Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5aee6058 authored by Maria Petrisor's avatar Maria Petrisor
Browse files

Apply DISALLOW_ADD_USER to user0 in COPE 

DISALLOW_ADD_USER is already applied for the parent user (i.e. personal
profile), but we should also set this on user0 on HSUM devices when boot
to user0 is enabled to avoid being able to add users from the login
screen.

Bug: 398819336
Test: manual
Flag: EXEMPT bugfix & protected by config_hsumBootStrategy
Change-Id: I57adbaf0c362378bb40c6e8aa64ea9bdb3992155
parent c0e04bd2

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+19 −0
Original line number Diff line number Diff line
@@ -928,6 +928,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 














    private static final int RETRY_COPY_ACCOUNT_ATTEMPTS = 3;



























    private static final int BOOT_TO_HSU_FOR_PROVISIONED_DEVICE = 1;



























    /**















     * For apps targeting U+















     * Enable multiple admins to coexist on the same device.










@@ -4391,6 +4393,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        }















        mUserManager.setUserRestriction(















                UserManager.DISALLOW_ADD_USER, false, parentUserHandle);













        if (mInjector.userManagerIsHeadlessSystemUserMode() && isBootToUser0Enabled()) {













            mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER,













                    false, UserHandle.SYSTEM);













        }















    }





























    private void clearDeviceOwnerUserRestriction(UserHandle userHandle) {










@@ -17929,6 +17935,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













            mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER,















                    isProfileOwnerOnOrganizationOwnedDevice,















                    parentUser);













            if (mInjector.userManagerIsHeadlessSystemUserMode() && isBootToUser0Enabled()) {













                // Additionally set this restriction on user 0 to block adding new users from the













                // login screen on HSUM.













                mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER,













                        isProfileOwnerOnOrganizationOwnedDevice,













                        UserHandle.SYSTEM);













            }















        });





























        // setProfileOwnerOfOrganizationOwnedDevice will trigger writing of the profile owner









@@ -17937,6 +17950,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                isProfileOwnerOnOrganizationOwnedDevice);















    }



























    private boolean isBootToUser0Enabled() {













        final int bootStrategy = mContext.getResources()













                .getInteger(com.android.internal.R.integer.config_hsumBootStrategy);













        return bootStrategy == BOOT_TO_HSU_FOR_PROVISIONED_DEVICE;













    }



























    private void pushMeteredDisabledPackages(int userId) {















        wtfIfInLock();















        mInjector.getNetworkPolicyManagerInternal().setMeteredRestrictedPackages(