From fb08a8095581bffafc21fc3e64794e54e535813a Mon Sep 17 00:00:00 2001 From: Oli Thompson Date: Fri, 26 Apr 2024 14:01:14 +0000 Subject: [PATCH] Correctly unlock storage for work profiles with unified challenge When turning off quiet mode for work profiles, ACTION_CONFIRM_DEVICE_CREDENTIAL_WITH_USER is fired to confirm the device/profile PIN in order to decrypt the profile's storage. For work profiles with unified challenge, we are expected to call LockPatternUtils.verifyTiedProfileChallenge() that specifically decrypts the work profile's storage using the device PIN. This code flow is only reachable when mForceVerifyPath is true in ConfirmDeviceCredentialActivity. In I8b61e7d2df5792cbdb2e12b19e5a5582ea2290b7 a regression was introduced that caused the wong condition to be used, and as a result work profile with unified challenge is no longer unlocked correctly in this unlock flow. This bug is normally masked since we cache the unified work profile's password and don't ask the user for device PINs most of the time. It's only reproducible when turning on work profile from the keyguard, when we don't use the password cache. Fix this by using the right condition. Bug: 328640625 Test: m RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.password Change-Id: I5eb9379dc140c9803f033beee38fcd63aa9a85c0 --- .../settings/password/ConfirmDeviceCredentialActivity.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java index cf805130591..6a30ee7b72e 100644 --- a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java +++ b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java @@ -278,7 +278,8 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity { .setRequestWriteRepairModePassword(true) .setForceVerifyPath(true) .show(); - } else if (isEffectiveUserManagedProfile && isInternalActivity()) { + } else if (mLockPatternUtils.isManagedProfileWithUnifiedChallenge(mUserId) + && isInternalActivity()) { // When the mForceVerifyPath is set to true, we launch the real confirm credential // activity with an explicit but fake challenge value (0L). This will result in // ConfirmLockPassword calling verifyTiedProfileChallenge() (if it's a profile with