From f2e02db61e21f82431d7ef2a82010888b6792c27 Mon Sep 17 00:00:00 2001
From: Victor Chang <vichang@google.com>
Date: Thu, 21 Apr 2016 15:45:59 +0100
Subject: [PATCH] Disable trust button when no screenlock is set

Remove button is still allowed as it has been allowed in MNC
(Trust button is new in NYC)

Bug: 28161447
Change-Id: I8df73e1008c2e805f4d0b2ec68d8a4aa3bf75aba
---
 .../TrustedCredentialsDialogBuilder.java      | 22 +++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/com/android/settings/TrustedCredentialsDialogBuilder.java b/src/com/android/settings/TrustedCredentialsDialogBuilder.java
index 22dc93674d6..ed2ab094966 100644
--- a/src/com/android/settings/TrustedCredentialsDialogBuilder.java
+++ b/src/com/android/settings/TrustedCredentialsDialogBuilder.java
@@ -20,6 +20,7 @@ import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.admin.DevicePolicyManager;
 import android.content.DialogInterface;
+import android.content.pm.UserInfo;
 import android.net.http.SslCertificate;
 import android.os.UserHandle;
 import android.os.UserManager;
@@ -31,6 +32,7 @@ import android.widget.Button;
 import android.widget.LinearLayout;
 import android.widget.Spinner;
 
+import com.android.internal.widget.LockPatternUtils;
 import com.android.settings.TrustedCredentialsSettings.CertHolder;
 
 import java.security.cert.X509Certificate;
@@ -184,10 +186,26 @@ class TrustedCredentialsDialogBuilder extends AlertDialog.Builder {
             updateNegativeButton();
         }
 
+        /**
+         * @return true if current user or parent user is guarded by screenlock
+         */
+        private boolean isUserSecure(int userId) {
+            final LockPatternUtils lockPatternUtils = new LockPatternUtils(mActivity);
+            if (lockPatternUtils.isSecure(userId)) {
+                return true;
+            }
+            UserInfo parentUser = mUserManager.getProfileParent(userId);
+            if (parentUser == null) {
+                return false;
+            }
+            return lockPatternUtils.isSecure(parentUser.id);
+        }
+
         private void updatePositiveButton() {
             final CertHolder certHolder = getCurrentCertInfo();
-            mNeedsApproval = !certHolder.isSystemCert() &&
-                    !mDpm.isCaCertApproved(certHolder.getAlias(), certHolder.getUserId());
+            mNeedsApproval = !certHolder.isSystemCert()
+                    && isUserSecure(certHolder.getUserId())
+                    && !mDpm.isCaCertApproved(certHolder.getAlias(), certHolder.getUserId());
 
             // The ok button is optional. User can still dismiss the dialog by other means.
             // Display it only when trust button is not displayed, because we want users to