Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +18 −17 Original line number Diff line number Diff line Loading @@ -13070,26 +13070,25 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final boolean addingProfileRestricted = mUserManager.hasUserRestriction( UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserHandle); UserInfo parentUser = mUserManager.getProfileParent(callingUserId); final boolean addingProfileRestrictedOnParent = (parentUser != null) && mUserManager.hasUserRestriction( UserManager.DISALLOW_ADD_MANAGED_PROFILE, UserHandle.of(parentUser.id)); Slog.i(LOG_TAG, String.format( "When checking for managed profile provisioning: Has device owner? %b, adding" + " profile restricted? %b, adding profile restricted on parent? %b", hasDeviceOwner, addingProfileRestricted, addingProfileRestrictedOnParent)); if (mUserManager.getUserInfo(callingUserId).isProfile()) { Slog.i(LOG_TAG, String.format("Calling user %d is a profile, cannot add another.", callingUserId)); // The check is called from inside a managed profile. A managed profile cannot // be provisioned from within another managed profile. return CODE_CANNOT_ADD_MANAGED_PROFILE; } // If there's a device owner, the restriction on adding a managed profile must be set // somewhere. if (hasDeviceOwner && !addingProfileRestricted && !addingProfileRestrictedOnParent) { // If there's a device owner, the restriction on adding a managed profile must be set. if (hasDeviceOwner && !addingProfileRestricted) { Slog.wtf(LOG_TAG, "Has a device owner but no restriction on adding a profile."); } // Do not allow adding a managed profile if there's a restriction, either on the current // user or its parent user. if (addingProfileRestricted || addingProfileRestrictedOnParent) { // Do not allow adding a managed profile if there's a restriction. if (addingProfileRestricted) { Slog.i(LOG_TAG, String.format( "Adding a profile is restricted: User %s Has device owner? %b", callingUserHandle, hasDeviceOwner)); return CODE_CANNOT_ADD_MANAGED_PROFILE; } // If there's a restriction on removing the managed profile then we have to take it Loading @@ -13098,6 +13097,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { !mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, callingUserHandle); if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) { Slog.i(LOG_TAG, String.format( "Cannot add more profiles: Can remove current? %b", canRemoveProfile)); return CODE_CANNOT_ADD_MANAGED_PROFILE; } } finally { services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +4 −2 Original line number Diff line number Diff line Loading @@ -3205,6 +3205,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { when(getServices().userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true)) .thenReturn(true); setUserSetupCompleteForUser(false, UserHandle.USER_SYSTEM); when(getServices().userManager.getProfileParent(UserHandle.USER_SYSTEM)).thenReturn(null); mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; } Loading Loading @@ -3246,6 +3247,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { when(getServices().userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true)) .thenReturn(true); setUserSetupCompleteForUser(true, UserHandle.USER_SYSTEM); when(getServices().userManager.getProfileParent(UserHandle.USER_SYSTEM)).thenReturn(null); mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; } Loading Loading @@ -3617,14 +3619,14 @@ public class DevicePolicyManagerTest extends DpmTestBase { when(getServices().ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0)) .thenReturn(true); when(getServices().userManagerForMock.isSplitSystemUser()).thenReturn(true); when(getServices().userManagerForMock.isSplitSystemUser()).thenReturn(false); when(getServices().userManager.getProfileParent(DpmMockContext.CALLER_USER_HANDLE)) .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0)); when(getServices().userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE, true)).thenReturn(true); setUserSetupCompleteForUser(false, DpmMockContext.CALLER_USER_HANDLE); mContext.binder.callingUid = DpmMockContext.CALLER_UID; mContext.binder.callingUid = DpmMockContext.ANOTHER_UID; } public void testIsProvisioningAllowed_provisionManagedProfileWithDeviceOwner_primaryUser() Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +18 −17 Original line number Diff line number Diff line Loading @@ -13070,26 +13070,25 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final boolean addingProfileRestricted = mUserManager.hasUserRestriction( UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserHandle); UserInfo parentUser = mUserManager.getProfileParent(callingUserId); final boolean addingProfileRestrictedOnParent = (parentUser != null) && mUserManager.hasUserRestriction( UserManager.DISALLOW_ADD_MANAGED_PROFILE, UserHandle.of(parentUser.id)); Slog.i(LOG_TAG, String.format( "When checking for managed profile provisioning: Has device owner? %b, adding" + " profile restricted? %b, adding profile restricted on parent? %b", hasDeviceOwner, addingProfileRestricted, addingProfileRestrictedOnParent)); if (mUserManager.getUserInfo(callingUserId).isProfile()) { Slog.i(LOG_TAG, String.format("Calling user %d is a profile, cannot add another.", callingUserId)); // The check is called from inside a managed profile. A managed profile cannot // be provisioned from within another managed profile. return CODE_CANNOT_ADD_MANAGED_PROFILE; } // If there's a device owner, the restriction on adding a managed profile must be set // somewhere. if (hasDeviceOwner && !addingProfileRestricted && !addingProfileRestrictedOnParent) { // If there's a device owner, the restriction on adding a managed profile must be set. if (hasDeviceOwner && !addingProfileRestricted) { Slog.wtf(LOG_TAG, "Has a device owner but no restriction on adding a profile."); } // Do not allow adding a managed profile if there's a restriction, either on the current // user or its parent user. if (addingProfileRestricted || addingProfileRestrictedOnParent) { // Do not allow adding a managed profile if there's a restriction. if (addingProfileRestricted) { Slog.i(LOG_TAG, String.format( "Adding a profile is restricted: User %s Has device owner? %b", callingUserHandle, hasDeviceOwner)); return CODE_CANNOT_ADD_MANAGED_PROFILE; } // If there's a restriction on removing the managed profile then we have to take it Loading @@ -13098,6 +13097,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { !mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, callingUserHandle); if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) { Slog.i(LOG_TAG, String.format( "Cannot add more profiles: Can remove current? %b", canRemoveProfile)); return CODE_CANNOT_ADD_MANAGED_PROFILE; } } finally {
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +4 −2 Original line number Diff line number Diff line Loading @@ -3205,6 +3205,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { when(getServices().userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true)) .thenReturn(true); setUserSetupCompleteForUser(false, UserHandle.USER_SYSTEM); when(getServices().userManager.getProfileParent(UserHandle.USER_SYSTEM)).thenReturn(null); mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; } Loading Loading @@ -3246,6 +3247,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { when(getServices().userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true)) .thenReturn(true); setUserSetupCompleteForUser(true, UserHandle.USER_SYSTEM); when(getServices().userManager.getProfileParent(UserHandle.USER_SYSTEM)).thenReturn(null); mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; } Loading Loading @@ -3617,14 +3619,14 @@ public class DevicePolicyManagerTest extends DpmTestBase { when(getServices().ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0)) .thenReturn(true); when(getServices().userManagerForMock.isSplitSystemUser()).thenReturn(true); when(getServices().userManagerForMock.isSplitSystemUser()).thenReturn(false); when(getServices().userManager.getProfileParent(DpmMockContext.CALLER_USER_HANDLE)) .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0)); when(getServices().userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE, true)).thenReturn(true); setUserSetupCompleteForUser(false, DpmMockContext.CALLER_USER_HANDLE); mContext.binder.callingUid = DpmMockContext.CALLER_UID; mContext.binder.callingUid = DpmMockContext.ANOTHER_UID; } public void testIsProvisioningAllowed_provisionManagedProfileWithDeviceOwner_primaryUser() Loading
