Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fe5e0cab authored Nov 03, 2020 by Jordan Jozwiak

Allow CREATE_USERS for removeUserOrSetEphemeral

The removeUserOrSetEphemeral() API currently requires the
MANAGE_USERS permission, whereas removeUser() requires either
MANAGE_USERS OR CREATE_USERS.

As documented in the CREATE_USERS permission declaration, it allows an
application to create or remove users and endow them with the ephemeral
property. The empeheral flag is explicitly supported in
UserManagerService#ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION.

Bug: 155913815
Bug: 172247872
Test: atest EphemeralTest # on a user build
Change-Id: I6cec670bd9b43c9fe8a16dbf28e394ac22118d37

parent 64ec3641

core/java/android/os/UserManager.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -4027,7 +4027,8 @@ public class UserManager {
		* @return the {@link RemoveResult} code
		* @hide
		*/
		@RequiresPermission(android.Manifest.permission.MANAGE_USERS)
		@RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS,
		Manifest.permission.CREATE_USERS})
		public @RemoveResult int removeUserOrSetEphemeral(@UserIdInt int userId) {
		try {
		return mService.removeUserOrSetEphemeral(userId);

services/core/java/com/android/server/pm/UserManagerService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -3993,7 +3993,7 @@ public class UserManagerService extends IUserManager.Stub {
		@Override
		public @UserManager.RemoveResult int removeUserOrSetEphemeral(@UserIdInt int userId) {
		Slog.i(LOG_TAG, "removeUserOrSetEphemeral u" + userId);
		checkManageUsersPermission("Only the system can remove users");
		checkManageOrCreateUsersPermission("Only the system can remove users");
		final String restriction = getUserRemovalRestriction(userId);
		if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(restriction, false)) {
		Slog.w(LOG_TAG, "Cannot remove user. " + restriction + " is enabled.");