commit 32f0742e52de8cebdbbb6c8ede9d6f4315d50189
author Amith Yamasani <yamasani@google.com> Fri Nov 16 15:09:13 2012 -0800
committer Amith Yamasani <yamasani@google.com> Fri Nov 16 15:09:13 2012 -0800
tree 527dac195a6e036aca533ed5f1d48e26ab038988
parent acddb72c58dbab029d1acbaea61755e79ef8b2a4

Only wipe device if primary user (for failed password attempts)

When a DeviceAdmin requests a device wipe due to a number of incorrect
password attempts, only primary user can wipe the device. Secondary users
can only remove themselves from the device.

Bug: 7554445
Change-Id: I24331cb4eff37571fcd792abb2efc794f7b3f2d2

services/java/com/android/server/DevicePolicyManagerService.java

diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java
index a5e26a8..5ba71a4 100644
--- a/services/java/com/android/server/DevicePolicyManagerService.java
+++ b/services/java/com/android/server/DevicePolicyManagerService.java
@@ -1875,28 +1875,32 @@
                     DeviceAdminInfo.USES_POLICY_WIPE_DATA);
             long ident = Binder.clearCallingIdentity();
             try {
-                if (userHandle == UserHandle.USER_OWNER) {
-                    wipeDataLocked(flags);
-                } else {
-                    lockNowUnchecked();
-                    mHandler.post(new Runnable() {
-                        public void run() {
-                            try {
-                                ActivityManagerNative.getDefault().switchUser(0);
-                                ((UserManager) mContext.getSystemService(Context.USER_SERVICE))
-                                        .removeUser(userHandle);
-                            } catch (RemoteException re) {
-                                // Shouldn't happen
-                            }
-                        }
-                    });
-                }
+                wipeDeviceOrUserLocked(flags, userHandle);
             } finally {
                 Binder.restoreCallingIdentity(ident);
             }
         }
     }
 
+    private void wipeDeviceOrUserLocked(int flags, final int userHandle) {
+        if (userHandle == UserHandle.USER_OWNER) {
+            wipeDataLocked(flags);
+        } else {
+            lockNowUnchecked();
+            mHandler.post(new Runnable() {
+                public void run() {
+                    try {
+                        ActivityManagerNative.getDefault().switchUser(0);
+                        ((UserManager) mContext.getSystemService(Context.USER_SERVICE))
+                                .removeUser(userHandle);
+                    } catch (RemoteException re) {
+                        // Shouldn't happen
+                    }
+                }
+            });
+        }
+    }
+
     public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) {
         enforceCrossUserPermission(userHandle);
         mContext.enforceCallingOrSelfPermission(
@@ -1996,7 +2000,7 @@
                 saveSettingsLocked(userHandle);
                 int max = getMaximumFailedPasswordsForWipe(null, userHandle);
                 if (max > 0 && policy.mFailedPasswordAttempts >= max) {
-                    wipeDataLocked(0);
+                    wipeDeviceOrUserLocked(0, userHandle);
                 }
                 sendAdminCommandLocked(DeviceAdminReceiver.ACTION_PASSWORD_FAILED,
                         DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle);