diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
index 435b6026830ed..90e4acfb9044a 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
@@ -207,6 +207,11 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi
             context.powerManager.goToSleep(time, reason, flags);
         }
 
+        @Override
+        void powerManagerReboot(String reason) {
+            context.powerManager.reboot(reason);
+        }
+
         @Override
         boolean systemPropertiesGetBoolean(String key, boolean def) {
             return context.systemProperties.getBoolean(key, def);
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 7747fd9a1cb50..568e1d543455b 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -1349,4 +1349,40 @@ public class DevicePolicyManagerTest extends DpmTestBase {
         when(mContext.wifiManager.getConnectionInfo()).thenReturn(wi);
         assertEquals("11:22:33:44:55:66", dpm.getWifiMacAddress());
     }
+
+    public void testRebootCanOnlyBeCalledByDeviceOwner() throws Exception {
+        mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
+        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
+
+        // In this test, change the caller user to "system".
+        mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
+
+        // Make sure admin1 is installed on system user.
+        setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
+
+        // Set admin1 as DA.
+        dpm.setActiveAdmin(admin1, false);
+        assertTrue(dpm.isAdminActive(admin1));
+        try {
+            dpm.reboot(admin1);
+            fail("DA calls DPM.reboot(), did not throw expected SecurityException");
+        } catch (SecurityException expected) {
+            MoreAsserts.assertContainsRegex("does not own the device", expected.getMessage());
+        }
+
+        // Set admin1 as PO.
+        assertTrue(dpm.setProfileOwner(admin1, null, UserHandle.USER_SYSTEM));
+        try {
+            dpm.reboot(admin1);
+            fail("PO calls DPM.reboot(), did not throw expected SecurityException");
+        } catch (SecurityException expected) {
+            MoreAsserts.assertContainsRegex("does not own the device", expected.getMessage());
+        }
+
+        // Remove PO and add DO.
+        dpm.clearProfileOwner(admin1);
+        assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
+
+        dpm.reboot(admin1);
+    }
 }
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
index 66d701d0a3ca4..56667e5ac4780 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
@@ -134,6 +134,9 @@ public class DpmMockContext extends MockContext {
 
         public void goToSleep(long time, int reason, int flags) {
         }
+
+        public void reboot(String reason) {
+        }
     }
 
     public static class SystemPropertiesForMock {