commit 8cd28b57ed732656d002d97879e15c5695b54fff
author Amith Yamasani <yamasani@google.com> Sun Jun 08 17:54:27 2014 -0700
committer Amith Yamasani <yamasani@google.com> Wed Sep 10 17:15:06 2014 -0700
tree 33f02a0e243e5c3d8889862c26af5accc0e4e98b
parent da6e6c888f81d3bd19ff1f3cf9b081b7f9b2a013

Apply cross-user restrictions to Shell

Even though Shell user is allowed to perform cross-user actions,
lock that path down if the target user has restrictions imposed by
the profile owner device admin that prevents access via adb.

If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't
allow the shell user to make the following types of calls:
start activities, make service calls, access content providers,
send broadcasts, block/unblock packages, clear user data, etc.

Bug: 15086577
Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3

services/core/java/com/android/server/pm/UserManagerService.java

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 6dd6d2ef..a06e041 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -34,6 +34,7 @@
 import android.graphics.BitmapFactory;
 import android.os.Binder;
 import android.os.Bundle;
+import android.os.Debug;
 import android.os.Environment;
 import android.os.FileUtils;
 import android.os.Handler;
@@ -480,6 +481,14 @@
     }
 
     @Override
+    public boolean hasUserRestriction(String restrictionKey, int userId) {
+        synchronized (mPackagesLock) {
+            Bundle restrictions = mUserRestrictions.get(userId);
+            return restrictions != null ? restrictions.getBoolean(restrictionKey) : false;
+        }
+    }
+
+    @Override
     public Bundle getUserRestrictions(int userId) {
         // checkManageUsersPermission("getUserRestrictions");