Allow ephemeral users on the split-system-user systems only.

BUG: 27143201 Change-Id: I37f3ca7366648dbf07df39a7a972857e0ff78a9a
author: Lenka Trochtova <ltrochtova@google.com> 2016-02-17 13:55:17 +0100
committer: Lenka Trochtova <ltrochtova@google.com> 2016-02-19 11:11:26 +0100
commit: 024f979dfdae1938afc3c509ea9762c06784cef5 (patch)
tree: b71b715e6a6afd0d6213d80f4bc0f336680d21ec
parent: 44da29407f3228811d5c1387a184fc68c388c5c7 (diff)
2 files changed, 15 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 788c44a75249..e7465c08832e 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -1833,6 +1833,11 @@ public class UserManagerService extends IUserManager.Stub {
                         return null;
                     }
                 }
+                if (!UserManager.isSplitSystemUser() && (flags & UserInfo.FLAG_EPHEMERAL) != 0) {
+                    Log.e(LOG_TAG,
+                            "Ephemeral users are supported on split-system-user systems only.");
+                    return null;
+                }
                 // In split system user mode, we assign the first human user the primary flag.
                 // And if there is no device owner, we also assign the admin flag to primary user.
                 if (UserManager.isSplitSystemUser()
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 4c229af4e4af..33225eba9565 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4968,6 +4968,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             return;
         }
         Preconditions.checkNotNull(who, "ComponentName is null");
+        // Allow setting this policy to true only if there is a split system user.
+        if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) {
+            throw new IllegalArgumentException(
+                    "Cannot force ephemeral users on systems without split system user.");
+        }
         boolean removeAllUsers = false;
         synchronized (this) {
             final ActiveAdmin deviceOwner =
@@ -6818,6 +6823,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         if (!mInjector.binderGetCallingUserHandle().isSystem()) {
             throw new SecurityException("createAndManageUser was called from non-system user");
         }
+        if (!mInjector.userManagerIsSplitSystemUser()
+                && (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0) {
+            throw new IllegalArgumentException(
+                    "Ephemeral users are only supported on systems with a split system user.");
+        }
         // Create user.
         UserHandle user = null;
         synchronized (this) {
author	Lenka Trochtova <ltrochtova@google.com>	2016-02-17 13:55:17 +0100
committer	Lenka Trochtova <ltrochtova@google.com>	2016-02-19 11:11:26 +0100
commit	024f979dfdae1938afc3c509ea9762c06784cef5 (patch)
tree	b71b715e6a6afd0d6213d80f4bc0f336680d21ec
parent	44da29407f3228811d5c1387a184fc68c388c5c7 (diff)