Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d616a335 authored by Amith Yamasani's avatar Amith Yamasani
Browse files

Prevent device owner registration after setup is complete 

This change prevents adding a device owner after setupwizard
has finished provisioning. Only the new dpm shell command
can set a device owner.

Bug: 17316711
Change-Id: I98bdfd9b8c8da3042111c45e2e7fd2b559fac510
parent 3e7115ed

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+7 −9
Original line number Diff line number Diff line
@@ -3716,7 +3716,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        synchronized (this) {

            // Only SYSTEM_UID can override the userSetupComplete

            if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID

                    && isUserSetupComplete(userHandle)) {

                    && hasUserSetupCompleted(userHandle)) {

                throw new IllegalStateException(

                        "Trying to set profile owner but user is already set-up.");

            }
@@ -3773,10 +3773,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 


    @Override

    public boolean hasUserSetupCompleted() {

        return hasUserSetupCompleted(UserHandle.getCallingUserId());

    }



    private boolean hasUserSetupCompleted(int userHandle) {

        if (!mHasFeature) {

            return true;

        }

        DevicePolicyData policy = getUserData(UserHandle.getCallingUserId());

        DevicePolicyData policy = getUserData(userHandle);

        // If policy is null, return true, else check if the setup has completed.

        return policy == null || policy.mUserSetupComplete;

    }
@@ -3888,16 +3892,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        if (callingId == Process.SHELL_UID || callingId == Process.ROOT_UID) {

            return AccountManager.get(mContext).getAccounts().length == 0;

        } else {

            return Settings.Global.getInt(mContext.getContentResolver(),

                    Settings.Global.DEVICE_PROVISIONED, 0) == 0;

            return !hasUserSetupCompleted(UserHandle.USER_OWNER);

        }

    }



    private boolean isUserSetupComplete(int userId) {

        return Settings.Secure.getIntForUser(mContext.getContentResolver(),

                Settings.Secure.USER_SETUP_COMPLETE, 0, userId) > 0;

    }



    private void enforceCrossUserPermission(int userHandle) {

        if (userHandle < 0) {

            throw new IllegalArgumentException("Invalid userId " + userHandle);