Lines Matching refs:userId
250 protected void handleStrongAuthRequiredChanged(int strongAuthFlags, int userId) {
252 super.handleStrongAuthRequiredChanged(strongAuthFlags, userId);
257 public int getStrongAuthForUser(int userId) {
259 return super.getStrongAuthForUser(userId);
449 private void maybeShowEncryptionNotificationForUser(@UserIdInt int userId) {
450 final UserInfo user = mUserManager.getUserInfo(userId);
459 final boolean isSecure = isUserSecure(userId);
461 UserInfo parent = mUserManager.getProfileParent(userId);
526 public void onCleanupUser(int userId) {
527 hideEncryptionNotification(new UserHandle(userId));
531 requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_BOOT, userId);
534 public void onStartUser(final int userId) {
535 maybeShowEncryptionNotificationForUser(userId);
543 private void ensureProfileKeystoreUnlocked(int userId) {
545 if (ks.state(userId) == KeyStore.State.LOCKED
546 && tiedManagedProfileReadyToUnlock(mUserManager.getUserInfo(userId))) {
552 unlockChildProfile(userId, true /* ignoreUserNotAuthenticated */);
559 public void onUnlockUser(final int userId) {
565 ensureProfileKeystoreUnlocked(userId);
567 hideEncryptionNotification(new UserHandle(userId));
571 List<UserInfo> profiles = mUserManager.getProfiles(userId);
584 if (mUserManager.getUserInfo(userId).isManagedProfile()) {
585 tieManagedProfileLockIfNecessary(userId, null);
592 if (mUserManager.getUserInfo(userId).isPrimary() && !isUserSecure(userId)) {
593 tryDeriveAuthTokenForUnsecuredPrimaryUser(userId);
599 private void tryDeriveAuthTokenForUnsecuredPrimaryUser(@UserIdInt int userId) {
602 if (!isSyntheticPasswordBasedCredentialLocked(userId)) {
607 final long handle = getSyntheticPasswordHandleLocked(userId);
611 getGateKeeperService(), handle, noCredential, userId, null);
613 Slog.i(TAG, "Retrieved auth token for user " + userId);
614 onAuthTokenKnownForUser(userId, result.authToken);
616 Slog.e(TAG, "Auth token not available for user " + userId);
698 final int userId = users.get(user).id;
700 String ownerInfo = Settings.Secure.getStringForUser(cr, OWNER_INFO, userId);
702 setString(OWNER_INFO, ownerInfo, userId);
703 Settings.Secure.putStringForUser(cr, OWNER_INFO, "", userId);
712 int ivalue = Settings.Secure.getIntForUser(cr, OWNER_INFO_ENABLED, userId);
714 setLong(OWNER_INFO_ENABLED, enabled ? 1 : 0, userId);
718 setLong(OWNER_INFO_ENABLED, 1, userId);
721 Settings.Secure.putIntForUser(cr, OWNER_INFO_ENABLED, 0, userId);
732 int userId = users.get(i).id;
735 userId);
738 userId);
742 userId);
746 userId);
898 private final void checkWritePermission(int userId) {
902 private final void checkPasswordReadPermission(int userId) {
906 private final void checkPasswordHavePermission(int userId) {
913 private final void checkReadPermission(String requestedKey, int userId) {
922 + requestedKey + " for user " + userId);
932 + requestedKey + " for user " + userId);
938 public boolean getSeparateProfileChallengeEnabled(int userId) {
939 checkReadPermission(SEPARATE_PROFILE_CHALLENGE_KEY, userId);
941 return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userId);
946 public void setSeparateProfileChallengeEnabled(int userId, boolean enabled,
948 checkWritePermission(userId);
950 setSeparateProfileChallengeEnabledLocked(userId, enabled, managedUserPassword);
952 notifySeparateProfileChallengeChanged(userId);
956 private void setSeparateProfileChallengeEnabledLocked(@UserIdInt int userId, boolean enabled,
958 setBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, enabled, userId);
960 mStorage.removeChildProfileLock(userId);
