Clear DISALLOW_ADD_USER in clearDeviceOwner for all cases
We are not moving the restriction from system to the DO in the end.
clearDeviceOwnerUserRestrictionLocked becomes the permanent solution
for DeviceOwner CTS. Looks like no one setting DISALLOW_ADD_USER
directly in UserManager except DO/PO, and so remove it when DO is
clear
Change-Id: I235bebebd02b5e0d9883eea6dd3a4e49b40fe043
Fix: 33476323
Test: runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index deb9ee0..f2127e6 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3231,7 +3231,6 @@
// If admin is a device or profile owner tidy that up first.
if (isDeviceOwner(adminReceiver, userHandle)) {
clearDeviceOwnerLocked(getDeviceOwnerAdminLocked(), userHandle);
- clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userHandle));
}
if (isProfileOwner(adminReceiver, userHandle)) {
final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver,
@@ -3247,10 +3246,8 @@
}
}
- // It's temporary solution to clear DISALLOW_ADD_USER after CTS
- // STOPSHIP(b/31952368) when the restriction is moved from system to the device owner,
- // it can be removed.
private void clearDeviceOwnerUserRestrictionLocked(UserHandle userHandle) {
+ // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state
if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) {
mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle);
}
@@ -6593,6 +6590,7 @@
mOwners.writeDeviceOwner();
updateDeviceOwnerLocked();
+ clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userId));
mInjector.securityLogSetLoggingEnabledProperty(false);
mSecurityLogMonitor.stop();
setNetworkLoggingActiveInternal(false);
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 6fb65d5..d25cfb6 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -908,6 +908,8 @@
assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
+ when(mContext.userManager.hasUserRestriction(eq(UserManager.DISALLOW_ADD_USER),
+ MockUtils.checkUserHandle(UserHandle.USER_SYSTEM))).thenReturn(true);
assertTrue(dpm.isAdminActive(admin1));
assertFalse(dpm.isRemovingAdmin(admin1, UserHandle.USER_SYSTEM));
@@ -937,6 +939,10 @@
// Now DO shouldn't be set.
assertNull(dpm.getDeviceOwnerComponentOnAnyUser());
+ verify(mContext.userManager).setUserRestriction(eq(UserManager.DISALLOW_ADD_USER),
+ eq(false),
+ MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
+
verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
eq(UserHandle.USER_SYSTEM),
eq(null),