Don't allow non-admins to adopt sd card for internal storage

Bug: 21883016
Change-Id: I9af3eeffd860b076e69bb02a3dc06edba5f95898
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index 6384af3..b104135 100644
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -572,6 +572,16 @@
     }
 
     /**
+     * @hide
+     * Returns whether the caller is running as an admin user. There can be more than one admin
+     * user.
+     */
+    public boolean isAdminUser() {
+        UserInfo user = getUserInfo(UserHandle.myUserId());
+        return user != null ? user.isAdmin() : false;
+    }
+
+    /**
      * Used to check if the user making this call is linked to another user. Linked users may have
      * a reduced number of available apps, app restrictions and account restrictions.
      * @return whether the user making this call is a linked user
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index 45a7767..b4fa46d 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -1202,6 +1202,21 @@
         }
     }
 
+    private void enforceAdminUser() {
+        UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
+        final int callingUserId = UserHandle.getCallingUserId();
+        boolean isAdmin;
+        long token = Binder.clearCallingIdentity();
+        try {
+            isAdmin = um.getUserInfo(callingUserId).isAdmin();
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
+        if (!isAdmin) {
+            throw new SecurityException("Only admin users can adopt sd cards");
+        }
+    }
+
     /**
      * Constructs a new MountService instance
      *
@@ -1537,6 +1552,7 @@
     @Override
     public void partitionPrivate(String diskId) {
         enforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS);
+        enforceAdminUser();
         waitForReady();
 
         final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);
@@ -1551,6 +1567,7 @@
     @Override
     public void partitionMixed(String diskId, int ratio) {
         enforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS);
+        enforceAdminUser();
         waitForReady();
 
         final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);