From ef5b0f47e3034eeafc7eb89af6e1edb9e4c20668 Mon Sep 17 00:00:00 2001
From: Roman Birg <roman@cyngn.com>
Date: Tue, 9 Feb 2016 11:45:18 -0800
Subject: update secure keyguard check

We use this method to determine wither to allow profiles and the lock
screen tile whether to allow messing with the lockscreen.

Don't check whether the keystore is empty. Check whether we allow trust
agents by DPM. And also make keyguard use this method to respect it.

Ref: CYNGNOS-1930

Change-Id: I1a2b26419d43bd2bbc1d4a5027f1ed78d2744466
Signed-off-by: Roman Birg <roman@cyngn.com>
---
 .../server/devicepolicy/DevicePolicyManagerService.java    | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

(limited to 'services/devicepolicy')

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index b2cb2ff..302d23a 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4215,18 +4215,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) {
             return true;
         }
-
-        // Keystore.isEmpty() requires system UID
-        long token = Binder.clearCallingIdentity();
-        try {
-            if (!KeyStore.getInstance().isEmpty()) {
-                return true;
-            }
-        } finally {
-            Binder.restoreCallingIdentity(token);
-        }
-
-        return false;
+        final int keyguardDisabledFeatures = getKeyguardDisabledFeatures(null, userHandle);
+        return (keyguardDisabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;
     }
 
     // Returns the active device owner or null if there is no device owner.
-- 
cgit v1.1