Deleting lock screen clears all CA approvals

When both screenlocks for profile user and parent user has been removed (both set to none), remove CA approvls on that user, and show the "Certificate authority installed" notification. Bug: 28161447 Change-Id: I3c78dc5cfcdf7c02c91b64abe44984ee790d8f3e
author: Victor Chang <vichang@google.com> 2016-04-21 16:41:43 +0100
committer: Victor Chang <vichang@google.com> 2016-04-21 16:55:34 +0100
commit: dc068eba6f577b0ec37f5830df5c19f4ff2e85cf (patch)
tree: 5241e2a646601bab6c39a28cd7cc181e7efa8b0a
parent: e749cd3b15bb14e6dc4ff2724ec1ed56ba269b4c (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index d3d05f3ca36a..6f6991cbd4db 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4170,6 +4170,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
     }
 
+    private void removeCaApprovalsIfNeeded(int userId) {
+        for (UserInfo userInfo : mUserManager.getProfiles(userId)) {
+            boolean isSecure = mLockPatternUtils.isSecure(userInfo.id);
+            if (userInfo.isManagedProfile()){
+                isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id));
+            }
+            if (!isSecure) {
+                synchronized (this) {
+                    getUserData(userInfo.id).mAcceptedCaCertificates.clear();
+                    saveSettingsLocked(userInfo.id);
+                }
+
+                new MonitoringCertNotificationTask().execute(userInfo.id);
+            }
+        }
+    }
+
     @Override
     public boolean installCaCert(ComponentName admin, byte[] certBuffer) throws RemoteException {
         enforceCanManageCaCerts(admin);
@@ -4596,6 +4613,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                         DeviceAdminReceiver.ACTION_PASSWORD_CHANGED,
                         DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userHandle);
             }
+            removeCaApprovalsIfNeeded(userHandle);
         } finally {
             mInjector.binderRestoreCallingIdentity(ident);
         }
author	Victor Chang <vichang@google.com>	2016-04-21 16:41:43 +0100
committer	Victor Chang <vichang@google.com>	2016-04-21 16:55:34 +0100
commit	dc068eba6f577b0ec37f5830df5c19f4ff2e85cf (patch)
tree	5241e2a646601bab6c39a28cd7cc181e7efa8b0a
parent	e749cd3b15bb14e6dc4ff2724ec1ed56ba269b4c (diff)