Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2ef1bf6 authored by Momoko Hattori's avatar Momoko Hattori
Browse files

Reject system user in revokeUserAdmin() 

System user should not be removed from admin.

This CL also fixes a typo in a comment in revokeUserAdmin().

Bug: 411194997
Test: atest FrameworksServicesTests \
        --test-filter=".UserManagerTest#testRevokeUserAdmin.*"
Test: Manually test with CL:33082444 as follows:
  $ adb shell cmd user revoke-user-admin 0
  $ adb shell cmd user list -v | grep id=0
  0: id=0, ... flags=ADMIN|INITIALIZED|PRIMARY|SYSTEM (running)
Flag: EXEMPT bug fix

Change-Id: Ibdc1925cbf223958a95bde70ddba4ed8fcf7578c
parent cc5d2c82

services/core/java/com/android/server/pm/UserManagerService.java

+10 −5
Original line number Diff line number Diff line
@@ -2351,26 +2351,31 @@ public class UserManagerService extends IUserManager.Stub { 


        mUserJourneyLogger.logUserJourneyBegin(userId, USER_JOURNEY_REVOKE_ADMIN);

        UserData user;

        int currentUserId = getCurrentUserId();

        synchronized (mPackagesLock) {

            synchronized (mUsersLock) {

                user = getUserDataLU(userId);

                if (user == null) {

                    // Exit if no user found with that id

                    mUserJourneyLogger.logNullUserJourneyError(

                            USER_JOURNEY_REVOKE_ADMIN,

                            getCurrentUserId(), userId, "", -1);

                            USER_JOURNEY_REVOKE_ADMIN, currentUserId, userId, "", -1);

                    return;

                } else if (!user.info.isAdmin()) {

                    // Exit if no user is not an Admin.

                    mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(), user.info,

                    // Exit if user is not an Admin.

                    mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId, user.info,

                            USER_JOURNEY_REVOKE_ADMIN, ERROR_CODE_USER_IS_NOT_AN_ADMIN);

                    return;

                } else if ((user.info.flags & UserInfo.FLAG_SYSTEM) != 0) {

                    // System user must always be an Admin.

                    mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId, user.info,

                            USER_JOURNEY_REVOKE_ADMIN, ERROR_CODE_INVALID_USER_TYPE);

                    return;

                }

                user.info.flags ^= UserInfo.FLAG_ADMIN;

                writeUserLP(user);

            }

        }

        mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(), user.info,

        mUserJourneyLogger.logUserJourneyFinishWithError(currentUserId, user.info,

                USER_JOURNEY_REVOKE_ADMIN, ERROR_CODE_UNSPECIFIED);

    }

services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java

+7 −0
Original line number Diff line number Diff line
@@ -1228,6 +1228,13 @@ public final class UserManagerTest { 
        }

    }



    @MediumTest

    @Test

    public void testRevokeUserAdminFailsForSystemUser() throws Exception {

        mUserManager.revokeUserAdmin(UserHandle.USER_SYSTEM);

        assertThat(getUser(UserHandle.USER_SYSTEM).isAdmin()).isTrue();

    }



    @MediumTest

    @Test

    public void testGetProfileParent() throws Exception {