From aca11d8bea9c9c00482f72957b5e025dd91243dd Mon Sep 17 00:00:00 2001
From: Selim Cinek <cinek@google.com>
Date: Thu, 3 Nov 2016 14:55:40 -0700
Subject: Fixed a bug with the emergency affordance in multi user

The emergency call was not launched in the current user
and therefore was only launching once the user had switched.

Change-Id: If6f3bcf77d88a0658b6e0f91f7e4da5d6264b04f
Fixes: 32424103
Test: manual: switch to secondary user and launch emergency affordance
(cherry picked from commit b8a7f78d242cafb0c3ec10868c28583e8aacdf7a)
---
 core/java/com/android/internal/policy/EmergencyAffordanceManager.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/java/com/android/internal/policy/EmergencyAffordanceManager.java b/core/java/com/android/internal/policy/EmergencyAffordanceManager.java
index bed7c1ba4ed3..eb75bd497434 100644
--- a/core/java/com/android/internal/policy/EmergencyAffordanceManager.java
+++ b/core/java/com/android/internal/policy/EmergencyAffordanceManager.java
@@ -20,6 +20,7 @@ import android.content.Context;
 import android.content.Intent;
 import android.net.Uri;
 import android.os.Build;
+import android.os.UserHandle;
 import android.provider.Settings;
 
 /**
@@ -72,7 +73,7 @@ public class EmergencyAffordanceManager {
         Intent intent = new Intent(Intent.ACTION_CALL_EMERGENCY);
         intent.setData(getPhoneUri(context));
         intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
-        context.startActivity(intent);
+        context.startActivityAsUser(intent, UserHandle.CURRENT);
     }
 
     /**
-- 
cgit v1.2.3


From 84e380e93c1bc7001edc2af9b4c01ad49606aa5e Mon Sep 17 00:00:00 2001
From: Ricky Wai <rickywai@google.com>
Date: Thu, 17 Nov 2016 18:49:17 +0000
Subject: Catch KeyStoreException for setting profile lock

When device upgrades from L->N, sid(in gatekeeper) could be 0
even primary profile screenlock is set.
We are now trying to catch the exception so when sid==0 happens,
it will try to tie profile lock again when primary profile is unlocked.

Bug: 32490092
Change-Id: I73011d872ac15e7e09be9bda0165cf7f6a75493a
(cherry picked from commit c8fa5ed8f2d492aa5e005fcdb5991c3f980de045)
---
 .../java/com/android/server/LockSettingsService.java     | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index a91e2053c01d..846551f7f119 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -245,13 +245,16 @@ public class LockSettingsService extends ILockSettings.Stub {
         try {
             randomLockSeed = SecureRandom.getInstance("SHA1PRNG").generateSeed(40);
             String newPassword = String.valueOf(HexEncoding.encode(randomLockSeed));
+            tieProfileLockToParent(managedUserId, newPassword);
             setLockPasswordInternal(newPassword, managedUserPassword, managedUserId);
             // We store a private credential for the managed user that's unlocked by the primary
             // account holder's credential. As such, the user will never be prompted to enter this
             // password directly, so we always store a password.
             setLong(LockPatternUtils.PASSWORD_TYPE_KEY,
                     DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC, managedUserId);
-            tieProfileLockToParent(managedUserId, newPassword);
+        } catch (KeyStoreException e) {
+            // Bug: 32490092
+            Slog.e(TAG, "Not able to set keys to keystore", e);
         } catch (NoSuchAlgorithmException | RemoteException e) {
             Slog.e(TAG, "Fail to tie managed profile", e);
             // Nothing client can do to fix this issue, so we do not throw exception out
@@ -758,6 +761,7 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     private void unlockChildProfile(int profileHandle) throws RemoteException {
+        if (DEBUG) Slog.v(TAG, "Unlock child profile");
         try {
             doVerifyPassword(getDecryptedPasswordForTiedProfile(profileHandle), false,
                     0 /* no challenge */, profileHandle, null /* progressCallback */);
@@ -1017,7 +1021,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         }
     }
 
-    private void tieProfileLockToParent(int userId, String password) {
+    private void tieProfileLockToParent(int userId, String password) throws KeyStoreException {
         if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId);
         byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8);
         byte[] encryptionResult;
@@ -1059,7 +1063,7 @@ public class LockSettingsService extends ILockSettings.Stub {
                 keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId);
             }
         } catch (CertificateException | UnrecoverableKeyException
-                | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException
+                | IOException | BadPaddingException | IllegalBlockSizeException
                 | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) {
             throw new RuntimeException("Failed to encrypt key", e);
         }
@@ -1201,7 +1205,11 @@ public class LockSettingsService extends ILockSettings.Stub {
         } finally {
             if (managedUserId != -1 && managedUserDecryptedPassword != null) {
                 if (DEBUG) Slog.v(TAG, "Restore tied profile lock");
-                tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
+                try {
+                    tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
+                } catch (KeyStoreException e) {
+                    throw new RuntimeException("Failed to tie profile lock", e);
+                }
             }
         }
     }
-- 
cgit v1.2.3