diff options
| -rw-r--r-- | core/java/android/os/UserManager.java | 10 | ||||
| -rw-r--r-- | services/core/java/com/android/server/MountService.java | 17 |
2 files changed, 27 insertions, 0 deletions
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java index 6384af31334f..b104135756c9 100644 --- a/core/java/android/os/UserManager.java +++ b/core/java/android/os/UserManager.java @@ -572,6 +572,16 @@ public class UserManager { } /** + * @hide + * Returns whether the caller is running as an admin user. There can be more than one admin + * user. + */ + public boolean isAdminUser() { + UserInfo user = getUserInfo(UserHandle.myUserId()); + return user != null ? user.isAdmin() : false; + } + + /** * Used to check if the user making this call is linked to another user. Linked users may have * a reduced number of available apps, app restrictions and account restrictions. * @return whether the user making this call is a linked user diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java index 45a776778d58..b4fa46d0b080 100644 --- a/services/core/java/com/android/server/MountService.java +++ b/services/core/java/com/android/server/MountService.java @@ -1202,6 +1202,21 @@ class MountService extends IMountService.Stub } } + private void enforceAdminUser() { + UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE); + final int callingUserId = UserHandle.getCallingUserId(); + boolean isAdmin; + long token = Binder.clearCallingIdentity(); + try { + isAdmin = um.getUserInfo(callingUserId).isAdmin(); + } finally { + Binder.restoreCallingIdentity(token); + } + if (!isAdmin) { + throw new SecurityException("Only admin users can adopt sd cards"); + } + } + /** * Constructs a new MountService instance * @@ -1537,6 +1552,7 @@ class MountService extends IMountService.Stub @Override public void partitionPrivate(String diskId) { enforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS); + enforceAdminUser(); waitForReady(); final CountDownLatch latch = findOrCreateDiskScanLatch(diskId); @@ -1551,6 +1567,7 @@ class MountService extends IMountService.Stub @Override public void partitionMixed(String diskId, int ratio) { enforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS); + enforceAdminUser(); waitForReady(); final CountDownLatch latch = findOrCreateDiskScanLatch(diskId); |