Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 118b1bce authored by Nikhil Kumar's avatar Nikhil Kumar
Browse files

Make isAdminUser a public API 

Made isAdminUser a public API.
Introduced new isAdminUser method in UMS to be used by
the UM.isAdminUser public API without any permissions if called from
the same profile group.

Test: atest UserManagerTest -c
Bug: 268350483

abandoned-master-cl:  https://googleplex-android-review.git.corp.google.com/c/platform/frameworks/base/+/21342103

Change-Id: I8572fe22a3c687ed3879e6ed77ab862ace86bc72
parent 491db0ad

core/api/current.txt

+1 −0
Original line number Original line Diff line number Diff line
@@ -33793,6 +33793,7 @@ package android.os { 
    method public android.os.Bundle getUserRestrictions();

    method public android.os.Bundle getUserRestrictions();

    method @RequiresPermission(anyOf={"android.permission.MANAGE_USERS", "android.permission.INTERACT_ACROSS_USERS"}, conditional=true) public android.os.Bundle getUserRestrictions(android.os.UserHandle);

    method @RequiresPermission(anyOf={"android.permission.MANAGE_USERS", "android.permission.INTERACT_ACROSS_USERS"}, conditional=true) public android.os.Bundle getUserRestrictions(android.os.UserHandle);

    method public boolean hasUserRestriction(String);

    method public boolean hasUserRestriction(String);

    method public boolean isAdminUser();

    method public boolean isDemoUser();

    method public boolean isDemoUser();

    method public static boolean isHeadlessSystemUserMode();

    method public static boolean isHeadlessSystemUserMode();

    method public boolean isManagedProfile();

    method public boolean isManagedProfile();

core/api/system-current.txt

+0 −1
Original line number Original line Diff line number Diff line
@@ -10934,7 +10934,6 @@ package android.os { 
    method @NonNull @RequiresPermission(anyOf={"android.permission.INTERACT_ACROSS_USERS", "android.permission.MANAGE_USERS"}) public java.util.Set<android.os.UserHandle> getVisibleUsers();

    method @NonNull @RequiresPermission(anyOf={"android.permission.INTERACT_ACROSS_USERS", "android.permission.MANAGE_USERS"}) public java.util.Set<android.os.UserHandle> getVisibleUsers();

    method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean hasRestrictedProfiles();

    method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean hasRestrictedProfiles();

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public boolean hasUserRestrictionForUser(@NonNull String, @NonNull android.os.UserHandle);

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional=true) public boolean hasUserRestrictionForUser(@NonNull String, @NonNull android.os.UserHandle);

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS, android.Manifest.permission.QUERY_USERS}) public boolean isAdminUser();

    method public boolean isCloneProfile();

    method public boolean isCloneProfile();

    method @Deprecated public boolean isCredentialSharableWithParent();

    method @Deprecated public boolean isCredentialSharableWithParent();

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS, android.Manifest.permission.QUERY_USERS}) public boolean isGuestUser();

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS, android.Manifest.permission.QUERY_USERS}) public boolean isGuestUser();

core/java/android/os/IUserManager.aidl

+1 −0
Original line number Original line Diff line number Diff line
@@ -117,6 +117,7 @@ interface IUserManager { 
    boolean someUserHasAccount(in String accountName, in String accountType);

    boolean someUserHasAccount(in String accountName, in String accountType);

    String getProfileType(int userId);

    String getProfileType(int userId);

    boolean isDemoUser(int userId);

    boolean isDemoUser(int userId);

    boolean isAdminUser(int userId);

    boolean isPreCreated(int userId);

    boolean isPreCreated(int userId);

    UserInfo createProfileForUserEvenWhenDisallowedWithThrow(in String name, in String userType, int flags,

    UserInfo createProfileForUserEvenWhenDisallowedWithThrow(in String name, in String userType, int flags,

            int userId, in String[] disallowedPackages);

            int userId, in String[] disallowedPackages);

core/java/android/os/UserManager.java

+15 −9
Original line number Original line Diff line number Diff line
@@ -2432,21 +2432,24 @@ public class UserManager { 
    }

    }





    /**

    /**

     * Used to check if the context user is an admin user. An admin user is allowed to

     * Used to check if the context user is an admin user. An admin user may be allowed to

     * modify or configure certain settings that aren't available to non-admin users,

     * modify or configure certain settings that aren't available to non-admin users,

     * create and delete additional users, etc. There can be more than one admin users.