961 removeKeystoreProfileKey(userId);
963 tieManagedProfileLockIfNecessary(userId, managedUserPassword);
967 private void notifySeparateProfileChallengeChanged(int userId) {
971 dpmi.reportSeparateProfileChallengeChanged(userId);
976 public void setBoolean(String key, boolean value, int userId) {
977 checkWritePermission(userId);
978 setStringUnchecked(key, userId, value ? "1" : "0");
982 public void setLong(String key, long value, int userId) {
983 checkWritePermission(userId);
984 setStringUnchecked(key, userId, Long.toString(value));
988 public void setString(String key, String value, int userId) {
989 checkWritePermission(userId);
990 setStringUnchecked(key, userId, value);
993 private void setStringUnchecked(String key, int userId, String value) {
994 Preconditions.checkArgument(userId != USER_FRP, "cannot store lock settings for FRP user");
996 mStorage.writeKeyValue(key, value, userId);
1003 public boolean getBoolean(String key, boolean defaultValue, int userId) {
1004 checkReadPermission(key, userId);
1005 String value = getStringUnchecked(key, null, userId);
1011 public long getLong(String key, long defaultValue, int userId) {
1012 checkReadPermission(key, userId);
1013 String value = getStringUnchecked(key, null, userId);
1018 public String getString(String key, String defaultValue, int userId) {
1019 checkReadPermission(key, userId);
1020 return getStringUnchecked(key, defaultValue, userId);
1023 public String getStringUnchecked(String key, String defaultValue, int userId) {
1027 return mLockPatternUtils.isLockPatternEnabled(userId) ? "1" : "0";
1033 if (userId == USER_FRP) {
1041 return mStorage.readKeyValue(key, defaultValue, userId);
1056 public boolean havePassword(int userId) throws RemoteException {
1057 checkPasswordHavePermission(userId);
1059 if (isSyntheticPasswordBasedCredentialLocked(userId)) {
1060 long handle = getSyntheticPasswordHandleLocked(userId);
1061 return mSpManager.getCredentialType(handle, userId) ==
1066 return mStorage.hasPassword(userId);
1070 public boolean havePattern(int userId) throws RemoteException {
1071 checkPasswordHavePermission(userId);
1073 if (isSyntheticPasswordBasedCredentialLocked(userId)) {
1074 long handle = getSyntheticPasswordHandleLocked(userId);
1075 return mSpManager.getCredentialType(handle, userId) ==
1080 return mStorage.hasPattern(userId);
1083 private boolean isUserSecure(int userId) {
1085 if (isSyntheticPasswordBasedCredentialLocked(userId)) {
1086 long handle = getSyntheticPasswordHandleLocked(userId);
1087 return mSpManager.getCredentialType(handle, userId) !=
1091 return mStorage.hasCredential(userId);
1106 protected String getDecryptedPasswordForTiedProfile(int userId)
1112 byte[] storedData = mStorage.readChildProfileLock(userId);
1123 LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null);
1153 private void unlockUser(int userId, byte[] token, byte[] secret) {
1175 mActivityManager.unlockUser(userId, token, secret, listener);
1186 if (!mUserManager.getUserInfo(userId).isManagedProfile()) {
1187 final List<UserInfo> profiles = mUserManager.getProfiles(userId);
1207 private Map<Integer, String> getDecryptedPasswordsForAllTiedProfiles(int userId) {
1208 if (mUserManager.getUserInfo(userId).isManagedProfile()) {
1212 final List<UserInfo> profiles = mUserManager.getProfiles(userId);
1248 private void synchronizeUnifiedWorkChallengeForProfiles(int userId,
1250 if (mUserManager.getUserInfo(userId).isManagedProfile()) {
1253 final boolean isSecure = isUserSecure(userId);
1254 final List<UserInfo> profiles = mUserManager.getProfiles(userId);
