Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b78a82c3 authored by Eduard Dumitrescul's avatar Eduard Dumitrescul
Browse files

Stop usb debugging setting from being enabled 

Users should not be able to enable usb debugging
if a device owner or the system user have the
DISALLOW_DEBUGGING_FEATURES restriction set.

Bug: 404545075
Test: set restriction in device-owner TestDpc > check if setting can be
enabled
Flag: EXEMPT BUGFIX

Change-Id: I30628f928b99f2c670ef02ceda5eed11b290771b
parent e91b68ac

services/core/java/com/android/server/pm/UserRestrictionsUtils.java

+21 −3
Original line number Diff line number Diff line
@@ -684,7 +684,7 @@ public class UserRestrictionsUtils { 
                    break;

                case UserManager.DISALLOW_DEBUGGING_FEATURES:

                    if (newValue) {

                        if (userId == UserHandle.USER_SYSTEM || isDeviceOwner(userId)) {

                        if (userId == UserHandle.USER_SYSTEM || userId == getDeviceOwnerUserId()) {

                            android.provider.Settings.Global.putStringForUser(cr,

                                    android.provider.Settings.Global.ADB_ENABLED, "0",

                                    userId);
@@ -809,6 +809,9 @@ public class UserRestrictionsUtils { 
                    return false;

                }

                restriction = UserManager.DISALLOW_DEBUGGING_FEATURES;

                if (deviceOwnerOrSystemUserHasRestriction(restriction)) {

                    return true;

                }

                break;



            case android.provider.Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB:
@@ -968,9 +971,24 @@ public class UserRestrictionsUtils { 
                UserHandle.of(userId))) ? 0 : 1;

    }



    private static boolean isDeviceOwner(int userId) {

    private static int getDeviceOwnerUserId() {

        DevicePolicyManagerInternal dpm = LocalServices.getService(

                DevicePolicyManagerInternal.class);

        return dpm.getDeviceOwnerUserId() == userId;

        return dpm.getDeviceOwnerUserId();

    }



    private static boolean deviceOwnerOrSystemUserHasRestriction(String restriction) {

        UserManagerInternal userManager = LocalServices.getService(UserManagerInternal.class);

        if (userManager == null) {

            return false;

        }



        if (userManager.hasUserRestriction(restriction, UserHandle.USER_SYSTEM)) {

            return true;

        }



        final int deviceOwnerId = getDeviceOwnerUserId();

        return deviceOwnerId != UserHandle.USER_NULL && deviceOwnerId != UserHandle.USER_SYSTEM

                && userManager.hasUserRestriction(restriction, deviceOwnerId);

    }

}