commit 80559f4aadb3419eecdf6bf61945af584cd2aa8a
author Robin Lee <rgl@google.com> Tue Nov 25 13:40:49 2014 +0000
committer Robin Lee <rgl@google.com> Tue Nov 25 15:48:48 2014 +0000
tree e1f04d2adf6de65ef6337f83af6a1cbdec0c19c9
parent 8d9e64343decaaf56a7d1fae5ed14ed172e9d7dd

DevicePolicy: Don't warn about managed profile CAs

Setting up a managed profile should have included a step to warn about
this sort of thing already. As the user should trust the profile owner
anyway it's hard to argue this warning is needed.

Bug: 18224038
Change-Id: Ie86ba26851af726c0dec30eb9c32894ed6bb4a00

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 6331dfe..b0d87e9 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -96,7 +96,6 @@
 import com.android.internal.util.JournaledFile;
 import com.android.internal.util.XmlUtils;
 import com.android.internal.widget.LockPatternUtils;
-import com.android.org.conscrypt.TrustedCertificateStore;
 import com.android.server.LocalServices;
 import com.android.server.SystemService;
 import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo;
@@ -1645,12 +1644,18 @@
         }
 
         private void manageNotification(UserHandle userHandle) {
+            final UserInfo userInfo = mUserManager.getUserInfo(userHandle.getIdentifier());
+
+            // Inactive users or managed profiles shouldn't provoke a warning
             if (!mUserManager.isUserRunning(userHandle)) {
                 return;
             }
+            if (userInfo == null || userInfo.isManagedProfile()) {
+                return;
+            }
 
+            // Call out to KeyChain to check for user-added CAs
             boolean hasCert = false;
-            final long id = Binder.clearCallingIdentity();
             try {
                 KeyChainConnection kcs = KeyChain.bindAsUser(mContext, userHandle);
                 try {
@@ -1666,8 +1671,6 @@
                 Thread.currentThread().interrupt();
             } catch (RuntimeException e) {
                 Log.e(LOG_TAG, "Could not connect to KeyChain service", e);
-            } finally {
-                Binder.restoreCallingIdentity(id);
             }
             if (!hasCert) {
                 getNotificationManager().cancelAsUser(
@@ -1675,6 +1678,7 @@
                 return;
             }
 
+            // Build and show a warning notification
             int smallIconId;
             String contentText;
             final String ownerName = getDeviceOwnerName();