Apply cross-user restrictions to Shell

Even though Shell user is allowed to perform cross-user actions, lock that path down if the target user has restrictions imposed by the profile owner device admin that prevents access via adb. If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't allow the shell user to make the following types of calls: start activities, make service calls, access content providers, send broadcasts, block/unblock packages, clear user data, etc. Bug: 15086577 Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
author: Amith Yamasani <yamasani@google.com> 2014-06-08 17:54:27 -0700
committer: Amith Yamasani <yamasani@google.com> 2014-09-10 17:15:06 -0700
commit: 8cd28b57ed732656d002d97879e15c5695b54fff (patch)
tree: 33f02a0e243e5c3d8889862c26af5accc0e4e98b /core/java/android/os
parent: da6e6c888f81d3bd19ff1f3cf9b081b7f9b2a013 (diff)
download: frameworks_base-8cd28b57ed732656d002d97879e15c5695b54fff.zip
frameworks_base-8cd28b57ed732656d002d97879e15c5695b54fff.tar.gz
frameworks_base-8cd28b57ed732656d002d97879e15c5695b54fff.tar.bz2
2 files changed, 8 insertions, 1 deletions
diff --git a/core/java/android/os/IUserManager.aidl b/core/java/android/os/IUserManager.aidl
index 3286627..b5295fb 100644
--- a/core/java/android/os/IUserManager.aidl
+++ b/core/java/android/os/IUserManager.aidl
@@ -41,6 +41,7 @@ interface IUserManager {
     int getUserSerialNumber(int userHandle);
     int getUserHandle(int userSerialNumber);
     Bundle getUserRestrictions(int userHandle);
+    boolean hasUserRestriction(in String restrictionKey, int userHandle);
     void setUserRestrictions(in Bundle restrictions, int userHandle);
     void setApplicationRestrictions(in String packageName, in Bundle restrictions,
             int userHandle);
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index 33fda4a..c76ff11 100644
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -630,7 +630,13 @@ public class UserManager {
      * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
      */
     public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) {
-        return getUserRestrictions(userHandle).getBoolean(restrictionKey, false);
+        try {
+            return mService.hasUserRestriction(restrictionKey,
+                    userHandle.getIdentifier());
+        } catch (RemoteException re) {
+            Log.w(TAG, "Could not check user restrictions", re);
+            return false;
+        }
     }
 
     /**
author	Amith Yamasani <yamasani@google.com>	2014-06-08 17:54:27 -0700
committer	Amith Yamasani <yamasani@google.com>	2014-09-10 17:15:06 -0700
commit	8cd28b57ed732656d002d97879e15c5695b54fff (patch)
tree	33f02a0e243e5c3d8889862c26af5accc0e4e98b /core/java/android/os
parent	da6e6c888f81d3bd19ff1f3cf9b081b7f9b2a013 (diff)
download	frameworks_base-8cd28b57ed732656d002d97879e15c5695b54fff.zip frameworks_base-8cd28b57ed732656d002d97879e15c5695b54fff.tar.gz frameworks_base-8cd28b57ed732656d002d97879e15c5695b54fff.tar.bz2