Merge "Update UserRestriction defaults to use framework mechanisms"
diff --git a/car_product/overlay/frameworks/base/core/res/res/values/config.xml b/car_product/overlay/frameworks/base/core/res/res/values/config.xml
index ac9f3ca..2d28676 100644
--- a/car_product/overlay/frameworks/base/core/res/res/values/config.xml
+++ b/car_product/overlay/frameworks/base/core/res/res/values/config.xml
@@ -101,4 +101,9 @@
<!-- Enabled temporarily to watch the dashboard-->
<bool name="config_enableWallpaperService">true</bool>
+ <!-- Default user restrictions for system user 0. -->
+ <string-array translatable="false" name="config_defaultFirstUserRestrictions">
+ <item>"no_modify_accounts"</item>
+ </string-array>
+
</resources>
diff --git a/car_product/overlay/frameworks/base/core/res/res/xml/config_user_types.xml b/car_product/overlay/frameworks/base/core/res/res/xml/config_user_types.xml
new file mode 100644
index 0000000..1baae68
--- /dev/null
+++ b/car_product/overlay/frameworks/base/core/res/res/xml/config_user_types.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2019 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<user-types>
+ <full-type name="android.os.usertype.full.SECONDARY" >
+ <default-restrictions />
+ </full-type>
+
+ <full-type name="android.os.usertype.full.GUEST" >
+ <default-restrictions no_factory_reset="true" no_remove_user="true"
+ no_modify_accounts="true" no_install_apps="true" no_install_unknown_sources="true"
+ no_uninstall_apps="true"/>
+ </full-type>
+</user-types>
diff --git a/service/src/com/android/car/user/CarUserService.java b/service/src/com/android/car/user/CarUserService.java
index 5a3a084..f69330f 100644
--- a/service/src/com/android/car/user/CarUserService.java
+++ b/service/src/com/android/car/user/CarUserService.java
@@ -400,7 +400,6 @@
if (UserManager.isHeadlessSystemUserMode()) {
setSystemUserRestrictions();
}
- mCarUserManagerHelper.initDefaultGuestRestrictions();
Settings.Global.putInt(mContext.getContentResolver(),
CarSettings.Global.DEFAULT_USER_RESTRICTIONS_SET, 1);
}
@@ -627,15 +626,11 @@
}
private void setSystemUserRestrictions() {
- // Disable adding accounts for system user.
- UserHandle systemUserHandle = UserHandle.of(UserHandle.USER_SYSTEM);
- mUserManager.setUserRestriction(
- UserManager.DISALLOW_MODIFY_ACCOUNTS, /* value= */ true, systemUserHandle);
-
// Disable Location service for system user.
LocationManager locationManager =
(LocationManager) mContext.getSystemService(Context.LOCATION_SERVICE);
- locationManager.setLocationEnabledForUser(/* enabled= */ false, systemUserHandle);
+ locationManager.setLocationEnabledForUser(
+ /* enabled= */ false, UserHandle.of(UserHandle.USER_SYSTEM));
}
/**
diff --git a/tests/carservice_unit_test/src/android/car/userlib/CarUserManagerHelperTest.java b/tests/carservice_unit_test/src/android/car/userlib/CarUserManagerHelperTest.java
index ebe5960..91afea6 100644
--- a/tests/carservice_unit_test/src/android/car/userlib/CarUserManagerHelperTest.java
+++ b/tests/carservice_unit_test/src/android/car/userlib/CarUserManagerHelperTest.java
@@ -27,7 +27,6 @@
import android.app.ActivityManager;
import android.content.Context;
import android.content.pm.UserInfo;
-import android.os.Bundle;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
@@ -38,7 +37,6 @@
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
-import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
@@ -164,30 +162,6 @@
verify(mUserManager).setUserRestriction(
UserManager.DISALLOW_FACTORY_RESET, /* enable= */ true, UserHandle.of(userId));
- verify(mUserManager).setUserRestriction(
- UserManager.DISALLOW_SMS, /* enable= */ false, UserHandle.of(userId));
- verify(mUserManager).setUserRestriction(
- UserManager.DISALLOW_OUTGOING_CALLS, /* enable= */ false, UserHandle.of(userId));
- }
-
- @Test
- public void testDefaultGuestRestrictions() {
- int guestRestrictionsExpectedCount = 6;
-
- ArgumentCaptor<Bundle> bundleCaptor = ArgumentCaptor.forClass(Bundle.class);
- mCarUserManagerHelper.initDefaultGuestRestrictions();
-
- verify(mUserManager).setDefaultGuestRestrictions(bundleCaptor.capture());
- Bundle guestRestrictions = bundleCaptor.getValue();
-
- assertThat(guestRestrictions.keySet()).hasSize(guestRestrictionsExpectedCount);
- assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_FACTORY_RESET)).isTrue();
- assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_REMOVE_USER)).isTrue();
- assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_MODIFY_ACCOUNTS)).isTrue();
- assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_INSTALL_APPS)).isTrue();
- assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES))
- .isTrue();
- assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_UNINSTALL_APPS)).isTrue();
}
@Test
diff --git a/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java b/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
index 86ce07b..2992fd3 100644
--- a/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
+++ b/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
@@ -146,20 +146,6 @@
}
/**
- * Test that the {@link CarUserService} does set the disable modify account permission for
- * user 0 upon user 0 unlock when user 0 is headless.
- */
- @Test
- public void testDisableModifyAccountsForHeadlessSystemUserOnFirstRun() {
- mCarUserService.setUserLockStatus(UserHandle.USER_SYSTEM, true);
- verify(mMockedUserManager)
- .setUserRestriction(
- UserManager.DISALLOW_MODIFY_ACCOUNTS,
- true,
- UserHandle.of(UserHandle.USER_SYSTEM));
- }
-
- /**
* Test that the {@link CarUserService} does not set restrictions on user 0 if they have already
* been set.
*/
diff --git a/user/car-user-lib/src/android/car/userlib/CarUserManagerHelper.java b/user/car-user-lib/src/android/car/userlib/CarUserManagerHelper.java
index b86ea0b..86fdade 100644
--- a/user/car-user-lib/src/android/car/userlib/CarUserManagerHelper.java
+++ b/user/car-user-lib/src/android/car/userlib/CarUserManagerHelper.java
@@ -24,7 +24,6 @@
import android.content.Context;
import android.content.pm.UserInfo;
import android.graphics.Bitmap;
-import android.os.Bundle;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
@@ -78,18 +77,6 @@
UserManager.DISALLOW_UNINSTALL_APPS
);
- /**
- * Default set of restrictions for Guest users.
- */
- private static final Set<String> DEFAULT_GUEST_RESTRICTIONS = Sets.newArraySet(
- UserManager.DISALLOW_FACTORY_RESET,
- UserManager.DISALLOW_REMOVE_USER,
- UserManager.DISALLOW_MODIFY_ACCOUNTS,
- UserManager.DISALLOW_INSTALL_APPS,
- UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
- UserManager.DISALLOW_UNINSTALL_APPS
- );
-
private final Context mContext;
private final UserManager mUserManager;
private final ActivityManager mActivityManager;
@@ -189,19 +176,6 @@
}
/**
- * Sets default guest restrictions that will be applied every time a Guest user is created.
- *
- * <p> Restrictions are written to disk and persistent across boots.
- */
- public void initDefaultGuestRestrictions() {
- Bundle defaultGuestRestrictions = new Bundle();
- for (String restriction : DEFAULT_GUEST_RESTRICTIONS) {
- defaultGuestRestrictions.putBoolean(restriction, true);
- }
- mUserManager.setDefaultGuestRestrictions(defaultGuestRestrictions);
- }
-
- /**
* Gets all the users that can be brought to the foreground on the system.
*
* @return List of {@code UserInfo} for users that associated with a real person.
@@ -290,13 +264,6 @@
}
setDefaultNonAdminRestrictions(user, /* enable= */ true);
- // Each non-admin has sms and outgoing call restrictions applied by the UserManager on
- // creation. We want to enable these permissions by default in the car.
- mUserManager.setUserRestriction(
- UserManager.DISALLOW_SMS, /* enable= */ false, user.getUserHandle());
- mUserManager.setUserRestriction(
- UserManager.DISALLOW_OUTGOING_CALLS, /* enable= */ false, user.getUserHandle());
-
assignDefaultIcon(user);
return user;
}