Update trusted certificates when the trust store is changed

This CL flushes the trusted cert cache of all active Network Security
Configs and their TrustManagers. Previously CA addition mostly worked
however removed CAs would remain cached in the X509TrustManager causing
the removed CA to still be trusted.

Change-Id: I0f5fd39932f8f8ed3ec5dfd088a82e982b366c43

1 files changed, 14 insertions, 0 deletions

diff --git a/core/java/android/app/ApplicationThreadNative.java b/core/java/android/app/ApplicationThreadNative.java
index d6da3f44f4a0..3063d98c27a3 100644
--- a/core/java/android/app/ApplicationThreadNative.java
+++ b/core/java/android/app/ApplicationThreadNative.java
@@ -749,6 +749,12 @@ public abstract class ApplicationThreadNative extends Binder
             schedulePictureInPictureModeChanged(b, inPip);
             return true;
         }
+        case HANDLE_TRUST_STORAGE_UPDATE_TRANSACTION:
+        {
+            data.enforceInterface(IApplicationThread.descriptor);
+            handleTrustStorageUpdate();
+            return true;
+        }
 
         }
 
@@ -1522,4 +1528,12 @@ class ApplicationThreadProxy implements IApplicationThread {
                 IBinder.FLAG_ONEWAY);
         data.recycle();
     }
+
+    @Override
+    public void handleTrustStorageUpdate() throws RemoteException {
+        Parcel data = Parcel.obtain();
+        data.writeInterfaceToken(IApplicationThread.descriptor);
+        mRemote.transact(HANDLE_TRUST_STORAGE_UPDATE_TRANSACTION, data, null, IBinder.FLAG_ONEWAY);
+        data.recycle();
+    }
 }