Merge "Deleting lock screen clears all CA approvals" into nyc-dev

am: c0440e5f4d * commit 'c0440e5f4dfa695d2347c68bbec787d3e16847eb': Deleting lock screen clears all CA approvals Change-Id: I692e07ace66056c2469a9c217fedfe96b4290b7d
author: Victor Chang <vichang@google.com> 2016-04-22 11:06:54 +0000
committer: android-build-merger <android-build-merger@google.com> 2016-04-22 11:06:54 +0000
commit: 28b1df3b8abffc25fe0b04391e2ce4d0f8ece966 (patch)
tree: 8ecc9f3e7cd93bd69baa74bc98761ea2c2a0ecbf
parent: c82ad7d8719166261fd91b61c1bfac15bf2d8aa4 (diff)
parent: c0440e5f4dfa695d2347c68bbec787d3e16847eb (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 45a73118320c..56e2001872e1 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4218,6 +4218,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
     }
 
+    private void removeCaApprovalsIfNeeded(int userId) {
+        for (UserInfo userInfo : mUserManager.getProfiles(userId)) {
+            boolean isSecure = mLockPatternUtils.isSecure(userInfo.id);
+            if (userInfo.isManagedProfile()){
+                isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id));
+            }
+            if (!isSecure) {
+                synchronized (this) {
+                    getUserData(userInfo.id).mAcceptedCaCertificates.clear();
+                    saveSettingsLocked(userInfo.id);
+                }
+
+                new MonitoringCertNotificationTask().execute(userInfo.id);
+            }
+        }
+    }
+
     @Override
     public boolean installCaCert(ComponentName admin, byte[] certBuffer) throws RemoteException {
         enforceCanManageCaCerts(admin);
@@ -4644,6 +4661,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                         DeviceAdminReceiver.ACTION_PASSWORD_CHANGED,
                         DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userHandle);
             }
+            removeCaApprovalsIfNeeded(userHandle);
         } finally {
             mInjector.binderRestoreCallingIdentity(ident);
         }
author	Victor Chang <vichang@google.com>	2016-04-22 11:06:54 +0000
committer	android-build-merger <android-build-merger@google.com>	2016-04-22 11:06:54 +0000
commit	28b1df3b8abffc25fe0b04391e2ce4d0f8ece966 (patch)
tree	8ecc9f3e7cd93bd69baa74bc98761ea2c2a0ecbf
parent	c82ad7d8719166261fd91b61c1bfac15bf2d8aa4 (diff)
parent	c0440e5f4dfa695d2347c68bbec787d3e16847eb (diff)