInfo.getUserHandle());
+        return userProperties.isAuthAlwaysRequiredToDisableQuietMode() && userInfo.isProfile();
+    }
+
+    private static boolean isBiometricUnlockEnabledForPrivateSpace() {
+        return android.os.Flags.allowPrivateProfile()
+                && android.multiuser.Flags.enableBiometricsToUnlockPrivateSpace();
+    }
+
+    /**
      * Request hiding soft-keyboard before animating away credential UI, in case IME
      * insets animation get delayed by dismissing animation.
      * @param view used to get root {@link WindowInsets} and {@link WindowInsetsController}.