Turn off QUIET_MODE before changing unified lock credential.
For FBE-enabled devices, the work profile disk encryption key is evicted
when the the profile is turned off (i.e. QUIET_MODE is on). If the user
attempts to change the profile's lock screen credentials in this state,
the profile will get into an unrecoverable state as vold does not have
the current encryption key.
Currently, separate work challenge does not suffer from this issue as
QUIET_MODE must be turned off before the change credentials flow could
be initiated in Settings. In this CL, we fix the issue for unified work
challenge as well by adopting the same approach.
This is temporary and should be removed when vold no longer relies on
the current key for resetting the password.
Bug: 35930129
Test: manually resetting unified PIN when work mode is off
on both sailfish (FBE) and angler (no FBE)
Test: make SettingsRoboTests
Change-Id: Ibb4b1c40a9cad8a473e08cf0c294699406108cd9
diff --git a/src/com/android/settings/SecuritySettings.java b/src/com/android/settings/SecuritySettings.java
index bdf9644..9a149c3 100644
--- a/src/com/android/settings/SecuritySettings.java
+++ b/src/com/android/settings/SecuritySettings.java
@@ -16,6 +16,9 @@
package com.android.settings;
+import static android.provider.Settings.System.SCREEN_OFF_TIMEOUT;
+import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+
import android.app.Activity;
import android.app.AlertDialog;
import android.app.Dialog;
@@ -33,6 +36,7 @@
import android.os.PersistableBundle;
import android.os.UserHandle;
import android.os.UserManager;
+import android.os.storage.StorageManager;
import android.provider.SearchIndexableResource;
import android.provider.Settings;
import android.service.trust.TrustAgentService;
@@ -47,7 +51,6 @@
import android.telephony.SubscriptionManager;
import android.telephony.TelephonyManager;
import android.text.TextUtils;
-import android.util.ArrayMap;
import android.util.Log;
import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
@@ -72,17 +75,10 @@
import com.android.settingslib.RestrictedLockUtils;
import com.android.settingslib.RestrictedPreference;
import com.android.settingslib.drawer.CategoryKey;
-import com.android.settingslib.drawer.DashboardCategory;
-import com.android.settingslib.drawer.Tile;
-import com.android.settingslib.drawer.TileUtils;
import java.util.ArrayList;
-import java.util.concurrent.Executors;
import java.util.List;
-import static android.provider.Settings.System.SCREEN_OFF_TIMEOUT;
-import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
-
/**
* Gesture lock pattern settings.
*/
@@ -622,6 +618,18 @@
public boolean onPreferenceTreeClick(Preference preference) {
final String key = preference.getKey();
if (KEY_UNLOCK_SET_OR_CHANGE.equals(key)) {
+ // TODO(b/35930129): Remove once existing password can be passed into vold directly.
+ // Currently we need this logic to ensure that the QUIET_MODE is off for any work
+ // profile with unified challenge on FBE-enabled devices. Otherwise, vold would not be
+ // able to complete the operation due to the lack of (old) encryption key.
+ if (mProfileChallengeUserId != UserHandle.USER_NULL
+ && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mProfileChallengeUserId)
+ && StorageManager.isFileEncryptedNativeOnly()) {
+ if (Utils.startQuietModeDialogIfNecessary(this.getActivity(), mUm,
+ mProfileChallengeUserId)) {
+ return false;
+ }
+ }
startFragment(this, "com.android.settings.ChooseLockGeneric$ChooseLockGenericFragment",
R.string.lock_settings_picker_title, SET_OR_CHANGE_LOCK_METHOD_REQUEST, null);
} else if (KEY_UNLOCK_SET_OR_CHANGE_PROFILE.equals(key)) {