Confirm parent user's credential when setting lock for profile

When a DPC fires ACTION_SET_NEW_PASSWORD to set a work challenge for an existing work profile with unified challenge, require the user to confirm exisiting device lock first. This is not only for increased security, but also a functionality requirement: the system can only re-derive the current work profile password needed by the password change after a fresh confirm credential operation. Test: Add device lock, create work profile, then execute: adb shell su 1010000 am start --user 10 -a android.app.action.SET_NEW_PASSWORD Verify the device is prompting for current password. Bug: 65910682 Change-Id: Ib4b4c88c1551cfff626f707d5f3182160a1ec46c
2018-03-28 15:14:35 +01:00
parent d7ea524e81
commit c548977ea1
1 changed files with 2 additions and 1 deletions
--- a/src/com/android/settings/password/ChooseLockGeneric.java
+++ b/src/com/android/settings/password/ChooseLockGeneric.java
@@ -236,7 +236,8 @@ public class ChooseLockGeneric extends SettingsActivity {
                boolean managedProfileWithUnifiedLock =
                        UserManager.get(getActivity()).isManagedProfile(mUserId)
                        && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId);
-                if (managedProfileWithUnifiedLock
+                boolean skipConfirmation = managedProfileWithUnifiedLock && !mIsSetNewPassword;
+                if (skipConfirmation
                        || !helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
                        getString(R.string.unlock_set_unlock_launch_picker_title), true, mUserId)) {
                    mPasswordConfirmed = true; // no password set, so no need to confirm