Restrict creation of secondary users
Background
* Secondary users should be disabled
when the device is an organization-owned
managed profile device.
* This is because supporting secondary
users would complicate the semantics of
user restrictions.
Changes
* Add DISALLOW_ADD_USER as a base restriction
when the device is an organization-owned
managed profile device.
* Handle removal case when the device is no
longer in this mode.
* Remove the ability of other admins to apply
DISALLOW_ADD_USER.
Manual Testing Steps
* Provision an organization-owned managed
profile device.
* Check Settings > System > Multiple users
and verify that a user cannot be added.
* Check WP TestDPC 'Set user restrictions
on parent' and verify 'Disallow add user'
is not present.
Bug: 155281701
Test: Manual testing
atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I83348fc8b854cef20383803124000540b5b130cb
4 files changed