Fix ConfirmDeviceCredentials for work profiles

1) Fixed the theme for CDCA$InternalActivity to be transparent 2) CDCA only cares about biometrics, which are tied to userId 3) Moved shared methods to a util class Fixes: 119296586 Test: Followed the steps in comment#1 of the bug linked above Change-Id: Ie47fc7c3a53dfb7780087937e1ca83287cc52d71
2018-11-09 16:13:53 -08:00
parent f68130c7c7
commit 127da9c73c
7 changed files with 104 additions and 57 deletions
--- a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
@@ -20,9 +20,9 @@ package com.android.settings.password;
 import android.app.Activity;
 import android.app.KeyguardManager;
 import android.app.admin.DevicePolicyManager;
+import android.app.trust.TrustManager;
 import android.content.Context;
 import android.content.Intent;
-import android.hardware.biometrics.BiometricConstants;
 import android.hardware.biometrics.BiometricManager;
 import android.hardware.biometrics.BiometricPrompt;
 import android.hardware.biometrics.BiometricPrompt.AuthenticationCallback;
@@ -84,13 +84,13 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
    private DevicePolicyManager mDevicePolicyManager;
    private LockPatternUtils mLockPatternUtils;
    private UserManager mUserManager;
+    private TrustManager mTrustManager;
    private ChooseLockSettingsHelper mChooseLockSettingsHelper;
    private Handler mHandler = new Handler(Looper.getMainLooper());

    private String mTitle;
    private String mDetails;
    private int mUserId;
-    private int mEffectiveUserId;
    private int mCredentialMode;
    private boolean mGoingToBackground;

@@ -108,10 +108,16 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
                    showConfirmCredentials();
                }
            }
-
        }

        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
+            mTrustManager.setDeviceLockedForUser(mUserId, false);
+
+            ConfirmDeviceCredentialUtils.reportSuccessfulAttempt(mLockPatternUtils, mUserManager,
+                    mUserId);
+            ConfirmDeviceCredentialUtils.checkForPendingIntent(
+                    ConfirmDeviceCredentialActivity.this);
+
            setResult(Activity.RESULT_OK);
            finish();
        }
@@ -124,6 +130,7 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
        mBiometricManager = getSystemService(BiometricManager.class);
        mDevicePolicyManager = getSystemService(DevicePolicyManager.class);
        mUserManager = UserManager.get(this);
+        mTrustManager = getSystemService(TrustManager.class);
        mLockPatternUtils = new LockPatternUtils(this);

        Intent intent = getIntent();
@@ -134,7 +141,7 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
        boolean frp = KeyguardManager.ACTION_CONFIRM_FRP_CREDENTIAL.equals(intent.getAction());

        mUserId = UserHandle.myUserId();
-        mEffectiveUserId = mUserManager.getCredentialOwnerProfile(mUserId);
+        final int effectiveUserId = mUserManager.getCredentialOwnerProfile(mUserId);
        if (isInternalActivity()) {
            try {
                mUserId = Utils.getUserIdFromBundle(this, intent.getExtras());
@@ -162,21 +169,23 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
        } else if (isManagedProfile && isInternalActivity()
                && !lockPatternUtils.isSeparateProfileChallengeEnabled(mUserId)) {
            mCredentialMode = CREDENTIAL_MANAGED;
-            if (isBiometricAllowed()) {
+            if (isBiometricAllowed(effectiveUserId)) {
                showBiometricPrompt();
                launchedBiometric = true;
            } else {
                showConfirmCredentials();
+                launchedCDC = true;
            }
        } else {
            mCredentialMode = CREDENTIAL_NORMAL;
-            if (isBiometricAllowed()) {
+            if (isBiometricAllowed(effectiveUserId)) {
                // Don't need to check if biometrics / pin/pattern/pass are enrolled. It will go to
                // onAuthenticationError and do the right thing automatically.
                showBiometricPrompt();
                launchedBiometric = true;
            } else {
                showConfirmCredentials();
+                launchedCDC = true;
            }
        }

@@ -217,19 +226,20 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
    // credential. Otherwise, biometric can't unlock fbe/keystore through
    // verifyTiedProfileChallenge. In such case, we also wanna show the user message that
    // biometric is disabled due to device restart.
-    private boolean isStrongAuthRequired() {
-        return !mLockPatternUtils.isBiometricAllowedForUser(mEffectiveUserId)
+    private boolean isStrongAuthRequired(int effectiveUserId) {
+        return !mLockPatternUtils.isBiometricAllowedForUser(effectiveUserId)
                || !mUserManager.isUserUnlocked(mUserId);
    }

-    private boolean isBiometricDisabledByAdmin() {
+    private boolean isBiometricDisabledByAdmin(int effectiveUserId) {
        final int disabledFeatures =
-                mDevicePolicyManager.getKeyguardDisabledFeatures(null, mEffectiveUserId);
+                mDevicePolicyManager.getKeyguardDisabledFeatures(null, effectiveUserId);
        return (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_BIOMETRICS) != 0;
    }

-    private boolean isBiometricAllowed() {
-        return !isStrongAuthRequired() && !isBiometricDisabledByAdmin();
+    private boolean isBiometricAllowed(int effectiveUserId) {
+        return !isStrongAuthRequired(effectiveUserId)
+                && !isBiometricDisabledByAdmin(effectiveUserId);
    }

    private void showBiometricPrompt() {
@@ -250,6 +260,7 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
            newFragment = true;
        }
        mBiometricFragment.setCallbacks(mExecutor, mAuthenticationCallback);
+        mBiometricFragment.setUser(mUserId);

        if (newFragment) {
            getSupportFragmentManager().beginTransaction()