Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 1c36315a36962321dfe870b07e28b04a1d6777e9^! / . / services / core / java / com / android / server / pm / UserManagerService.java
commit1c36315a36962321dfe870b07e28b04a1d6777e9[log] [tgz]
authorFyodor Kupolov <fkupolov@google.com>Wed Sep 02 13:27:21 2015 -0700
committerFyodor Kupolov <fkupolov@google.com>Mon Sep 28 16:44:04 2015 -0700
tree13383c09b50e1b637013ecb7193c651a6fbaff56
parentdfc9ce547760e8a746bfb036e3b44848d48c175d [diff] [blame]
Fixed VPN support for restricted profiles in split system user model

In a new split system user model, owner of a restricted profile is not limited
to just user0. restrictedProfileParentId field should be used to get an owner.

Bug: 22950929
Change-Id: I928319a9450e543972237a42267eb2404e117c83

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 0577d59..de106a1 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java

@@ -131,7 +131,7 @@
 
     private static final int MIN_USER_ID = 10;
 
-    private static final int USER_VERSION = 5;
+    private static final int USER_VERSION = 6;
 
     private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
 
@@ -408,6 +408,24 @@
         }
     }
 
+    @Override
+    public boolean canHaveRestrictedProfile(int userId) {
+        checkManageUsersPermission("canHaveRestrictedProfile");
+        synchronized (mPackagesLock) {
+            final UserInfo userInfo = getUserInfoLocked(userId);
+            if (userInfo == null || !userInfo.canHaveProfile()) {
+                return false;
+            }
+            if (!userInfo.isAdmin()) {
+                return false;
+            }
+        }
+        DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(
+                Context.DEVICE_POLICY_SERVICE);
+        // restricted profile can be created if there is no DO set and the admin user has no PO
+        return dpm.getDeviceOwner() == null && dpm.getProfileOwnerAsUser(userId) == null;
+    }
+
     /*
      * Should be locked on mUsers before calling this.
      */
@@ -848,6 +866,20 @@
             userVersion = 5;
         }
 
+        if (userVersion < 6) {
+            final boolean splitSystemUser = UserManager.isSplitSystemUser();
+            for (int i = 0; i < mUsers.size(); i++) {
+                UserInfo user = mUsers.valueAt(i);
+                // In non-split mode, only user 0 can have restricted profiles
+                if (!splitSystemUser && user.isRestricted()
+                        && (user.restrictedProfileParentId == UserInfo.NO_PROFILE_GROUP_ID)) {
+                    user.restrictedProfileParentId = UserHandle.USER_SYSTEM;
+                    scheduleWriteUserLocked(user);
+                }
+            }
+            userVersion = 6;
+        }
+
         if (userVersion < USER_VERSION) {
             Slog.w(LOG_TAG, "User version " + mUserVersion + " didn't upgrade as expected to "
                     + USER_VERSION);