DOs can clear the DI; rehide hasUserSetupCompleted.

Bug: 19230954
Change-Id: I97467229b23f3c9be1c3c4fff1c888a812f14a95
diff --git a/api/current.txt b/api/current.txt
index 163e9d0..ef400ea 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -5492,7 +5492,6 @@
     method public int getStorageEncryptionStatus();
     method public boolean hasCaCertInstalled(android.content.ComponentName, byte[]);
     method public boolean hasGrantedPolicy(android.content.ComponentName, int);
-    method public boolean hasUserSetupCompleted();
     method public boolean installCaCert(android.content.ComponentName, byte[]);
     method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate, java.lang.String);
     method public boolean isActivePasswordSufficient();
diff --git a/api/system-current.txt b/api/system-current.txt
index 8a9259f..8d76673 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -5593,7 +5593,6 @@
     method public int getStorageEncryptionStatus();
     method public boolean hasCaCertInstalled(android.content.ComponentName, byte[]);
     method public boolean hasGrantedPolicy(android.content.ComponentName, int);
-    method public boolean hasUserSetupCompleted();
     method public boolean installCaCert(android.content.ComponentName, byte[]);
     method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate, java.lang.String);
     method public boolean isActivePasswordSufficient();
@@ -30906,8 +30905,8 @@
     method public void unregisterPhoneAccount(android.telecom.PhoneAccountHandle);
     field public static final java.lang.String ACTION_CHANGE_PHONE_ACCOUNTS = "android.telecom.action.CHANGE_PHONE_ACCOUNTS";
     field public static final java.lang.String ACTION_CONNECTION_SERVICE_CONFIGURE = "android.telecom.action.CONNECTION_SERVICE_CONFIGURE";
-    field public static final java.lang.String ACTION_SHOW_CALL_ACCESSIBILITY_SETTINGS = "android.telecom.action.SHOW_CALL_ACCESSIBILITY_SETTINGS";
     field public static final java.lang.String ACTION_PHONE_ACCOUNT_REGISTERED = "android.telecom.action.PHONE_ACCOUNT_REGISTERED";
+    field public static final java.lang.String ACTION_SHOW_CALL_ACCESSIBILITY_SETTINGS = "android.telecom.action.SHOW_CALL_ACCESSIBILITY_SETTINGS";
     field public static final java.lang.String ACTION_SHOW_CALL_SETTINGS = "android.telecom.action.SHOW_CALL_SETTINGS";
     field public static final java.lang.String ACTION_SHOW_RESPOND_VIA_SMS_SETTINGS = "android.telecom.action.SHOW_RESPOND_VIA_SMS_SETTINGS";
     field public static final char DTMF_CHARACTER_PAUSE = 44; // 0x002c ','
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index cee8e8d..add7130 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -2474,10 +2474,9 @@
     }
 
     /**
-     * Clears the current device initializer.  The caller must be the device initializer.
-     *
-     * This function should be used cautiously as once it is called it cannot
-     * be undone.
+     * Removes the device initializer, so that it will not be invoked on user initialization for any
+     * subsequently created users. This method can be called by either the device owner or device
+     * initializer itself.
      */
     public void clearDeviceInitializerApp() {
         if (mService != null) {
@@ -2586,6 +2585,7 @@
     }
 
     /**
+     * @hide
      * Checks if the user was already setup.
      */
     public boolean hasUserSetupCompleted() {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 6270212..7e7eb2d 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3947,18 +3947,10 @@
         if (packageName == null) {
             throw new NullPointerException("packageName is null");
         }
-        try {
-            int uid = mContext.getPackageManager().getPackageUid(packageName, 0);
-            if (uid != Binder.getCallingUid()) {
-                throw new SecurityException(
-                        "clearDeviceInitializer can only be called by the device initializer");
-            }
-        } catch (NameNotFoundException e) {
-            throw new SecurityException(e);
-        }
-        if (!isDeviceInitializer(packageName)) {
+
+        if (!isDeviceInitializer(packageName) && !isDeviceOwner(packageName)) {
             throw new SecurityException(
-                    "clearDeviceInitializer can only be called by the device initializer");
+                    "clearDeviceInitializer can only be called by the device initializer/owner");
         }
         synchronized (this) {
             long ident = Binder.clearCallingIdentity();