Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 024f979dfdae1938afc3c509ea9762c06784cef5^! / .
commit024f979dfdae1938afc3c509ea9762c06784cef5[log] [tgz]
authorLenka Trochtova <ltrochtova@google.com>Wed Feb 17 13:55:17 2016 +0100
committerLenka Trochtova <ltrochtova@google.com>Fri Feb 19 11:11:26 2016 +0100
treeb71b715e6a6afd0d6213d80f4bc0f336680d21ec
parent44da29407f3228811d5c1387a184fc68c388c5c7 [diff]
Allow ephemeral users on the split-system-user systems only.

BUG: 27143201

Change-Id: I37f3ca7366648dbf07df39a7a972857e0ff78a9a

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 788c44a..e7465c0 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java

@@ -1833,6 +1833,11 @@
                         return null;
                     }
                 }
+                if (!UserManager.isSplitSystemUser() && (flags & UserInfo.FLAG_EPHEMERAL) != 0) {
+                    Log.e(LOG_TAG,
+                            "Ephemeral users are supported on split-system-user systems only.");
+                    return null;
+                }
                 // In split system user mode, we assign the first human user the primary flag.
                 // And if there is no device owner, we also assign the admin flag to primary user.
                 if (UserManager.isSplitSystemUser()

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 4c229af..33225eb 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

@@ -4968,6 +4968,11 @@
             return;
         }
         Preconditions.checkNotNull(who, "ComponentName is null");
+        // Allow setting this policy to true only if there is a split system user.
+        if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) {
+            throw new IllegalArgumentException(
+                    "Cannot force ephemeral users on systems without split system user.");
+        }
         boolean removeAllUsers = false;
         synchronized (this) {
             final ActiveAdmin deviceOwner =
@@ -6818,6 +6823,11 @@
         if (!mInjector.binderGetCallingUserHandle().isSystem()) {
             throw new SecurityException("createAndManageUser was called from non-system user");
         }
+        if (!mInjector.userManagerIsSplitSystemUser()
+                && (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0) {
+            throw new IllegalArgumentException(
+                    "Ephemeral users are only supported on systems with a split system user.");
+        }
         // Create user.
         UserHandle user = null;
         synchronized (this) {