Pass ComponentName to probing certificate methods

Pass ComponentName and check whether that admin is a profile owner on DPM get/has certificate methods (requested on the API review). As per Change I55eec17e01489ab323f8a0e68b11592605a7b740, not keeping track of which admins installed which certificates for now: "Having per-admin CA certificates would be a fair bit of work. The only MDMs we're opening this up to for now are Device and Profile Owners which 100% manage the profile so will be the only admin. It seems like if we keep track of "who installed which certs" it'll be a little pointless because the answer will always be "the ProfileOwner" for every single one." Bug: 17005622 Change-Id: I45e9dac5236ab4ed235a341c208ac3cb6aba17da
author: Esteban Talavera <etalavera@google.com> 2014-08-28 17:15:54 +0100
committer: Esteban Talavera <etalavera@google.com> 2014-09-03 11:50:55 +0000
commit: 808f6ef2ac2127ea0ea14e71c9599355b631a617 (patch)
tree: c5d73a9367457ed7817c3db1e5224ddcc9630629 /core/java/android/app/admin
parent: ef56dad5b82e3ff77e90382a108bcc7b13447e96 (diff)
download: frameworks_base-808f6ef2ac2127ea0ea14e71c9599355b631a617.zip
frameworks_base-808f6ef2ac2127ea0ea14e71c9599355b631a617.tar.gz
frameworks_base-808f6ef2ac2127ea0ea14e71c9599355b631a617.tar.bz2
2 files changed, 26 insertions, 11 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 69b1139..0d7fbfa 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -1773,16 +1773,24 @@ public class DevicePolicyManager {
      * If a user has installed any certificates by other means than device policy these will be
      * included too.
      *
+     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
      * @return a List of byte[] arrays, each encoding one user CA certificate.
      */
-    public List<byte[]> getInstalledCaCerts() {
-        final TrustedCertificateStore certStore = new TrustedCertificateStore();
+    public List<byte[]> getInstalledCaCerts(ComponentName admin) {
         List<byte[]> certs = new ArrayList<byte[]>();
-        for (String alias : certStore.userAliases()) {
+        if (mService != null) {
             try {
-                certs.add(certStore.getCertificate(alias).getEncoded());
-            } catch (CertificateException ce) {
-                Log.w(TAG, "Could not encode certificate: " + alias, ce);
+                mService.enforceCanManageCaCerts(admin);
+                final TrustedCertificateStore certStore = new TrustedCertificateStore();
+                for (String alias : certStore.userAliases()) {
+                    try {
+                        certs.add(certStore.getCertificate(alias).getEncoded());
+                    } catch (CertificateException ce) {
+                        Log.w(TAG, "Could not encode certificate: " + alias, ce);
+                    }
+                }
+            } catch (RemoteException re) {
+                Log.w(TAG, "Failed talking with device policy service", re);
             }
         }
         return certs;
@@ -1809,13 +1817,19 @@ public class DevicePolicyManager {
     /**
      * Returns whether this certificate is installed as a trusted CA.
      *
+     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
      * @param certBuffer encoded form of the certificate to look up.
      */
-    public boolean hasCaCertInstalled(byte[] certBuffer) {
-        try {
-            return getCaCertAlias(certBuffer) != null;
-        } catch (CertificateException ce) {
-            Log.w(TAG, "Could not parse certificate", ce);
+    public boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer) {
+        if (mService != null) {
+            try {
+                mService.enforceCanManageCaCerts(admin);
+                return getCaCertAlias(certBuffer) != null;
+            } catch (RemoteException re) {
+                Log.w(TAG, "Failed talking with device policy service", re);
+            } catch (CertificateException ce) {
+                Log.w(TAG, "Could not parse certificate", ce);
+            }
         }
         return false;
     }
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index c984cf9..57d8b95 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -124,6 +124,7 @@ interface IDevicePolicyManager {
 
     boolean installCaCert(in ComponentName admin, in byte[] certBuffer);
     void uninstallCaCert(in ComponentName admin, in String alias);
+    void enforceCanManageCaCerts(in ComponentName admin);
 
     void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity);
     void clearPackagePersistentPreferredActivities(in ComponentName admin, String packageName);
author	Esteban Talavera <etalavera@google.com>	2014-08-28 17:15:54 +0100
committer	Esteban Talavera <etalavera@google.com>	2014-09-03 11:50:55 +0000
commit	808f6ef2ac2127ea0ea14e71c9599355b631a617 (patch)
tree	c5d73a9367457ed7817c3db1e5224ddcc9630629 /core/java/android/app/admin
parent	ef56dad5b82e3ff77e90382a108bcc7b13447e96 (diff)
download	frameworks_base-808f6ef2ac2127ea0ea14e71c9599355b631a617.zip frameworks_base-808f6ef2ac2127ea0ea14e71c9599355b631a617.tar.gz frameworks_base-808f6ef2ac2127ea0ea14e71c9599355b631a617.tar.bz2