From 3861bf7e73fab9e39e8d1f6e5194f3600ed929a0 Mon Sep 17 00:00:00 2001
From: Makoto Onuki <omakoto@google.com>
Date: Thu, 28 Jan 2016 11:32:32 -0800
Subject: [PATCH] Throw for unknown user restrictions.

Bug 23902097

Change-Id: I78a4b09db880134577d690be0c50ee9a64e6a309
---
 .../android/server/pm/UserManagerService.java |  3 +++
 .../server/pm/UserRestrictionsUtils.java      | 21 +++++++++++++++++--
 .../DevicePolicyManagerService.java           |  2 ++
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 0f614cad11274..4ff766734fbbc 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -930,6 +930,7 @@ public class UserManagerService extends IUserManager.Stub {
     /** @return a specific user restriction that's in effect currently. */
     @Override
     public boolean hasUserRestriction(String restrictionKey, int userId) {
+        UserRestrictionsUtils.checkRestriction(restrictionKey);
         Bundle restrictions = getEffectiveUserRestrictions(userId);
         return restrictions != null && restrictions.getBoolean(restrictionKey);
     }
@@ -946,6 +947,7 @@ public class UserManagerService extends IUserManager.Stub {
     @Override
     public boolean hasBaseUserRestriction(String restrictionKey, int userId) {
         checkManageUsersPermission("hasBaseUserRestriction");
+        UserRestrictionsUtils.checkRestriction(restrictionKey);
         synchronized (mRestrictionsLock) {
             Bundle bundle = mBaseUserRestrictions.get(userId);
             return (bundle != null && bundle.getBoolean(restrictionKey, false));
@@ -955,6 +957,7 @@ public class UserManagerService extends IUserManager.Stub {
     @Override
     public void setUserRestriction(String key, boolean value, int userId) {
         checkManageUsersPermission("setUserRestriction");
+        UserRestrictionsUtils.checkRestriction(key);
         synchronized (mRestrictionsLock) {
             // Note we can't modify Bundles stored in mBaseUserRestrictions directly, so create
             // a copy.
diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
index 87f505d24ccd6..7ab071f2d0f6f 100644
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -56,7 +56,15 @@ public class UserRestrictionsUtils {
     private UserRestrictionsUtils() {
     }
 
-    public static final Set<String> USER_RESTRICTIONS = Sets.newArraySet(
+    private static Set<String> newSetWithUniqueCheck(String[] strings) {
+        final Set<String> ret = Sets.newArraySet(strings);
+
+        // Make sure there's no overlap.
+        Preconditions.checkState(ret.size() == strings.length);
+        return ret;
+    }
+
+    public static final Set<String> USER_RESTRICTIONS = newSetWithUniqueCheck(new String[] {
             UserManager.DISALLOW_CONFIG_WIFI,
             UserManager.DISALLOW_MODIFY_ACCOUNTS,
             UserManager.DISALLOW_INSTALL_APPS,
@@ -94,7 +102,7 @@ public class UserRestrictionsUtils {
             UserManager.DISALLOW_RUN_IN_BACKGROUND,
             UserManager.DISALLOW_DATA_ROAMING,
             UserManager.DISALLOW_SET_USER_ICON
-    );
+    });
 
     /**
      * Set of user restriction which we don't want to persist.
@@ -140,6 +148,15 @@ public class UserRestrictionsUtils {
             UserManager.DISALLOW_UNMUTE_MICROPHONE
     );
 
+    /**
+     * Throws {@link IllegalArgumentException} if the given restriction name is invalid.
+     */
+    public static void checkRestriction(@NonNull String restriction) {
+        if (!USER_RESTRICTIONS.contains(restriction)) {
+            throw new IllegalArgumentException("Unknown restriction: " + restriction);
+        }
+    }
+
     public static void writeRestrictions(@NonNull XmlSerializer serializer,
             @Nullable Bundle restrictions, @NonNull String tag) throws IOException {
         if (restrictions == null) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 1b0660d4da8f5..dc348cf5c88cc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6771,6 +6771,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     @Override
     public void setUserRestriction(ComponentName who, String key, boolean enabledFromThisOwner) {
         Preconditions.checkNotNull(who, "ComponentName is null");
+        UserRestrictionsUtils.checkRestriction(key);
+
         final int userHandle = mInjector.userHandleGetCallingUserId();
         synchronized (this) {
             ActiveAdmin activeAdmin =