1285 private boolean isManagedProfileWithUnifiedLock(int userId) {
1286 return mUserManager.getUserInfo(userId).isManagedProfile()
1287 && !mLockPatternUtils.isSeparateProfileChallengeEnabled(userId);
1290 private boolean isManagedProfileWithSeparatedLock(int userId) {
1291 return mUserManager.getUserInfo(userId).isManagedProfile()
1292 && mLockPatternUtils.isSeparateProfileChallengeEnabled(userId);
1299 int requestedQuality, int userId)
1301 checkWritePermission(userId);
1303 setLockCredentialInternal(credential, type, savedCredential, requestedQuality, userId);
1304 setSeparateProfileChallengeEnabledLocked(userId, true, null);
1305 notifyPasswordChanged(userId);
1307 notifySeparateProfileChallengeChanged(userId);
1311 String savedCredential, int requestedQuality, int userId) throws RemoteException {
1321 if (isSyntheticPasswordBasedCredentialLocked(userId)) {
1323 requestedQuality, userId);
1332 clearUserKeyProtection(userId);
1333 getGateKeeperService().clearSecureUserId(userId);
1334 mStorage.writeCredentialHash(CredentialHash.createEmptyHash(), userId);
1335 setKeystorePassword(null, userId);
1336 fixateNewestUserKeyAuth(userId);
1337 synchronizeUnifiedWorkChallengeForProfiles(userId, null);
1338 notifyActivePasswordMetricsAvailable(null, userId);
1339 mRecoverableKeyStoreManager.lockScreenSecretChanged(credentialType, credential, userId);
1346 CredentialHash currentHandle = mStorage.readCredentialHash(userId);
1347 if (isManagedProfileWithUnifiedLock(userId)) {
1351 savedCredential = getDecryptedPasswordForTiedProfile(userId);
1370 if (shouldMigrateToSyntheticPasswordLocked(userId)) {
1372 currentHandle.type, requestedQuality, userId);
1374 requestedQuality, userId);
1378 if (DEBUG) Slog.d(TAG, "setLockCredentialInternal: user=" + userId);
1380 userId);
1383 mStorage.writeCredentialHash(willStore, userId);
1386 .verifyChallenge(userId, 0, willStore.hash, credential.getBytes());
1387 setUserKeyProtection(userId, credential, convertResponse(gkResponse));
1388 fixateNewestUserKeyAuth(userId);
1390 doVerifyCredential(credential, credentialType, true, 0, userId, null /* progressCallback */);
1391 synchronizeUnifiedWorkChallengeForProfiles(userId, null);
1393 userId);
1406 protected void tieProfileLockToParent(int userId, String password) {
1407 if (DEBUG) Slog.v(TAG, "tieProfileLockToParent for user: " + userId);
1419 LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId,
1426 LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId,
1437 LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, null);
1446 keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId);
1463 mStorage.writeChildProfileLock(userId, outputStream.toByteArray());
1467 String enrolledCredential, String toEnroll, int userId)
1469 checkWritePermission(userId);
1476 GateKeeperResponse response = getGateKeeperService().enroll(userId, enrolledHandle,
1485 setKeystorePassword(toEnroll, userId);
1493 private void setAuthlessUserKeyProtection(int userId, byte[] key) throws RemoteException {
1494 if (DEBUG) Slog.d(TAG, "setAuthlessUserKeyProtectiond: user=" + userId);
1495 addUserKeyAuth(userId, null, key);
1498 private void setUserKeyProtection(int userId, String credential, VerifyCredentialResponse vcr)
1500 if (DEBUG) Slog.d(TAG, "setUserKeyProtection: user=" + userId);
1512 addUserKeyAuth(userId, token, secretFromCredential(credential));
1515 private void clearUserKeyProtection(int userId) throws RemoteException {
1516 if (DEBUG) Slog.d(TAG, "clearUserKeyProtection user=" + userId);
1517 addUserKeyAuth(userId, null, null);
