Create DISALLOW_{ADD,REMOVE}_MANAGED_PROFILE user restrictions
Bug: 31952368
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Test: runtest -c com.android.server.pm.UserManagerTest frameworks-services
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.UserRestrictionsTest
Change-Id: I240ab99c2409bbabffbc574bef202f2457026905
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index bac7a76..05228ec 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -2269,8 +2269,11 @@
private UserInfo createUserInternal(String name, int flags, int parentId,
String[] disallowedPackages) {
- if (hasUserRestriction(UserManager.DISALLOW_ADD_USER, UserHandle.getCallingUserId())) {
- Log.w(LOG_TAG, "Cannot add user. DISALLOW_ADD_USER is enabled.");
+ String restriction = ((flags & UserInfo.FLAG_MANAGED_PROFILE) != 0)
+ ? UserManager.DISALLOW_ADD_MANAGED_PROFILE
+ : UserManager.DISALLOW_ADD_USER;
+ if (hasUserRestriction(restriction, UserHandle.getCallingUserId())) {
+ Log.w(LOG_TAG, "Cannot add user. " + restriction + " is enabled.");
return null;
}
return createUserInternalUnchecked(name, flags, parentId, disallowedPackages);
@@ -2541,9 +2544,16 @@
public boolean removeUser(int userHandle) {
Slog.i(LOG_TAG, "removeUser u" + userHandle);
checkManageOrCreateUsersPermission("Only the system can remove users");
- if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(
- UserManager.DISALLOW_REMOVE_USER, false)) {
- Log.w(LOG_TAG, "Cannot remove user. DISALLOW_REMOVE_USER is enabled.");
+
+ final boolean isManagedProfile;
+ synchronized (mUsersLock) {
+ UserInfo userInfo = getUserInfoLU(userHandle);
+ isManagedProfile = userInfo != null && userInfo.isManagedProfile();
+ }
+ String restriction = isManagedProfile
+ ? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE : UserManager.DISALLOW_REMOVE_USER;
+ if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(restriction, false)) {
+ Log.w(LOG_TAG, "Cannot remove user. " + restriction + " is enabled.");
return false;
}
return removeUserUnchecked(userHandle);