Block user from setting safe boot setting via adb

author Benjamin Franz <bfranz@google.com>

Tue, 12 Jul 2016 12:42:21 +0000 (13:42 +0100)

committer Dennis Cagle <d-cagle@codeaurora.org>

Mon, 12 Sep 2016 22:10:10 +0000 (15:10 -0700)
author Benjamin Franz <bfranz@google.com>
Tue, 12 Jul 2016 12:42:21 +0000 (13:42 +0100)
committer Dennis Cagle <d-cagle@codeaurora.org>
Mon, 12 Sep 2016 22:10:10 +0000 (15:10 -0700)
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

index b9320e9..4a5b240 100644 (file)
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1207,6 +1207,11 @@ public class SettingsProvider extends ContentProvider {
                  restriction = UserManager.DISALLOW_CONFIG_VPN;
                  break;
  
+            case Settings.Global.SAFE_BOOT_DISALLOWED:
+                if ("1".equals(value)) return false;
+                restriction = UserManager.DISALLOW_SAFE_BOOT;
+                break;
+
              default:
                  if (setting != null && setting.startsWith(Settings.Global.DATA_ROAMING)) {
                      if ("0".equals(value)) return false;
diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java

index 38a3f42..1f1c6f8 100644 (file)
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -330,6 +330,9 @@ public class UserRestrictionsUtils {
          // set, and in that case even if the restriction is lifted, changing it to ON would be
          // wrong.  So just don't do anything in such a case.  If the user hopes to enable location
          // later, they can do it on the Settings UI.
+        // WARNING: Remember that Settings.Global and Settings.Secure are changeable via adb.
+        // To prevent this from happening for a given user restriction, you have to add a check to
+        // SettingsProvider.isGlobalOrSecureSettingRestrictedForUser.
  
          final ContentResolver cr = context.getContentResolver();
          final long id = Binder.clearCallingIdentity();
author	Benjamin Franz <bfranz@google.com>
	Tue, 12 Jul 2016 12:42:21 +0000 (13:42 +0100)
committer	Dennis Cagle <d-cagle@codeaurora.org>
	Mon, 12 Sep 2016 22:10:10 +0000 (15:10 -0700)
packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java		patch \| blob \| history
services/core/java/com/android/server/pm/UserRestrictionsUtils.java		patch \| blob \| history