Merge "Improve work profile unification flow" into rvc-dev

2 files changed, 35 insertions, 61 deletions

diff --git a/src/com/android/settings/security/LockUnificationPreferenceController.java b/src/com/android/settings/security/LockUnificationPreferenceController.java
index 4bac601cf2..9cacf8e2ec 100644
--- a/src/com/android/settings/security/LockUnificationPreferenceController.java
+++ b/src/com/android/settings/security/LockUnificationPreferenceController.java
@@ -16,7 +16,6 @@
 
 package com.android.settings.security;
 
-import static com.android.settings.security.SecuritySettings.UNIFY_LOCK_CONFIRM_DEVICE_REQUEST;
 import static com.android.settings.security.SecuritySettings.UNIFY_LOCK_CONFIRM_PROFILE_REQUEST;
 import static com.android.settings.security.SecuritySettings.UNUNIFY_LOCK_CONFIRM_DEVICE_REQUEST;
 
@@ -48,12 +47,14 @@ import com.android.settingslib.core.AbstractPreferenceController;
  * Controller for password unification/un-unification flows.
  *
  * When password is being unified, there may be two cases:
- *   1. If work password is not empty and satisfies device-wide policies (if any), it will be made
- *      into device-wide password. To do that we need both current device and profile passwords
- *      because both of them will be changed as a result.
- *   2. Otherwise device-wide password is preserved. In this case we only need current profile
- *      password, but after unifying the passwords we proceed to ask the user for a new device
- *      password.
+ *   1. If device password will satisfy device-wide policies post-unification (when password policy
+ *      set on the work challenge will be enforced on device password), the device password is
+ *      preserved while work challenge is unified. Only the current work challenge is required
+ *      in this flow.
+ *   2. Otherwise the user will need to enroll a new compliant device password before unification
+ *      takes place. In this case we first confirm the current work challenge, then guide the user
+ *      through an enrollment flow for the new device password, and finally unify the work challenge
+ *      at the very end.
  */
 public class LockUnificationPreferenceController extends AbstractPreferenceController
         implements PreferenceControllerMixin, Preference.OnPreferenceChangeListener {
@@ -73,7 +74,7 @@ public class LockUnificationPreferenceController extends AbstractPreferenceContr
 
     private LockscreenCredential mCurrentDevicePassword;
     private LockscreenCredential mCurrentProfilePassword;
-    private boolean mKeepDeviceLock;
+    private boolean mRequireNewDevicePassword;
 
     @Override
     public void displayPreference(PreferenceScreen screen) {
@@ -112,13 +113,9 @@ public class LockUnificationPreferenceController extends AbstractPreferenceContr
         }
         final boolean useOneLock = (Boolean) value;
         if (useOneLock) {
-            // Keep current device (personal) lock if the profile lock is empty or is not compliant
-            // with the policy on personal side.
-            mKeepDeviceLock =
-                    mLockPatternUtils.getKeyguardStoredPasswordQuality(mProfileUserId)
-                            < DevicePolicyManager.PASSWORD_QUALITY_SOMETHING
-                            || !mDpm.isProfileActivePasswordSufficientForParent(mProfileUserId);
-            UnificationConfirmationDialog.newInstance(!mKeepDeviceLock).show(mHost);
+            mRequireNewDevicePassword = !mDpm.isPasswordSufficientAfterProfileUnification(
+                    UserHandle.myUserId(), mProfileUserId);
+            startUnification();
         } else {
             final String title = mContext.getString(R.string.unlock_set_unlock_launch_picker_title);
             final ChooseLockSettingsHelper helper =
@@ -149,13 +146,9 @@ public class LockUnificationPreferenceController extends AbstractPreferenceContr
     public boolean handleActivityResult(int requestCode, int resultCode, Intent data) {
         if (requestCode == UNUNIFY_LOCK_CONFIRM_DEVICE_REQUEST
                 && resultCode == Activity.RESULT_OK) {
-            ununifyLocks();
-            return true;
-        } else if (requestCode == UNIFY_LOCK_CONFIRM_DEVICE_REQUEST
-                && resultCode == Activity.RESULT_OK) {
             mCurrentDevicePassword =
                     data.getParcelableExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
-            launchConfirmProfileLock();
+            ununifyLocks();
             return true;
         } else if (requestCode == UNIFY_LOCK_CONFIRM_PROFILE_REQUEST
                 && resultCode == Activity.RESULT_OK) {
@@ -170,67 +163,44 @@ public class LockUnificationPreferenceController extends AbstractPreferenceContr
     private void ununifyLocks() {
         final Bundle extras = new Bundle();
         extras.putInt(Intent.EXTRA_USER_ID, mProfileUserId);
+        extras.putParcelable(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, mCurrentDevicePassword);
         new SubSettingLauncher(mContext)
                 .setDestination(ChooseLockGeneric.ChooseLockGenericFragment.class.getName())
-                    .setTitleRes(R.string.lock_settings_picker_title_profile)
+                .setTitleRes(R.string.lock_settings_picker_title_profile)
                 .setSourceMetricsCategory(mHost.getMetricsCategory())
                 .setArguments(extras)
                 .launch();
     }
 