1536 private void addUserKeyAuth(int userId, byte[] token, byte[] secret)
1538 final UserInfo userInfo = mUserManager.getUserInfo(userId);
1542 storageManager.addUserKeyAuth(userId, userInfo.serialNumber, token, secret);
1548 private void fixateNewestUserKeyAuth(int userId)
1550 if (DEBUG) Slog.d(TAG, "fixateNewestUserKeyAuth: user=" + userId);
1554 storageManager.fixateNewestUserKeyAuth(userId);
1561 public void resetKeyStore(int userId) throws RemoteException {
1562 checkWritePermission(userId);
1563 if (DEBUG) Slog.v(TAG, "Reset keystore for user: " + userId);
1566 final List<UserInfo> profiles = mUserManager.getProfiles(userId);
1591 for (int profileId : mUserManager.getProfileIdsWithDisabled(userId)) {
1605 public VerifyCredentialResponse checkCredential(String credential, int type, int userId,
1607 checkPasswordReadPermission(userId);
1608 return doVerifyCredential(credential, type, false, 0, userId, progressCallback);
1613 int userId) throws RemoteException {
1614 checkPasswordReadPermission(userId);
1615 return doVerifyCredential(credential, type, true, challenge, userId,
1624 boolean hasChallenge, long challenge, int userId,
1629 if (userId == USER_FRP && Settings.Global.getInt(mContext.getContentResolver(),
1636 userId, progressCallback);
1641 userId);
1646 if (userId == USER_FRP) {
1651 final CredentialHash storedHash = mStorage.readCredentialHash(userId);
1668 response = verifyCredential(userId, storedHash, credentialToVerify,
1672 mStrongAuth.reportSuccessfulStrongAuthUnlock(userId);
1675 DevicePolicyManager.PASSWORD_QUALITY_SOMETHING, userId);
1684 long challenge, int userId) throws RemoteException {
1685 checkPasswordReadPermission(userId);
1686 if (!isManagedProfileWithUnifiedLock(userId)) {
1689 final int parentProfileId = mUserManager.getProfileParent(userId).id;
1705 return doVerifyCredential(getDecryptedPasswordForTiedProfile(userId),
1709 userId, null /* progressCallback */);
1724 private VerifyCredentialResponse verifyCredential(int userId, CredentialHash storedHash,
1745 hash = mLockPatternUtils.legacyPasswordToHash(credential, userId)
1750 unlockKeystore(LockPatternUtils.patternStringToBaseZero(credential), userId);
1752 unlockKeystore(credential, userId);
1756 Slog.i(TAG, "Unlocking user with fake token: " + userId);
1757 final byte[] fakeToken = String.valueOf(userId).getBytes();
1758 unlockUser(userId, fakeToken, fakeToken);
1765 /* TODO(roosa): keep the same password quality */, userId);
1767 notifyActivePasswordMetricsAvailable(credential, userId);
1770 storedHash.type, credential, userId);
1781 .verifyChallenge(userId
1792 notifyActivePasswordMetricsAvailable(credential, userId);
1793 unlockKeystore(credential, userId);
1795 Slog.i(TAG, "Unlocking user " + userId + " with token length "
1797 unlockUser(userId, response.getPayload(), secretFromCredential(credential));
1799 if (isManagedProfileWithSeparatedLock(userId)) {
1802 trustManager.setDeviceLockedForUser(userId, false);
1810 reEnrollQuality, userId);
1815 if (shouldMigrateToSyntheticPasswordLocked(userId)) {
1818 userId);
1819 activateEscrowTokens(auth, userId);
1825 userId);
1829 requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, userId);
1840 private void notifyActivePasswordMetricsAvailable(String password, @UserIdInt int userId) {
1846 metrics.quality = mLockPatternUtils.getKeyguardStoredPasswordQuality(userId);
1853 dpm.setActivePasswordState(metrics, userId);
1861 private void notifyPasswordChanged(@UserIdInt int userId) {
1866 dpm.reportPasswordChanged(userId);
1871 public boolean checkVoldPassword(int userId) throws RemoteException {
