From aa6634eaca707f7cbf5f5a1d75b90d8d775d254b Mon Sep 17 00:00:00 2001
From: Amith Yamasani <yamasani@google.com>
Date: Mon, 6 Oct 2014 14:20:28 -0700
Subject: [PATCH] Set the default user restrictions to disallow calling and sms

When creating a user via the UI, disallow phone calls and SMS by
default. Primary user must explicitly enable it via Settings.

Bug: 17832802
Change-Id: I18cad4be8493ddc8890b5d90da2df256cb3f1ec9
---
 core/java/android/os/UserManager.java              | 33 ++++++++++++++++++++++
 .../statusbar/policy/UserSwitcherController.java   |  2 +-
 .../com/android/server/pm/UserManagerService.java  | 19 ++++++++++++-
 3 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index 37294e733a9a..984f12fbef92 100644
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -721,6 +721,39 @@ public class UserManager {
     }
 
     /**
+     * Creates a secondary user with the specified name and options and configures it with default
+     * restrictions.
+     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
+     *
+     * @param name the user's name
+     * @param flags flags that identify the type of user and other properties.
+     * @see UserInfo
+     *
+     * @return the UserInfo object for the created user, or null if the user could not be created.
+     * @hide
+     */
+    public UserInfo createSecondaryUser(String name, int flags) {
+        try {
+            UserInfo user = mService.createUser(name, flags);
+            if (user == null) {
+                return null;
+            }
+            Bundle userRestrictions = mService.getUserRestrictions(user.id);
+            addDefaultUserRestrictions(userRestrictions);
+            mService.setUserRestrictions(userRestrictions, user.id);
+            return user;
+        } catch (RemoteException re) {
+            Log.w(TAG, "Could not create a user", re);
+            return null;
+        }
+    }
+
+    private static void addDefaultUserRestrictions(Bundle restrictions) {
+        restrictions.putBoolean(DISALLOW_OUTGOING_CALLS, true);
+        restrictions.putBoolean(DISALLOW_SMS, true);
+    }
+
+    /**
      * Creates a user with the specified name and options as a profile of another user.
      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
      *
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java
index bbe6622d1e81..eb808c2c3cb7 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/UserSwitcherController.java
@@ -571,7 +571,7 @@ public class UserSwitcherController {
                 cancel();
             } else {
                 dismiss();
-                UserInfo user = mUserManager.createUser(
+                UserInfo user = mUserManager.createSecondaryUser(
                         mContext.getString(R.string.user_new_user_name), 0 /* flags */);
                 if (user == null) {
                     // Couldn't create user, most likely because there are too many, but we haven't
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 26e0db3f8c40..0cf2249396c0 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -119,7 +119,7 @@ public class UserManagerService extends IUserManager.Stub {
 
     private static final int MIN_USER_ID = 10;
 
-    private static final int USER_VERSION = 4;
+    private static final int USER_VERSION = 5;
 
     private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
 
@@ -462,6 +462,17 @@ public class UserManagerService extends IUserManager.Stub {
         }
     }
 
+    /**
+     * If default guest restrictions haven't been initialized yet, add the basic
+     * restrictions.
+     */
+    private void initDefaultGuestRestrictions() {
+        if (mGuestRestrictions.isEmpty()) {
+            mGuestRestrictions.putBoolean(UserManager.DISALLOW_OUTGOING_CALLS, true);
+            writeUserListLocked();
+        }
+    }
+
     @Override
     public Bundle getDefaultGuestRestrictions() {
         checkManageUsersPermission("getDefaultGuestRestrictions");
@@ -693,6 +704,11 @@ public class UserManagerService extends IUserManager.Stub {
             userVersion = 4;
         }
 
+        if (userVersion < 5) {
+            initDefaultGuestRestrictions();
+            userVersion = 5;
+        }
+
         if (userVersion < USER_VERSION) {
             Slog.w(LOG_TAG, "User version " + mUserVersion + " didn't upgrade as expected to "
                     + USER_VERSION);
@@ -715,6 +731,7 @@ public class UserManagerService extends IUserManager.Stub {
         mUserRestrictions.append(UserHandle.USER_OWNER, restrictions);
 
         updateUserIdsLocked();
+        initDefaultGuestRestrictions();
 
         writeUserListLocked();
         writeUserLocked(primary);
-- 
2.11.0