diff options
author | Benjamin Franz <bfranz@google.com> | 2015-02-11 10:51:10 +0000 |
---|---|---|
committer | Benjamin Franz <bfranz@google.com> | 2015-03-09 10:39:21 +0000 |
commit | f3ece36535d4999cf2bfd2175a33da6c3cdf298e (patch) | |
tree | 3968fb249921a6e7cf86bead062f437991e44070 /services/devicepolicy | |
parent | b3ec733bb830f2d4425825d93f9ed95f284e9145 (diff) | |
download | frameworks_base-f3ece36535d4999cf2bfd2175a33da6c3cdf298e.zip frameworks_base-f3ece36535d4999cf2bfd2175a33da6c3cdf298e.tar.gz frameworks_base-f3ece36535d4999cf2bfd2175a33da6c3cdf298e.tar.bz2 |
Block setting wallpapers from managed profiles.
Silently fail when a managed profile app tries to change the
wallpaper and return default values for getters in that case.
This is implemented through a new AppOp that is controlled by
a new user restriction that will be set during provisioning.
Bug: 18725052
Change-Id: I1601852617e738be86560f054daf3435dd9f5a9f
Diffstat (limited to 'services/devicepolicy')
-rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index b90666f..00d7971 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -180,6 +180,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_SMS); } + // The following user restrictions cannot be changed by any active admin, including device + // owner and profile owner. + private static final Set<String> IMMUTABLE_USER_RESTRICTIONS; + static { + IMMUTABLE_USER_RESTRICTIONS = new HashSet(); + IMMUTABLE_USER_RESTRICTIONS.add(UserManager.DISALLOW_WALLPAPER); + } + private static final Set<String> SECURE_SETTINGS_WHITELIST; private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST; private static final Set<String> GLOBAL_SETTINGS_WHITELIST; @@ -4953,6 +4961,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { && DEVICE_OWNER_USER_RESTRICTIONS.contains(key)) { throw new SecurityException("Profile owners cannot set user restriction " + key); } + if (IMMUTABLE_USER_RESTRICTIONS.contains(key)) { + throw new SecurityException("User restriction " + key + " cannot be changed"); + } boolean alreadyRestricted = mUserManager.hasUserRestriction(key, user); IAudioService iAudioService = null; |