From e29cd4724ff41f1cd81c1493f02fb0ba2b2f8197 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Wed, 2 Mar 2016 20:57:42 +0000 Subject: [PATCH] enforceCanSetDeviceOwnerLocked should enforce userId == USER_SYSTEM for non-split user mode Bug: 27453111 Change-Id: I1acdfecdf4474696e904a6a4df189453be306aa4 --- .../android/server/devicepolicy/DevicePolicyManagerService.java | 9 ++++++++- .../com/android/server/devicepolicy/DevicePolicyManagerTest.java | 3 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 873003a68229..f43b4f0c892b 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -290,10 +290,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private static final int CODE_USER_SETUP_COMPLETED = 4; private static final int CODE_NONSYSTEM_USER_EXISTS = 5; private static final int CODE_ACCOUNTS_NOT_EMPTY = 6; + private static final int CODE_NOT_SYSTEM_USER = 7; @Retention(RetentionPolicy.SOURCE) @IntDef({ CODE_OK, CODE_HAS_DEVICE_OWNER, CODE_USER_HAS_PROFILE_OWNER, CODE_USER_NOT_RUNNING, - CODE_USER_SETUP_COMPLETED }) + CODE_USER_SETUP_COMPLETED, CODE_NOT_SYSTEM_USER }) private @interface DeviceOwnerPreConditionCode {} private static final int DEVICE_ADMIN_DEACTIVATE_TIMEOUT = 10000; @@ -5970,6 +5971,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { + "already has a profile owner."); case CODE_USER_NOT_RUNNING: throw new IllegalStateException("User not running: " + userId); + case CODE_NOT_SYSTEM_USER: + throw new IllegalStateException("User is not system user"); case CODE_USER_SETUP_COMPLETED: throw new IllegalStateException( "Cannot set the device owner if the device is already set-up"); @@ -8137,6 +8140,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return CODE_OK; } else { if (!mInjector.userManagerIsSplitSystemUser()) { + // In non-split user mode, DO has to be user 0 + if (deviceOwnerUserId != UserHandle.USER_SYSTEM) { + return CODE_NOT_SYSTEM_USER; + } // In non-split user mode, only provision DO before setup wizard completes if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { return CODE_USER_SETUP_COMPLETED; diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java index 212b37cebead..8c47087f4305 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java @@ -969,6 +969,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; + when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true); + // Make sure the admin packge is installed to each user. setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID); setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_SYSTEM_USER_UID); @@ -1008,6 +1010,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { * finds the right component from a package name upon migration. */ public void testDeviceOwnerMigration() throws Exception { + when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true); checkDeviceOwnerWithMultipleDeviceAdmins(); // Overwrite the device owner setting and clears the clas name. -- 2.11.0