Merge "Disable multiple user for corp-liable mode"

4 files changed, 37 insertions, 2 deletions

diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 89e974e7d738..ddd7691d681c 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -2847,6 +2847,24 @@ public class DevicePolicyManager {
     }
 
     /**
+     * Returns the device owner user id. Note this method will still return the device owner user id
+     * even if it's running on a different user. If there is no device owner this method return
+     * {@link UserHandle.USER_NULL}.
+     *
+     * @hide
+     */
+    public int getDeviceOwnerUserId() {
+        if (mService != null) {
+            try {
+                return mService.getDeviceOwnerUserId();
+            } catch (RemoteException re) {
+                Log.w(TAG, "Failed to get device owner user id");
+            }
+        }
+        return UserHandle.USER_NULL;
+    }
+
+    /**
      * @hide
      * @deprecated Do not use
      * @removed
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index c43fa9a27640..e14c43626818 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -116,6 +116,7 @@ interface IDevicePolicyManager {
     boolean setDeviceOwner(in ComponentName who, String ownerName, int userId);
     ComponentName getDeviceOwner();
     String getDeviceOwnerName();
+    int getDeviceOwnerUserId();
     void clearDeviceOwner(String packageName);
 
     boolean setProfileOwner(in ComponentName who, String ownerName, int userHandle);
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index b3c40d36185c..fd036a75444f 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -1561,6 +1561,8 @@ public class UserManagerService extends IUserManager.Stub {
         final boolean isManagedProfile = (flags & UserInfo.FLAG_MANAGED_PROFILE) != 0;
         final boolean isRestricted = (flags & UserInfo.FLAG_RESTRICTED) != 0;
         final long ident = Binder.clearCallingIdentity();
+        final DevicePolicyManager devicePolicyManager = (DevicePolicyManager) mContext
+                .getSystemService(Context.DEVICE_POLICY_SERVICE);
         UserInfo userInfo;
         final int userId;
         try {
@@ -1603,13 +1605,22 @@ public class UserManagerService extends IUserManager.Stub {
                         return null;
                     }
                 }
+                if (devicePolicyManager != null) {
+                    int deviceOwnerUserId = devicePolicyManager.getDeviceOwnerUserId();
+                    // If there is a device owner, completely disallow multiple user in non-split
+                    // user devices. In split user devices, no further users can be added If there
+                    // is a device owner outside of the system user.
+                    if (deviceOwnerUserId != UserHandle.USER_NULL
+                            && (!UserManager.isSplitSystemUser()
+                            || deviceOwnerUserId != UserHandle.USER_SYSTEM)) {
+                        return null;
+                    }
+                }
                 // In split system user mode, we assign the first human user the primary flag.
                 // And if there is no device owner, we also assign the admin flag to primary user.
                 if (UserManager.isSplitSystemUser()
                         && !isGuest && !isManagedProfile && getPrimaryUser() == null) {
                     flags |= UserInfo.FLAG_PRIMARY;
-                    DevicePolicyManager devicePolicyManager = (DevicePolicyManager)
-                            mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
                     if (devicePolicyManager == null
                             || devicePolicyManager.getDeviceOwner() == null) {
                         flags |= UserInfo.FLAG_ADMIN;
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 4c1580915949..d80fcab9942c 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4628,6 +4628,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
     }
 
+    @Override
+    public int getDeviceOwnerUserId() {
+        return mOwners.hasDeviceOwner() ? mOwners.getDeviceOwnerUserId() : UserHandle.USER_NULL;
+    }
+
     // Returns the active device owner or null if there is no device owner.
     @VisibleForTesting
     ActiveAdmin getDeviceOwnerAdminLocked() {