Loading services/core/java/com/android/server/pm/UserRestrictionsUtils.java +9 −9 Original line number Diff line number Diff line Loading @@ -167,10 +167,10 @@ public class UserRestrictionsUtils { ); /** * User restrictions that cannot be set by profile owners of secondary users. When set by DO * they will be applied to all users. * User restrictions that can only be set by profile owners on the main user, or by device * owners. When set by DO they will be applied to all users. */ private static final Set<String> PRIMARY_USER_ONLY_RESTRICTIONS = Sets.newArraySet( private static final Set<String> MAIN_USER_ONLY_RESTRICTIONS = Sets.newArraySet( UserManager.DISALLOW_BLUETOOTH, UserManager.DISALLOW_USB_FILE_TRANSFER, UserManager.DISALLOW_CONFIG_TETHERING, Loading Loading @@ -454,14 +454,14 @@ public class UserRestrictionsUtils { } /** * @return true if a restriction is settable by profile owner. Note it takes a user ID because * some restrictions can be changed by PO only when it's running on the system user. * @return true if a restriction is settable by profile owner. Note it takes a boolean to say * if the relevant user is the {@link UserManager#isMainUser() MainUser}, because some * restrictions can be changed by PO only when it's running on the main user. */ public static boolean canProfileOwnerChange(String restriction, int userId) { public static boolean canProfileOwnerChange(String restriction, boolean isMainUser) { return !IMMUTABLE_BY_OWNERS.contains(restriction) && !DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction) && !(userId != UserHandle.USER_SYSTEM && PRIMARY_USER_ONLY_RESTRICTIONS.contains(restriction)); && !(!isMainUser && MAIN_USER_ONLY_RESTRICTIONS.contains(restriction)); } /** Loading Loading @@ -494,7 +494,7 @@ public class UserRestrictionsUtils { public static boolean isGlobal(@UserManagerInternal.OwnerType int restrictionOwnerType, String key) { return ((restrictionOwnerType == UserManagerInternal.OWNER_TYPE_DEVICE_OWNER) && ( PRIMARY_USER_ONLY_RESTRICTIONS.contains(key) || GLOBAL_RESTRICTIONS.contains(key))) MAIN_USER_ONLY_RESTRICTIONS.contains(key) || GLOBAL_RESTRICTIONS.contains(key))) || ((restrictionOwnerType == UserManagerInternal.OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE) && PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS.contains(key)) Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +9 −8 Original line number Diff line number Diff line Loading @@ -9038,12 +9038,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } private @UserIdInt int getMainUserId() { UserHandle mainUser = mUserManager.getMainUser(); if (mainUser == null) { int mainUserId = mUserManagerInternal.getMainUserId(); if (mainUserId == UserHandle.USER_NULL) { Slogf.d(LOG_TAG, "getMainUserId(): no main user, returning USER_SYSTEM"); return UserHandle.USER_SYSTEM; } return mainUser.getIdentifier(); return mainUserId; } // TODO(b/240562946): Remove api as owner name is not used. Loading Loading @@ -12019,10 +12019,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller)); } int userHandle = caller.getUserId(); int userId = caller.getUserId(); synchronized (getLockObject()) { final ActiveAdmin activeAdmin = getParentOfAdminIfRequired( getProfileOwnerOrDeviceOwnerLocked(userHandle), parent); getProfileOwnerOrDeviceOwnerLocked(userId), parent); if (isDefaultDeviceOwner(caller)) { if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) { Loading @@ -12039,7 +12039,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { "Cannot use the parent instance in Financed Device Owner mode"); } else { boolean profileOwnerCanChangeOnItself = !parent && UserRestrictionsUtils.canProfileOwnerChange(key, userHandle); && UserRestrictionsUtils.canProfileOwnerChange( key, userId == getMainUserId()); boolean orgOwnedProfileOwnerCanChangesGlobally = parent && isProfileOwnerOfOrganizationOwnedDevice(caller) && UserRestrictionsUtils.canProfileOwnerOfOrganizationOwnedDeviceChange( Loading @@ -12058,7 +12059,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } else { restrictions.remove(key); } saveUserRestrictionsLocked(userHandle); saveUserRestrictionsLocked(userId); } final int eventId = enabledFromThisOwner ? DevicePolicyEnums.ADD_USER_RESTRICTION Loading @@ -12072,7 +12073,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int eventTag = enabledFromThisOwner ? SecurityLog.TAG_USER_RESTRICTION_ADDED : SecurityLog.TAG_USER_RESTRICTION_REMOVED; SecurityLog.writeEvent(eventTag, who.getPackageName(), userHandle, key); SecurityLog.writeEvent(eventTag, who.getPackageName(), userId, key); } } services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java +13 −14 Original line number Diff line number Diff line Loading @@ -20,7 +20,6 @@ import static com.android.server.devicepolicy.DpmTestUtils.assertRestrictions; import static com.android.server.devicepolicy.DpmTestUtils.newRestrictions; import android.os.Bundle; import android.os.UserHandle; import android.os.UserManager; import android.platform.test.annotations.Presubmit; import android.test.AndroidTestCase; Loading Loading @@ -77,30 +76,30 @@ public class UserRestrictionsUtilsTest extends AndroidTestCase { assertTrue(UserRestrictionsUtils.canDeviceOwnerChange(UserManager.DISALLOW_USER_SWITCH)); } public void testCanProfileOwnerChange() { int user = UserHandle.USER_SYSTEM; public void testCanProfileOwnerChange_mainUser() { assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_RECORD_AUDIO, user)); UserManager.DISALLOW_RECORD_AUDIO, true)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_WALLPAPER, user)); UserManager.DISALLOW_WALLPAPER, true)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_USER_SWITCH, user)); UserManager.DISALLOW_USER_SWITCH, true)); assertTrue(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_ADD_USER, user)); UserManager.DISALLOW_ADD_USER, true)); assertTrue(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_ADJUST_VOLUME, user)); UserManager.DISALLOW_ADJUST_VOLUME, true)); } user = 10; public void testCanProfileOwnerChange_notMainUser() { assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_RECORD_AUDIO, user)); UserManager.DISALLOW_RECORD_AUDIO, false)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_WALLPAPER, user)); UserManager.DISALLOW_WALLPAPER, false)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_ADD_USER, user)); UserManager.DISALLOW_ADD_USER, false)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_USER_SWITCH, user)); UserManager.DISALLOW_USER_SWITCH, false)); assertTrue(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_ADJUST_VOLUME, user)); UserManager.DISALLOW_ADJUST_VOLUME, false)); } public void testMoveRestriction() { Loading Loading
services/core/java/com/android/server/pm/UserRestrictionsUtils.java +9 −9 Original line number Diff line number Diff line Loading @@ -167,10 +167,10 @@ public class UserRestrictionsUtils { ); /** * User restrictions that cannot be set by profile owners of secondary users. When set by DO * they will be applied to all users. * User restrictions that can only be set by profile owners on the main user, or by device * owners. When set by DO they will be applied to all users. */ private static final Set<String> PRIMARY_USER_ONLY_RESTRICTIONS = Sets.newArraySet( private static final Set<String> MAIN_USER_ONLY_RESTRICTIONS = Sets.newArraySet( UserManager.DISALLOW_BLUETOOTH, UserManager.DISALLOW_USB_FILE_TRANSFER, UserManager.DISALLOW_CONFIG_TETHERING, Loading Loading @@ -454,14 +454,14 @@ public class UserRestrictionsUtils { } /** * @return true if a restriction is settable by profile owner. Note it takes a user ID because * some restrictions can be changed by PO only when it's running on the system user. * @return true if a restriction is settable by profile owner. Note it takes a boolean to say * if the relevant user is the {@link UserManager#isMainUser() MainUser}, because some * restrictions can be changed by PO only when it's running on the main user. */ public static boolean canProfileOwnerChange(String restriction, int userId) { public static boolean canProfileOwnerChange(String restriction, boolean isMainUser) { return !IMMUTABLE_BY_OWNERS.contains(restriction) && !DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction) && !(userId != UserHandle.USER_SYSTEM && PRIMARY_USER_ONLY_RESTRICTIONS.contains(restriction)); && !