-    /** Asks the user to confirm device lock (if there is one) and proceeds to ask profile lock. */
-    private void launchConfirmDeviceAndProfileLock() {
-        final String title = mContext.getString(
-                R.string.unlock_set_unlock_launch_picker_title);
-        final ChooseLockSettingsHelper helper =
-                new ChooseLockSettingsHelper(mHost.getActivity(), mHost);
-        if (!helper.launchConfirmationActivity(
-                UNIFY_LOCK_CONFIRM_DEVICE_REQUEST, title, true, MY_USER_ID)) {
-            launchConfirmProfileLock();
-        }
-    }
-
-    private void launchConfirmProfileLock() {
+    void startUnification() {
+        // Confirm profile lock
         final String title = mContext.getString(
                 R.string.unlock_set_unlock_launch_picker_title_profile);
         final ChooseLockSettingsHelper helper =
                 new ChooseLockSettingsHelper(mHost.getActivity(), mHost);
         if (!helper.launchConfirmationActivity(
                 UNIFY_LOCK_CONFIRM_PROFILE_REQUEST, title, true, mProfileUserId)) {
+            // If profile has no lock, go straight to unification.
             unifyLocks();
             // TODO: update relevant prefs.
             // createPreferenceHierarchy();
         }
     }
 
-    void startUnification() {
-        // If the device lock stays the same, only confirm profile lock. Otherwise confirm both.
-        if (mKeepDeviceLock) {
-            launchConfirmProfileLock();
-        } else {
-            launchConfirmDeviceAndProfileLock();
-        }
-    }
-
     private void unifyLocks() {
-        if (mKeepDeviceLock) {
-            unifyKeepingDeviceLock();
-            promptForNewDeviceLock();
+        if (mRequireNewDevicePassword) {
+            promptForNewDeviceLockAndThenUnify();
         } else {
-            unifyKeepingWorkLock();
+            unifyKeepingDeviceLock();
+        }
+        if (mCurrentDevicePassword != null) {
+            mCurrentDevicePassword.zeroize();
+            mCurrentDevicePassword = null;
+        }
+        if (mCurrentProfilePassword != null) {
+            mCurrentProfilePassword.zeroize();
+            mCurrentProfilePassword = null;
         }
-        mCurrentDevicePassword = null;
-        mCurrentProfilePassword = null;
-    }
-
-    private void unifyKeepingWorkLock() {
-        mLockPatternUtils.setLockCredential(
-                mCurrentProfilePassword, mCurrentDevicePassword, MY_USER_ID);
-        mLockPatternUtils.setSeparateProfileChallengeEnabled(mProfileUserId, false,
-                mCurrentProfilePassword);
-        final boolean profilePatternVisibility =
-                mLockPatternUtils.isVisiblePatternEnabled(mProfileUserId);
-        mLockPatternUtils.setVisiblePatternEnabled(profilePatternVisibility, MY_USER_ID);
     }
 
     private void unifyKeepingDeviceLock() {
@@ -238,11 +208,16 @@ public class LockUnificationPreferenceController extends AbstractPreferenceContr
                 mCurrentProfilePassword);
     }
 
-    private void promptForNewDeviceLock() {
+    private void promptForNewDeviceLockAndThenUnify() {
+        final Bundle extras = new Bundle();
+        extras.putInt(ChooseLockSettingsHelper.EXTRA_KEY_UNIFICATION_PROFILE_ID, mProfileUserId);
+        extras.putParcelable(ChooseLockSettingsHelper.EXTRA_KEY_UNIFICATION_PROFILE_CREDENTIAL,
+                mCurrentProfilePassword);
         new SubSettingLauncher(mContext)
                 .setDestination(ChooseLockGeneric.ChooseLockGenericFragment.class.getName())
                 .setTitleRes(R.string.lock_settings_picker_title)
                 .setSourceMetricsCategory(mHost.getMetricsCategory())
+                .setArguments(extras)
                 .launch();
     }
 
diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
index effbd70dc8..c8288c6c7f 100644
--- a/src/com/android/settings/security/SecuritySettings.java
+++ b/src/com/android/settings/security/SecuritySettings.java
@@ -47,7 +47,6 @@ public class SecuritySettings extends DashboardFragment {
     private static final String WORK_PROFILE_SECURITY_CATEGORY = "security_category_profile";
 
     public static final int CHANGE_TRUST_AGENT_SETTINGS = 126;
-    public static final int UNIFY_LOCK_CONFIRM_DEVICE_REQUEST = 128;
     public static final int UNIFY_LOCK_CONFIRM_PROFILE_REQUEST = 129;
     public static final int UNUNIFY_LOCK_CONFIRM_DEVICE_REQUEST = 130;