diff options
| author | yuemingw <yuemingw@google.com> | 2018-01-30 17:27:54 +0000 |
|---|---|---|
| committer | yuemingw <yuemingw@google.com> | 2018-02-23 16:04:45 +0000 |
| commit | 4140f6c4e3de454dfbcf060112517408ac69e96c (patch) | |
| tree | ece58fc72003e5131dd03dbce3bc4e55578d6fcf /core/java/android/os/UserManager.java | |
| parent | efee606e8634a5415739b7ec11b4e7330e2e0d2a (diff) | |
Block adb from changing certain settings value when corresponding user
restriction is on.
Check calling uid in isSettingRestrictedForUser(which is called by settingsprovider),
and only allow system_uid when certain user restriction is on, so that user won't be
able to change these settings with adb:
Settings.Secure.LOCATION_MODE,
Settings.Secure.PROVIDERS_ALLOWED,
Settings.System.SCREEN_BRIGHTNESS,
Settings.System.SCREEN_BRIGHTNESS_MODE,
Settings.System.SCREEN_OFF_TIMEOUT,
Settings.Global.AUTO_TIME,
Settings.Global.AUTO_TIME_ZONE.
This check also prevents 3rd party apps from modifying system settings value
when corresponding user restriction is on.
In addition, any attempt to change AUTO_TIME will also go through the check
for dpm.getAutoTimeRequired().
Test: manually by running the adb command with restriction set and not set
Bug: 72549013
Bug: 72548203
Bug: 72548533
Bug: 72686466
Bug: 72687105
Bug: 72940551
Bug: 72940562
Change-Id: Idfe0f1758d57958b836207ab3d55b2a292e1ae0d
Diffstat (limited to 'core/java/android/os/UserManager.java')
| -rw-r--r-- | core/java/android/os/UserManager.java | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java index 185620066454..1248b548e931 100644 --- a/core/java/android/os/UserManager.java +++ b/core/java/android/os/UserManager.java @@ -2731,6 +2731,25 @@ public class UserManager { } /** + * Checks whether changing a setting to a value is prohibited by the corresponding user + * restriction. + * + * <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction( + * Context, int, String, boolean)}, which should be in sync with this method. + * + * @return true if the change is prohibited, false if the change is allowed. + * + * @hide + */ + public boolean isSettingRestrictedForUser(String setting, int userId, String value) { + try { + return mService.isSettingRestrictedForUser(setting, userId, value); + } catch (RemoteException e) { + throw e.rethrowFromSystemServer(); + } + } + + /** * @hide * User that enforces a restriction. * |