Merge "Allow PO to set DO restrictions if it's on user 0"
diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
index 816903e..9bbc3c1 100644
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -209,11 +209,13 @@
}
/**
- * @return true if a restriction is settable by profile owner.
+ * @return true if a restriction is settable by profile owner. Note it takes a user ID because
+ * some restrictions can be changed by PO only when it's running on the system user.
*/
- public static boolean canProfileOwnerChange(String restriction) {
- return !(IMMUTABLE_BY_OWNERS.contains(restriction)
- || DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction));
+ public static boolean canProfileOwnerChange(String restriction, int userId) {
+ return !IMMUTABLE_BY_OWNERS.contains(restriction)
+ && !(userId != UserHandle.USER_SYSTEM
+ && DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction));
}
/**
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 81a9a61..c540e05 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -5794,7 +5794,7 @@
throw new SecurityException("Device owner cannot set user restriction " + key);
}
} else { // profile owner
- if (!UserRestrictionsUtils.canProfileOwnerChange(key)) {
+ if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) {
throw new SecurityException("Profile owner cannot set user restriction " + key);
}
}
diff --git a/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java b/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java
index 5542a4f..5bdf6f7 100644
--- a/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java
@@ -16,6 +16,7 @@
package com.android.server.pm;
+import android.os.UserHandle;
import com.android.server.devicepolicy.DpmTestUtils;
import android.os.Bundle;
@@ -87,10 +88,25 @@
}
public void testCanProfileOwnerChange() {
- assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_RECORD_AUDIO));
- assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_WALLPAPER));
- assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_ADD_USER));
- assertTrue(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_ADJUST_VOLUME));
+ int user = UserHandle.USER_SYSTEM;
+ assertFalse(UserRestrictionsUtils.canProfileOwnerChange(
+ UserManager.DISALLOW_RECORD_AUDIO, user));
+ assertFalse(UserRestrictionsUtils.canProfileOwnerChange(
+ UserManager.DISALLOW_WALLPAPER, user));
+ assertTrue(UserRestrictionsUtils.canProfileOwnerChange(
+ UserManager.DISALLOW_ADD_USER, user));
+ assertTrue(UserRestrictionsUtils.canProfileOwnerChange(
+ UserManager.DISALLOW_ADJUST_VOLUME, user));
+
+ user = 10;
+ assertFalse(UserRestrictionsUtils.canProfileOwnerChange(
+ UserManager.DISALLOW_RECORD_AUDIO, user));
+ assertFalse(UserRestrictionsUtils.canProfileOwnerChange(
+ UserManager.DISALLOW_WALLPAPER, user));
+ assertFalse(UserRestrictionsUtils.canProfileOwnerChange(
+ UserManager.DISALLOW_ADD_USER, user));
+ assertTrue(UserRestrictionsUtils.canProfileOwnerChange(
+ UserManager.DISALLOW_ADJUST_VOLUME, user));
}
public void testSortToGlobalAndLocal() {