Ignore unknown user restrictions and WTF instead.
Bug 23902097
Change-Id: I1ac147ecd0286a8eb674d6f9f527edfea6e1198e
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 0f614ca..5f46567 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -930,6 +930,9 @@
/** @return a specific user restriction that's in effect currently. */
@Override
public boolean hasUserRestriction(String restrictionKey, int userId) {
+ if (!UserRestrictionsUtils.isValidRestriction(restrictionKey)) {
+ return false;
+ }
Bundle restrictions = getEffectiveUserRestrictions(userId);
return restrictions != null && restrictions.getBoolean(restrictionKey);
}
@@ -946,6 +949,9 @@
@Override
public boolean hasBaseUserRestriction(String restrictionKey, int userId) {
checkManageUsersPermission("hasBaseUserRestriction");
+ if (!UserRestrictionsUtils.isValidRestriction(restrictionKey)) {
+ return false;
+ }
synchronized (mRestrictionsLock) {
Bundle bundle = mBaseUserRestrictions.get(userId);
return (bundle != null && bundle.getBoolean(restrictionKey, false));
@@ -955,6 +961,9 @@
@Override
public void setUserRestriction(String key, boolean value, int userId) {
checkManageUsersPermission("setUserRestriction");
+ if (!UserRestrictionsUtils.isValidRestriction(key)) {
+ return;
+ }
synchronized (mRestrictionsLock) {
// Note we can't modify Bundles stored in mBaseUserRestrictions directly, so create
// a copy.
diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
index f11872e..f57f75f 100644
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -36,6 +36,7 @@
import android.telephony.SubscriptionInfo;
import android.telephony.SubscriptionManager;
import android.util.Log;
+import android.util.Slog;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlSerializer;
@@ -56,7 +57,15 @@
private UserRestrictionsUtils() {
}
- public static final Set<String> USER_RESTRICTIONS = Sets.newArraySet(
+ private static Set<String> newSetWithUniqueCheck(String[] strings) {
+ final Set<String> ret = Sets.newArraySet(strings);
+
+ // Make sure there's no overlap.
+ Preconditions.checkState(ret.size() == strings.length);
+ return ret;
+ }
+
+ public static final Set<String> USER_RESTRICTIONS = newSetWithUniqueCheck(new String[] {
UserManager.DISALLOW_CONFIG_WIFI,
UserManager.DISALLOW_MODIFY_ACCOUNTS,
UserManager.DISALLOW_INSTALL_APPS,
@@ -95,7 +104,7 @@
UserManager.DISALLOW_DATA_ROAMING,
UserManager.DISALLOW_SET_USER_ICON,
UserManager.DISALLOW_SET_WALLPAPER
- );
+ });
/**
* Set of user restriction which we don't want to persist.
@@ -141,6 +150,17 @@
UserManager.DISALLOW_UNMUTE_MICROPHONE
);
+ /**
+ * Throws {@link IllegalArgumentException} if the given restriction name is invalid.
+ */
+ public static boolean isValidRestriction(@NonNull String restriction) {
+ if (!USER_RESTRICTIONS.contains(restriction)) {
+ Slog.wtf(TAG, "Unknown restriction: " + restriction);
+ return false;
+ }
+ return true;
+ }
+
public static void writeRestrictions(@NonNull XmlSerializer serializer,
@Nullable Bundle restrictions, @NonNull String tag) throws IOException {
if (restrictions == null) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index cfe147e..8447326 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6867,6 +6867,10 @@
@Override
public void setUserRestriction(ComponentName who, String key, boolean enabledFromThisOwner) {
Preconditions.checkNotNull(who, "ComponentName is null");
+ if (!UserRestrictionsUtils.isValidRestriction(key)) {
+ return;
+ }
+
final int userHandle = mInjector.userHandleGetCallingUserId();
synchronized (this) {
ActiveAdmin activeAdmin =