Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5891a5d4 authored by Momoko Hattori's avatar Momoko Hattori Committed by Android (Google) Code Review
Browse files

Merge changes Ibdc1925c,Icd65f536 into main 

* changes:
  Reject system user in revokeUserAdmin()
  Reject profiles, guest users and restricted profiles in setUserAdmin()
parents 1421f9e1 a2ef1bf6

services/core/java/com/android/server/pm/UserJourneyLogger.java

+3 −1
Original line number Diff line number Diff line
@@ -68,6 +68,7 @@ public class UserJourneyLogger { 
    public static final int ERROR_CODE_NULL_USER_INFO = 4;

    public static final int ERROR_CODE_USER_ALREADY_AN_ADMIN = 5;

    public static final int ERROR_CODE_USER_IS_NOT_AN_ADMIN = 6;

    public static final int ERROR_CODE_INVALID_USER_TYPE = 7;



    @IntDef(prefix = {"ERROR_CODE"}, value = {

            ERROR_CODE_UNSPECIFIED,
@@ -76,7 +77,8 @@ public class UserJourneyLogger { 
            ERROR_CODE_NULL_USER_INFO,

            ERROR_CODE_USER_ALREADY_AN_ADMIN,

            ERROR_CODE_USER_IS_NOT_AN_ADMIN,

            ERROR_CODE_INVALID_SESSION_ID

            ERROR_CODE_INVALID_SESSION_ID,

            ERROR_CODE_INVALID_USER_TYPE

    })

    public @interface UserJourneyErrorCode {

    }

services/core/java/com/android/server/pm/UserManagerService.java

+21 −8
Original line number Diff line number Diff line
@@ -42,6 +42,7 @@ import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_ABORTED; 
import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_UNSPECIFIED;

import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_USER_ALREADY_AN_ADMIN;

import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_USER_IS_NOT_AN_ADMIN;

import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_INVALID_USER_TYPE;

import static com.android.server.pm.UserJourneyLogger.USER_JOURNEY_GRANT_ADMIN;

import static com.android.server.pm.UserJourneyLogger.USER_JOURNEY_REVOKE_ADMIN;

import static com.android.server.pm.UserJourneyLogger.USER_JOURNEY_USER_CREATE;
@@ -2311,26 +2312,33 @@ public class UserManagerService extends IUserManager.Stub { 


        mUserJourneyLogger.logUserJourneyBegin(userId, USER_JOURNEY_GRANT_ADMIN);

        UserData user;

        int currentUserId = getCurrentUserId();

        synchronized (mPackagesLock) {

            synchronized (mUsersLock) {

                user = getUserDataLU(userId);

                if (user == null) {

                    // Exit if no user found with that id,

                    mUserJourneyLogger.logNullUserJourneyError(USER_JOURNEY_GRANT_ADMIN,

                        getCurrentUserId(), userId, /* userType */ "", /* userFlags */ -1);

                            currentUserId, userId, /* userType */ "", /* userFlags */ -1);

                    return;

                } else if (user.info.isAdmin()) {

                    // Exit if the user is already an Admin.

                    mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(),

                    mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId,

                        user.info, USER_JOURNEY_GRANT_ADMIN,

                        ERROR_CODE_USER_ALREADY_AN_ADMIN);

                    return;

                } else if (user.info.isProfile() || user.info.isGuest()

                        || user.info.isRestricted()) {

                    // Profiles, guest users or restricted profiles cannot become an Admin.

                    mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId,

                            user.info, USER_JOURNEY_GRANT_ADMIN, ERROR_CODE_INVALID_USER_TYPE);

                    return;

                }

                user.info.flags ^= UserInfo.FLAG_ADMIN;

                writeUserLP(user);

            }

        }

        mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(), user.info,

        mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId, user.info,

                USER_JOURNEY_GRANT_ADMIN, ERROR_CODE_UNSPECIFIED);

    }
@@ -2343,26 +2351,31 @@ public class UserManagerService extends IUserManager.Stub { 


        mUserJourneyLogger.logUserJourneyBegin(userId, USER_JOURNEY_REVOKE_ADMIN);

        UserData user;

        int currentUserId = getCurrentUserId();

        synchronized (mPackagesLock) {

            synchronized (mUsersLock) {

                user = getUserDataLU(userId);

                if (user == null) {

                    // Exit if no user found with that id

                    mUserJourneyLogger.logNullUserJourneyError(

                            USER_JOURNEY_REVOKE_ADMIN,

                            getCurrentUserId(), userId, "", -1);

                            USER_JOURNEY_REVOKE_ADMIN, currentUserId, userId, "", -1);

                    return;

                } else if (!user.info.isAdmin()) {

                    // Exit if no user is not an Admin.

                    mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(), user.info,

                    // Exit if user is not an Admin.

                    mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId, user.info,

                            USER_JOURNEY_REVOKE_ADMIN, ERROR_CODE_USER_IS_NOT_AN_ADMIN);

                    return;

                } else if ((user.info.flags & UserInfo.FLAG_SYSTEM) != 0) {

                    // System user must always be an Admin.

                    mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId, user.info,

                            USER_JOURNEY_REVOKE_ADMIN, ERROR_CODE_INVALID_USER_TYPE);

                    return;

                }

                user.info.flags ^= UserInfo.FLAG_ADMIN;

                writeUserLP(user);

            }

        }

        mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(), user.info,

        mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId, user.info,

                USER_JOURNEY_REVOKE_ADMIN, ERROR_CODE_UNSPECIFIED);

    }

services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java

+43 −0
Original line number Diff line number Diff line
@@ -1137,6 +1137,42 @@ public final class UserManagerTest { 
        }

    }



    @MediumTest

    @Test

    public void testSetUserAdminFailsForGuest() throws Exception {

        UserInfo userInfo = createUser("GuestUser", UserInfo.FLAG_GUEST);

        assertThat(userInfo).isNotNull();



        mUserManager.setUserAdmin(userInfo.id);

        userInfo = mUserManager.getUserInfo(userInfo.id);

        assertThat(userInfo.isAdmin()).isFalse();

    }



    @MediumTest

    @Test

    public void testSetUserAdminFailsForProfile() throws Exception {

        UserHandle mainUser = mUserManager.getMainUser();

        assertThat(mainUser).isNotNull();

        UserInfo userInfo = createProfileForUser("Profile",

                UserManager.USER_TYPE_PROFILE_MANAGED, mainUser.getIdentifier());

        assertThat(userInfo).isNotNull();



        mUserManager.setUserAdmin(userInfo.id);

        userInfo = mUserManager.getUserInfo(userInfo.id);

        assertThat(userInfo.isAdmin()).isFalse();

    }



    @MediumTest

    @Test

    public void testSetUserAdminFailsForRestrictedProfile() throws Exception {

        UserInfo userInfo = createRestrictedProfile("Profile");

        assertThat(userInfo).isNotNull();



        mUserManager.setUserAdmin(userInfo.id);

        userInfo = mUserManager.getUserInfo(userInfo.id);

        assertThat(userInfo.isAdmin()).isFalse();

    }



    @MediumTest

    @Test

    public void testRevokeUserAdmin() throws Exception {
@@ -1192,6 +1228,13 @@ public final class UserManagerTest { 
        }

    }



    @MediumTest

    @Test

    public void testRevokeUserAdminFailsForSystemUser() throws Exception {

        mUserManager.revokeUserAdmin(UserHandle.USER_SYSTEM);

        assertThat(getUser(UserHandle.USER_SYSTEM).isAdmin()).isTrue();

    }



    @MediumTest

    @Test

    public void testGetProfileParent() throws Exception {