Allow device owner to inflate managed profile
1. Modify DPM.isProvisioningAllowed to allow it to happen
2. Introduce hidden API createProfileForUserEvenWhenDisallowed for
ManagedProvisioning app to create profile under DO.
Apps with MANAGE_USERS permission can clear the
DISALLOW_ADD_USER restriction anyway, so they do not gain extra power.
Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.CustomDeviceOwnerTest#testIsProvisioningAllowed
Bug: 31895999
Change-Id: I10dc3043653130ae717a1d3d8256c9e73231bb21
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 9146bec2..c0de214 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -97,6 +97,7 @@
import com.android.server.SystemService;
import com.android.server.am.UserState;
import com.android.server.storage.DeviceStorageMonitorInternal;
+
import libcore.io.IoUtils;
import libcore.util.Objects;
@@ -2189,6 +2190,13 @@
}
@Override
+ public UserInfo createProfileForUserEvenWhenDisallowed(String name, int flags, int userId,
+ String[] disallowedPackages) {
+ checkManageOrCreateUsersPermission(flags);
+ return createUserInternalUnchecked(name, flags, userId, disallowedPackages);
+ }
+
+ @Override
public UserInfo createUser(String name, int flags) {
checkManageOrCreateUsersPermission(flags);
return createUserInternal(name, flags, UserHandle.USER_NULL);
@@ -2204,17 +2212,17 @@
Log.w(LOG_TAG, "Cannot add user. DISALLOW_ADD_USER is enabled.");
return null;
}
+ return createUserInternalUnchecked(name, flags, parentId, disallowedPackages);
+ }
+
+ private UserInfo createUserInternalUnchecked(String name, int flags, int parentId,
+ String[] disallowedPackages) {
DeviceStorageMonitorInternal dsm = LocalServices
.getService(DeviceStorageMonitorInternal.class);
if (dsm.isMemoryLow()) {
Log.w(LOG_TAG, "Cannot add user. Not enough space on disk.");
return null;
}
- return createUserInternalUnchecked(name, flags, parentId, disallowedPackages);
- }
-
- private UserInfo createUserInternalUnchecked(String name, int flags, int parentId,
- String[] disallowedPackages) {
if (ActivityManager.isLowRamDeviceStatic()) {
return null;
}