Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 08be96ec authored by Michal Karpinski's avatar Michal Karpinski
Browse files

Disable DO single user features when clearDeviceOwner() is called 

regardless of the amount of users

Bug: 32901196
Bug: 29748723
Change-Id: Ie419b5e496e23656cbe5436942d9aba402bfe68e
parent 81981fe8

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+26 −11
Original line number Diff line number Diff line
@@ -6092,7 +6092,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
    }



    private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) {

        disableDeviceOwnerManagedSingleUserFeaturesIfNeeded();

        if (admin != null) {

            admin.disableCamera = false;

            admin.userRestrictions = null;
@@ -6104,6 +6103,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        mOwners.clearDeviceOwner();

        mOwners.writeDeviceOwner();

        updateDeviceOwnerLocked();

        disableDeviceOwnerManagedSingleUserFeaturesIfNeeded();

        try {

            if (mInjector.getIBackupManager() != null) {

                // Reactivate backup service.
@@ -9185,19 +9185,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
    }



    private synchronized void disableDeviceOwnerManagedSingleUserFeaturesIfNeeded() {

        if (!mOwners.hasDeviceOwner()) {

            return;

        }

        if (!isDeviceOwnerManagedSingleUserDevice()) {

            mInjector.securityLogSetLoggingEnabledProperty(false);

        final boolean isSingleUserManagedDevice = isDeviceOwnerManagedSingleUserDevice();



            getDeviceOwnerAdminLocked().isNetworkLoggingEnabled = false;

            saveSettingsLocked(mInjector.userHandleGetCallingUserId());

            setNetworkLoggingActiveInternal(false);

        // disable security logging if needed

        if (!isSingleUserManagedDevice) {

            mInjector.securityLogSetLoggingEnabledProperty(false);

            Slog.w(LOG_TAG, "Security logging turned off as it's no longer a single user managed"

                    + " device.");

        }



        // disable backup service if needed

        // note: when clearing DO, the backup service shouldn't be disabled if it was enabled by

        // the device owner

        if (mOwners.hasDeviceOwner() && !isSingleUserManagedDevice) {

            setBackupServiceEnabledInternal(false);

            Slog.w(LOG_TAG, "Security logging, network logging and backup service turned off as"

                    + " it's not a single user device.");

            Slog.w(LOG_TAG, "Backup is off as it's a managed device that has more that one user.");

        }



        // disable network logging if needed

        if (!isSingleUserManagedDevice) {

            setNetworkLoggingActiveInternal(false);

            Slog.w(LOG_TAG, "Network logging turned off as it's no longer a single user managed"

                    + " device.");

            // if there still is a device owner, disable logging policy, otherwise the admin

            // has been nuked

            if (mOwners.hasDeviceOwner()) {

                getDeviceOwnerAdminLocked().isNetworkLoggingEnabled = false;

                saveSettingsLocked(mOwners.getDeviceOwnerUserId());

            }

        }

    }