Clean up DevicePolicyManager CA certificate APIs (7e678711) · Commits · e / os / android_frameworks_base

api/current.txt

+2 −1

Original line number	Diff line number	Diff line
		@@ -5412,6 +5412,7 @@ package android.app.admin {
		method public boolean getCrossProfileCallerIdDisabled(android.content.ComponentName);
		method public java.util.List<java.lang.String> getCrossProfileWidgetProviders(android.content.ComponentName);
		method public int getCurrentFailedPasswordAttempts();
		method public java.util.List<byte[]> getInstalledCaCerts();
		method public int getKeyguardDisabledFeatures(android.content.ComponentName);
		method public int getMaximumFailedPasswordsForWipe(android.content.ComponentName);
		method public long getMaximumTimeToLock(android.content.ComponentName);
		@@ -5431,7 +5432,6 @@ package android.app.admin {
		method public boolean getStorageEncryption(android.content.ComponentName);
		method public int getStorageEncryptionStatus();
		method public java.util.List<java.lang.String> getTrustAgentFeaturesEnabled(android.content.ComponentName, android.content.ComponentName);
		method public boolean hasAnyCaCertsInstalled();
		method public boolean hasCaCertInstalled(byte[]);
		method public boolean hasGrantedPolicy(android.content.ComponentName, int);
		method public boolean installCaCert(android.content.ComponentName, byte[]);
		@@ -5479,6 +5479,7 @@ package android.app.admin {
		method public int setStorageEncryption(android.content.ComponentName, boolean);
		method public void setTrustAgentFeaturesEnabled(android.content.ComponentName, android.content.ComponentName, java.util.List<java.lang.String>);
		method public boolean switchUser(android.content.ComponentName, android.os.UserHandle);
		method public void uninstallAllUserCaCerts(android.content.ComponentName);
		method public void uninstallCaCert(android.content.ComponentName, byte[]);
		method public void wipeData(int);
		field public static final java.lang.String ACTION_ADD_DEVICE_ADMIN = "android.app.action.ADD_DEVICE_ADMIN";

core/java/android/app/admin/DevicePolicyManager.java

+51 −14

Original line number	Diff line number	Diff line
		@@ -1729,15 +1729,18 @@ public class DevicePolicyManager {
		}

		/**
		* Installs the given certificate as a User CA.
		* Installs the given certificate as a user CA.
		*
		* @param admin Which {@link DeviceAdminReceiver} this request is associated with.
		* @param certBuffer encoded form of the certificate to install.
		*
		* @return false if the certBuffer cannot be parsed or installation is
		* interrupted, otherwise true
		* interrupted, true otherwise.
		*/
		public boolean installCaCert(ComponentName who, byte[] certBuffer) {
		public boolean installCaCert(ComponentName admin, byte[] certBuffer) {
		if (mService != null) {
		try {
		return mService.installCaCert(who, certBuffer);
		return mService.installCaCert(admin, certBuffer);
		} catch (RemoteException e) {
		Log.w(TAG, "Failed talking with device policy service", e);
		}
		@@ -1746,13 +1749,16 @@ public class DevicePolicyManager {
		}

		/**
		* Uninstalls the given certificate from the list of User CAs, if present.
		* Uninstalls the given certificate from trusted user CAs, if present.
		*
		* @param admin Which {@link DeviceAdminReceiver} this request is associated with.
		* @param certBuffer encoded form of the certificate to remove.
		*/
		public void uninstallCaCert(ComponentName who, byte[] certBuffer) {
		public void uninstallCaCert(ComponentName admin, byte[] certBuffer) {
		if (mService != null) {
		try {
		final String alias = getCaCertAlias(certBuffer);
		mService.uninstallCaCert(who, alias);
		mService.uninstallCaCert(admin, alias);
		} catch (CertificateException e) {
		Log.w(TAG, "Unable to parse certificate", e);
		} catch (RemoteException e) {
		@@ -1762,16 +1768,47 @@ public class DevicePolicyManager {
		}

		/**
		* Returns whether there are any user-installed CA certificates.
		* Returns all CA certificates that are currently trusted, excluding system CA certificates.
		* If a user has installed any certificates by other means than device policy these will be
		* included too.
		*
		* @return a List of byte[] arrays, each encoding one user CA certificate.
		*/
		public List<byte[]> getInstalledCaCerts() {
		final TrustedCertificateStore certStore = new TrustedCertificateStore();
		List<byte[]> certs = new ArrayList<byte[]>();
		for (String alias : certStore.userAliases()) {
		try {
		certs.add(certStore.getCertificate(alias).getEncoded());
		} catch (CertificateException ce) {
		Log.w(TAG, "Could not encode certificate: " + alias, ce);
		}
		}
		return certs;
		}

		/**
		* Uninstalls all custom trusted CA certificates from the profile. Certificates installed by
		* means other than device policy will also be removed, except for system CA certificates.
		*
		* @param admin Which {@link DeviceAdminReceiver} this request is associated with.
		*/
		public boolean hasAnyCaCertsInstalled() {
		TrustedCertificateStore certStore = new TrustedCertificateStore();
		Set<String> aliases = certStore.userAliases();
		return aliases != null && !aliases.isEmpty();
		public void uninstallAllUserCaCerts(ComponentName admin) {
		if (mService != null) {
		for (String alias : new TrustedCertificateStore().userAliases()) {
		try {
		mService.uninstallCaCert(admin, alias);
		} catch (RemoteException re) {
		Log.w(TAG, "Failed talking with device policy service", re);
		}
		}
		}
		}

		/**
		* Returns whether this certificate has been installed as a User CA.
		* Returns whether this certificate is installed as a trusted CA.
		*
		* @param certBuffer encoded form of the certificate to look up.
		*/
		public boolean hasCaCertInstalled(byte[] certBuffer) {
		try {