diff options
| author | yuemingw <yuemingw@google.com> | 2018-01-30 17:27:54 +0000 |
|---|---|---|
| committer | yuemingw <yuemingw@google.com> | 2018-03-07 11:04:34 +0000 |
| commit | 1d13eaea8380a43a31b12804f26d888f829feedf (patch) | |
| tree | f0dc6afa0be79b462e87f6e7345495cdf247334a /core/java/android/os/UserManagerInternal.java | |
| parent | be1033fda24a7c1ba9ef3ca590da30be56acc6d2 (diff) | |
Block adb from changing certain settings value when corresponding user
restriction is on.
Check calling uid in isSettingRestrictedForUser(which is called by settingsprovider),
and only allow system_uid when certain user restriction is on, so that user won't be
able to change these settings with adb:
Settings.Secure.LOCATION_MODE,
Settings.Secure.PROVIDERS_ALLOWED,
Settings.System.SCREEN_BRIGHTNESS,
Settings.System.SCREEN_BRIGHTNESS_MODE,
Settings.System.SCREEN_OFF_TIMEOUT,
Settings.Global.AUTO_TIME,
Settings.Global.AUTO_TIME_ZONE.
This check also prevents 3rd party apps from modifying system settings value
when corresponding user restriction is on.
In addition, any attempt to change AUTO_TIME will also go through the check
for dpm.getAutoTimeRequired().
Test: manually by running the adb command with restriction set and not set
Bug: 72549013
Bug: 72548203
Bug: 72548533
Bug: 72686466
Bug: 72687105
Bug: 72940551
Bug: 72940562
Change-Id: I1d1fd20d9fa0f76f27905d62873f6a6e9af0224e
Diffstat (limited to 'core/java/android/os/UserManagerInternal.java')
| -rw-r--r-- | core/java/android/os/UserManagerInternal.java | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/core/java/android/os/UserManagerInternal.java b/core/java/android/os/UserManagerInternal.java index f09d5cee4e61..1f6c3cc76ddd 100644 --- a/core/java/android/os/UserManagerInternal.java +++ b/core/java/android/os/UserManagerInternal.java @@ -16,6 +16,7 @@ package android.os; import android.annotation.Nullable; +import android.content.Context; import android.content.pm.UserInfo; import android.graphics.Bitmap; @@ -206,4 +207,18 @@ public abstract class UserManagerInternal { * itself. */ public abstract int getProfileParentId(int userId); + + /** + * Checks whether changing a setting to a value is prohibited by the corresponding user + * restriction. + * + * <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction( + * Context, int, String, boolean)}, which should be in sync with this method. + * + * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. + * + * @hide + */ + public abstract boolean isSettingRestrictedForUser(String setting, int userId, String value, + int callingUid); } |