From: Pavel Grafov Date: Thu, 9 Aug 2018 15:51:55 +0000 (+0100) Subject: Respect per-user fingerprints on profiles with unified challenge. X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=f20e34167e4d5b07772067f50486cb6fc6acf7c6;p=android-x86%2Fpackages-apps-Settings.git Respect per-user fingerprints on profiles with unified challenge. When an app uses KeyguardManager.createConfirmDeviceCredentialIntent to ask the user to confirm credentials, it first goes into ConfirmDeviceCredentialActivity and then goes into ConfirmLockPattern/ConfirmLockPassword, that incorporates a derivative of ConfirmDeviceCredentialBaseFragment to deal with the actual credential and fingerprint checking. There are two bits of logic that are changed: 1) ConfirmDeviceCredentialBaseFragment gets target user id from the intent, then uses UserManager.getCredentialOwnerProfile to find the credential owner user id. If the target user is a work profile with unified challenge, profile owner will be primary user, otherwise it will be the same user. When credential confirmation dialog is invoked via KeyguardManager.createConfirmDeviceCredentialIntent, mUserId will already correspond to credential owner because ConfirmDeviceCredentialActivity already calls getCredentialOwnerUserId(), so real target user is not available. With this CL ConfirmDeviceCredentialActivity doesn't query credential owner because it will be handled later anyway. 2) Currently when confirming credentials for work profile with unified challenge we use mEffectiveUserId (credential owner) for fingerprints, which is incorrect, since fingerprints are per-user and primary profile fingerprints cannot unlock work profile apps' auth-bound keys. With this CL work profile user is used for fingerprints. Bug: 111821299 Test: manual, tried ConfirmCredential sample app in both profiles Test: manual, tried CA certificate installation in both profiles Test: manual, tried separate work challenge Change-Id: I074f773de1bd6207b01664f259bdd04766f32d41 --- diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java index 65d72f11bb..f5b3b054c5 100644 --- a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java +++ b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java @@ -23,6 +23,7 @@ import android.app.admin.DevicePolicyManager; import android.content.Context; import android.content.Intent; import android.os.Bundle; +import android.os.UserHandle; import android.os.UserManager; import android.util.Log; @@ -70,7 +71,7 @@ public class ConfirmDeviceCredentialActivity extends Activity { KeyguardManager.EXTRA_ALTERNATE_BUTTON_LABEL); boolean frp = KeyguardManager.ACTION_CONFIRM_FRP_CREDENTIAL.equals(intent.getAction()); - int userId = Utils.getCredentialOwnerUserId(this); + int userId = UserHandle.myUserId(); if (isInternalActivity()) { try { userId = Utils.getUserIdFromBundle(this, intent.getExtras()); diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java b/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java index 0f6eeb3bb6..23bc26f3da 100644 --- a/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java +++ b/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java @@ -125,8 +125,7 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends InstrumentedFr mCancelButton = (Button) view.findViewById(R.id.cancelButton); mFingerprintIcon = (ImageView) view.findViewById(R.id.fingerprintIcon); mFingerprintHelper = new FingerprintUiHelper( - mFingerprintIcon, - (TextView) view.findViewById(R.id.errorText), this, mEffectiveUserId); + mFingerprintIcon, view.findViewById(R.id.errorText), this, mUserId); boolean showCancelButton = getActivity().getIntent().getBooleanExtra( SHOW_CANCEL_BUTTON, false); boolean hasAlternateButton = mFrp && !TextUtils.isEmpty(mFrpAlternateButtonText);