From 454f53f7fd7084d6d9cda4376cb8ff7c4dca7983 Mon Sep 17 00:00:00 2001
From: Adrian Roos <roosa@google.com>
Date: Tue, 8 Aug 2017 14:56:42 +0200
Subject: [PATCH] FRP: clear FRP when setup complete if not set up

When setup completes and the user has not set up a new secure credential,
clear the FRP credential. Otherwise, if the user factory resets again, we
will ask for a stale credential that they never set up.

Change-Id: I824eb6a9308d9783220f670df19869137a9f3a5f
Fixes: 63016537
Test: Set up FRP credential, factory reset, go through setup without setting up a pin/pattern/password, factory reset again, verify not being asked for frp credential
---
 .../locksettings/LockSettingsService.java     | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index a105c8414afec..b6c130bad05b6 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -25,6 +25,7 @@ import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_EN
 import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_HANDLE_KEY;
 import static com.android.internal.widget.LockPatternUtils.USER_FRP;
 import static com.android.internal.widget.LockPatternUtils.frpCredentialEnabled;
+import static com.android.internal.widget.LockPatternUtils.userOwnsFrpCredential;
 
 import android.annotation.UserIdInt;
 import android.app.ActivityManager;
@@ -2359,6 +2360,7 @@ public class LockSettingsService extends ILockSettings.Stub {
                 if (isProvisioned()) {
                     Slog.i(TAG, "Reporting device setup complete to IGateKeeperService");
                     reportDeviceSetupComplete();
+                    clearFrpCredentialIfOwnerNotSecure();
                 }
             }
         }
@@ -2386,6 +2388,23 @@ public class LockSettingsService extends ILockSettings.Stub {
             }
         }
 
+        /**
+         * Clears the FRP credential if the user that controls it does not have a secure
+         * lockscreen.
+         */
+        private void clearFrpCredentialIfOwnerNotSecure() {
+            List<UserInfo> users = mUserManager.getUsers();
+            for (UserInfo user : users) {
+                if (userOwnsFrpCredential(user)) {
+                    if (!isUserSecure(user.id)) {
+                        mStorage.writePersistentDataBlock(PersistentData.TYPE_NONE, user.id,
+                                0, null);
+                    }
+                    return;
+                }
+            }
+        }
+
         private void updateRegistration() {
             boolean register = !isProvisioned();
             if (register == mRegistered) {