From c548977ea179126b523a6492b8b8175adaafd530 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Wed, 28 Mar 2018 15:14:35 +0100 Subject: [PATCH] Confirm parent user's credential when setting lock for profile When a DPC fires ACTION_SET_NEW_PASSWORD to set a work challenge for an existing work profile with unified challenge, require the user to confirm exisiting device lock first. This is not only for increased security, but also a functionality requirement: the system can only re-derive the current work profile password needed by the password change after a fresh confirm credential operation. Test: Add device lock, create work profile, then execute: adb shell su 1010000 am start --user 10 -a android.app.action.SET_NEW_PASSWORD Verify the device is prompting for current password. Bug: 65910682 Change-Id: Ib4b4c88c1551cfff626f707d5f3182160a1ec46c --- src/com/android/settings/password/ChooseLockGeneric.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/password/ChooseLockGeneric.java b/src/com/android/settings/password/ChooseLockGeneric.java index e5ba200737a..aa67b85481e 100644 --- a/src/com/android/settings/password/ChooseLockGeneric.java +++ b/src/com/android/settings/password/ChooseLockGeneric.java @@ -236,7 +236,8 @@ public class ChooseLockGeneric extends SettingsActivity { boolean managedProfileWithUnifiedLock = UserManager.get(getActivity()).isManagedProfile(mUserId) && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId); - if (managedProfileWithUnifiedLock + boolean skipConfirmation = managedProfileWithUnifiedLock && !mIsSetNewPassword; + if (skipConfirmation || !helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST, getString(R.string.unlock_set_unlock_launch_picker_title), true, mUserId)) { mPasswordConfirmed = true; // no password set, so no need to confirm