From e053c1e5fb69fa87c534f2ba489f10bdcac3120c Mon Sep 17 00:00:00 2001
From: Pavel Grafov <pgrafov@google.com>
Date: Tue, 8 Aug 2017 16:53:32 +0100
Subject: [PATCH] Mark profile password key as critical.

Currently it is erased when keystore for user 0 is cleared, e.g.
when the user clears data for Settings app.

Bug: 64467610
Bug: 35929605
Test: Manually cleared Settings data.
Test: Manually cleared credentials from Settings.
Change-Id: I7e8753a1bf53f5d68d4738a4eb84faa890f026cc
---
 .../com/android/server/locksettings/LockSettingsService.java     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index a105c8414afec..2f166e9322757 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -1223,6 +1223,7 @@ public class LockSettingsService extends ILockSettings.Stub {
                                 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                                 .setUserAuthenticationRequired(true)
                                 .setUserAuthenticationValidityDurationSeconds(30)
+                                .setCriticalToDeviceEncryption(true)
                                 .build());
                 // Key imported, obtain a reference to it.
                 SecretKey keyStoreEncryptionKey = (SecretKey) keyStore.getKey(