Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 055d8396 authored by Makoto Onuki's avatar Makoto Onuki Committed by Android (Google) Code Review
Browse files

Merge "Allow PO to set DO restrictions if it's on user 0"

parents 71439177 5485ed46

services/core/java/com/android/server/pm/UserRestrictionsUtils.java

+6 −4
Original line number Diff line number Diff line
@@ -209,11 +209,13 @@ public class UserRestrictionsUtils { 
    }



    /**

     * @return true if a restriction is settable by profile owner.

     * @return true if a restriction is settable by profile owner.  Note it takes a user ID because

     * some restrictions can be changed by PO only when it's running on the system user.

     */

    public static boolean canProfileOwnerChange(String restriction) {

        return !(IMMUTABLE_BY_OWNERS.contains(restriction)

                || DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction));

    public static boolean canProfileOwnerChange(String restriction, int userId) {

        return !IMMUTABLE_BY_OWNERS.contains(restriction)

                && !(userId != UserHandle.USER_SYSTEM

                    && DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction));

    }



    /**

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+1 −1
Original line number Diff line number Diff line
@@ -5794,7 +5794,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                    throw new SecurityException("Device owner cannot set user restriction " + key);

                }

            } else { // profile owner

                if (!UserRestrictionsUtils.canProfileOwnerChange(key)) {

                if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) {

                    throw new SecurityException("Profile owner cannot set user restriction " + key);

                }

            }

services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java

+20 −4
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.server.pm;



import android.os.UserHandle;

import com.android.server.devicepolicy.DpmTestUtils;



import android.os.Bundle;
@@ -87,10 +88,25 @@ public class UserRestrictionsUtilsTest extends AndroidTestCase { 
    }



    public void testCanProfileOwnerChange() {

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_RECORD_AUDIO));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_WALLPAPER));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_ADD_USER));

        assertTrue(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_ADJUST_VOLUME));

        int user = UserHandle.USER_SYSTEM;

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_RECORD_AUDIO, user));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_WALLPAPER, user));

        assertTrue(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_ADD_USER, user));

        assertTrue(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_ADJUST_VOLUME, user));



        user = 10;

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_RECORD_AUDIO, user));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_WALLPAPER, user));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_ADD_USER, user));

        assertTrue(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_ADJUST_VOLUME, user));

    }



    public void testSortToGlobalAndLocal() {