Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dc068eba authored by Victor Chang's avatar Victor Chang
Browse files

Deleting lock screen clears all CA approvals 

When both screenlocks for profile user and parent user has been removed (both set to none),
remove CA approvls on that user, and show the "Certificate authority installed" notification.

Bug: 28161447
Change-Id: I3c78dc5cfcdf7c02c91b64abe44984ee790d8f3e
parent e749cd3b

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+18 −0
Original line number Diff line number Diff line
@@ -4170,6 +4170,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

    }



    private void removeCaApprovalsIfNeeded(int userId) {

        for (UserInfo userInfo : mUserManager.getProfiles(userId)) {

            boolean isSecure = mLockPatternUtils.isSecure(userInfo.id);

            if (userInfo.isManagedProfile()){

                isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id));

            }

            if (!isSecure) {

                synchronized (this) {

                    getUserData(userInfo.id).mAcceptedCaCertificates.clear();

                    saveSettingsLocked(userInfo.id);

                }



                new MonitoringCertNotificationTask().execute(userInfo.id);

            }

        }

    }



    @Override

    public boolean installCaCert(ComponentName admin, byte[] certBuffer) throws RemoteException {

        enforceCanManageCaCerts(admin);
@@ -4596,6 +4613,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                        DeviceAdminReceiver.ACTION_PASSWORD_CHANGED,

                        DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userHandle);

            }

            removeCaApprovalsIfNeeded(userHandle);

        } finally {

            mInjector.binderRestoreCallingIdentity(ident);

        }