Disable strong auth for all profiles after successful unlock

The change generalizes the workflow to disable strong auth requirements for all profiles that require authentication to disable quiet mode, once a successful unlock has happened through CDCA. Currently, the call to disable the strong auth requirements is only being done for work-profile. Test: Tested locally on device with private space setup with a separate challenge and tested the strong auth tracker values post this change. Bug: 312184187 Change-Id: Ib41c51d1df78eea9415d72724b8cc693344e2c26
2024-01-02 18:12:46 +00:00
parent 72d638e681
commit 3adb65b84d
1 changed files with 34 additions and 4 deletions
--- a/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java
@@ -23,6 +23,8 @@ import android.app.IActivityManager;
 import android.app.admin.DevicePolicyManager;
 import android.content.Intent;
 import android.content.IntentSender;
+import android.content.pm.UserInfo;
+import android.content.pm.UserProperties;
 import android.os.RemoteException;
 import android.os.UserManager;
 import android.view.View;
@@ -68,16 +70,44 @@ public class ConfirmDeviceCredentialUtils {
            DevicePolicyManager dpm, int userId, boolean isStrongAuth) {
        if (isStrongAuth) {
            utils.reportSuccessfulPasswordAttempt(userId);
+            if (isBiometricUnlockEnabledForPrivateSpace()) {
+                final UserInfo userInfo = userManager.getUserInfo(userId);
+                if (userInfo != null) {
+                    if (isProfileThatAlwaysRequiresAuthToDisableQuietMode(userManager, userInfo)
+                            || userInfo.isManagedProfile()) {
+                        // Keyguard is responsible to disable StrongAuth for primary user. Disable
+                        // StrongAuth for profile challenges only here.
+                        utils.userPresent(userId);
+                    }
+                }
+            }
        } else {
            dpm.reportSuccessfulBiometricAttempt(userId);
        }
-        if (userManager.isManagedProfile(userId)) {
-            // Keyguard is responsible to disable StrongAuth for primary user. Disable StrongAuth
-            // for work challenge only here.
-            utils.userPresent(userId);
+        if (!isBiometricUnlockEnabledForPrivateSpace()) {
+            if (userManager.isManagedProfile(userId)) {
+                // Disable StrongAuth for work challenge only here.
+                utils.userPresent(userId);
+            }
        }
    }

+    /**
+     * Returns true if the userInfo passed as the parameter corresponds to a profile that always
+     * requires auth to disable quiet mode and false otherwise
+     */
+    private static boolean isProfileThatAlwaysRequiresAuthToDisableQuietMode(
+            UserManager userManager, @NonNull UserInfo userInfo) {
+        final UserProperties userProperties =
+                    userManager.getUserProperties(userInfo.getUserHandle());
+        return userProperties.isAuthAlwaysRequiredToDisableQuietMode() && userInfo.isProfile();
+    }
+
+    private static boolean isBiometricUnlockEnabledForPrivateSpace() {
+        return android.os.Flags.allowPrivateProfile()
+                && android.multiuser.Flags.enableBiometricsToUnlockPrivateSpace();
+    }
+
    /**
     * Request hiding soft-keyboard before animating away credential UI, in case IME
     * insets animation get delayed by dismissing animation.