Only admins or system user car create other admins.

Change-Id: Ie67d0a9f7ff70594c075af6bb824e69d85feaf02 Fixes: 109698068 Test: atest CarUserManagerHelperTest
author: jovanak <jovanak@google.com> 2018-06-14 12:13:49 -0700
committer: Jovana Knezevic <jovanak@google.com> 2018-06-15 18:25:13 +0000
commit: 7f82f4c10046ee62d113be665c0a31211bfdf016 (patch)
tree: d6957da3b48db8d5c3b3d9ae172558dfe3310055 /car-lib
parent: 6d7fa556fd78caa490d5a03f4c77b19d97fca722 (diff)
download: Car-7f82f4c10046ee62d113be665c0a31211bfdf016.tar.gz
1 files changed, 9 insertions, 4 deletions
diff --git a/car-lib/src/android/car/user/CarUserManagerHelper.java b/car-lib/src/android/car/user/CarUserManagerHelper.java
index 7fd7fd2861..cd5bf30a33 100644
--- a/car-lib/src/android/car/user/CarUserManagerHelper.java
+++ b/car-lib/src/android/car/user/CarUserManagerHelper.java
@@ -458,16 +458,22 @@ public class CarUserManagerHelper {
 
     /**
      * Creates a new user on the system, the created user would be granted admin role.
+     * Only admins can create other admins.
      *
      * @param userName Name to give to the newly created user.
      * @return Newly created admin user, null if failed to create a user.
      */
     @Nullable
     public UserInfo createNewAdminUser(String userName) {
+        if (!(isCurrentProcessAdminUser() || isCurrentProcessSystemUser())) {
+            // Only Admins or System user can create other privileged users.
+            Log.e(TAG, "Only admin users and system user can create other admins.");
+            return null;
+        }
+
         UserInfo user = mUserManager.createUser(userName, UserInfo.FLAG_ADMIN);
         if (user == null) {
-            // Couldn't create user, most likely because there are too many, but we haven't
-            // been able to reload the list yet.
+            // Couldn't create user, most likely because there are too many.
             Log.w(TAG, "can't create admin user.");
             return null;
         }
@@ -485,8 +491,7 @@ public class CarUserManagerHelper {
     public UserInfo createNewNonAdminUser(String userName) {
         UserInfo user = mUserManager.createUser(userName, 0);
         if (user == null) {
-            // Couldn't create user, most likely because there are too many, but we haven't
-            // been able to reload the list yet.
+            // Couldn't create user, most likely because there are too many.
             Log.w(TAG, "can't create non-admin user.");
             return null;
         }
author	jovanak <jovanak@google.com>	2018-06-14 12:13:49 -0700
committer	Jovana Knezevic <jovanak@google.com>	2018-06-15 18:25:13 +0000
commit	7f82f4c10046ee62d113be665c0a31211bfdf016 (patch)
tree	d6957da3b48db8d5c3b3d9ae172558dfe3310055 /car-lib
parent	6d7fa556fd78caa490d5a03f4c77b19d97fca722 (diff)
download	Car-7f82f4c10046ee62d113be665c0a31211bfdf016.tar.gz