From 4b7656f18370d1dd73aeca5ec7a45449ca4f00a0 Mon Sep 17 00:00:00 2001
From: Esteban Talavera <etalavera@google.com>
Date: Tue, 24 Feb 2015 16:53:52 +0000
Subject: [PATCH] Allow setting a Device Owner via ADB on unprovisioned device
 with preinstalled account

Some devices come from carriers with a preinstalled account. This
means that we couldn't set a device owner via "adb shell dpm"
commands, while the regular device owner flow worked (as the
latter just checked whether the device was provisioned).

Bug: 18354022
Change-Id: I9a677de9d34d073e218b9179ec4b0f5b4b82adc9
---
 .../devicepolicy/DevicePolicyManagerService.java | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 770da5b58aeab..6dc54ce05bf9e 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4053,16 +4053,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     /**
-     * Device owner can only be set on an unprovisioned device, unless it was initiated by "adb", in
-     * which case we allow it if no account is associated with the device.
+     * Device owner can only be set on an unprovisioned device. However, if initiated via "adb",
+     * we also allow it if no accounts or additional users are present on the device.
      */
     private boolean allowedToSetDeviceOwnerOnDevice() {
-        int callingId = Binder.getCallingUid();
-        if (callingId == Process.SHELL_UID || callingId == Process.ROOT_UID) {
-            return AccountManager.get(mContext).getAccounts().length == 0;
-        } else {
-            return !hasUserSetupCompleted(UserHandle.USER_OWNER);
+        if (!hasUserSetupCompleted(UserHandle.USER_OWNER)) {
+            return true;
         }
+
+        int callingId = Binder.getCallingUid();
+        return (callingId == Process.SHELL_UID || callingId == Process.ROOT_UID)
+                && mUserManager.getUserCount() == 1
+                && AccountManager.get(mContext).getAccounts().length == 0;
     }
 
     private void enforceCrossUserPermission(int userHandle) {