Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 80559f4a authored by Robin Lee's avatar Robin Lee
Browse files

DevicePolicy: Don't warn about managed profile CAs 

Setting up a managed profile should have included a step to warn about
this sort of thing already. As the user should trust the profile owner
anyway it's hard to argue this warning is needed.

Bug: 18224038
Change-Id: Ie86ba26851af726c0dec30eb9c32894ed6bb4a00
parent 8d9e6434

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+8 −4
Original line number Diff line number Diff line
@@ -96,7 +96,6 @@ import com.android.internal.util.FastXmlSerializer; 
import com.android.internal.util.JournaledFile;

import com.android.internal.util.XmlUtils;

import com.android.internal.widget.LockPatternUtils;

import com.android.org.conscrypt.TrustedCertificateStore;

import com.android.server.LocalServices;

import com.android.server.SystemService;

import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo;
@@ -1645,12 +1644,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }



        private void manageNotification(UserHandle userHandle) {

            final UserInfo userInfo = mUserManager.getUserInfo(userHandle.getIdentifier());



            // Inactive users or managed profiles shouldn't provoke a warning

            if (!mUserManager.isUserRunning(userHandle)) {

                return;

            }

            if (userInfo == null || userInfo.isManagedProfile()) {

                return;

            }



            // Call out to KeyChain to check for user-added CAs

            boolean hasCert = false;

            final long id = Binder.clearCallingIdentity();

            try {

                KeyChainConnection kcs = KeyChain.bindAsUser(mContext, userHandle);

                try {
@@ -1666,8 +1671,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                Thread.currentThread().interrupt();

            } catch (RuntimeException e) {

                Log.e(LOG_TAG, "Could not connect to KeyChain service", e);

            } finally {

                Binder.restoreCallingIdentity(id);

            }

            if (!hasCert) {

                getNotificationManager().cancelAsUser(
@@ -1675,6 +1678,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                return;

            }



            // Build and show a warning notification

            int smallIconId;

            String contentText;

            final String ownerName = getDeviceOwnerName();