Evict CE key on request and when work mode is turned off.
DPMS.lockNow takes a flag which can request the managed profile CE key to
be evicted.
Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction*
Bug: 31000719
Change-Id: I68f4d6eed4b041c39fd13375f7f284f5d6ac33da
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 05228ec..9b47beb 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -26,6 +26,7 @@
import android.app.Activity;
import android.app.ActivityManager;
import android.app.ActivityManagerInternal;
+import android.app.ActivityManagerNative;
import android.app.AppGlobals;
import android.app.IActivityManager;
import android.app.IStopUserCallback;
@@ -857,6 +858,25 @@
}
}
+ /**
+ * Evicts a user's CE key by stopping and restarting the user.
+ *
+ * The key is evicted automatically by the user controller when the user has stopped.
+ */
+ @Override
+ public void evictCredentialEncryptionKey(@UserIdInt int userId) {
+ checkManageUsersPermission("evict CE key");
+ final IActivityManager am = ActivityManagerNative.getDefault();
+ final long identity = Binder.clearCallingIdentity();
+ try {
+ am.restartUserInBackground(userId);
+ } catch (RemoteException re) {
+ throw re.rethrowAsRuntimeException();
+ } finally {
+ Binder.restoreCallingIdentity(identity);
+ }
+ }
+
@Override
public UserInfo getUserInfo(int userId) {
checkManageOrCreateUsersPermission("query user");