update secure keyguard check

We use this method to determine wither to allow profiles and the lock
screen tile whether to allow messing with the lockscreen.

Don't check whether the keystore is empty. Check whether we allow trust
agents by DPM. And also make keyguard use this method to respect it.

Ref: CYNGNOS-1930

Change-Id: I1a2b26419d43bd2bbc1d4a5027f1ed78d2744466
Signed-off-by: Roman Birg <roman@cyngn.com>

1 files changed, 2 insertions, 12 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index b2cb2ff..302d23a 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4215,18 +4215,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) {
             return true;
         }
-
-        // Keystore.isEmpty() requires system UID
-        long token = Binder.clearCallingIdentity();
-        try {
-            if (!KeyStore.getInstance().isEmpty()) {
-                return true;
-            }
-        } finally {
-            Binder.restoreCallingIdentity(token);
-        }
-
-        return false;
+        final int keyguardDisabledFeatures = getKeyguardDisabledFeatures(null, userHandle);
+        return (keyguardDisabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;
     }
 
     // Returns the active device owner or null if there is no device owner.