From 4bbf0653c0197aca3baa587df80e76ba1159a4fb Mon Sep 17 00:00:00 2001
From: Ricky Wai <rickywai@google.com>
Date: Fri, 1 Apr 2016 16:31:56 +0100
Subject: [PATCH] Keymaster init for work profile

Changes:
(1) When unified work challenge is enabled and screen lock is secure
  - Store work profile secure key in primary profile
  - When primary user keystore unlocked, unlock work profile keystore
  - When primary user change lock to none, remove work secure key
(2) When unified work challenge is enabled but screen lock is not secure
  - When screen lock changes to secure, store work secure key in primary
(3) When user changes work challenge from unified to separated
  - Remove work secure key in primary
(4) When user changes work challenge from separate to unified
  - Do (1) and (2)

Bug: 27460698

Change-Id: Id7464c178e6ea7b561643477e7cd84f963048c87
---
 src/com/android/settings/ChooseLockGeneric.java        | 8 ++++++--
 src/com/android/settings/SaveChosenLockWorkerBase.java | 1 -
 src/com/android/settings/SecuritySettings.java         | 9 ++++-----
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/com/android/settings/ChooseLockGeneric.java b/src/com/android/settings/ChooseLockGeneric.java
index 5eb17b2db0..edd59af818 100644
--- a/src/com/android/settings/ChooseLockGeneric.java
+++ b/src/com/android/settings/ChooseLockGeneric.java
@@ -206,7 +206,11 @@ public class ChooseLockGeneric extends SettingsActivity {
             } else if (!mWaitingForConfirmation) {
                 ChooseLockSettingsHelper helper =
                         new ChooseLockSettingsHelper(this.getActivity(), this);
-                if (!helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
+                boolean managedProfileWithUnifiedLock = Utils
+                        .isManagedProfile(UserManager.get(getActivity()), mUserId)
+                        && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId);
+                if (managedProfileWithUnifiedLock
+                        || !helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
                         getString(R.string.unlock_set_unlock_launch_picker_title), true, mUserId)) {
                     mPasswordConfirmed = true; // no password set, so no need to confirm
                     updatePreferencesOrFinish();
@@ -592,7 +596,7 @@ public class ChooseLockGeneric extends SettingsActivity {
             }
 
             if (quality == DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
-                mLockPatternUtils.setSeparateProfileChallengeEnabled(mUserId, true);
+                mLockPatternUtils.setSeparateProfileChallengeEnabled(mUserId, true, mUserPassword);
                 mChooseLockSettingsHelper.utils().clearLock(mUserId);
                 mChooseLockSettingsHelper.utils().setLockScreenDisabled(disabled, mUserId);
                 removeAllFingerprintTemplatesAndFinish();
diff --git a/src/com/android/settings/SaveChosenLockWorkerBase.java b/src/com/android/settings/SaveChosenLockWorkerBase.java
index 39620d59e2..7ce7a9064b 100644
--- a/src/com/android/settings/SaveChosenLockWorkerBase.java
+++ b/src/com/android/settings/SaveChosenLockWorkerBase.java
@@ -68,7 +68,6 @@ abstract class SaveChosenLockWorkerBase extends Fragment {
         mHasChallenge = hasChallenge;
         mChallenge = challenge;
         // This will be a no-op for non managed profiles.
-        mUtils.setSeparateProfileChallengeEnabled(mUserId, true);
         mWasSecureBefore = mUtils.isSecure(mUserId);
 
         Context context = getContext();
diff --git a/src/com/android/settings/SecuritySettings.java b/src/com/android/settings/SecuritySettings.java
index 32cd348c15..c1b7c6c7c8 100644
--- a/src/com/android/settings/SecuritySettings.java
+++ b/src/com/android/settings/SecuritySettings.java
@@ -697,8 +697,8 @@ public class SecuritySettings extends SettingsPreferenceFragment
     private void unifyLocks() {
         int profileQuality =
                 mLockPatternUtils.getKeyguardStoredPasswordQuality(mProfileChallengeUserId);
-        mLockPatternUtils.clearLock(mProfileChallengeUserId);
-        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false);
+        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false,
+                mCurrentProfilePassword);
         if (profileQuality == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING) {
             mLockPatternUtils.saveLockPattern(
                     LockPatternUtils.stringToPattern(mCurrentProfilePassword),
@@ -716,14 +716,13 @@ public class SecuritySettings extends SettingsPreferenceFragment
     }
 
     private void unifyUncompliantLocks() {
-        mLockPatternUtils.clearLock(mProfileChallengeUserId);
-        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false);
+        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, false,
+                mCurrentProfilePassword);
         startFragment(this, "com.android.settings.ChooseLockGeneric$ChooseLockGenericFragment",
                 R.string.lock_settings_picker_title, SET_OR_CHANGE_LOCK_METHOD_REQUEST, null);
     }
 
     private void ununifyLocks() {
-        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileChallengeUserId, true);
         Bundle extras = new Bundle();
         extras.putInt(Intent.EXTRA_USER_ID, mProfileChallengeUserId);
         startFragment(this,
-- 
2.11.0