Open
Conversation
aryaman895
pushed a commit
that referenced
this pull request
Oct 18, 2023
Currently the full user (e.g. userId 0) is required to enter device credential (e.g. device PIN/pattern/password) to unlock the device in certain cases as specified by StrongAuthFlags (e.g. the user has triggered lockdown). After successfully verify the device credential, StrongAuthFlags for the full user will be set back to STRONG_AUTH_NOT_REQUIRED. This may or may not clear StrongAuthFlags for a profile of the user, depending on whether the profile has a separate or unified lock. Case #1: the profile has a seprate lock. In this case, the user will need to enter the device credential on lockscreen to unlock the device, and then enter the different profile lock to unlock the profile. StrongAuthFlags for the profile will only be cleared after successfully verifying the profile lock. Case #2: the profile has a unified lock. Currently in this case, StrongAuthFlags for the profile doesn't get cleared properly after the user verifies the device credential on lockscreen and unpauses the profile. For example, if the user triggers lockdown and later enters the device credential to unlock the device, StrongAuthFlags for the full user gets cleared (so the full user exits lockdown) while StrongAuthFlags for the profile doesn't get cleared (so the profile remains in lockdown), and thus notifications for the profile won't be shown properly. This CL fixes the issue above for the case #2. The user will only need to enter the device credential on lockscreen once to unlock the device. If the profile is already unpaused, at this point StrongAuthFlags should already be cleared; otherwise, StrongAuthFlags will be cleared after the user unpauses the profile (but without having to enter any lock again since the profile uses a unified lock). Test: (1) Set up a profile (e.g. a managed profile) with a unified lock. (2) Trigger the lockdown mode on lockscreen, and verify that StrongAuthFlags for the full user and the profile are both set properly, via "adb shell dumpsys lock_settings". (3) Enter the device credential on lockscreen for the full user, and verify that StrongAuthFlags for the full user is unset. StrongAuthFlags for the profile should also be cleared at this point if the profile was unpaused already before lockdown; otherwise (4) Unpause the profile and verify that StrongAuthFlags for the profile is cleared. Fix: 176924824 Bug: 173721373 (cherry picked from commit ea925cf) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:498867921e79a3809a7cfbbbcf3efc2a1e8eb8eb) Merged-In: Ic466fc22a5be9047d39194ad42c56dc4a2acb4dc Change-Id: Ic466fc22a5be9047d39194ad42c56dc4a2acb4dc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.