diff options
| -rw-r--r-- | core/res/res/values/config.xml | 4 | ||||
| -rw-r--r-- | core/res/res/values/symbols.xml | 2 | ||||
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 28 |
3 files changed, 31 insertions, 3 deletions
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index ccf8509c2f8f..bca0e937cb70 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -4087,4 +4087,8 @@ <integer-array name="config_face_acquire_vendor_biometricprompt_ignorelist" translatable="false" > </integer-array> + <!-- The component name for the default profile supervisor, which can be set as a profile owner + even after user setup is complete. The defined component should be used for supervision purposes + only. The component must be part of a system app. --> + <string name="config_defaultSupervisionProfileOwnerComponent" translatable="false"></string> </resources> diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml index 35113edbfcce..32bd58e20efa 100644 --- a/core/res/res/values/symbols.xml +++ b/core/res/res/values/symbols.xml @@ -3781,4 +3781,6 @@ <java-symbol type="dimen" name="chooser_direct_share_label_placeholder_max_width" /> <java-symbol type="layout" name="chooser_az_label_row" /> <java-symbol type="string" name="chooser_all_apps_button_label" /> + + <java-symbol type="string" name="config_defaultSupervisionProfileOwnerComponent" /> </resources> diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index c5a206882695..22231c0ab09b 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -8034,6 +8034,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { throw new IllegalArgumentException("Component " + who + " not installed for userId:" + userHandle); } + final boolean hasIncompatibleAccountsOrNonAdb = hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who); synchronized (getLockObject()) { @@ -8539,9 +8540,30 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return; } enforceCanManageProfileAndDeviceOwners(); - if ((mIsWatch || hasUserSetupCompleted(userHandle)) && !isCallerWithSystemUid()) { - throw new IllegalStateException("Cannot set the profile owner on a user which is " - + "already set-up"); + + if ((mIsWatch || hasUserSetupCompleted(userHandle))) { + if (!isCallerWithSystemUid()) { + throw new IllegalStateException("Cannot set the profile owner on a user which is " + + "already set-up"); + } + + if (!mIsWatch) { + // Only the default supervision profile owner can be set as profile owner after SUW + final String supervisor = mContext.getResources().getString( + com.android.internal.R.string + .config_defaultSupervisionProfileOwnerComponent); + if (supervisor == null) { + throw new IllegalStateException("Unable to set profile owner post-setup, no" + + "default supervisor profile owner defined"); + } + + final ComponentName supervisorComponent = ComponentName.unflattenFromString( + supervisor); + if (!owner.equals(supervisorComponent)) { + throw new IllegalStateException("Unable to set non-default profile owner" + + " post-setup " + owner); + } + } } } |