diff options
| author | Amith Yamasani <yamasani@google.com> | 2014-09-12 09:05:19 -0700 |
|---|---|---|
| committer | Amith Yamasani <yamasani@google.com> | 2014-09-12 11:25:51 -0700 |
| commit | d616a3357872ca0142611576884df4495e7ccbd6 (patch) | |
| tree | 4d07469c7b1d6c3259371a1b5f2e74f655e476ed /services/devicepolicy | |
| parent | 3e7115ed02e946c175cd38a94b1992da0b27829b (diff) | |
| download | frameworks_base-d616a3357872ca0142611576884df4495e7ccbd6.zip frameworks_base-d616a3357872ca0142611576884df4495e7ccbd6.tar.gz frameworks_base-d616a3357872ca0142611576884df4495e7ccbd6.tar.bz2 | |
Prevent device owner registration after setup is complete
This change prevents adding a device owner after setupwizard
has finished provisioning. Only the new dpm shell command
can set a device owner.
Bug: 17316711
Change-Id: I98bdfd9b8c8da3042111c45e2e7fd2b559fac510
Diffstat (limited to 'services/devicepolicy')
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index efaf253..95332bc 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -3716,7 +3716,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (this) { // Only SYSTEM_UID can override the userSetupComplete if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID - && isUserSetupComplete(userHandle)) { + && hasUserSetupCompleted(userHandle)) { throw new IllegalStateException( "Trying to set profile owner but user is already set-up."); } @@ -3773,10 +3773,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public boolean hasUserSetupCompleted() { + return hasUserSetupCompleted(UserHandle.getCallingUserId()); + } + + private boolean hasUserSetupCompleted(int userHandle) { if (!mHasFeature) { return true; } - DevicePolicyData policy = getUserData(UserHandle.getCallingUserId()); + DevicePolicyData policy = getUserData(userHandle); // If policy is null, return true, else check if the setup has completed. return policy == null || policy.mUserSetupComplete; } @@ -3888,16 +3892,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (callingId == Process.SHELL_UID || callingId == Process.ROOT_UID) { return AccountManager.get(mContext).getAccounts().length == 0; } else { - return Settings.Global.getInt(mContext.getContentResolver(), - Settings.Global.DEVICE_PROVISIONED, 0) == 0; + return !hasUserSetupCompleted(UserHandle.USER_OWNER); } } - private boolean isUserSetupComplete(int userId) { - return Settings.Secure.getIntForUser(mContext.getContentResolver(), - Settings.Secure.USER_SETUP_COMPLETE, 0, userId) > 0; - } - private void enforceCrossUserPermission(int userHandle) { if (userHandle < 0) { throw new IllegalArgumentException("Invalid userId " + userHandle); |