Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit df1b87db authored by Nicolas Prevot's avatar Nicolas Prevot
Browse files

Allow DO to remove user even if DISALLOW_REMOVE_USER is set. 

BUG:32300784
Test: create user in TestDPC, set DISALLOW_REMOVE_USER restriction,
and remove this user.
Change-Id: I96ab02d594cd1a8ab14420e12357f2083da1ce63
parent debcf760

core/java/android/os/UserManagerInternal.java

+7 −0
Original line number Diff line number Diff line
@@ -127,6 +127,13 @@ public abstract class UserManagerInternal { 
     */

    public abstract UserInfo createUserEvenWhenDisallowed(String name, int flags);



    /**

     * Same as {@link UserManager#removeUser(int userHandle)}, but bypasses the check for

     * {@link UserManager#DISALLOW_REMOVE_USER} and does not require the

     * {@link android.Manifest.permission#MANAGE_USERS} permission.

     */

    public abstract boolean removeUserEvenWhenDisallowed(int userId);



    /**

     * Return whether the given user is running in an

     * {@code UserState.STATE_RUNNING_UNLOCKING} or

services/core/java/com/android/server/pm/UserManagerService.java

+8 −0
Original line number Diff line number Diff line
@@ -2489,7 +2489,10 @@ public class UserManagerService extends IUserManager.Stub { 
            Log.w(LOG_TAG, "Cannot remove user. DISALLOW_REMOVE_USER is enabled.");

            return false;

        }

        return removeUserUnchecked(userHandle);

    }



    private boolean removeUserUnchecked(int userHandle) {

        long ident = Binder.clearCallingIdentity();

        try {

            final UserData userData;
@@ -3566,6 +3569,11 @@ public class UserManagerService extends IUserManager.Stub { 
            return user;

        }



        @Override

        public boolean removeUserEvenWhenDisallowed(int userId) {

            return removeUserUnchecked(userId);

        }



        @Override

        public boolean isUserRunning(int userId) {

            synchronized (mUserStates) {

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+16 −6
Original line number Diff line number Diff line
@@ -7340,17 +7340,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
    @Override

    public boolean removeUser(ComponentName who, UserHandle userHandle) {

        Preconditions.checkNotNull(who, "ComponentName is null");

        UserHandle callingUserHandle = mInjector.binderGetCallingUserHandle();

        synchronized (this) {

            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);



            long id = mInjector.binderClearCallingIdentity();

        }

        final long id = mInjector.binderClearCallingIdentity();

        try {

                return mUserManager.removeUser(userHandle.getIdentifier());

            int restrictionSource = mUserManager.getUserRestrictionSource(

                    UserManager.DISALLOW_REMOVE_USER, callingUserHandle);

            if (restrictionSource != UserManager.RESTRICTION_NOT_SET

                    && restrictionSource != UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) {

                Log.w(LOG_TAG, "The device owner cannot remove a user because "

                        + "DISALLOW_REMOVE_USER is enabled, and was not set by the device "

                        + "owner");

                return false;

            }

            return mUserManagerInternal.removeUserEvenWhenDisallowed(

                    userHandle.getIdentifier());

        } finally {

            mInjector.binderRestoreCallingIdentity(id);

        }

    }

    }



    @Override

    public boolean switchUser(ComponentName who, UserHandle userHandle) {