Merge "Add methods for managing CAs to DevicePolicyManager(Service)" into klp-dev

import android.os.UserHandle;

import android.util.Log;

import com.android.org.conscrypt.TrustedCertificateStore;

import java.io.ByteArrayInputStream;

import java.io.IOException;

import java.net.InetSocketAddress;

import java.net.Proxy;

import java.security.cert.CertificateException;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.util.List;

import java.util.Set;

/**

 * Public interface for managing policies enforced on a device.  Most clients

        return ENCRYPTION_STATUS_UNSUPPORTED;

    }

    /**

     * Installs the given certificate as a User CA.

     *

     * @return false if the certBuffer cannot be parsed or installation is

     *         interrupted, otherwise true

     * @hide

     */

    public boolean installCaCert(byte[] certBuffer) {

        if (mService != null) {

            try {

                return mService.installCaCert(certBuffer);

            } catch (RemoteException e) {

                Log.w(TAG, "Failed talking with device policy service", e);

            }

        }

        return false;

    }

    /**

     * Uninstalls the given certificate from the list of User CAs, if present.

     *

     * @hide

     */

    public void uninstallCaCert(byte[] certBuffer) {

        if (mService != null) {

            try {

                mService.uninstallCaCert(certBuffer);

            } catch (RemoteException e) {

                Log.w(TAG, "Failed talking with device policy service", e);

            }

        }

    }

    /**

     * Returns whether there are any user-installed CA certificates.

     *

     * @hide

     */

    public boolean hasAnyCaCertsInstalled() {

        TrustedCertificateStore certStore = new TrustedCertificateStore();

        Set<String> aliases = certStore.userAliases();

        return aliases != null && !aliases.isEmpty();

    }

    /**

     * Returns whether this certificate has been installed as a User CA.

     *

     * @hide

     */

    public boolean hasCaCertInstalled(byte[] certBuffer) {

        TrustedCertificateStore certStore = new TrustedCertificateStore();

        String alias;

        byte[] pemCert;

        try {

            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");

            X509Certificate cert = (X509Certificate) certFactory.generateCertificate(

                            new ByteArrayInputStream(certBuffer));

            return certStore.getCertificateAlias(cert) != null;

        } catch (CertificateException ce) {

            Log.w(TAG, "Could not parse certificate", ce);

        }

        return false;

    }

    /**

     * Called by an application that is administering the device to disable all cameras

     * on the device.  After setting this, no applications will be able to access any cameras

    boolean isDeviceOwner(String packageName);

    String getDeviceOwner();

    String getDeviceOwnerName();

    boolean installCaCert(in byte[] certBuffer);

    void uninstallCaCert(in byte[] certBuffer);

}

        android:label="@string/permlab_anyCodecForPlayback"

        android:description="@string/permdesc_anyCodecForPlayback" />

    <!-- Allows an application to install and/or uninstall CA certificates on

         behalf of the user.

         @hide -->

    <permission android:name="android.permission.MANAGE_CA_CERTIFICATES"

        android:protectionLevel="signature|system"

        android:label="@string/permlab_manageCaCertificates"

        android:description="@string/permdesc_manageCaCertificates" />

    <!-- ========================================= -->

    <!-- Permissions for special development tools -->

    <!-- ========================================= -->

    <string name="permdesc_anyCodecForPlayback">Allows the app to use any installed

        media decoder to decode for playback.</string>

    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. This permission allows the app to install or uninstall trusted credentials, a.k.a. CA certificates. [CHAR LIMIT=NONE] -->

    <string name="permlab_manageCaCertificates">manage trusted credentials</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. [CHAR LIMIT=NONE]-->

    <string name="permdesc_manageCaCertificates">Allows the app to install and uninstall CA certificates as trusted credentials.</string>

    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permlab_diagnostic">read/write to resources owned by diag</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

            }

            @Override public void onServiceDisconnected(ComponentName name) {}

        };

        boolean isBound = context.bindService(new Intent(IKeyChainService.class.getName()),

        Intent intent = new Intent(IKeyChainService.class.getName());

        ComponentName comp = intent.resolveSystemService(context.getPackageManager(), 0);

        intent.setComponent(comp);

        boolean isBound = context.bindService(intent,

                                              keyChainServiceConnection,

                                              Context.BIND_AUTO_CREATE);

        if (!isBound) {