diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index 2f166e9322757..c6ea72f4dd9d1 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -25,6 +25,7 @@ import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_EN import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_HANDLE_KEY; import static com.android.internal.widget.LockPatternUtils.USER_FRP; import static com.android.internal.widget.LockPatternUtils.frpCredentialEnabled; +import static com.android.internal.widget.LockPatternUtils.userOwnsFrpCredential; import android.annotation.UserIdInt; import android.app.ActivityManager; @@ -2360,6 +2361,7 @@ public class LockSettingsService extends ILockSettings.Stub { if (isProvisioned()) { Slog.i(TAG, "Reporting device setup complete to IGateKeeperService"); reportDeviceSetupComplete(); + clearFrpCredentialIfOwnerNotSecure(); } } } @@ -2387,6 +2389,23 @@ public class LockSettingsService extends ILockSettings.Stub { } } + /** + * Clears the FRP credential if the user that controls it does not have a secure + * lockscreen. + */ + private void clearFrpCredentialIfOwnerNotSecure() { + List users = mUserManager.getUsers(); + for (UserInfo user : users) { + if (userOwnsFrpCredential(user)) { + if (!isUserSecure(user.id)) { + mStorage.writePersistentDataBlock(PersistentData.TYPE_NONE, user.id, + 0, null); + } + return; + } + } + } + private void updateRegistration() { boolean register = !isProvisioned(); if (register == mRegistered) {