Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 48aa12b0 authored by Adam Bookatz's avatar Adam Bookatz
Browse files

HSU is not an Admin 

We no longer mark the Headless System User as being an Admin.

The concept of Admin is supposed to be at the UI level - whether we
present the user with certain abilities - and the HSU, as the least
trustworthy user, should not have those abilities. The concept of Admin
should't make  difference at the actual service level, where checks
should involve UserRestrictions and permissions, not the UI-relevant
Admin flag.

Test: manual
Bug: 419105275
Flag: android.multiuser.hsu_not_admin
Change-Id: Ib6fc535b0b60547605ee66c2f3102f26ef31c425
parent 5e1e516b

core/java/android/content/pm/multiuser.aconfig

+7 −0
Original line number Diff line number Diff line
@@ -441,6 +441,13 @@ flag { 
    }

}



flag {

     name: "hsu_not_admin"

     namespace: "multiuser"

     description: "The Headless System User is not an Admin user"

     bug: "419105275"

}



flag {

     name: "disallow_removing_last_admin_user"

     namespace: "multiuser"

services/core/java/com/android/server/pm/UserManagerService.java

+35 −1
Original line number Diff line number Diff line
@@ -5209,6 +5209,39 @@ public class UserManagerService extends IUserManager.Stub { 
            userVersion = 11;

        }



        // 2025Q4 userVersion pathway.

        // TODO(b/419105275): Because trunk stable flags need to be reversible, and because the

        //  upgrades here actually are reversible, we temporarily "cheat" by triggering the upgrade

        //  path on every reboot.

        //  Once the flags have fully progressed, we can do this properly:

        //  check for userVersion < 11, set userVersion = 12, and set USER_VERSION = 12.

        // if (userVersion < 12) {

        Slog.i(LOG_TAG, "Forcing an upgrade due to flagged changes");

        final boolean forceWrite = true; // treat as an upgrade no matter what to handle flagging

        if (android.multiuser.Flags.hsuNotAdmin()) {

            // The HSU should never have been an Admin.

            synchronized (mUsersLock) {

                final UserData sysData = mUsers.get(UserHandle.USER_SYSTEM);

                if ((sysData.info.flags & UserInfo.FLAG_FULL) == 0

                        && (sysData.info.flags & UserInfo.FLAG_ADMIN) != 0) {

                    sysData.info.flags &= ~UserInfo.FLAG_ADMIN;

                    userIdsToWrite.add(sysData.info.id);

                }

            }

        } else {

            // Flag turned off. Undo HSU Admin change.

            synchronized (mUsersLock) {

                final UserData sysData = mUsers.get(UserHandle.USER_SYSTEM);

                if ((sysData.info.flags & UserInfo.FLAG_FULL) == 0

                        && (sysData.info.flags & UserInfo.FLAG_ADMIN) == 0) {

                    sysData.info.flags ^= UserInfo.FLAG_ADMIN;

                    userIdsToWrite.add(sysData.info.id);

                }

            }

        }

        //     userVersion = 12;  // Also set USER_VERSION = 12!

        // }



        // Reminder: If you add another upgrade, make sure to increment USER_VERSION too.



        // Done with userVersion changes, moving on to deal with userTypeVersion upgrades
@@ -5233,7 +5266,8 @@ public class UserManagerService extends IUserManager.Stub { 
            mUserVersion = userVersion;

            mUserTypeVersion = newUserTypeVersion;



            if (originalVersion < mUserVersion || originalUserTypeVersion < mUserTypeVersion) {

            if (originalVersion < mUserVersion || originalUserTypeVersion < mUserTypeVersion

                    || forceWrite) {

                for (int userId : userIdsToWrite) {

                    UserData userData = getUserDataNoChecks(userId);

                    if (userData != null) {

services/core/java/com/android/server/pm/UserTypeFactory.java

+2 −1
Original line number Diff line number Diff line
@@ -450,7 +450,8 @@ public final class UserTypeFactory { 
        return new UserTypeDetails.Builder()

                .setName(USER_TYPE_SYSTEM_HEADLESS)

                .setBaseType(FLAG_SYSTEM)

                .setDefaultUserInfoPropertyFlags(FLAG_PRIMARY | FLAG_ADMIN)

                .setDefaultUserInfoPropertyFlags(FLAG_PRIMARY

                        | (android.multiuser.Flags.hsuNotAdmin() ? 0 : FLAG_ADMIN))

                .setMaxAllowed(1);

    }