1877 checkPasswordReadPermission(userId);
1901 if (mLockPatternUtils.isLockPatternEnabled(userId)) {
1902 if (checkCredential(password, LockPatternUtils.CREDENTIAL_TYPE_PATTERN, userId,
1912 if (mLockPatternUtils.isLockPasswordEnabled(userId)) {
1913 if (checkCredential(password, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, userId,
1925 private void removeUser(int userId, boolean unknownUser) {
1926 mSpManager.removeUser(userId);
1927 mStorage.removeUser(userId);
1928 mStrongAuth.removeUser(userId);
1929 tryRemoveUserFromSpCacheLater(userId);
1932 ks.onUserRemoved(userId);
1937 gk.clearSecureUserId(userId);
1942 if (unknownUser || mUserManager.getUserInfo(userId).isManagedProfile()) {
1943 removeKeystoreProfileKey(userId);
1974 public void requireStrongAuth(int strongAuthReason, int userId) {
1975 checkWritePermission(userId);
1976 mStrongAuth.requireStrongAuth(strongAuthReason, userId);
1980 public void userPresent(int userId) {
1981 checkWritePermission(userId);
1982 mStrongAuth.reportUnlock(userId);
1986 public int getStrongAuthForUser(int userId) {
1987 checkPasswordReadPermission(userId);
1988 return mStrongAuthTracker.getStrongAuthForUser(userId);
2182 private void onAuthTokenKnownForUser(@UserIdInt int userId, AuthenticationToken auth) {
2184 Slog.i(TAG, "Caching SP for user " + userId);
2186 mSpCache.put(userId, auth);
2188 userId);
2191 if (mAuthSecretService != null && mUserManager.getUserInfo(userId).isPrimary()) {
2205 private void tryRemoveUserFromSpCacheLater(@UserIdInt int userId) {
2207 if (!shouldCacheSpForUser(userId)) {
2213 Slog.i(TAG, "Removing SP from cache for user " + userId);
2215 mSpCache.remove(userId);
2222 private boolean shouldCacheSpForUser(@UserIdInt int userId) {
2226 Settings.Secure.USER_SETUP_COMPLETE, 0, userId) == 0) {
2238 return dpmi.canUserHaveUntrustedCredentialReset(userId);
2281 int userId) throws RemoteException {
2282 Slog.i(TAG, "Initialize SyntheticPassword for user: " + userId);
2284 getGateKeeperService(), credentialHash, credential, userId);
2285 onAuthTokenKnownForUser(userId, auth);
2291 credential, credentialType, auth, requestedQuality, userId);
2296 mSpManager.newSidForUser(getGateKeeperService(), auth, userId);
2298 mSpManager.verifyChallenge(getGateKeeperService(), auth, 0L, userId);
2299 setAuthlessUserKeyProtection(userId, auth.deriveDiskEncryptionKey());
2300 setKeystorePassword(auth.deriveKeyStorePassword(), userId);
2302 clearUserKeyProtection(userId);
2303 setKeystorePassword(null, userId);
2304 getGateKeeperService().clearSecureUserId(userId);
2306 fixateNewestUserKeyAuth(userId);
2307 setLong(SYNTHETIC_PASSWORD_HANDLE_KEY, handle, userId);
2311 private long getSyntheticPasswordHandleLocked(int userId) {
2313 SyntheticPasswordManager.DEFAULT_HANDLE, userId);
2316 private boolean isSyntheticPasswordBasedCredentialLocked(int userId) {
2317 if (userId == USER_FRP) {
2321 long handle = getSyntheticPasswordHandleLocked(userId);
2329 protected boolean shouldMigrateToSyntheticPasswordLocked(int userId) {
2330 long handle = getSyntheticPasswordHandleLocked(userId);
2342 credentialType, boolean hasChallenge, long challenge, int userId,
2344 if (DEBUG) Slog.d(TAG, "spBasedDoVerifyCredential: user=" + userId);
2352 if (!isSyntheticPasswordBasedCredentialLocked(userId)) {
2355 if (userId == USER_FRP) {
2360 long handle = getSyntheticPasswordHandleLocked(userId);
2362 getGateKeeperService(), handle, userCredential, userId, progressCallback);
2374 challenge, userId);
2385 notifyActivePasswordMetricsAvailable(userCredential, userId);
