Keymaster init for work profile

Changes:
(1) When unified work challenge is enabled and screen lock is secure
  - Store work profile secure key in primary profile
  - When primary user keystore unlocked, unlock work profile keystore
  - When primary user change lock to none, remove work secure key
(2) When unified work challenge is enabled but screen lock is not secure
  - When screen lock changes to secure, store work secure key in primary
(3) When user changes work challenge from unified to separated
  - Remove work secure key in primary
(4) When user changes work challenge from separate to unified
  - Do (1) and (2)

Bug: 27460698

Change-Id: Id7464c178e6ea7b561643477e7cd84f963048c87

src/com/android/settings/ChooseLockGeneric.java

@@ -206,7 +206,11 @@ public class ChooseLockGeneric extends SettingsActivity {
             } else if (!mWaitingForConfirmation) {
                 ChooseLockSettingsHelper helper =
                         new ChooseLockSettingsHelper(this.getActivity(), this);
-                if (!helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
+                boolean managedProfileWithUnifiedLock = Utils
+                        .isManagedProfile(UserManager.get(getActivity()), mUserId)
+                        && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId);
+                if (managedProfileWithUnifiedLock
+                        || !helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
                         getString(R.string.unlock_set_unlock_launch_picker_title), true, mUserId)) {
                     mPasswordConfirmed = true; // no password set, so no need to confirm
                     updatePreferencesOrFinish();
@@ -592,7 +596,7 @@ public class ChooseLockGeneric extends SettingsActivity {
             }
 
             if (quality == DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
-                mLockPatternUtils.setSeparateProfileChallengeEnabled(mUserId, true);
+                mLockPatternUtils.setSeparateProfileChallengeEnabled(mUserId, true, mUserPassword);
                 mChooseLockSettingsHelper.utils().clearLock(mUserId);
                 mChooseLockSettingsHelper.utils().setLockScreenDisabled(disabled, mUserId);
                 removeAllFingerprintTemplatesAndFinish();

src/com/android/settings/SaveChosenLockWorkerBase.java

@@ -68,7 +68,6 @@ abstract class SaveChosenLockWorkerBase extends Fragment {
         mHasChallenge = hasChallenge;
         mChallenge = challenge;
         // This will be a no-op for non managed profiles.
-        mUtils.setSeparateProfileChallengeEnabled(mUserId, true);
         mWasSecureBefore = mUtils.isSecure(mUserId);
 
         Context context = getContext();

src/com/android/settings/SecuritySettings.java

@@ -697,8 +697,8 @@ public class SecuritySettings extends SettingsPreferenceFragment
     private void unifyLocks() {
         int profileQuality =
                 mLockPatternUtils.getKeyguardStoredPasswordQuality(mProfileChallengeUserId);
-        mLockPatternUtils.clearLock(mProfileChallengeUserId);
-        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false);
+        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false,
+                mCurrentProfilePassword);
         if (profileQuality == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING) {
             mLockPatternUtils.saveLockPattern(
                     LockPatternUtils.stringToPattern(mCurrentProfilePassword),
@@ -716,14 +716,13 @@ public class SecuritySettings extends SettingsPreferenceFragment
     }
 
     private void unifyUncompliantLocks() {
-        mLockPatternUtils.clearLock(mProfileChallengeUserId);
-        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false);
+        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false,
+                mCurrentProfilePassword);
         startFragment(this, "com.android.settings.ChooseLockGeneric$ChooseLockGenericFragment",
                 R.string.lock_settings_picker_title, SET_OR_CHANGE_LOCK_METHOD_REQUEST, null);
     }
 
     private void ununifyLocks() {
-        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, true);
         Bundle extras = new Bundle();
         extras.putInt(Intent.EXTRA_USER_ID, mProfileChallengeUserId);
         startFragment(this,