Remove RESET_PASSWORD_TOKEN policy when the generated escrow token is not valid.
Flag: android.app.admin.flags.reset_password_with_token_coexistence
Test: adb shell aflags enable
android.app.admin.flags.reset_password_with_token_coexistence && btest -s sw android.devicepolicy.cts.ResetPasswordWithTokenTest
Bug: 369152176
Change-Id: I7997957fd0440c7a4746eabc7b3ed36c0d9937be
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 407a5a6..b6a4481 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -19384,11 +19384,13 @@
PolicyDefinition.RESET_PASSWORD_TOKEN,
enforcingAdmin,
userId);
- // TODO(b/369152176): Address difference in behavior regarding addEscrowToken when
- // compared with the else branch.
long tokenHandle = addEscrowToken(
token, currentTokenHandle == null ? 0 : currentTokenHandle, userId);
if (tokenHandle == 0) {
+ mDevicePolicyEngine.removeLocalPolicy(
+ PolicyDefinition.RESET_PASSWORD_TOKEN,
+ enforcingAdmin,
+ userId);
return false;
}
mDevicePolicyEngine.setLocalPolicy(