Block user from setting safe boot setting via adb am: 0ff13fce6f

am: c86e8c3442

Change-Id: Ie9e1f4d447dd61ef7f5ef191d1309377fbbf4559

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

@@ -1202,6 +1202,11 @@ public class SettingsProvider extends ContentProvider {
                 restriction = UserManager.DISALLOW_CONFIG_VPN;
                 break;
 
+            case Settings.Global.SAFE_BOOT_DISALLOWED:
+                if ("1".equals(value)) return false;
+                restriction = UserManager.DISALLOW_SAFE_BOOT;
+                break;
+
             default:
                 if (setting != null && setting.startsWith(Settings.Global.DATA_ROAMING)) {
                     if ("0".equals(value)) return false;

services/core/java/com/android/server/pm/UserRestrictionsUtils.java

@@ -333,6 +333,9 @@ public class UserRestrictionsUtils {
         // set, and in that case even if the restriction is lifted, changing it to ON would be
         // wrong.  So just don't do anything in such a case.  If the user hopes to enable location
         // later, they can do it on the Settings UI.
+        // WARNING: Remember that Settings.Global and Settings.Secure are changeable via adb.
+        // To prevent this from happening for a given user restriction, you have to add a check to
+        // SettingsProvider.isGlobalOrSecureSettingRestrictedForUser.
 
         final ContentResolver cr = context.getContentResolver();
         final long id = Binder.clearCallingIdentity();