setAutoTimeRequired disabled on managed profile

* A security exception should be thrown when setAutoTimeRequired is called on a managed profile * Update javadoc Bug: 156620695 Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetAutoTimeRequired atest com.android.cts.devicepolicy.MixedProfileOwnerTest#testSetAutoTimeRequired atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testSetAutoTimeRequired Change-Id: Ifb53c218947f62aa446aa607d3f4eee354586395
author: Alex Johnston <acjohnston@google.com> 2020-05-20 12:39:36 +0100
committer: Alex Johnston <acjohnston@google.com> 2020-05-20 12:50:04 +0100
commit: 67623cf5566014310b19b7a08561276ee4ab3c6a (patch)
tree: 659900bdf90a517f1c62367d7f709b682e2d3104
parent: 78a66d6c36451d8c91b2473e3b4ac8bafbd79b41 (diff)
2 files changed, 6 insertions, 1 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 8073982ef745..c65064324c8c 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -6031,10 +6031,12 @@ public class DevicePolicyManager {
      * this API to enforce auto time will result in
      * {@link UserManager#DISALLOW_CONFIG_DATE_TIME} being set, while calling this API to lift
      * the requirement will result in {@link UserManager#DISALLOW_CONFIG_DATE_TIME} being cleared.
+     * From Android 11, this API can also no longer be called on a managed profile.
      *
      * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
      * @param required Whether auto time is set required or not.
-     * @throws SecurityException if {@code admin} is not a device owner.
+     * @throws SecurityException if {@code admin} is not a device owner, not a profile owner or
+     * if this API is called on a managed profile.
      * @deprecated From {@link android.os.Build.VERSION_CODES#R}. Use {@link #setAutoTimeEnabled}
      * to turn auto time on or off and use {@link UserManager#DISALLOW_CONFIG_DATE_TIME}
      * to prevent the user from changing this setting.
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 966694ad346c..84d8cee1fe73 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -7968,6 +7968,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         final int userHandle = UserHandle.getCallingUserId();
         boolean requireAutoTimeChanged = false;
         synchronized (getLockObject()) {
+            if (isManagedProfile(userHandle)) {
+                throw new SecurityException("Managed profile cannot set auto time required");
+            }
             ActiveAdmin admin = getActiveAdminForCallerLocked(who,
                     DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
             if (admin.requireAutoTime != required) {
author	Alex Johnston <acjohnston@google.com>	2020-05-20 12:39:36 +0100
committer	Alex Johnston <acjohnston@google.com>	2020-05-20 12:50:04 +0100
commit	67623cf5566014310b19b7a08561276ee4ab3c6a (patch)
tree	659900bdf90a517f1c62367d7f709b682e2d3104
parent	78a66d6c36451d8c91b2473e3b4ac8bafbd79b41 (diff)