Create a separate Work Challenge check
This allows us to tell lock checks from FBE checks separately,
and will be useful when dealing with password unification.
Change-Id: Ifbea425f749fee4d6d51faddd8b64bf717a1a5f8
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 6e7ace5..6aa5263 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -679,7 +679,7 @@
unlockKeystore(credential, userId);
unlockUser(userId, null);
UserInfo info = UserManager.get(mContext).getUserInfo(userId);
- if (StorageManager.isFileBasedEncryptionEnabled() && info.isManagedProfile()) {
+ if (LockPatternUtils.isSeparateWorkChallengeEnabled() && info.isManagedProfile()) {
TrustManager trustManager =
(TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);
trustManager.setDeviceLockedForUser(userId, false);
diff --git a/services/core/java/com/android/server/LockSettingsStorage.java b/services/core/java/com/android/server/LockSettingsStorage.java
index eb49a78..137fa27 100644
--- a/services/core/java/com/android/server/LockSettingsStorage.java
+++ b/services/core/java/com/android/server/LockSettingsStorage.java
@@ -17,6 +17,7 @@
package com.android.server;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.widget.LockPatternUtils;
import android.content.ContentValues;
import android.content.Context;
@@ -25,9 +26,7 @@
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;
import android.os.Environment;
-import android.os.SystemProperties;
import android.os.UserManager;
-import android.os.storage.StorageManager;
import android.util.ArrayMap;
import android.util.Log;
import android.util.Slog;
@@ -389,7 +388,7 @@
private int getUserParentOrSelfId(int userId) {
// Device supports per user encryption, so lock is applied to the given user.
- if (StorageManager.isFileBasedEncryptionEnabled()) {
+ if (LockPatternUtils.isSeparateWorkChallengeEnabled()) {
return userId;
}
// Device uses Block Based Encryption, and the parent user's lock is used for the whole
diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index 5d60c07..a6af0d10 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -67,7 +67,6 @@
import android.app.ResultInfo;
import android.app.StatusBarManager;
import android.app.admin.IDevicePolicyManager;
-import android.app.trust.ITrustManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.IIntentSender;
@@ -1673,7 +1672,7 @@
KeyguardManager km = (KeyguardManager) mService.mContext
.getSystemService(Context.KEYGUARD_SERVICE);
if (user.isManagedProfile()
- && StorageManager.isFileBasedEncryptionEnabled()
+ && LockPatternUtils.isSeparateWorkChallengeEnabled()
&& km.isDeviceLocked(userId)) {
IIntentSender target = mService.getIntentSenderLocked(
ActivityManager.INTENT_SENDER_ACTIVITY, callingPackage,
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index b31d731..b859915 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -70,6 +70,7 @@
import com.android.internal.util.FastXmlSerializer;
import com.android.internal.util.Preconditions;
import com.android.internal.util.XmlUtils;
+import com.android.internal.widget.LockPatternUtils;
import com.android.server.LocalServices;
import org.xmlpull.v1.XmlPullParser;
@@ -411,7 +412,7 @@
@Override
public int getCredentialOwnerProfile(int userHandle) {
checkManageUsersPermission("get the credential owner");
- if (!StorageManager.isFileBasedEncryptionEnabled()) {
+ if (!LockPatternUtils.isSeparateWorkChallengeEnabled()) {
synchronized (mUsersLock) {
UserInfo profileParent = getProfileParentLU(userHandle);
if (profileParent != null) {
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index f4869fc..4b6db99 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -291,7 +291,7 @@
}
public void setDeviceLockedForUser(int userId, boolean locked) {
- if (StorageManager.isFileBasedEncryptionEnabled()) {
+ if (LockPatternUtils.isSeparateWorkChallengeEnabled()) {
UserInfo info = mUserManager.getUserInfo(userId);
if (info.isManagedProfile()) {
synchronized (mDeviceLockedForUser) {
@@ -670,7 +670,7 @@
public boolean isDeviceLocked(int userId) throws RemoteException {
userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
false /* allowAll */, true /* requireFull */, "isDeviceLocked", null);
- if (!StorageManager.isFileBasedEncryptionEnabled()) {
+ if (!LockPatternUtils.isSeparateWorkChallengeEnabled()) {
userId = resolveProfileParent(userId);
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 7edb011..f2e89b1 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3872,7 +3872,7 @@
}
enforceCrossUserPermission(userHandle);
// Managed Profile password can only be changed when per user encryption is present.
- if (!StorageManager.isFileBasedEncryptionEnabled()) {
+ if (!LockPatternUtils.isSeparateWorkChallengeEnabled()) {
enforceNotManagedProfile(userHandle, "set the active password");
}
@@ -4483,7 +4483,7 @@
UserInfo user = mUserManager.getUserInfo(userHandle);
final List<UserInfo> profiles;
- if (user.isManagedProfile() || StorageManager.isFileBasedEncryptionEnabled()) {
+ if (user.isManagedProfile() || LockPatternUtils.isSeparateWorkChallengeEnabled()) {
// If we are being asked about a managed profile or the main user profile has a
// separate lock from the work profile, just return keyguard features disabled
// by admins in the profile.