(!isMainUser && MAIN_USER_ONLY_RESTRICTIONS.contains(restriction)); } /** Loading Loading @@ -494,7 +494,7 @@ public class UserRestrictionsUtils { public static boolean isGlobal(@UserManagerInternal.OwnerType int restrictionOwnerType, String key) { return ((restrictionOwnerType == UserManagerInternal.OWNER_TYPE_DEVICE_OWNER) && ( PRIMARY_USER_ONLY_RESTRICTIONS.contains(key) || GLOBAL_RESTRICTIONS.contains(key))) MAIN_USER_ONLY_RESTRICTIONS.contains(key) || GLOBAL_RESTRICTIONS.contains(key))) || ((restrictionOwnerType == UserManagerInternal.OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE) && PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS.contains(key)) Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +9 −8 Original line number Diff line number Diff line Loading @@ -9038,12 +9038,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } private @UserIdInt int getMainUserId() { UserHandle mainUser = mUserManager.getMainUser(); if (mainUser == null) { int mainUserId = mUserManagerInternal.getMainUserId(); if (mainUserId == UserHandle.USER_NULL) { Slogf.d(LOG_TAG, "getMainUserId(): no main user, returning USER_SYSTEM"); return UserHandle.USER_SYSTEM; } return mainUser.getIdentifier(); return mainUserId; } // TODO(b/240562946): Remove api as owner name is not used. Loading Loading @@ -12019,10 +12019,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller)); } int userHandle = caller.getUserId(); int userId = caller.getUserId(); synchronized (getLockObject()) { final ActiveAdmin activeAdmin = getParentOfAdminIfRequired( getProfileOwnerOrDeviceOwnerLocked(userHandle), parent); getProfileOwnerOrDeviceOwnerLocked(userId), parent); if (isDefaultDeviceOwner(caller)) { if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) { Loading @@ -12039,7 +12039,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { "Cannot use the parent instance in Financed Device Owner mode"); } else { boolean profileOwnerCanChangeOnItself = !parent && UserRestrictionsUtils.canProfileOwnerChange(key, userHandle); && UserRestrictionsUtils.canProfileOwnerChange( key, userId == getMainUserId()); boolean orgOwnedProfileOwnerCanChangesGlobally = parent && isProfileOwnerOfOrganizationOwnedDevice(caller) && UserRestrictionsUtils.canProfileOwnerOfOrganizationOwnedDeviceChange( Loading @@ -12058,7 +12059,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } else { restrictions.remove(key); } saveUserRestrictionsLocked(userHandle); saveUserRestrictionsLocked(userId); } final int eventId = enabledFromThisOwner ? DevicePolicyEnums.ADD_USER_RESTRICTION Loading @@ -12072,7 +12073,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int eventTag = enabledFromThisOwner ? SecurityLog.TAG_USER_RESTRICTION_ADDED : SecurityLog.TAG_USER_RESTRICTION_REMOVED; SecurityLog.writeEvent(eventTag, who.getPackageName(), userHandle, key); SecurityLog.writeEvent(eventTag, who.getPackageName(), userId, key); } }
services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java +13 −14 Original line number Diff line number Diff line Loading @@ -20,7 +20,6 @@ import static com.android.server.devicepolicy.DpmTestUtils.assertRestrictions; import static com.android.server.devicepolicy.DpmTestUtils.newRestrictions; import android.os.Bundle; import android.os.UserHandle; import android.os.UserManager; import android.platform.test.annotations.Presubmit; import android.test.AndroidTestCase; Loading Loading @@ -77,30 +76,30 @@ public class UserRestrictionsUtilsTest extends AndroidTestCase { assertTrue(UserRestrictionsUtils.canDeviceOwnerChange(UserManager.DISALLOW_USER_SWITCH)); } public void testCanProfileOwnerChange() { int user = UserHandle.USER_SYSTEM; public void testCanProfileOwnerChange_mainUser() { assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_RECORD_AUDIO, user)); UserManager.DISALLOW_RECORD_AUDIO, true)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_WALLPAPER, user)); UserManager.DISALLOW_WALLPAPER, true)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_USER_SWITCH, user)); UserManager.DISALLOW_USER_SWITCH, true)); assertTrue(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_ADD_USER, user)); UserManager.DISALLOW_ADD_USER, true)); assertTrue(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_ADJUST_VOLUME, user)); UserManager.DISALLOW_ADJUST_VOLUME, true)); } user = 10; public void testCanProfileOwnerChange_notMainUser() { assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_RECORD_AUDIO, user)); UserManager.DISALLOW_RECORD_AUDIO, false)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_WALLPAPER, user)); UserManager.DISALLOW_WALLPAPER, false)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_ADD_USER, user)); UserManager.DISALLOW_ADD_USER, false)); assertFalse(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_USER_SWITCH, user)); UserManager.DISALLOW_USER_SWITCH, false)); assertTrue(UserRestrictionsUtils.canProfileOwnerChange( UserManager.DISALLOW_ADJUST_VOLUME, user)); UserManager.DISALLOW_ADJUST_VOLUME, false)); } public void testMoveRestriction() { Loading