2386 unlockKeystore(authResult.authToken.deriveKeyStorePassword(), userId);
2389 Slog.i(TAG, "Unlocking user " + userId + " with secret only, length " + secret.length);
2390 unlockUser(userId, null, secret);
2392 activateEscrowTokens(authResult.authToken, userId);
2394 if (isManagedProfileWithSeparatedLock(userId)) {
2397 trustManager.setDeviceLockedForUser(userId, false);
2399 mStrongAuth.reportSuccessfulStrongAuthUnlock(userId);
2401 onAuthTokenKnownForUser(userId, authResult.authToken);
2404 requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, userId);
2422 AuthenticationToken auth, int requestedQuality, int userId) throws RemoteException {
2423 if (DEBUG) Slog.d(TAG, "setLockCredentialWithAuthTokenLocked: user=" + userId);
2425 credential, credentialType, auth, requestedQuality, userId);
2431 if (mSpManager.hasSidForUser(userId)) {
2437 mSpManager.verifyChallenge(getGateKeeperService(), auth, 0L, userId);
2441 mSpManager.newSidForUser(getGateKeeperService(), auth, userId);
2442 mSpManager.verifyChallenge(getGateKeeperService(), auth, 0L, userId);
2443 setAuthlessUserKeyProtection(userId, auth.deriveDiskEncryptionKey());
2444 fixateNewestUserKeyAuth(userId);
2445 setKeystorePassword(auth.deriveKeyStorePassword(), userId);
2450 profilePasswords = getDecryptedPasswordsForAllTiedProfiles(userId);
2453 mSpManager.clearSidForUser(userId);
2454 getGateKeeperService().clearSecureUserId(userId);
2457 clearUserKeyProtection(userId);
2458 fixateNewestUserKeyAuth(userId);
2459 setKeystorePassword(null, userId);
2461 setLong(SYNTHETIC_PASSWORD_HANDLE_KEY, newHandle, userId);
2462 synchronizeUnifiedWorkChallengeForProfiles(userId, profilePasswords);
2464 notifyActivePasswordMetricsAvailable(credential, userId);
2470 String savedCredential, int requestedQuality, int userId) throws RemoteException {
2471 if (DEBUG) Slog.d(TAG, "spBasedSetLockCredentialInternalLocked: user=" + userId);
2472 if (isManagedProfileWithUnifiedLock(userId)) {
2475 savedCredential = getDecryptedPasswordForTiedProfile(userId);
2485 long handle = getSyntheticPasswordHandleLocked(userId);
2487 getGateKeeperService(), handle, savedCredential, userId, null);
2500 onAuthTokenKnownForUser(userId, auth);
2507 auth = mSpCache.get(userId);
2521 mSpManager.newSidForUser(getGateKeeperService(), auth, userId);
2524 userId);
2525 mSpManager.destroyPasswordBasedSyntheticPassword(handle, userId);
2530 // requestedQuality, userId) instead if we still allow untrusted reset that changes
2533 mRecoverableKeyStoreManager.lockScreenSecretChanged(credentialType, credential, userId);
2543 public byte[] getHashFactor(String currentCredential, int userId) throws RemoteException {
2544 checkPasswordReadPermission(userId);
2548 if (isManagedProfileWithUnifiedLock(userId)) {
2550 currentCredential = getDecryptedPasswordForTiedProfile(userId);
2557 if (!isSyntheticPasswordBasedCredentialLocked(userId)) {
2561 long handle = getSyntheticPasswordHandleLocked(userId);
2563 getGateKeeperService(), handle, currentCredential, userId, null);
2572 private long addEscrowToken(byte[] token, int userId) throws RemoteException {
2573 if (DEBUG) Slog.d(TAG, "addEscrowToken: user=" + userId);
2579 if (!isUserSecure(userId)) {
2580 if (shouldMigrateToSyntheticPasswordLocked(userId)) {
2583 DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userId);
2584 } else /* isSyntheticPasswordBasedCredentialLocked(userId) */ {
2585 long pwdHandle = getSyntheticPasswordHandleLocked(userId);
2587 pwdHandle, null, userId, null).authToken;
2590 if (isSyntheticPasswordBasedCredentialLocked(userId)) {
