Post encryption notification after attempting to unlock profiles

Currently this notification is posted when the parent user is in RUNNING_UNLOCKING state, before tied profiles are unlocked. As a result, this notification is briefly visible even in cases when the profile is about to be unlocked automatically. Given that it is a high importance notification it results in a baloon. With this change it only attempts to post the notification after unlocking the profiles, and bails out because user key is already unlocked in storage manager. Test: manual, booting up with unified/separate work challenge. Test: manual, booting up without device lock (only profile lock). Test: manual, triggering work mode in various configurations. Test: atest frameworks/base/services/tests/servicestests/src/com/android/server/locksettings/ Bug: 132945758 Change-Id: Iab9b48d03e94bd1bf0e89cbfc94ece742077bba0
author: Pavel Grafov <pgrafov@google.com> 2019-05-24 14:07:55 +0100
committer: Pavel Grafov <pgrafov@google.com> 2019-05-24 16:55:10 +0100
commit: b9b2c69e2f9ca17447dbacc3ffaba136c781a173 (patch)
tree: 9cc5aa7845960653b45ee25468703de47aaabf36
parent: 6494b52f39d7e779cabb3835bc4359e1d8e71d60 (diff)
1 files changed, 24 insertions, 25 deletions
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 017c1b3f11f5..107e1fbbf760 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -601,21 +601,6 @@ public class LockSettingsService extends ILockSettings.Stub {
                 // Hide notification first, as tie managed profile lock takes time
                 hideEncryptionNotification(new UserHandle(userId));
 
-                // Now we have unlocked the parent user we should show notifications
-                // about any profiles that exist.
-                List<UserInfo> profiles = mUserManager.getProfiles(userId);
-                for (int i = 0; i < profiles.size(); i++) {
-                    UserInfo profile = profiles.get(i);
-                    final boolean isSecure = isUserSecure(profile.id);
-                    if (isSecure && profile.isManagedProfile()) {
-                        UserHandle userHandle = profile.getUserHandle();
-                        if (!mUserManager.isUserUnlockingOrUnlocked(userHandle) &&
-                                !mUserManager.isQuietModeEnabled(userHandle)) {
-                            showEncryptionNotificationForProfile(userHandle);
-                        }
-                    }
-                }
-
                 if (mUserManager.getUserInfo(userId).isManagedProfile()) {
                     tieManagedProfileLockIfNecessary(userId, null);
                 }
@@ -1205,6 +1190,7 @@ public class LockSettingsService extends ILockSettings.Stub {
      */
     private void unlockUser(int userId, byte[] token, byte[] secret) {
         // TODO: make this method fully async so we can update UI with progress strings
+        final boolean alreadyUnlocked = mUserManager.isUserUnlockingOrUnlocked(userId);
         final CountDownLatch latch = new CountDownLatch(1);
         final IProgressListener listener = new IProgressListener.Stub() {
             @Override
@@ -1235,18 +1221,31 @@ public class LockSettingsService extends ILockSettings.Stub {
         } catch (InterruptedException e) {
             Thread.currentThread().interrupt();
         }
-        try {
-            if (!mUserManager.getUserInfo(userId).isManagedProfile()) {
-                final List<UserInfo> profiles = mUserManager.getProfiles(userId);
-                for (UserInfo pi : profiles) {
-                    // Unlock managed profile with unified lock
-                    if (tiedManagedProfileReadyToUnlock(pi)) {
-                        unlockChildProfile(pi.id, false /* ignoreUserNotAuthenticated */);
-                    }
+
+        if (mUserManager.getUserInfo(userId).isManagedProfile()) {
+            return;
+        }
+
+        for (UserInfo profile : mUserManager.getProfiles(userId)) {
+            // Unlock managed profile with unified lock
+            if (tiedManagedProfileReadyToUnlock(profile)) {
+                try {
+                    unlockChildProfile(profile.id, false /* ignoreUserNotAuthenticated */);
+                } catch (RemoteException e) {
+                    Log.d(TAG, "Failed to unlock child profile", e);
                 }
             }
-        } catch (RemoteException e) {
-            Log.d(TAG, "Failed to unlock child profile", e);
+            // Now we have unlocked the parent user and attempted to unlock the profile we should
+            // show notifications if the profile is still locked.
+            if (!alreadyUnlocked) {
+                long ident = clearCallingIdentity();
+                try {
+                    maybeShowEncryptionNotificationForUser(profile.id);
+                } finally {
+                    restoreCallingIdentity(ident);
+                }
+            }
+
         }
     }
author	Pavel Grafov <pgrafov@google.com>	2019-05-24 14:07:55 +0100
committer	Pavel Grafov <pgrafov@google.com>	2019-05-24 16:55:10 +0100
commit	b9b2c69e2f9ca17447dbacc3ffaba136c781a173 (patch)
tree	9cc5aa7845960653b45ee25468703de47aaabf36
parent	6494b52f39d7e779cabb3835bc4359e1d8e71d60 (diff)