From 8a12c12ad2ff0c149a62511fc70fbddb1398c676 Mon Sep 17 00:00:00 2001
From: Benjamin Miller <benjaminmiller@google.com>
Date: Tue, 4 Apr 2017 12:38:24 +0200
Subject: [PATCH] docs: Added reminder that custom CAs aren't automatically
 trusted by apps.

Compact reminder with CTA to read more in Security & Privacy best
practices document.

Test: make ds-docs and inspect generated HTML in the browser.
Bug: 29000858
Change-Id: If74bfd50f85f044214f6db1950351d2f2014e0ae
---
 core/java/android/app/admin/DevicePolicyManager.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 22367b21221a4..27e45a3d6d298 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -3870,6 +3870,11 @@ public class DevicePolicyManager {
 
     /**
      * Installs the given certificate as a user CA.
+     * <p>
+     * Inserted user CAs aren't automatically trusted by apps in Android 7.0 (API level 24) and
+     * higher. App developers can change the default behavior for an app by adding a
+     * <a href="{@docRoot}training/articles/security-config.html">Security Configuration
+     * File</a> to the app manifest file.
      *
      * The caller must be a profile or device owner on that user, or a delegate package given the
      * {@link #DELEGATION_CERT_INSTALL} scope via {@link #setDelegatedScopes}; otherwise a