From 85865d55f06bade582313c83f27496e3180569a9 Mon Sep 17 00:00:00 2001
From: Julia Reynolds <juliacr@google.com>
Date: Fri, 6 Mar 2015 16:27:21 -0500
Subject: [PATCH] Allow initializers to clear reset protection data during
 device setup.

This allows initializers to recover from failures that occur after
it has added an account on the primary user.

Change-Id: I3444f16520eed4b315d6ea4761f598f55d1e6ddd
---
 .../server/devicepolicy/DevicePolicyManagerService.java      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 00d7971ce9591..ab6beb2609a63 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3065,8 +3065,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             long ident = Binder.clearCallingIdentity();
             try {
                 if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) {
+                    boolean ownsInitialization = isDeviceInitializer(admin.info.getPackageName())
+                            && !hasUserSetupCompleted(userHandle);
                     if (userHandle != UserHandle.USER_OWNER
-                            || !isDeviceOwner(admin.info.getPackageName())) {
+                            || !(isDeviceOwner(admin.info.getPackageName())
+                                    || ownsInitialization)) {
                         throw new SecurityException(
                                "Only device owner admins can set WIPE_RESET_PROTECTION_DATA");
                     }