Only wipe device if primary user (for failed password attempts)

When a DeviceAdmin requests a device wipe due to a number of incorrect password attempts, only primary user can wipe the device. Secondary users can only remove themselves from the device. Bug: 7554445 Change-Id: I24331cb4eff37571fcd792abb2efc794f7b3f2d2
2012-11-16 15:09:13 -08:00
parent acddb72c58
commit 32f0742e52
1 changed files with 21 additions and 17 deletions
--- a/services/java/com/android/server/DevicePolicyManagerService.java
+++ b/services/java/com/android/server/DevicePolicyManagerService.java
@ -1875,28 +1875,32 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                    DeviceAdminInfo.USES_POLICY_WIPE_DATA);
            long ident = Binder.clearCallingIdentity();
            try {
-                if (userHandle == UserHandle.USER_OWNER) {
-                    wipeDataLocked(flags);
-                } else {
-                    lockNowUnchecked();
-                    mHandler.post(new Runnable() {
-                        public void run() {
-                            try {
-                                ActivityManagerNative.getDefault().switchUser(0);
-                                ((UserManager) mContext.getSystemService(Context.USER_SERVICE))
-                                        .removeUser(userHandle);
-                            } catch (RemoteException re) {
-                                // Shouldn't happen
-                            }
-                        }
-                    });
-                }
+                wipeDeviceOrUserLocked(flags, userHandle);
            } finally {
                Binder.restoreCallingIdentity(ident);
            }
        }
    }

+    private void wipeDeviceOrUserLocked(int flags, final int userHandle) {
+        if (userHandle == UserHandle.USER_OWNER) {
+            wipeDataLocked(flags);
+        } else {
+            lockNowUnchecked();
+            mHandler.post(new Runnable() {
+                public void run() {
+                    try {
+                        ActivityManagerNative.getDefault().switchUser(0);
+                        ((UserManager) mContext.getSystemService(Context.USER_SERVICE))
+                                .removeUser(userHandle);
+                    } catch (RemoteException re) {
+                        // Shouldn't happen
+                    }
+                }
+            });
+        }
+    }
+
    public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) {
        enforceCrossUserPermission(userHandle);
        mContext.enforceCallingOrSelfPermission(
@ -1996,7 +2000,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                saveSettingsLocked(userHandle);
                int max = getMaximumFailedPasswordsForWipe(null, userHandle);
                if (max > 0 && policy.mFailedPasswordAttempts >= max) {
-                    wipeDataLocked(0);
+                    wipeDeviceOrUserLocked(0, userHandle);
                }
                sendAdminCommandLocked(DeviceAdminReceiver.ACTION_PASSWORD_FAILED,
                        DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle);