commit e9c440638e27a123a82feb5e4677ce1242785288
author phweiss <phweiss@google.com> Wed Feb 10 12:57:38 2016 +0100
committer phweiss <phweiss@google.com> Thu Feb 11 14:43:18 2016 +0100
tree 4fc7e0527e8a41dbcae8263412c9649b987f5582
parent c61e102474c1fe0e16503856531106f8bff9e36b

DPM.createAndManageUser should work even with DISALLOW_ADD_USER set

For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().

Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.

Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779

services/core/java/com/android/server/pm/UserManagerService.java

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 3cc7b10..22d0994 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -1789,6 +1789,10 @@
             Log.w(LOG_TAG, "Cannot add user. DISALLOW_ADD_USER is enabled.");
             return null;
         }
+        return createUserInternalUnchecked(name, flags, parentId);
+    }
+
+    private UserInfo createUserInternalUnchecked(String name, int flags, int parentId) {
         if (ActivityManager.isLowRamDeviceStatic()) {
             return null;
         }
@@ -2975,6 +2979,17 @@
                 am.switchUser(UserHandle.USER_SYSTEM);
             }
         }
+
+        @Override
+        public UserInfo createUserEvenWhenDisallowed(String name, int flags) {
+            UserInfo user = createUserInternalUnchecked(name, flags, UserHandle.USER_NULL);
+            // Keep this in sync with UserManager.createUser
+            if (user != null && !user.isAdmin()) {
+                setUserRestriction(UserManager.DISALLOW_SMS, true, user.id);
+                setUserRestriction(UserManager.DISALLOW_OUTGOING_CALLS, true, user.id);
+            }
+            return user;
+        }
     }
 
     /* Remove all the users except of the system one. */

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 3fb5a0d..0231c2c 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6750,6 +6750,10 @@
             throw new IllegalArgumentException("profileOwner " + profileOwner + " and admin "
                     + admin + " are not in the same package");
         }
+        // Only allow the system user to use this method
+        if (!mInjector.binderGetCallingUserHandle().isSystem()) {
+            throw new SecurityException("createAndManageUser was called from non-system user");
+        }
         // Create user.
         UserHandle user = null;
         synchronized (this) {
@@ -6761,7 +6765,8 @@
                 if ((flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0) {
                     userInfoFlags |= UserInfo.FLAG_EPHEMERAL;
                 }
-                UserInfo userInfo = mUserManager.createUser(name, userInfoFlags);
+                UserInfo userInfo = mUserManagerInternal.createUserEvenWhenDisallowed(name,
+                        userInfoFlags);
                 if (userInfo != null) {
                     user = userInfo.getUserHandle();
                 }