     * create and delete additional users, etc. There can be more than one admin users.

     *

     *

     * @return whether the context user is an admin user.

     * @return whether the context user is an admin user.

     * @hide

     */

     */

    @SystemApi

    @UserHandleAware(

    @RequiresPermission(anyOf = {

            enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU,

            requiresAnyOfPermissionsIfNotCallerProfileGroup = {

                    Manifest.permission.MANAGE_USERS,

                    Manifest.permission.MANAGE_USERS,

                    Manifest.permission.CREATE_USERS,

                    Manifest.permission.CREATE_USERS,

                    Manifest.permission.QUERY_USERS})

                    Manifest.permission.QUERY_USERS})

    @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU)

    public boolean isAdminUser() {

    public boolean isAdminUser() {

        return isUserAdmin(getContextUserIfAppropriate());

        try {

            return mService.isAdminUser(getContextUserIfAppropriate());

        } catch (RemoteException re) {

            throw re.rethrowFromSystemServer();

        }

    }

    }





    /**

    /**
@@ -3970,6 +3973,9 @@ public class UserManager { 
     * time, the preferred user name and account information are used by the setup process for that

     * time, the preferred user name and account information are used by the setup process for that

     * user.

     * user.

     *

     *

     * This API should only be called if the current user is an {@link #isAdminUser() admin} user,

     * as otherwise the returned intent will not be able to create a user.

     *

     * @param userName Optional name to assign to the user.

     * @param userName Optional name to assign to the user.

     * @param accountName Optional account name that will be used by the setup wizard to initialize

     * @param accountName Optional account name that will be used by the setup wizard to initialize

     *                    the user.

     *                    the user.

services/core/java/com/android/server/pm/UserManagerService.java

+30 −0
Original line number Original line Diff line number Diff line
@@ -2048,6 +2048,27 @@ public class UserManagerService extends IUserManager.Stub { 
                + "permission to: check " + name);

                + "permission to: check " + name);

    }

    }





    /**

     * Enforces that the calling user is in the same profile group as {@code userId} or that only

     * the system UID or root's UID or apps that have the

     * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or

     * {@link android.Manifest.permission#CREATE_USERS CREATE_USERS} or

     * {@link android.Manifest.permission#QUERY_USERS QUERY_USERS}

     * can make certain calls to the UserManager.

     *

     * @param userId the user's id

     * @param name used as message if SecurityException is thrown

     * @throws SecurityException if the caller lacks the required permissions.

     */

    private void checkQueryOrCreateUsersPermissionIfCallerInOtherProfileGroup(

            @UserIdInt int userId, String name) {

        final int callingUserId = UserHandle.getCallingUserId();

        if (callingUserId == userId || isSameProfileGroupNoChecks(callingUserId, userId)) {

            return;

        }

        checkQueryOrCreateUsersPermission(name);

    }



    @Override

    @Override

    public boolean isDemoUser(@UserIdInt int userId) {

    public boolean isDemoUser(@UserIdInt int userId) {

        final int callingUserId = UserHandle.getCallingUserId();

        final int callingUserId = UserHandle.getCallingUserId();
@@ -2061,6 +2082,15 @@ public class UserManagerService extends IUserManager.Stub { 
        }

        }

    }

    }





    @Override

    public boolean isAdminUser(@UserIdInt int userId) {

        checkQueryOrCreateUsersPermissionIfCallerInOtherProfileGroup(userId, "isAdminUser");

        synchronized (mUsersLock) {

            final UserInfo userInfo = getUserInfoLU(userId);

            return userInfo != null && userInfo.isAdmin();

        }

    }



    @Override

    @Override

    public boolean isPreCreated(@UserIdInt int userId) {

    public boolean isPreCreated(@UserIdInt int userId) {

        checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "isPreCreated");

        checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "isPreCreated");