Merge "Keep escrow data for test users" into main am: 971b08f86f am: e4fd9d1718

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/3506634

Change-Id: Ifc6553abd4da282106636a6e468fa7bf4561a2d6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

2 files changed, 48 insertions, 0 deletions

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index a0e543300ce7..42d0a5c4757a 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -3618,6 +3618,12 @@ public class LockSettingsService extends ILockSettings.Stub {
             return;
         }
 
+        UserInfo userInfo = mInjector.getUserManagerInternal().getUserInfo(userId);
+        if (userInfo != null && userInfo.isForTesting()) {
+            Slog.i(TAG, "Keeping escrow data for test-only user");
+            return;
+        }
+
         // Disable escrow token permanently on all other device/user types.
         Slogf.i(TAG, "Permanently disabling support for escrow tokens on user %d", userId);
         mSpManager.destroyEscrowData(userId);
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
index 2da2f50447c7..e836780b3f71 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
@@ -16,6 +16,7 @@
 
 package com.android.server.locksettings;
 
+import static android.content.pm.UserInfo.FLAG_FOR_TESTING;
 import static android.content.pm.UserInfo.FLAG_FULL;
 import static android.content.pm.UserInfo.FLAG_MAIN;
 import static android.content.pm.UserInfo.FLAG_PRIMARY;
@@ -44,6 +45,8 @@ import static org.mockito.Mockito.when;
 
 import android.app.PropertyInvalidatedCache;
 import android.app.admin.PasswordMetrics;
+import android.content.ComponentName;
+import android.content.pm.UserInfo;
 import android.os.RemoteException;
 import android.platform.test.annotations.Presubmit;
 
@@ -357,6 +360,45 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
     }
 
     @Test
+    public void testEscrowDataRetainedWhenManagedUserVerifiesCredential() throws RemoteException {
+        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(true);
+
+        LockscreenCredential password = newPassword("password");
+        initSpAndSetCredential(PRIMARY_USER_ID, password);
+
+        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);
+
+        assertTrue("Escrow data was destroyed", mSpManager.hasEscrowData(PRIMARY_USER_ID));
+    }
+
+    @Test
+    public void testEscrowDataRetainedWhenUnmanagedTestUserVerifiesCredential()
+            throws RemoteException {
+        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(false);
+        UserInfo userInfo = mUserManagerInternal.getUserInfo(PRIMARY_USER_ID);
+        userInfo.flags |= FLAG_FOR_TESTING;
+
+        LockscreenCredential password = newPassword("password");
+        initSpAndSetCredential(PRIMARY_USER_ID, password);
+
+        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);
+
+        assertTrue("Escrow data was destroyed", mSpManager.hasEscrowData(PRIMARY_USER_ID));
+    }
+
+    @Test
+    public void testEscrowDataDeletedWhenUnmanagedUserVerifiesCredential() throws RemoteException {
+        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(false);
+
+        LockscreenCredential password = newPassword("password");
+        initSpAndSetCredential(PRIMARY_USER_ID, password);
+
+        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);
+
+        assertFalse("Escrow data wasn't destroyed", mSpManager.hasAnyEscrowData(PRIMARY_USER_ID));
+    }
+
+    @Test
     public void testTokenBasedClearPassword() throws RemoteException {
         LockscreenCredential password = newPassword("password");
         LockscreenCredential pattern = newPattern("123654");