Fixed VPN support for restricted profiles in split system user model
In a new split system user model, owner of a restricted profile is not limited
to just user0. restrictedProfileParentId field should be used to get an owner.
Bug: 22950929
Change-Id: I928319a9450e543972237a42267eb2404e117c83
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 0577d59..de106a1 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -131,7 +131,7 @@
private static final int MIN_USER_ID = 10;
- private static final int USER_VERSION = 5;
+ private static final int USER_VERSION = 6;
private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
@@ -408,6 +408,24 @@
}
}
+ @Override
+ public boolean canHaveRestrictedProfile(int userId) {
+ checkManageUsersPermission("canHaveRestrictedProfile");
+ synchronized (mPackagesLock) {
+ final UserInfo userInfo = getUserInfoLocked(userId);
+ if (userInfo == null || !userInfo.canHaveProfile()) {
+ return false;
+ }
+ if (!userInfo.isAdmin()) {
+ return false;
+ }
+ }
+ DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(
+ Context.DEVICE_POLICY_SERVICE);
+ // restricted profile can be created if there is no DO set and the admin user has no PO
+ return dpm.getDeviceOwner() == null && dpm.getProfileOwnerAsUser(userId) == null;
+ }
+
/*
* Should be locked on mUsers before calling this.
*/
@@ -848,6 +866,20 @@
userVersion = 5;
}
+ if (userVersion < 6) {
+ final boolean splitSystemUser = UserManager.isSplitSystemUser();
+ for (int i = 0; i < mUsers.size(); i++) {
+ UserInfo user = mUsers.valueAt(i);
+ // In non-split mode, only user 0 can have restricted profiles
+ if (!splitSystemUser && user.isRestricted()
+ && (user.restrictedProfileParentId == UserInfo.NO_PROFILE_GROUP_ID)) {
+ user.restrictedProfileParentId = UserHandle.USER_SYSTEM;
+ scheduleWriteUserLocked(user);
+ }
+ }
+ userVersion = 6;
+ }
+
if (userVersion < USER_VERSION) {
Slog.w(LOG_TAG, "User version " + mUserVersion + " didn't upgrade as expected to "
+ USER_VERSION);