Remove RESET_PASSWORD_TOKEN policy when the generated escrow token is not valid.

Flag: android.app.admin.flags.reset_password_with_token_coexistence
Test: adb shell aflags enable
android.app.admin.flags.reset_password_with_token_coexistence && btest -s sw android.devicepolicy.cts.ResetPasswordWithTokenTest
Bug: 369152176

Change-Id: I7997957fd0440c7a4746eabc7b3ed36c0d9937be

1 files changed, 4 insertions, 2 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 407a5a638db1..b6a4481902ab 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -19384,11 +19384,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                     PolicyDefinition.RESET_PASSWORD_TOKEN,
                     enforcingAdmin,
                     userId);
-            // TODO(b/369152176): Address difference in behavior regarding addEscrowToken when
-            //  compared with the else branch.
             long tokenHandle = addEscrowToken(
                     token, currentTokenHandle == null ? 0 : currentTokenHandle, userId);
             if (tokenHandle == 0) {
+                mDevicePolicyEngine.removeLocalPolicy(
+                        PolicyDefinition.RESET_PASSWORD_TOKEN,
+                        enforcingAdmin,
+                        userId);
                 return false;
             }
             mDevicePolicyEngine.setLocalPolicy(