Merge "Allow initializers to clear reset protection data during device setup."

2015-03-17 22:13:30 +00:00
parent 7463438912 85865d55f0
commit 1cc84c992c
1 changed files with 4 additions and 1 deletions
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3079,8 +3079,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
            long ident = Binder.clearCallingIdentity();
            try {
                if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) {
+                    boolean ownsInitialization = isDeviceInitializer(admin.info.getPackageName())
+                            && !hasUserSetupCompleted(userHandle);
                    if (userHandle != UserHandle.USER_OWNER
-                            || !isDeviceOwner(admin.info.getPackageName())) {
+                            || !(isDeviceOwner(admin.info.getPackageName())
+                                    || ownsInitialization)) {
                        throw new SecurityException(
                               "Only device owner admins can set WIPE_RESET_PROTECTION_DATA");
                    }