Restrict creation of secondary users

Background
* Secondary users should be disabled
  when the device is an organization-owned
  managed profile device.
* This is because supporting secondary
  users would complicate the semantics of
  user restrictions.

Changes
* Add DISALLOW_ADD_USER as a base restriction
  when the device is an organization-owned
  managed profile device.
* Handle removal case when the device is no
  longer in this mode.
* Remove the ability of other admins to apply
  DISALLOW_ADD_USER.

Manual Testing Steps
* Provision an organization-owned managed
  profile device.
* Check Settings > System > Multiple users
  and verify that a user cannot be added.
* Check WP TestDPC 'Set user restrictions
  on parent' and verify 'Disallow add user'
  is not present.

Bug: 155281701
Test: Manual testing
      atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I83348fc8b854cef20383803124000540b5b130cb

1 files changed, 8 insertions, 2 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 3323fa4b53e3..966694ad346c 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4567,9 +4567,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                 }
                 if (isProfileOwner(adminReceiver, userHandle)) {
                     if (isProfileOwnerOfOrganizationOwnedDevice(userHandle)) {
+                        UserHandle parentUserHandle = UserHandle.of(getProfileParentId(userHandle));
                         mUserManager.setUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
-                                false,
-                                UserHandle.of(getProfileParentId(userHandle)));
+                                false, parentUserHandle);
+                        mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER,
+                                false, parentUserHandle);
                     }
                     final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver,
                             userHandle, /* parent */ false);
@@ -7213,6 +7215,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                     mUserManager.setUserRestriction(
                             UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, false,
                             UserHandle.SYSTEM);
+                    mUserManager.setUserRestriction(
+                            UserManager.DISALLOW_ADD_USER, false, UserHandle.SYSTEM);
 
                     // Device-wide policies set by the profile owner need to be cleaned up here.
                     mLockPatternUtils.setDeviceOwnerInfo(null);
@@ -13825,6 +13829,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
             mUserManager.setUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, true,
                     parentUser);
+            mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, true,
+                    parentUser);
         });
 
         // markProfileOwnerOfOrganizationOwnedDevice will trigger writing of the profile owner