Allow forceUpdateUserSetupComplete for non system users
Test: atest android.devicepolicy.cts.DevicePolicyManagerTest
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Bug: 183716601
Change-Id: Id2340ac1c6404ac41ca7b5a31c6fbb1577804595
diff --git a/core/api/test-current.txt b/core/api/test-current.txt
index d366e35d..edceac3 100644
--- a/core/api/test-current.txt
+++ b/core/api/test-current.txt
@@ -452,7 +452,7 @@
method @RequiresPermission(android.Manifest.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS) public long forceNetworkLogs();
method @RequiresPermission("android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS") public void forceRemoveActiveAdmin(@NonNull android.content.ComponentName, int);
method @RequiresPermission(android.Manifest.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS) public long forceSecurityLogs();
- method public void forceUpdateUserSetupComplete();
+ method public void forceUpdateUserSetupComplete(int);
method @NonNull public java.util.Set<java.lang.String> getDefaultCrossProfilePackages();
method @NonNull public java.util.Set<java.lang.String> getDisallowedSystemApps(@NonNull android.content.ComponentName, int, @NonNull String);
method public long getLastBugReportRequestTime();
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 02e64b8..38b19ae 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -11974,15 +11974,14 @@
/**
* @hide
- * Force update user setup completed status.
+ * Force update user setup completed status for the given {@code userId}.
* @throws {@link SecurityException} if the caller has no
- * {@code android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS} or the caller is
- * not {@link UserHandle#SYSTEM_USER}
+ * {@code android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}.
*/
@TestApi
- public void forceUpdateUserSetupComplete() {
+ public void forceUpdateUserSetupComplete(@UserIdInt int userId) {
try {
- mService.forceUpdateUserSetupComplete();
+ mService.forceUpdateUserSetupComplete(userId);
} catch (RemoteException re) {
throw re.rethrowFromSystemServer();
}
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 9f76bd1..db2fc0d 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -406,7 +406,7 @@
boolean isDeviceProvisioningConfigApplied();
void setDeviceProvisioningConfigApplied();
- void forceUpdateUserSetupComplete();
+ void forceUpdateUserSetupComplete(int userId);
void setBackupServiceEnabled(in ComponentName admin, boolean enabled);
boolean isBackupServiceEnabled(in ComponentName admin);
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index ef7360d..49346d4 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -14513,14 +14513,10 @@
* apps.
*/
@Override
- public void forceUpdateUserSetupComplete() {
- final CallerIdentity caller = getCallerIdentity();
+ public void forceUpdateUserSetupComplete(@UserIdInt int userId) {
Preconditions.checkCallAuthorization(
hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));
- Preconditions.checkCallAuthorization(caller.getUserHandle().isSystem(),
- "Caller has to be in user 0");
- final int userId = UserHandle.USER_SYSTEM;
boolean isUserCompleted = mInjector.settingsSecureGetIntForUser(
Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0;
DevicePolicyData policy = getUserData(userId);
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index c54dffc..0cfc3ec 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -3888,37 +3888,28 @@
public void testForceUpdateUserSetupComplete_permission() {
// GIVEN the permission MANAGE_PROFILE_AND_DEVICE_OWNERS is not granted
assertExpectException(SecurityException.class, /* messageRegex =*/ null,
- () -> dpm.forceUpdateUserSetupComplete());
- }
-
- @Test
- public void testForceUpdateUserSetupComplete_systemUser() {
- mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
- // GIVEN calling from user 20
- mContext.binder.callingUid = DpmMockContext.CALLER_UID;
- assertExpectException(SecurityException.class, /* messageRegex =*/ null,
- () -> dpm.forceUpdateUserSetupComplete());
+ () -> dpm.forceUpdateUserSetupComplete(UserHandle.USER_SYSTEM));
}
@Test
public void testForceUpdateUserSetupComplete_forcesUpdate() {
mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
+ final int userId = UserHandle.getUserId(mContext.binder.callingUid);
- final int userId = UserHandle.USER_SYSTEM;
// GIVEN userComplete is false in SettingsProvider
setUserSetupCompleteForUser(false, userId);
// GIVEN userComplete is true in DPM
DevicePolicyData userData = new DevicePolicyData(userId);
userData.mUserSetupComplete = true;
- dpms.mUserData.put(UserHandle.USER_SYSTEM, userData);
+ dpms.mUserData.put(userId, userData);
assertThat(dpms.hasUserSetupCompleted()).isTrue();
- dpm.forceUpdateUserSetupComplete();
+ dpm.forceUpdateUserSetupComplete(userId);
- // THEN the state in dpms is not changed
+ // THEN the state in dpms is changed
assertThat(dpms.hasUserSetupCompleted()).isFalse();
}