Replace broken UserHandle.SYSTEM check in LPU
ActivityManager.getCurrentUser returns the user currently in the
foreground, not the calling or affected process.
Note:
---
This is just an API for setting the default suggestion when choosing a
new lock type in Settings, so it's not much of a security problem
(background users/profiles could only modify the suggestion, not the
actual encryption setting).
Change-Id: I98c62be7c5726f99fea0ec9320ad9d85cce850ef
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 4e8f19c..288badc 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -17,7 +17,6 @@
package com.android.internal.widget;
import android.annotation.IntDef;
-import android.app.ActivityManager;
import android.app.admin.DevicePolicyManager;
import android.app.trust.IStrongAuthTracker;
import android.app.trust.TrustManager;
@@ -478,10 +477,9 @@
if (userHandle == UserHandle.USER_SYSTEM) {
// Set the encryption password to default.
updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);
+ setCredentialRequiredToDecrypt(false);
}
- setCredentialRequiredToDecrypt(false);
-
getDevicePolicyManager().setActivePasswordState(
DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0, 0, userHandle);
@@ -1308,9 +1306,9 @@
}
public void setCredentialRequiredToDecrypt(boolean required) {
- if (ActivityManager.getCurrentUser() != UserHandle.USER_SYSTEM) {
- Log.w(TAG, "Only device owner may call setCredentialRequiredForDecrypt()");
- return;
+ if (!(getUserManager().isSystemUser() || getUserManager().isPrimaryUser())) {
+ throw new IllegalStateException(
+ "Only the system or primary user may call setCredentialRequiredForDecrypt()");
}
if (isDeviceEncryptionEnabled()){