2 files changed, 8 insertions, 0 deletions

diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index 4d3e3e5a2925..d27f1f830c32 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1202,6 +1202,11 @@ public class SettingsProvider extends ContentProvider {
                 restriction = UserManager.DISALLOW_CONFIG_VPN;
                 break;
 
+            case Settings.Global.SAFE_BOOT_DISALLOWED:
+                if ("1".equals(value)) return false;
+                restriction = UserManager.DISALLOW_SAFE_BOOT;
+                break;
+
             default:
                 if (setting != null && setting.startsWith(Settings.Global.DATA_ROAMING)) {
                     if ("0".equals(value)) return false;
diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
index 04997570b89e..18bc27795494 100644
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -333,6 +333,9 @@ public class UserRestrictionsUtils {
         // set, and in that case even if the restriction is lifted, changing it to ON would be
         // wrong.  So just don't do anything in such a case.  If the user hopes to enable location
         // later, they can do it on the Settings UI.
+        // WARNING: Remember that Settings.Global and Settings.Secure are changeable via adb.
+        // To prevent this from happening for a given user restriction, you have to add a check to
+        // SettingsProvider.isGlobalOrSecureSettingRestrictedForUser.
 
         final ContentResolver cr = context.getContentResolver();
         final long id = Binder.clearCallingIdentity();