Enforce disallow switch user in user settings

Disallow the following actions which result in switch user when DISALLOW_USER_SWITCH is set
- Creating guest
- Showing user setup dialog for newly created user
- Clicking uninitialized user preference

Bug: 71694430
Test: CTSVerifier DeviceOwnerPositiveTest - DISALLOW_USER_SWITCH
Test: m -j ROBOTEST_FILTER=UserCapabilitiesTest RunSettingsRoboTests
Test: m -j ROBOTEST_FILTER=AddUserWhenLockedPreferenceController RunSettingsRoboTests
Test: m -j ROBOTEST_FILTER=UserSettingsTest RunSettingsRoboTests
Change-Id: Ia4c7e7b4947bfaf2ebeef4d32a473bdac542d6a6
This commit is contained in:
Alex Chau
2018-01-30 14:22:50 +00:00
parent 54e304b897
commit ffae4c1a0e
3 changed files with 94 additions and 6 deletions

View File

@@ -34,6 +34,7 @@ public class UserCapabilities {
boolean mCanAddGuest;
boolean mDisallowAddUser;
boolean mDisallowAddUserSetByAdmin;
boolean mDisallowSwitchUser;
RestrictedLockUtils.EnforcedAdmin mEnforcedAdmin;
private UserCapabilities() {}
@@ -79,6 +80,9 @@ public class UserCapabilities {
final boolean canAddUsersWhenLocked = mIsAdmin || Settings.Global.getInt(
context.getContentResolver(), Settings.Global.ADD_USERS_WHEN_LOCKED, 0) == 1;
mCanAddGuest = !mIsGuest && !mDisallowAddUser && canAddUsersWhenLocked;
UserManager userManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
mDisallowSwitchUser = userManager.hasUserRestriction(UserManager.DISALLOW_USER_SWITCH);
}
public boolean isAdmin() {
@@ -109,6 +113,7 @@ public class UserCapabilities {
", mCanAddGuest=" + mCanAddGuest +
", mDisallowAddUser=" + mDisallowAddUser +
", mEnforcedAdmin=" + mEnforcedAdmin +
", mDisallowSwitchUser=" + mDisallowSwitchUser +
'}';
}
}

View File

@@ -754,8 +754,12 @@ public class UserSettings extends SettingsPreferenceFragment
synchronized (mUserLock) {
if (userType == USER_TYPE_USER) {
mHandler.sendEmptyMessage(MESSAGE_UPDATE_LIST);
mHandler.sendMessage(mHandler.obtainMessage(
MESSAGE_SETUP_USER, user.id, user.serialNumber));
// Skip setting up user which results in user switching when the
// restriction is set.
if (!mUserCaps.mDisallowSwitchUser) {
mHandler.sendMessage(mHandler.obtainMessage(
MESSAGE_SETUP_USER, user.id, user.serialNumber));
}
} else {
mHandler.sendMessage(mHandler.obtainMessage(
MESSAGE_CONFIG_USER, user.id, user.serialNumber));
@@ -842,8 +846,12 @@ public class UserSettings extends SettingsPreferenceFragment
} else {
pref.setSummary(R.string.user_summary_not_set_up);
}
pref.setOnPreferenceClickListener(this);
pref.setSelectable(true);
// Disallow setting up user which results in user switching when the restriction is
// set.
if (!mUserCaps.mDisallowSwitchUser) {
pref.setOnPreferenceClickListener(this);
pref.setSelectable(true);
}
} else if (user.isRestricted()) {
pref.setSummary(R.string.user_summary_restricted_profile);
}
@@ -882,8 +890,13 @@ public class UserSettings extends SettingsPreferenceFragment
pref.setTitle(R.string.user_guest);
pref.setIcon(getEncircledDefaultIcon());
userPreferences.add(pref);
pref.setDisabledByAdmin(
mUserCaps.mDisallowAddUser ? mUserCaps.mEnforcedAdmin : null);
if (mUserCaps.mDisallowAddUser) {
pref.setDisabledByAdmin(mUserCaps.mEnforcedAdmin);
} else if (mUserCaps.mDisallowSwitchUser) {
pref.setDisabledByAdmin(RestrictedLockUtils.getDeviceOwner(context));
} else {
pref.setDisabledByAdmin(null);
}
int finalGuestId = guestId;
pref.setOnPreferenceClickListener(preference -> {
int id = finalGuestId;