2591 disableEscrowTokenOnNonManagedDevicesIfNeeded(userId);
2592 if (!mSpManager.hasEscrowData(userId)) {
2596 long handle = mSpManager.createTokenBasedSyntheticPassword(token, userId);
2598 mSpManager.activateTokenBasedSyntheticPassword(handle, auth, userId);
2604 private void activateEscrowTokens(AuthenticationToken auth, int userId) {
2605 if (DEBUG) Slog.d(TAG, "activateEscrowTokens: user=" + userId);
2607 disableEscrowTokenOnNonManagedDevicesIfNeeded(userId);
2608 for (long handle : mSpManager.getPendingTokensForUser(userId)) {
2609 Slog.i(TAG, String.format("activateEscrowTokens: %x %d ", handle, userId));
2610 mSpManager.activateTokenBasedSyntheticPassword(handle, auth, userId);
2615 private boolean isEscrowTokenActive(long handle, int userId) {
2617 return mSpManager.existsHandle(handle, userId);
2621 private boolean removeEscrowToken(long handle, int userId) {
2623 if (handle == getSyntheticPasswordHandleLocked(userId)) {
2627 if (mSpManager.removePendingToken(handle, userId)) {
2630 if (mSpManager.existsHandle(handle, userId)) {
2631 mSpManager.destroyTokenBasedSyntheticPassword(handle, userId);
2640 byte[] token, int requestedQuality, int userId) throws RemoteException {
2643 if (!mSpManager.hasEscrowData(userId)) {
2647 requestedQuality, userId);
2651 setSeparateProfileChallengeEnabledLocked(userId, true, null);
2653 notifyPasswordChanged(userId);
2654 notifySeparateProfileChallengeChanged(userId);
2660 long tokenHandle, byte[] token, int requestedQuality, int userId) throws RemoteException {
2664 getGateKeeperService(), tokenHandle, token, userId);
2679 setLong(LockPatternUtils.PASSWORD_TYPE_KEY, requestedQuality, userId);
2680 long oldHandle = getSyntheticPasswordHandleLocked(userId);
2682 requestedQuality, userId);
2683 mSpManager.destroyPasswordBasedSyntheticPassword(oldHandle, userId);
2685 onAuthTokenKnownForUser(userId, result.authToken);
2689 private boolean unlockUserWithToken(long tokenHandle, byte[] token, int userId)
2693 if (!mSpManager.hasEscrowData(userId)) {
2697 tokenHandle, token, userId);
2703 unlockUser(userId, null, authResult.authToken.deriveDiskEncryptionKey());
2704 onAuthTokenKnownForUser(userId, authResult.authToken);
2718 final int userId = users.get(user).id;
2719 pw.println(" User " + userId);
2722 getSyntheticPasswordHandleLocked(userId)));
2726 getGateKeeperService().getSecureUserId(userId)));
2733 private void disableEscrowTokenOnNonManagedDevicesIfNeeded(int userId) {
2737 if (mUserManager.getUserInfo(userId).isManagedProfile()) {
2748 if (dpm.getProfileOwnerAsUser(userId) != null) {
2766 Slog.i(TAG, "Disabling escrow token on user " + userId);
2767 if (isSyntheticPasswordBasedCredentialLocked(userId)) {
2768 mSpManager.destroyEscrowData(userId);
2788 public void onChange(boolean selfChange, Uri uri, @UserIdInt int userId) {
2798 tryRemoveUserFromSpCacheLater(userId);
2867 public long addEscrowToken(byte[] token, int userId) {
2869 return LockSettingsService.this.addEscrowToken(token, userId);
2876 public boolean removeEscrowToken(long handle, int userId) {
2877 return LockSettingsService.this.removeEscrowToken(handle, userId);
2881 public boolean isEscrowTokenActive(long handle, int userId) {
2882 return LockSettingsService.this.isEscrowTokenActive(handle, userId);
2887 byte[] token, int requestedQuality, int userId) {
2890 tokenHandle, token, requestedQuality, userId);
2897 public boolean unlockUserWithToken(long tokenHandle, byte[] token, int userId) {
2899 return LockSettingsService.this.unlockUserWithToken(tokenHandle, token, userId);
