Don't call DPM from UserManager to avoid lock inversion

    /** Remove a {@link UserRestrictionsListener}. */

    public abstract void removeUserRestrictionsListener(UserRestrictionsListener listener);

    /**

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update

     * whether the device is managed by device owner.

     */

    public abstract void setDeviceManaged(boolean isManaged);

    /**

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update

     * whether the user is managed by profile owner.

     */

    public abstract void setUserManaged(int userId, boolean isManaged);

}

import android.app.ActivityManagerNative;

import android.app.IActivityManager;

import android.app.IStopUserCallback;

import android.app.admin.DevicePolicyManager;

import android.content.BroadcastReceiver;

import android.content.Context;

import android.content.Intent;

    private final SparseArray<Bundle> mAppliedUserRestrictions = new SparseArray<>();

    /**

     * User restrictions set by {@link DevicePolicyManager} that should be applied to all users,

     * including guests.

     * User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService}

     * that should be applied to all users, including guests.

     */

    @GuardedBy("mRestrictionsLock")

    private Bundle mDevicePolicyGlobalUserRestrictions;

    /**

     * User restrictions set by {@link DevicePolicyManager} for each user.

     * User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService}

     * for each user.

     */

    @GuardedBy("mRestrictionsLock")

    private final SparseArray<Bundle> mDevicePolicyLocalUserRestrictions = new SparseArray<>();

    private final LocalService mLocalService;

    @GuardedBy("mUsersLock")

    private boolean mIsDeviceManaged;

    @GuardedBy("mUsersLock")

    private final SparseBooleanArray mIsUserManaged = new SparseBooleanArray();

    @GuardedBy("mUserRestrictionsListeners")

    private final ArrayList<UserRestrictionsListener> mUserRestrictionsListeners =

            new ArrayList<>();

            if (!userInfo.isAdmin()) {

                return false;

            }

            // restricted profile can be created if there is no DO set and the admin user has no PO;

            return !mIsDeviceManaged && !mIsUserManaged.get(userId);

        }

        DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(

                Context.DEVICE_POLICY_SERVICE);

        // restricted profile can be created if there is no DO set and the admin user has no PO

        return !dpm.isDeviceManaged() && dpm.getProfileOwnerAsUser(userId) == null;

    }

    /*

                if (UserManager.isSplitSystemUser()

                        && !isGuest && !isManagedProfile && getPrimaryUser() == null) {

                    flags |= UserInfo.FLAG_PRIMARY;

                    DevicePolicyManager devicePolicyManager = (DevicePolicyManager)

                            mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);

                    if (devicePolicyManager == null

                            || !devicePolicyManager.isDeviceManaged()) {

                    synchronized (mUsersLock) {

                        if (!mIsDeviceManaged) {

                            flags |= UserInfo.FLAG_ADMIN;

                        }

                    }

                }

                userId = getNextAvailableId();

                userInfo = new UserInfo(userId, name, null, flags);

                userInfo.serialNumber = mNextSerialNumber++;

        // Remove this user from the list

        synchronized (mUsersLock) {

            mUsers.remove(userHandle);

            mIsUserManaged.delete(userHandle);

        }

        synchronized (mRestrictionsLock) {

            mBaseUserRestrictions.remove(userHandle);

            mAppliedUserRestrictions.remove(userHandle);

            mCachedEffectiveUserRestrictions.remove(userHandle);

            mDevicePolicyLocalUserRestrictions.remove(userHandle);

        }

        // Remove user file

        AtomicFile userFile = new AtomicFile(new File(mUsersDir, userHandle + XML_SUFFIX));

                    if (user == null) {

                        continue;

                    }

                    final int userId = user.id;

                    pw.print("  "); pw.print(user);

                    pw.print(" serialNo="); pw.print(user.serialNumber);

                    if (mRemovingUserIds.get(mUsers.keyAt(i))) {

                    if (mRemovingUserIds.get(userId)) {

                        pw.print(" <removing> ");

