Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +75 −23 Original line number Diff line number Diff line Loading @@ -3766,23 +3766,58 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } private void clearDeviceOwnerUserRestriction(UserHandle userHandle) { if (isHeadlessFlagEnabled()) { for (int userId : mUserManagerInternal.getUserIds()) { UserHandle user = UserHandle.of(userId); // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the // original state if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, user)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, user); } // When a device owner is set, the system automatically restricts adding a // managed profile. // Remove this restriction when the device owner is cleared. if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, user)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, false, user); } // When a device owner is set, the system automatically restricts adding a // clone profile. // Remove this restriction when the device owner is cleared. if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, user)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, false, user); } } } else { // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle); mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle); } // When a device owner is set, the system automatically restricts adding a managed profile. // When a device owner is set, the system automatically restricts adding a // managed profile. // Remove this restriction when the device owner is cleared. if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, false, if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, false, userHandle); } // When a device owner is set, the system automatically restricts adding a clone profile. // When a device owner is set, the system automatically restricts adding a clone // profile. // Remove this restriction when the device owner is cleared. if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, false, if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, false, userHandle); } } } /** * Return if a given package has testOnly="true", in which case we'll relax certain rules Loading Loading @@ -8656,14 +8691,31 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // profile, such that the admin on that managed profile has extended management // capabilities that can affect the entire device (but not access private data // on the primary profile). mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, true, if (isHeadlessFlagEnabled()) { for (int u : mUserManagerInternal.getUserIds()) { mUserManager.setUserRestriction( UserManager.DISALLOW_ADD_MANAGED_PROFILE, true, UserHandle.of(u)); // Restrict adding a clone profile when a device owner is set on the device. // That is to prevent the co-existence of a clone profile and a device owner // on the same device. // CDD for reference : https://source.android.com/compatibility/12/android-12-cdd#95_multi-user_support mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, true, UserHandle.of(u)); } } else { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, true, UserHandle.of(userId)); // Restrict adding a clone profile when a device owner is set on the device. // That is to prevent the co-existence of a clone profile and a device owner // on the same device. // CDD for reference : https://source.android.com/compatibility/12/android-12-cdd#95_multi-user_support mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, true, mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, true, UserHandle.of(userId)); } // TODO Send to system too? sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId); }); Loading services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java +1 −1 Original line number Diff line number Diff line Loading @@ -59,7 +59,6 @@ import java.util.Set; @RunWith(AndroidJUnit4.class) public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { private static final String USER_TYPE_EMPTY = ""; private static final int COPE_ADMIN1_APP_ID = 123; private static final int COPE_ANOTHER_ADMIN_APP_ID = 125; private static final int COPE_PROFILE_USER_ID = 11; Loading @@ -81,6 +80,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { when(getServices().packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN))) .thenReturn(true); when(getServices().userManagerInternal.getUserIds()).thenReturn(new int[]{0}); } // Test setting default restrictions for managed profile. Loading services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +1 −0 Original line number Diff line number Diff line Loading @@ -273,6 +273,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { mContext = getContext(); mServiceContext = mContext; mServiceContext.binder.callingUid = DpmMockContext.CALLER_UID; when(getServices().userManagerInternal.getUserIds()).thenReturn(new int[]{0}); when(getServices().packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN))) .thenReturn(true); doReturn(Collections.singletonList(new ResolveInfo())) Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +75 −23 Original line number Diff line number Diff line Loading @@ -3766,23 +3766,58 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } private void clearDeviceOwnerUserRestriction(UserHandle userHandle) { if (isHeadlessFlagEnabled()) { for (int userId : mUserManagerInternal.getUserIds()) { UserHandle user = UserHandle.of(userId); // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the // original state if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, user)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, user); } // When a device owner is set, the system automatically restricts adding a // managed profile. // Remove this restriction when the device owner is cleared. if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, user)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, false, user); } // When a device owner is set, the system automatically restricts adding a // clone profile. // Remove this restriction when the device owner is cleared. if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, user)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, false, user); } } } else { // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle); mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle); } // When a device owner is set, the system automatically restricts adding a managed profile. // When a device owner is set, the system automatically restricts adding a // managed profile. // Remove this restriction when the device owner is cleared. if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, false, if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, false, userHandle); } // When a device owner is set, the system automatically restricts adding a clone profile. // When a device owner is set, the system automatically restricts adding a clone // profile. // Remove this restriction when the device owner is cleared. if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, false, if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, userHandle)) { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, false, userHandle); } } } /** * Return if a given package has testOnly="true", in which case we'll relax certain rules Loading Loading @@ -8656,14 +8691,31 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // profile, such that the admin on that managed profile has extended management // capabilities that can affect the entire device (but not access private data // on the primary profile). mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, true, if (isHeadlessFlagEnabled()) { for (int u : mUserManagerInternal.getUserIds()) { mUserManager.setUserRestriction( UserManager.DISALLOW_ADD_MANAGED_PROFILE, true, UserHandle.of(u)); // Restrict adding a clone profile when a device owner is set on the device. // That is to prevent the co-existence of a clone profile and a device owner // on the same device. // CDD for reference : https://source.android.com/compatibility/12/android-12-cdd#95_multi-user_support mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, true, UserHandle.of(u)); } } else { mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, true, UserHandle.of(userId)); // Restrict adding a clone profile when a device owner is set on the device. // That is to prevent the co-existence of a clone profile and a device owner // on the same device. // CDD for reference : https://source.android.com/compatibility/12/android-12-cdd#95_multi-user_support mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, true, mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_CLONE_PROFILE, true, UserHandle.of(userId)); } // TODO Send to system too? sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId); }); Loading
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java +1 −1 Original line number Diff line number Diff line Loading @@ -59,7 +59,6 @@ import java.util.Set; @RunWith(AndroidJUnit4.class) public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { private static final String USER_TYPE_EMPTY = ""; private static final int COPE_ADMIN1_APP_ID = 123; private static final int COPE_ANOTHER_ADMIN_APP_ID = 125; private static final int COPE_PROFILE_USER_ID = 11; Loading @@ -81,6 +80,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { when(getServices().packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN))) .thenReturn(true); when(getServices().userManagerInternal.getUserIds()).thenReturn(new int[]{0}); } // Test setting default restrictions for managed profile. Loading
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +1 −0 Original line number Diff line number Diff line Loading @@ -273,6 +273,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { mContext = getContext(); mServiceContext = mContext; mServiceContext.binder.callingUid = DpmMockContext.CALLER_UID; when(getServices().userManagerInternal.getUserIds()).thenReturn(new int[]{0}); when(getServices().packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN))) .thenReturn(true); doReturn(Collections.singletonList(new ResolveInfo())) Loading
