summaryrefslogtreecommitdiffstats
path: root/services/devicepolicy
diff options
context:
space:
mode:
authorBenjamin Franz <bfranz@google.com>2015-02-11 10:51:10 +0000
committerBenjamin Franz <bfranz@google.com>2015-03-09 10:39:21 +0000
commitf3ece36535d4999cf2bfd2175a33da6c3cdf298e (patch)
tree3968fb249921a6e7cf86bead062f437991e44070 /services/devicepolicy
parentb3ec733bb830f2d4425825d93f9ed95f284e9145 (diff)
downloadframeworks_base-f3ece36535d4999cf2bfd2175a33da6c3cdf298e.zip
frameworks_base-f3ece36535d4999cf2bfd2175a33da6c3cdf298e.tar.gz
frameworks_base-f3ece36535d4999cf2bfd2175a33da6c3cdf298e.tar.bz2
Block setting wallpapers from managed profiles.
Silently fail when a managed profile app tries to change the wallpaper and return default values for getters in that case. This is implemented through a new AppOp that is controlled by a new user restriction that will be set during provisioning. Bug: 18725052 Change-Id: I1601852617e738be86560f054daf3435dd9f5a9f
Diffstat (limited to 'services/devicepolicy')
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java11
1 files changed, 11 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index b90666f..00d7971 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -180,6 +180,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
DEVICE_OWNER_USER_RESTRICTIONS.add(UserManager.DISALLOW_SMS);
}
+ // The following user restrictions cannot be changed by any active admin, including device
+ // owner and profile owner.
+ private static final Set<String> IMMUTABLE_USER_RESTRICTIONS;
+ static {
+ IMMUTABLE_USER_RESTRICTIONS = new HashSet();
+ IMMUTABLE_USER_RESTRICTIONS.add(UserManager.DISALLOW_WALLPAPER);
+ }
+
private static final Set<String> SECURE_SETTINGS_WHITELIST;
private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST;
private static final Set<String> GLOBAL_SETTINGS_WHITELIST;
@@ -4953,6 +4961,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
&& DEVICE_OWNER_USER_RESTRICTIONS.contains(key)) {
throw new SecurityException("Profile owners cannot set user restriction " + key);
}
+ if (IMMUTABLE_USER_RESTRICTIONS.contains(key)) {
+ throw new SecurityException("User restriction " + key + " cannot be changed");
+ }
boolean alreadyRestricted = mUserManager.hasUserRestriction(key, user);
IAudioService iAudioService = null;