[UserManager] expose method to retrieve credential owner
Certain operations (like ConfirmCredential) can be invoked
in the context of a profile, in which case the calling code
needs to know under what profile the credential is registered.
Expose a centralized location for this information for Settings
and GateKeeper to consume.
Bug: 22257554
Change-Id: Iffe4f6a254f52d1269b9287edabcf6efa515d9d2
diff --git a/core/java/android/os/IUserManager.aidl b/core/java/android/os/IUserManager.aidl
index aa4b051..64877aa 100644
--- a/core/java/android/os/IUserManager.aidl
+++ b/core/java/android/os/IUserManager.aidl
@@ -27,6 +27,12 @@
* {@hide}
*/
interface IUserManager {
+
+ /*
+ * DO NOT MOVE - UserManager.h depends on the ordering of this function.
+ */
+ int getCredentialOwnerProfile(int userHandle);
+
UserInfo createUser(in String name, int flags);
UserInfo createProfileForUser(in String name, int flags, int userHandle);
void setUserEnabled(int userHandle);
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index 83a1993..045c1e8 100644
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -1068,6 +1068,22 @@
}
/**
+ * Returns the device credential owner id of the profile from
+ * which this method is called, or userHandle if called from a user that
+ * is not a profile.
+ *
+ * @hide
+ */
+ public int getCredentialOwnerProfile(int userHandle) {
+ try {
+ return mService.getCredentialOwnerProfile(userHandle);
+ } catch (RemoteException re) {
+ Log.w(TAG, "Could not get credential owner", re);
+ return -1;
+ }
+ }
+
+ /**
* Returns the parent of the profile which this method is called from
* or null if called from a user that is not a profile.
*
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 6707562..ebcbecd 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -135,6 +135,11 @@
// without first making sure that the rest of the framework is prepared for it.
private static final int MAX_MANAGED_PROFILES = 1;
+ /**
+ * Flag indicating whether device credentials are shared among same-user profiles.
+ */
+ private static final boolean CONFIG_PROFILES_SHARE_CREDENTIAL = true;
+
// Set of user restrictions, which can only be enforced by the system
private static final Set<String> SYSTEM_CONTROLLED_RESTRICTIONS = Sets.newArraySet(
UserManager.DISALLOW_RECORD_AUDIO);
@@ -317,6 +322,21 @@
}
@Override
+ public int getCredentialOwnerProfile(int userHandle) {
+ checkManageUsersPermission("get the credential owner");
+ if (CONFIG_PROFILES_SHARE_CREDENTIAL) {
+ synchronized (mPackagesLock) {
+ UserInfo profileParent = getProfileParentLocked(userHandle);
+ if (profileParent != null) {
+ return profileParent.id;
+ }
+ }
+ }
+
+ return userHandle;
+ }
+
+ @Override
public UserInfo getProfileParent(int userHandle) {
checkManageUsersPermission("get the profile parent");
synchronized (mPackagesLock) {
@@ -943,7 +963,7 @@
}
}
- private void writeRestrictionsLocked(XmlSerializer serializer, Bundle restrictions)
+ private void writeRestrictionsLocked(XmlSerializer serializer, Bundle restrictions)
throws IOException {
serializer.startTag(null, TAG_RESTRICTIONS);
writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_WIFI);