Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5485ed46 authored by Makoto Onuki's avatar Makoto Onuki
Browse files

Allow PO to set DO restrictions if it's on user 0 

Bug 26091525

Change-Id: Ie6d2cd4ade076d8d2ec47243ff1280b95b7c9044
parent 2ce4f73b

services/core/java/com/android/server/pm/UserRestrictionsUtils.java

+6 −4
Original line number Diff line number Diff line
@@ -209,11 +209,13 @@ public class UserRestrictionsUtils { 
    }



    /**

     * @return true if a restriction is settable by profile owner.

     * @return true if a restriction is settable by profile owner.  Note it takes a user ID because

     * some restrictions can be changed by PO only when it's running on the system user.

     */

    public static boolean canProfileOwnerChange(String restriction) {

        return !(IMMUTABLE_BY_OWNERS.contains(restriction)

                || DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction));

    public static boolean canProfileOwnerChange(String restriction, int userId) {

        return !IMMUTABLE_BY_OWNERS.contains(restriction)

                && !(userId != UserHandle.USER_SYSTEM

                    && DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction));

    }



    /**

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+1 −1
Original line number Diff line number Diff line
@@ -5807,7 +5807,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                    throw new SecurityException("Device owner cannot set user restriction " + key);

                }

            } else { // profile owner

                if (!UserRestrictionsUtils.canProfileOwnerChange(key)) {

                if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) {

                    throw new SecurityException("Profile owner cannot set user restriction " + key);

                }

            }

services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java

+20 −4
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.server.pm;



import android.os.UserHandle;

import com.android.server.devicepolicy.DpmTestUtils;



import android.os.Bundle;
@@ -87,10 +88,25 @@ public class UserRestrictionsUtilsTest extends AndroidTestCase { 
    }



    public void testCanProfileOwnerChange() {

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_RECORD_AUDIO));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_WALLPAPER));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_ADD_USER));

        assertTrue(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_ADJUST_VOLUME));

        int user = UserHandle.USER_SYSTEM;

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_RECORD_AUDIO, user));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_WALLPAPER, user));

        assertTrue(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_ADD_USER, user));

        assertTrue(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_ADJUST_VOLUME, user));



        user = 10;

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_RECORD_AUDIO, user));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_WALLPAPER, user));

        assertFalse(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_ADD_USER, user));

        assertTrue(UserRestrictionsUtils.canProfileOwnerChange(

                UserManager.DISALLOW_ADJUST_VOLUME, user));

    }



    public void testSortToGlobalAndLocal() {