                    }

                    if (user.partial) {

                        sb.append(" ago");

                        pw.println(sb);

                    }

                    pw.print("    Has profile owner: ");

                    pw.println(mIsUserManaged.get(userId));

                    pw.println("    Restrictions:");

                    synchronized (mRestrictionsLock) {

                        UserRestrictionsUtils.dumpRestrictions(

            synchronized (mGuestRestrictions) {

                UserRestrictionsUtils.dumpRestrictions(pw, "    ", mGuestRestrictions);

            }

            synchronized (mUsersLock) {

                pw.println();

                pw.println("  Device managed: " + mIsDeviceManaged);

            }

        }

    }

                mUserRestrictionsListeners.remove(listener);

            }

        }

        @Override

        public void setDeviceManaged(boolean isManaged) {

            synchronized (mUsersLock) {

                mIsDeviceManaged = isManaged;

            }

        }

        @Override

        public void setUserManaged(int userId, boolean isManaged) {

            synchronized (mUsersLock) {

                mIsUserManaged.put(userId, isManaged);

            }

        }

    }

    private class Shell extends ShellCommand {

        }

        Owners newOwners() {

            return new Owners(mContext);

            return new Owners(mContext, getUserManager(), getUserManagerInternal());

        }

        UserManager getUserManager() {

    }

    private void ensureDeviceOwnerUserStarted() {

        if (mOwners.hasDeviceOwner()) {

            final int userId = mOwners.getDeviceOwnerUserId();

        final int userId;

        synchronized (this) {

            if (!mOwners.hasDeviceOwner()) {

                return;

            }

            userId = mOwners.getDeviceOwnerUserId();

        }

        if (VERBOSE_LOG) {

            Log.v(LOG_TAG, "Starting non-system DO user: " + userId);

        }

            }

        }

    }

    }

    private void onStartUser(int userId) {

        updateScreenCaptureDisabledInWindowManager(userId,

                    + " for device owner");

        }

        synchronized (this) {

            enforceCanSetDeviceOwner(userId);

            enforceCanSetDeviceOwnerLocked(userId);

            // Shutting down backup manager service permanently.

            long ident = mInjector.binderClearCallingIdentity();

                    + " not installed for userId:" + userHandle);

        }

        synchronized (this) {

            enforceCanSetProfileOwner(userHandle);

            enforceCanSetProfileOwnerLocked(userHandle);

            mOwners.setProfileOwner(who, ownerName, userHandle);

            mOwners.writeProfileOwner(userHandle);

            return true;

     * - SYSTEM_UID

     * - adb if there are not accounts.

     */

    private void enforceCanSetProfileOwner(int userHandle) {

    private void enforceCanSetProfileOwnerLocked(int userHandle) {

        UserInfo info = mUserManager.getUserInfo(userHandle);

        if (info == null) {

            // User doesn't exist.

     * The device owner can only be set before the setup phase of the primary user has completed,

     * except for adb if no accounts or additional users are present on the device.

     */

    private void enforceCanSetDeviceOwner(int userId) {

    private void enforceCanSetDeviceOwnerLocked(int userId) {

        if (mOwners.hasDeviceOwner()) {

            throw new IllegalStateException("Trying to set the device owner, but device owner "

                    + "is already set.");

    public boolean isProvisioningAllowed(String action) {

        final int callingUserId = mInjector.userHandleGetCallingUserId();

        if (DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE.equals(action)) {

            synchronized (this) {

                if (mOwners.hasDeviceOwner()) {

                    if (!mInjector.userManagerIsSplitSystemUser()) {

                        // Only split-system-user systems support managed-profiles in combination with

                        return false;

                    }

                }

            }

            if (getProfileOwner(callingUserId) != null) {

                // Managed user cannot have a managed profile.

                return false;

    }

    private boolean isDeviceOwnerProvisioningAllowed(int callingUserId) {

        synchronized (this) {

            if (mOwners.hasDeviceOwner()) {

                return false;

            }

        }

        if (getProfileOwner(callingUserId) != null) {

            return false;

        }

import android.os.Environment;

import android.os.UserHandle;

import android.os.UserManager;

import android.os.UserManagerInternal;

import android.util.ArrayMap;

import android.util.AtomicFile;

import android.util.Log;

/**

 * Stores and restores state for the Device and Profile owners. By definition there can be

 * only one device owner, but there may be a profile owner for each user.

