Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0c9ce28c authored by Alan Treadway's avatar Alan Treadway
Browse files

Fix edge-cases for split-user provisioning cases. 

Split-user systems will allow for combinations of management modes,
specifically managed-{user,profile} on systems with a device-owner.

Bug: 25671630
Bug: 25680065
Change-Id: I5716f55eb6c8318129b4614adc22897d53901bee
parent 3adea47f

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+25 −5
Original line number Diff line number Diff line
@@ -6706,11 +6706,28 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 


    @Override

    public boolean isProvisioningAllowed(String action) {

        final int callingUserId = mInjector.userHandleGetCallingUserId();

        if (DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE.equals(action)) {

            if (mOwners.hasDeviceOwner()) {

                if (!mInjector.userManagerIsSplitSystemUser()) {

                    // Only split-system-user systems support managed-profiles in combination with

                    // device-owner.

                    return false;

                }

                if (mOwners.getDeviceOwnerUserId() != UserHandle.USER_SYSTEM) {

                    // Only system device-owner supports managed-profiles. Non-system device-owner

                    // doesn't.

                    return false;

                }

                if (callingUserId == UserHandle.USER_SYSTEM) {

                    // Managed-profiles cannot be setup on the system user, only regular users.

                    return false;

                }

            }

            if (getProfileOwner(callingUserId) != null) {

                // Managed user cannot have a managed profile.

                return false;

            }

        final int callingUserId = mInjector.userHandleGetCallingUserId();

        if (DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE.equals(action)) {

            try {

                if (!mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS)) {

                    return false;
@@ -6730,7 +6747,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        } else if (DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE.equals(action)) {

            return isDeviceOwnerProvisioningAllowed(callingUserId);

        } else if (DevicePolicyManager.ACTION_PROVISION_MANAGED_USER.equals(action)) {

            if (!UserManager.isSplitSystemUser()) {

            if (!mInjector.userManagerIsSplitSystemUser()) {

                // ACTION_PROVISION_MANAGED_USER only supported on split-user systems.

                return false;

            }
@@ -6739,7 +6756,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
            }

            return true;

        } else if (DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE.equals(action)) {

            if (!UserManager.isSplitSystemUser()) {

            if (!mInjector.userManagerIsSplitSystemUser()) {

                // ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE only supported on split-user systems.

                return false;

            }
@@ -6749,6 +6766,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
    }



    private boolean isDeviceOwnerProvisioningAllowed(int callingUserId) {

        if (mOwners.hasDeviceOwner()) {

            return false;

        }

        if (getProfileOwner(callingUserId) != null) {

            return false;

        }