Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4ce733af authored by Eran Messeri's avatar Eran Messeri Committed by Automerger Merge Worker
Browse files

Merge "Remove unnecessary parent restriction check" into rvc-dev am: 37fc4957

Change-Id: I3b6916289cfeaa72bf9bff1934995dcf35519d1f
parents 641ccdf6 37fc4957
Loading
Loading
Loading
Loading
+18 −17
Original line number Original line Diff line number Diff line
@@ -13070,26 +13070,25 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
            final boolean addingProfileRestricted = mUserManager.hasUserRestriction(
            final boolean addingProfileRestricted = mUserManager.hasUserRestriction(
                    UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserHandle);
                    UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserHandle);
            UserInfo parentUser = mUserManager.getProfileParent(callingUserId);
            if (mUserManager.getUserInfo(callingUserId).isProfile()) {
            final boolean addingProfileRestrictedOnParent = (parentUser != null)
                Slog.i(LOG_TAG,
                    && mUserManager.hasUserRestriction(
                        String.format("Calling user %d is a profile, cannot add another.",
                            UserManager.DISALLOW_ADD_MANAGED_PROFILE,
                                callingUserId));
                            UserHandle.of(parentUser.id));
                // The check is called from inside a managed profile. A managed profile cannot
                // be provisioned from within another managed profile.
            Slog.i(LOG_TAG, String.format(
                return CODE_CANNOT_ADD_MANAGED_PROFILE;
                    "When checking for managed profile provisioning: Has device owner? %b, adding"
            }
                            + " profile restricted? %b, adding profile restricted on parent? %b",
                    hasDeviceOwner, addingProfileRestricted, addingProfileRestrictedOnParent));
            // If there's a device owner, the restriction on adding a managed profile must be set
            // If there's a device owner, the restriction on adding a managed profile must be set.
            // somewhere.
            if (hasDeviceOwner && !addingProfileRestricted) {
            if (hasDeviceOwner && !addingProfileRestricted && !addingProfileRestrictedOnParent) {
                Slog.wtf(LOG_TAG, "Has a device owner but no restriction on adding a profile.");
                Slog.wtf(LOG_TAG, "Has a device owner but no restriction on adding a profile.");
            }
            }
            // Do not allow adding a managed profile if there's a restriction, either on the current
            // Do not allow adding a managed profile if there's a restriction.
            // user or its parent user.
            if (addingProfileRestricted) {
            if (addingProfileRestricted || addingProfileRestrictedOnParent) {
                Slog.i(LOG_TAG, String.format(
                        "Adding a profile is restricted: User %s Has device owner? %b",
                        callingUserHandle, hasDeviceOwner));
                return CODE_CANNOT_ADD_MANAGED_PROFILE;
                return CODE_CANNOT_ADD_MANAGED_PROFILE;
            }
            }
            // If there's a restriction on removing the managed profile then we have to take it
            // If there's a restriction on removing the managed profile then we have to take it
@@ -13098,6 +13097,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                    !mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
                    !mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
                    callingUserHandle);
                    callingUserHandle);
            if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) {
            if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) {
                Slog.i(LOG_TAG, String.format(
                        "Cannot add more profiles: Can remove current? %b", canRemoveProfile));
                return CODE_CANNOT_ADD_MANAGED_PROFILE;
                return CODE_CANNOT_ADD_MANAGED_PROFILE;
            }
            }
        } finally {
        } finally {
+4 −2
Original line number Original line Diff line number Diff line
@@ -3205,6 +3205,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
        when(getServices().userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
        when(getServices().userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
                .thenReturn(true);
                .thenReturn(true);
        setUserSetupCompleteForUser(false, UserHandle.USER_SYSTEM);
        setUserSetupCompleteForUser(false, UserHandle.USER_SYSTEM);
        when(getServices().userManager.getProfileParent(UserHandle.USER_SYSTEM)).thenReturn(null);


        mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
        mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
    }
    }
@@ -3246,6 +3247,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
        when(getServices().userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
        when(getServices().userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
                .thenReturn(true);
                .thenReturn(true);
        setUserSetupCompleteForUser(true, UserHandle.USER_SYSTEM);
        setUserSetupCompleteForUser(true, UserHandle.USER_SYSTEM);
        when(getServices().userManager.getProfileParent(UserHandle.USER_SYSTEM)).thenReturn(null);


        mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
        mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
    }
    }
@@ -3617,14 +3619,14 @@ public class DevicePolicyManagerTest extends DpmTestBase {


        when(getServices().ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
        when(getServices().ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
                .thenReturn(true);
                .thenReturn(true);
        when(getServices().userManagerForMock.isSplitSystemUser()).thenReturn(true);
        when(getServices().userManagerForMock.isSplitSystemUser()).thenReturn(false);
        when(getServices().userManager.getProfileParent(DpmMockContext.CALLER_USER_HANDLE))
        when(getServices().userManager.getProfileParent(DpmMockContext.CALLER_USER_HANDLE))
            .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0));
            .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0));
        when(getServices().userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
        when(getServices().userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
                true)).thenReturn(true);
                true)).thenReturn(true);
        setUserSetupCompleteForUser(false, DpmMockContext.CALLER_USER_HANDLE);
        setUserSetupCompleteForUser(false, DpmMockContext.CALLER_USER_HANDLE);


        mContext.binder.callingUid = DpmMockContext.CALLER_UID;
        mContext.binder.callingUid = DpmMockContext.ANOTHER_UID;
    }
    }


    public void testIsProvisioningAllowed_provisionManagedProfileWithDeviceOwner_primaryUser()
    public void testIsProvisioningAllowed_provisionManagedProfileWithDeviceOwner_primaryUser()