Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0e1a0284 authored by Nikhil Kumar's avatar Nikhil Kumar
Browse files

SystemUI Implement DISALLOW_GRANT_ADMIN in user creation flow 

In the process of creating a user through the SystemUI app, if the current user has the DISALLOW_GRANT_ADMIN restriction, the dialogue for granting ADMIN privileges will be hidden after this implementation.

This action ensures that even if child users can create SECONDARY users, they cannot create ADMIN users.

Design doc: go/unicorn-hsum

Bug: 357819541
Test: manually verified the user is not allowed to create ADMIN user when DISALLOW_GRANT_ADMIN restriction is applied through SystemUI

Flag: android.multiuser.unicorn_mode_refactoring_for_hsum_read_only

Change-Id: I8a2e27acda8f06e328b245702e908869d33409a5
parent a9910754

packages/SettingsLib/src/com/android/settingslib/users/CreateUserDialogController.java

+5 −5
Original line number Diff line number Diff line
@@ -181,14 +181,14 @@ public class CreateUserDialogController { 
     * admin status.

     */

    public Dialog createDialog(Activity activity,

            ActivityStarter activityStarter, boolean isMultipleAdminEnabled,

            ActivityStarter activityStarter, boolean canCreateAdminUser,

            NewUserData successCallback, Runnable cancelCallback) {

        mActivity = activity;

        mCustomDialogHelper = new CustomDialogHelper(activity);

        mSuccessCallback = successCallback;

        mCancelCallback = cancelCallback;

        mActivityStarter = activityStarter;

        addCustomViews(isMultipleAdminEnabled);

        addCustomViews(canCreateAdminUser);

        mUserCreationDialog = mCustomDialogHelper.getDialog();

        updateLayout();

        mUserCreationDialog.setOnDismissListener(view -> finish());
@@ -197,19 +197,19 @@ public class CreateUserDialogController { 
        return mUserCreationDialog;

    }



    private void addCustomViews(boolean isMultipleAdminEnabled) {

    private void addCustomViews(boolean canCreateAdminUser) {

        addGrantAdminView();

        addUserInfoEditView();

        mCustomDialogHelper.setPositiveButton(R.string.next, view -> {

            mCurrentState++;

            if (mCurrentState == GRANT_ADMIN_DIALOG && !isMultipleAdminEnabled) {

            if (mCurrentState == GRANT_ADMIN_DIALOG && !canCreateAdminUser) {

                mCurrentState++;

            }

            updateLayout();

        });

        mCustomDialogHelper.setNegativeButton(R.string.back, view -> {

            mCurrentState--;

            if (mCurrentState == GRANT_ADMIN_DIALOG && !isMultipleAdminEnabled) {

            if (mCurrentState == GRANT_ADMIN_DIALOG && !canCreateAdminUser) {

                mCurrentState--;

            }

            updateLayout();

packages/SystemUI/src/com/android/systemui/user/CreateUserActivity.java

+1 −1
Original line number Diff line number Diff line
@@ -116,7 +116,7 @@ public class CreateUserActivity extends Activity { 
        return mCreateUserDialogController.createDialog(

                this,

                this::startActivity,

                (mUserCreator.isMultipleAdminEnabled() && mUserCreator.isUserAdmin()

                (mUserCreator.canCreateAdminUser() && mUserCreator.isUserAdmin()

                        && !isKeyguardShowing),

                this::addUserNow,

                this::finish

packages/SystemUI/src/com/android/systemui/user/UserCreator.kt

+13 −2
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ import android.app.Dialog 
import android.content.Context

import android.content.pm.UserInfo

import android.graphics.drawable.Drawable

import android.multiuser.Flags

import android.os.UserManager

import com.android.internal.util.UserIcons

import com.android.settingslib.users.UserCreatingDialog
@@ -91,7 +92,17 @@ constructor( 
        return userManager.isAdminUser

    }



    fun isMultipleAdminEnabled(): Boolean {

        return UserManager.isMultipleAdminEnabled()

    /**

     * Checks if the creation of a new admin user is allowed.

     *

     * @return `true` if creating a new admin is allowed, `false` otherwise.

     */

    fun canCreateAdminUser(): Boolean {

        return if (Flags.unicornModeRefactoringForHsumReadOnly()) {

            UserManager.isMultipleAdminEnabled() &&

                !userManager.hasUserRestriction(UserManager.DISALLOW_GRANT_ADMIN)

        } else {

            UserManager.isMultipleAdminEnabled()

        }

    }

}