 *

 * <p>This class is not thread safe.  (i.e. access to this class must always be synchronized

 * in the caller side.)

 */

class Owners {

    private static final String TAG = "DevicePolicyManagerService";

    private static final String TAG_SYSTEM_UPDATE_POLICY = "system-update-policy";

    private final Context mContext;

    private final UserManager mUserManager;

    private final UserManagerInternal mUserManagerInternal;

    // Internal state for the device owner package.

    private OwnerInfo mDeviceOwner;

    // Local system update policy controllable by device owner.

    private SystemUpdatePolicy mSystemUpdatePolicy;

    public Owners(Context context) {

        mContext = context;

        mUserManager = context.getSystemService(UserManager.class);

    public Owners(Context context, UserManager userManager,

            UserManagerInternal userManagerInternal) {

        mUserManager = userManager;

        mUserManagerInternal = userManagerInternal;

    }

    /**

     * Load configuration from the disk.

     */

    void load() {

        synchronized (this) {

        // First, try to read from the legacy file.

        final File legacy = getLegacyConfigFileWithTestOverride();

        final List<UserInfo> users = mUserManager.getUsers();

        if (readLegacyOwnerFile(legacy)) {

            if (DEBUG) {

                Log.d(TAG, "Legacy config file found.");

            // No legacy file, read from the new format files.

            new DeviceOwnerReadWriter().readFromFileLocked();

                final List<UserInfo> users = mUserManager.getUsers();

            for (UserInfo ui : users) {

                new ProfileOwnerReadWriter(ui.id).readFromFileLocked();

            }

        }

        mUserManagerInternal.setDeviceManaged(hasDeviceOwner());

        for (UserInfo ui : users) {

            mUserManagerInternal.setUserManaged(ui.id, hasProfileOwner(ui.id));

        }

        if (hasDeviceOwner() && hasProfileOwner(getDeviceOwnerUserId())) {

            Slog.w(TAG, String.format("User %d has both DO and PO, which is not supported",

            boolean userRestrictionsMigrated) {

        mDeviceOwner = new OwnerInfo(ownerName, admin, userRestrictionsMigrated);

        mDeviceOwnerUserId = userId;

        mUserManagerInternal.setDeviceManaged(true);

    }

    void clearDeviceOwner() {

        mDeviceOwner = null;

        mDeviceOwnerUserId = UserHandle.USER_NULL;

        mUserManagerInternal.setDeviceManaged(false);

    }

    void setProfileOwner(ComponentName admin, String ownerName, int userId) {

        // For a newly set PO, there's no need for migration.

        mProfileOwners.put(userId, new OwnerInfo(ownerName, admin,

                /* userRestrictionsMigrated =*/ true));

        mUserManagerInternal.setUserManaged(userId, true);

    }

    void removeProfileOwner(int userId) {

        mProfileOwners.remove(userId);

        mUserManagerInternal.setUserManaged(userId, false);

    }

    ComponentName getProfileOwnerComponent(int userId) {

        private final File mProfileOwnerBase;

        public OwnersTestable(DpmMockContext context) {

            super(context);

            super(context, context.userManager, context.userManagerInternal);

            mLegacyFile = new File(context.dataDir, LEGACY_FILE);

            mDeviceOwnerFile = new File(context.dataDir, DEVICE_OWNER_FILE);

            mProfileOwnerBase = new File(context.dataDir, PROFILE_OWNER_FILE_BASE);