Dont sync keys using the unified challenge profile random credential
When the work profile has a tied screen lock to its parent, its lock
credentials are set to a random password. This CL adds logic to prevent
syncing keys with this random credential.
On set/update lock:
- If creating the work profile or going from separate -> unified lock
screen: don't sync keys (random password case)
- If going from unified -> separate lock screen: sync keys
- If removing the parent lock: invalidate unified profile keys
On unlock:
- If unlocking a work profile with a unified lock: don't sync keys
(random password case).
- If unlocking a work profile with a separate lock: sync keys
- If unlocking a parent profile that has work profiles with a unified
lock: sync keys for the work profiles.
Design: https://docs.google.com/document/d/1y6LXcf-Rk3TMG-Ka4pJ5fpinDaK4fnlCyGi3kuGWWNg/edit?usp=sharing
Bug: 128834006
Test: 1) atest frameworks/base/services/tests/servicestests/src/com/android/server/locksettings/
2) Manual testing of the following cases by verifying key sync on the
backup device and being able to unencrypt the backup set on the restore
device:
a) Work profile unified lock screen: all 3 types (pin/password/pattern).
b) Changing parent lock screen in the unified case -> updates keys for
profile.
c) Unified lock screen -> separate lock screen: updates keys.
d) Separate lock screen and change credentials: updates keys.
e) Separate lock screen -> unified lock screen: does not update keys
with random password.
f) Unified lock screen -> remove lock screen: invalidates keys.
Change-Id: Ie2249f4c32fd6c48aae7f791e2d1e353b4ef9939
5 files changed