Merge "Unlock Keystore/Keymaster separately for Work Challenge" into nyc-dev

author: Clara Bayarri <clarabayarri@google.com> 2016-03-01 01:08:37 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2016-03-01 01:08:39 +0000
commit: 30f0ff2a1cb31a08df278e7f6b41d4f302a93dd4 (patch)
tree: fbd3c5cbb66793bb7494baf9da15a0cc48d554c5
parent: 2bb39839fd802459fd494b6ea0c182485277bd5e (diff)
parent: 0a587d2840ca105746a9e14d018dc8ec2b3442be (diff)
1 files changed, 34 insertions, 6 deletions
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index c318140ae7e8..ba2a2e05d3d8 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -545,9 +545,23 @@ public class LockSettingsService extends ILockSettings.Stub {
         final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE);
         final KeyStore ks = KeyStore.getInstance();
 
-        final List<UserInfo> profiles = um.getProfiles(userHandle);
-        for (UserInfo pi : profiles) {
-            ks.onUserPasswordChanged(pi.id, password);
+        if (um.getUserInfo(userHandle).isManagedProfile()) {
+            if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle)) {
+                ks.onUserPasswordChanged(userHandle, password);
+            } else {
+                throw new RuntimeException("Can't set keystore password on a profile that "
+                        + "doesn't have a profile challenge.");
+            }
+        } else {
+            final List<UserInfo> profiles = um.getProfiles(userHandle);
+            for (UserInfo pi : profiles) {
+                // Change password on the given user and all its profiles that don't have
+                // their own profile challenge enabled.
+                if (pi.id == userHandle || (pi.isManagedProfile()
+                        && !mLockPatternUtils.isSeparateProfileChallengeEnabled(pi.id))) {
+                    ks.onUserPasswordChanged(pi.id, password);
+                }
+            }
         }
     }
 
@@ -555,9 +569,23 @@ public class LockSettingsService extends ILockSettings.Stub {
         final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE);
         final KeyStore ks = KeyStore.getInstance();
 
-        final List<UserInfo> profiles = um.getProfiles(userHandle);
-        for (UserInfo pi : profiles) {
-            ks.unlock(pi.id, password);
+        if (um.getUserInfo(userHandle).isManagedProfile()) {
+            if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle)) {
+                ks.unlock(userHandle, password);
+            } else {
+                throw new RuntimeException("Can't unlock a profile explicitly if it "
+                        + "doesn't have a profile challenge.");
+            }
+        } else {
+            final List<UserInfo> profiles = um.getProfiles(userHandle);
+            for (UserInfo pi : profiles) {
+                // Unlock the given user and all its profiles that don't have
+                // their own profile challenge enabled.
+                if (pi.id == userHandle || (pi.isManagedProfile()
+                        && !mLockPatternUtils.isSeparateProfileChallengeEnabled(pi.id))) {
+                    ks.unlock(pi.id, password);
+                }
+            }
         }
     }
author	Clara Bayarri <clarabayarri@google.com>	2016-03-01 01:08:37 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2016-03-01 01:08:39 +0000
commit	30f0ff2a1cb31a08df278e7f6b41d4f302a93dd4 (patch)
tree	fbd3c5cbb66793bb7494baf9da15a0cc48d554c5
parent	2bb39839fd802459fd494b6ea0c182485277bd5e (diff)
parent	0a587d2840ca105746a9e14d018dc8ec2b3442be (diff)