Disable DO single user features when clearDeviceOwner() is called

regardless of the amount of users

Bug: 32901196
Bug: 29748723
Change-Id: Ie419b5e496e23656cbe5436942d9aba402bfe68e

1 files changed, 26 insertions, 11 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index c497cb1c4413..29c90193d8a0 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6092,7 +6092,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) {
-        disableDeviceOwnerManagedSingleUserFeaturesIfNeeded();
         if (admin != null) {
             admin.disableCamera = false;
             admin.userRestrictions = null;
@@ -6104,6 +6103,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         mOwners.clearDeviceOwner();
         mOwners.writeDeviceOwner();
         updateDeviceOwnerLocked();
+        disableDeviceOwnerManagedSingleUserFeaturesIfNeeded();
         try {
             if (mInjector.getIBackupManager() != null) {
                 // Reactivate backup service.
@@ -9185,19 +9185,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     private synchronized void disableDeviceOwnerManagedSingleUserFeaturesIfNeeded() {
-        if (!mOwners.hasDeviceOwner()) {
-            return;
-        }
-        if (!isDeviceOwnerManagedSingleUserDevice()) {
-            mInjector.securityLogSetLoggingEnabledProperty(false);
+        final boolean isSingleUserManagedDevice = isDeviceOwnerManagedSingleUserDevice();
 
-            getDeviceOwnerAdminLocked().isNetworkLoggingEnabled = false;
-            saveSettingsLocked(mInjector.userHandleGetCallingUserId());
-            setNetworkLoggingActiveInternal(false);
+        // disable security logging if needed
+        if (!isSingleUserManagedDevice) {
+            mInjector.securityLogSetLoggingEnabledProperty(false);
+            Slog.w(LOG_TAG, "Security logging turned off as it's no longer a single user managed"
+                    + " device.");
+        }
 
+        // disable backup service if needed
+        // note: when clearing DO, the backup service shouldn't be disabled if it was enabled by
+        // the device owner
+        if (mOwners.hasDeviceOwner() && !isSingleUserManagedDevice) {
             setBackupServiceEnabledInternal(false);
-            Slog.w(LOG_TAG, "Security logging, network logging and backup service turned off as"
-                    + " it's not a single user device.");
+            Slog.w(LOG_TAG, "Backup is off as it's a managed device that has more that one user.");
+        }
+
+        // disable network logging if needed
+        if (!isSingleUserManagedDevice) {
+            setNetworkLoggingActiveInternal(false);
+            Slog.w(LOG_TAG, "Network logging turned off as it's no longer a single user managed"
+                    + " device.");
+            // if there still is a device owner, disable logging policy, otherwise the admin
+            // has been nuked
+            if (mOwners.hasDeviceOwner()) {
+                getDeviceOwnerAdminLocked().isNetworkLoggingEnabled = false;
+                saveSettingsLocked(mOwners.getDeviceOwnerUserId());
+            }
         }
     }