commit 28860b7570d2b3e7bc6a136a7bb7312e5aaf6e61
author Alan Treadway <alantreadway@google.com> Thu Nov 26 15:30:37 2015 +0000
committer Alan Treadway <alantreadway@google.com> Mon Nov 30 16:48:26 2015 +0000
tree 4c5e54dc81601bac8d08c22cb3c7a6e2777daf6f
parent 8b40491bc295dccc185b9be5b3616823fcff1a2e

Fix for being able to setup Managed User from system user.

Also move feature flag check to ensure it is used in all cases.

Change-Id: If42787c5bc9ab824449c70f90fb827cf2da7507f

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 47951de..d7afdf4 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6823,6 +6823,9 @@
     public boolean isProvisioningAllowed(String action) {
         final int callingUserId = mInjector.userHandleGetCallingUserId();
         if (DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE.equals(action)) {
+            if (!hasFeatureManagedUsers()) {
+                return false;
+            }
             synchronized (this) {
                 if (mOwners.hasDeviceOwner()) {
                     if (!mInjector.userManagerIsSplitSystemUser()) {
@@ -6845,13 +6848,6 @@
                 // Managed user cannot have a managed profile.
                 return false;
             }
-            try {
-                if (!mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS)) {
-                    return false;
-                }
-            } catch (RemoteException e) {
-                return false;
-            }
             final long ident = mInjector.binderClearCallingIdentity();
             try {
                 if (!mUserManager.canAddMoreManagedProfiles(callingUserId, true)) {
@@ -6864,10 +6860,17 @@
         } else if (DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE.equals(action)) {
             return isDeviceOwnerProvisioningAllowed(callingUserId);
         } else if (DevicePolicyManager.ACTION_PROVISION_MANAGED_USER.equals(action)) {
+            if (!hasFeatureManagedUsers()) {
+                return false;
+            }
             if (!mInjector.userManagerIsSplitSystemUser()) {
                 // ACTION_PROVISION_MANAGED_USER only supported on split-user systems.
                 return false;
             }
+            if (callingUserId == UserHandle.USER_SYSTEM) {
+                // System user cannot be a managed user.
+                return false;
+            }
             if (hasUserSetupCompleted(callingUserId)) {
                 return false;
             }
@@ -6901,6 +6904,14 @@
         return true;
     }
 
+    private boolean hasFeatureManagedUsers() {
+        try {
+            return mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS);
+        } catch (RemoteException e) {
+            return false;
+        }
+    }
+
     @Override
     public String getWifiMacAddress() {
         // Make sure caller has DO.