OSDN Git Service

(root) / android-x86 / frameworks-base.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b10e39e)
Don't allow guests to install from unknown sources
authorAmith Yamasani <yamasani@google.com>
Thu, 4 Sep 2014 00:30:43 +0000 (17:30 -0700)
committerAmith Yamasani <yamasani@google.com>
Thu, 4 Sep 2014 00:30:43 +0000 (17:30 -0700)
Added a user restriction when creating a guest.
Made sure that guests can't install profile owners that
could undo the restriction.

Bug: 17359648
Change-Id: Icdd919e8b1cbd79a69aacb76e573ec3449f18e4c

core/java/android/os/UserManager.java patch | blob | history
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java patch | blob | history

diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index 59220e1..3749892 100644 (file)
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -660,6 +660,7 @@ public class UserManager {
             try {
                 Bundle guestRestrictions = mService.getDefaultGuestRestrictions();
                 guestRestrictions.putBoolean(DISALLOW_SMS, true);
+                guestRestrictions.putBoolean(DISALLOW_INSTALL_UNKNOWN_SOURCES, true);
                 mService.setUserRestrictions(guestRestrictions, guest.id);
             } catch (RemoteException re) {
                 Log.w(TAG, "Could not update guest restrictions");
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index cad2772..9b5a7ce 100644 (file)
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3654,11 +3654,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
         mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
 
-        if (mUserManager.getUserInfo(userHandle) == null) {
+        UserInfo info = mUserManager.getUserInfo(userHandle);
+        if (info == null) {
             // User doesn't exist.
             throw new IllegalArgumentException(
                     "Attempted to set profile owner for invalid userId: " + userHandle);
         }
+        if (info.isGuest()) {
+            throw new IllegalStateException("Cannot set a profile owner on a guest");
+        }
 
         if (who == null
                 || !DeviceOwner.isInstalledForUser(who.getPackageName(), userHandle)) {
frameworks/base
About OSDN
Find Software
Develop Software
Help