diff options
author | jovanak <jovanak@google.com> | 2018-06-14 12:13:49 -0700 |
---|---|---|
committer | Jovana Knezevic <jovanak@google.com> | 2018-06-15 18:25:13 +0000 |
commit | 7f82f4c10046ee62d113be665c0a31211bfdf016 (patch) | |
tree | d6957da3b48db8d5c3b3d9ae172558dfe3310055 /car-lib | |
parent | 6d7fa556fd78caa490d5a03f4c77b19d97fca722 (diff) | |
download | Car-7f82f4c10046ee62d113be665c0a31211bfdf016.tar.gz |
Only admins or system user car create other admins.
Change-Id: Ie67d0a9f7ff70594c075af6bb824e69d85feaf02
Fixes: 109698068
Test: atest CarUserManagerHelperTest
Diffstat (limited to 'car-lib')
-rw-r--r-- | car-lib/src/android/car/user/CarUserManagerHelper.java | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/car-lib/src/android/car/user/CarUserManagerHelper.java b/car-lib/src/android/car/user/CarUserManagerHelper.java index 7fd7fd2861..cd5bf30a33 100644 --- a/car-lib/src/android/car/user/CarUserManagerHelper.java +++ b/car-lib/src/android/car/user/CarUserManagerHelper.java @@ -458,16 +458,22 @@ public class CarUserManagerHelper { /** * Creates a new user on the system, the created user would be granted admin role. + * Only admins can create other admins. * * @param userName Name to give to the newly created user. * @return Newly created admin user, null if failed to create a user. */ @Nullable public UserInfo createNewAdminUser(String userName) { + if (!(isCurrentProcessAdminUser() || isCurrentProcessSystemUser())) { + // Only Admins or System user can create other privileged users. + Log.e(TAG, "Only admin users and system user can create other admins."); + return null; + } + UserInfo user = mUserManager.createUser(userName, UserInfo.FLAG_ADMIN); if (user == null) { - // Couldn't create user, most likely because there are too many, but we haven't - // been able to reload the list yet. + // Couldn't create user, most likely because there are too many. Log.w(TAG, "can't create admin user."); return null; } @@ -485,8 +491,7 @@ public class CarUserManagerHelper { public UserInfo createNewNonAdminUser(String userName) { UserInfo user = mUserManager.createUser(userName, 0); if (user == null) { - // Couldn't create user, most likely because there are too many, but we haven't - // been able to reload the list yet. + // Couldn't create user, most likely because there are too many. Log.w(TAG, "can't create non-admin user."); return null; } |