From 80559f4aadb3419eecdf6bf61945af584cd2aa8a Mon Sep 17 00:00:00 2001
From: Robin Lee <rgl@google.com>
Date: Tue, 25 Nov 2014 13:40:49 +0000
Subject: [PATCH] DevicePolicy: Don't warn about managed profile CAs

Setting up a managed profile should have included a step to warn about
this sort of thing already. As the user should trust the profile owner
anyway it's hard to argue this warning is needed.

Bug: 18224038
Change-Id: Ie86ba26851af726c0dec30eb9c32894ed6bb4a00
---
 .../devicepolicy/DevicePolicyManagerService.java     | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 6331dfe6e36d7..b0d87e97c5a52 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -96,7 +96,6 @@ import com.android.internal.util.FastXmlSerializer;
 import com.android.internal.util.JournaledFile;
 import com.android.internal.util.XmlUtils;
 import com.android.internal.widget.LockPatternUtils;
-import com.android.org.conscrypt.TrustedCertificateStore;
 import com.android.server.LocalServices;
 import com.android.server.SystemService;
 import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo;
@@ -1645,12 +1644,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
 
         private void manageNotification(UserHandle userHandle) {
+            final UserInfo userInfo = mUserManager.getUserInfo(userHandle.getIdentifier());
+
+            // Inactive users or managed profiles shouldn't provoke a warning
             if (!mUserManager.isUserRunning(userHandle)) {
                 return;
             }
+            if (userInfo == null || userInfo.isManagedProfile()) {
+                return;
+            }
 
+            // Call out to KeyChain to check for user-added CAs
             boolean hasCert = false;
-            final long id = Binder.clearCallingIdentity();
             try {
                 KeyChainConnection kcs = KeyChain.bindAsUser(mContext, userHandle);
                 try {
@@ -1666,8 +1671,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 Thread.currentThread().interrupt();
             } catch (RuntimeException e) {
                 Log.e(LOG_TAG, "Could not connect to KeyChain service", e);
-            } finally {
-                Binder.restoreCallingIdentity(id);
             }
             if (!hasCert) {
                 getNotificationManager().cancelAsUser(
@@ -1675,6 +1678,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 return;
             }
 
+            // Build and show a warning notification
             int smallIconId;
             String contentText;
             final String ownerName = getDeviceOwnerName();