Merge "Restrict creation of secondary users" into rvc-dev

author: Alex Johnston <acjohnston@google.com> 2020-05-07 15:20:31 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-05-07 15:20:31 +0000
commit: 80542add04f3e77e6d63e7383ffd57722f5f2435 (patch)
tree: 0e3ec1714efbb1809f8ecf9cc6e3e711e8d772ae /services/devicepolicy
parent: c79df044116ae11f47567c3ff3e3b36c8eba701b (diff)
parent: 9ace11127c334296ddf502ee0f6b7f908b2e7006 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 3323fa4b53e3..966694ad346c 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4567,9 +4567,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                 }
                 if (isProfileOwner(adminReceiver, userHandle)) {
                     if (isProfileOwnerOfOrganizationOwnedDevice(userHandle)) {
+                        UserHandle parentUserHandle = UserHandle.of(getProfileParentId(userHandle));
                         mUserManager.setUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
-                                false,
-                                UserHandle.of(getProfileParentId(userHandle)));
+                                false, parentUserHandle);
+                        mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER,
+                                false, parentUserHandle);
                     }
                     final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver,
                             userHandle, /* parent */ false);
@@ -7213,6 +7215,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                     mUserManager.setUserRestriction(
                             UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, false,
                             UserHandle.SYSTEM);
+                    mUserManager.setUserRestriction(
+                            UserManager.DISALLOW_ADD_USER, false, UserHandle.SYSTEM);
 
                     // Device-wide policies set by the profile owner need to be cleaned up here.
                     mLockPatternUtils.setDeviceOwnerInfo(null);
@@ -13825,6 +13829,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
             mUserManager.setUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, true,
                     parentUser);
+            mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, true,
+                    parentUser);
         });
 
         // markProfileOwnerOfOrganizationOwnedDevice will trigger writing of the profile owner
author	Alex Johnston <acjohnston@google.com>	2020-05-07 15:20:31 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-05-07 15:20:31 +0000
commit	80542add04f3e77e6d63e7383ffd57722f5f2435 (patch)
tree	0e3ec1714efbb1809f8ecf9cc6e3e711e8d772ae /services/devicepolicy
parent	c79df044116ae11f47567c3ff3e3b36c8eba701b (diff)
parent	9ace11127c334296ddf502ee0f6b7f908b2e7006 (diff)