summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java10
1 files changed, 10 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index bdd073044c45..e29679630bc1 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4145,6 +4145,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
private void clearOrgOwnedProfileOwnerUserRestrictions(UserHandle parentUserHandle) {
mUserManager.setUserRestriction(
UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, false, parentUserHandle);
+ if (mInjector.userManagerIsHeadlessSystemUserMode()) {
+ mUserManager.setUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
+ false, UserHandle.SYSTEM);
+ }
mUserManager.setUserRestriction(
UserManager.DISALLOW_ADD_USER, false, parentUserHandle);
}
@@ -17890,6 +17894,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
mUserManager.setUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
isProfileOwnerOnOrganizationOwnedDevice,
parentUser);
+ if (mInjector.userManagerIsHeadlessSystemUserMode()) {
+ // For HSUM, additionally set this on user 0 to block ADB from removing the profile.
+ mUserManager.setUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
+ isProfileOwnerOnOrganizationOwnedDevice,
+ UserHandle.SYSTEM);
+ }
mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER,
isProfileOwnerOnOrganizationOwnedDevice,
parentUser);
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-10 14:59:39 +0000