Merge "Don't always transfer device owner status to other users." into mnc-dev
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index d9afa00..1e833b1 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -1277,11 +1277,13 @@
&& !hasUserSetupCompleted(userId);
if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) {
- if (ownsDevice || (userId == UserHandle.USER_OWNER && ownsInitialization)) {
+ if ((userId == UserHandle.USER_OWNER && (ownsDevice || ownsInitialization))
+ || (ownsDevice && ownsProfile)) {
return true;
}
} else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) {
- if (ownsDevice || ownsProfile || ownsInitialization) {
+ if ((userId == UserHandle.USER_OWNER && ownsDevice) || ownsProfile
+ || ownsInitialization) {
return true;
}
} else {
@@ -4244,6 +4246,17 @@
throw new IllegalArgumentException("Invalid component name " + initializer
+ " for device initializer");
}
+ boolean isInitializerSystemApp;
+ try {
+ isInitializerSystemApp = isSystemApp(AppGlobals.getPackageManager(),
+ initializer.getPackageName(), Binder.getCallingUserHandle().getIdentifier());
+ } catch (RemoteException | IllegalArgumentException e) {
+ isInitializerSystemApp = false;
+ Slog.e(LOG_TAG, "Fail to check if device initialzer is system app.", e);
+ }
+ if (!isInitializerSystemApp) {
+ throw new IllegalArgumentException("Only system app can be set as device initializer.");
+ }
synchronized (this) {
enforceCanSetDeviceInitializer(who);