Retain FRP data when FR is invoked in Settings

* If the device is an organization-owned managed profile device and a FRP policy is set, the factory reset protection data is no longer erased from factory reset in Settings. Bug: 148847767 Test: manual testing Change-Id: Iebaf2446f23626b24db37f5173dc77f9dee25ba9
2020-03-19 17:34:46 +00:00
parent cdaf5d38b5
commit 74260a733f
2 changed files with 131 additions and 10 deletions
--- a/src/com/android/settings/MasterClearConfirm.java
+++ b/src/com/android/settings/MasterClearConfirm.java
@@ -22,6 +22,8 @@ import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
 import android.app.ActionBar;
 import android.app.Activity;
 import android.app.ProgressDialog;
+import android.app.admin.DevicePolicyManager;
+import android.app.admin.FactoryResetProtectionPolicy;
 import android.app.settings.SettingsEnums;
 import android.content.Context;
 import android.content.Intent;
@@ -83,14 +85,9 @@ public class MasterClearConfirm extends InstrumentedFragment {

            final PersistentDataBlockManager pdbManager = (PersistentDataBlockManager)
                    getActivity().getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
-            final OemLockManager oemLockManager = (OemLockManager)
-                    getActivity().getSystemService(Context.OEM_LOCK_SERVICE);

-            if (pdbManager != null && !oemLockManager.isOemUnlockAllowed() &&
-                    WizardManagerHelper.isDeviceProvisioned(getActivity())) {
-                // if OEM unlock is allowed, the persistent data block will be wiped during FR
-                // process. If disabled, it will be wiped here, unless the device is still being
-                // provisioned, in which case the persistent data block will be preserved.
+            if (shouldWipePersistentDataBlock(pdbManager)) {
+
                new AsyncTask<Void, Void, Void>() {
                    int mOldOrientation;
                    ProgressDialog mProgressDialog;
@@ -140,6 +137,44 @@ public class MasterClearConfirm extends InstrumentedFragment {
        }
    };

+    @VisibleForTesting
+    boolean shouldWipePersistentDataBlock(PersistentDataBlockManager pdbManager) {
+        if (pdbManager == null) {
+            return false;
+        }
+        // The persistent data block will persist if the device is still being provisioned.
+        if (isDeviceStillBeingProvisioned()) {
+            return false;
+        }
+        // If OEM unlock is allowed, the persistent data block will be wiped during FR
+        // process. If disabled, it will be wiped here instead.
+        if (isOemUnlockedAllowed()) {
+            return false;
+        }
+        // Do not erase the factory reset protection data (from Settings) if the
+        // device is an organization-owned managed profile device and a factory
+        // reset protection policy has been set.
+        final DevicePolicyManager dpm = (DevicePolicyManager) getActivity()
+                .getSystemService(Context.DEVICE_POLICY_SERVICE);
+        FactoryResetProtectionPolicy frpPolicy = dpm.getFactoryResetProtectionPolicy(null);
+        if (dpm.isOrganizationOwnedDeviceWithManagedProfile() && frpPolicy != null
+                && frpPolicy.isNotEmpty()) {
+            return false;
+        }
+        return true;
+    }
+
+    @VisibleForTesting
+    boolean isOemUnlockedAllowed() {
+        return ((OemLockManager) getActivity().getSystemService(
+                Context.OEM_LOCK_SERVICE)).isOemUnlockAllowed();
+    }
+
+    @VisibleForTesting
+    boolean isDeviceStillBeingProvisioned() {
+        return !WizardManagerHelper.isDeviceProvisioned(getActivity());
+    }
+
    private void doMasterClear() {
        Intent intent = new Intent(Intent.ACTION_FACTORY_RESET);
        intent.setPackage("android");