Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 348f696d authored by Victor Chang's avatar Victor Chang
Browse files

Clear DISALLOW_ADD_USER in clearDeviceOwner for all cases 

We are not moving the restriction from system to the DO in the end.
clearDeviceOwnerUserRestrictionLocked becomes the permanent solution
for DeviceOwner CTS. Looks like no one setting DISALLOW_ADD_USER
directly in UserManager except DO/PO, and so remove it when DO is
clear

Change-Id: I235bebebd02b5e0d9883eea6dd3a4e49b40fe043
Fix: 33476323
Test: runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest
parent e622690e

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+2 −4
Original line number Diff line number Diff line
@@ -3231,7 +3231,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                // If admin is a device or profile owner tidy that up first.

                if (isDeviceOwner(adminReceiver, userHandle)) {

                    clearDeviceOwnerLocked(getDeviceOwnerAdminLocked(), userHandle);

                    clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userHandle));

                }

                if (isProfileOwner(adminReceiver, userHandle)) {

                    final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver,
@@ -3247,10 +3246,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

    }



    // It's temporary solution to clear DISALLOW_ADD_USER after CTS

    // STOPSHIP(b/31952368) when the restriction is moved from system to the device owner,

    // it can be removed.

    private void clearDeviceOwnerUserRestrictionLocked(UserHandle userHandle) {

        // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state

        if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) {

            mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle);

        }
@@ -6593,6 +6590,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        mOwners.writeDeviceOwner();

        updateDeviceOwnerLocked();



        clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userId));

        mInjector.securityLogSetLoggingEnabledProperty(false);

        mSecurityLogMonitor.stop();

        setNetworkLoggingActiveInternal(false);

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

+6 −0
Original line number Diff line number Diff line
@@ -908,6 +908,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());



        dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);

        when(mContext.userManager.hasUserRestriction(eq(UserManager.DISALLOW_ADD_USER),

                MockUtils.checkUserHandle(UserHandle.USER_SYSTEM))).thenReturn(true);



        assertTrue(dpm.isAdminActive(admin1));

        assertFalse(dpm.isRemovingAdmin(admin1, UserHandle.USER_SYSTEM));
@@ -937,6 +939,10 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        // Now DO shouldn't be set.

        assertNull(dpm.getDeviceOwnerComponentOnAnyUser());



        verify(mContext.userManager).setUserRestriction(eq(UserManager.DISALLOW_ADD_USER),

                eq(false),

                MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));



        verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(

                eq(UserHandle.USER_SYSTEM),

                eq(null),