commit cf008c28b871d4167e5aa19191ca691fb988f8fd
author Kenny Root <kroot@google.com> Sun Sep 16 14:01:43 2012 -0700
committer Kenny Root <kroot@google.com> Sun Sep 16 14:04:56 2012 -0700
tree 41d7d00bb53e40105b598ff665b607680446a541
parent 38305fb1777147cbcb86774c466e88434daff141

Do not allow non-primary user to install certs

Change-Id: Iefc2970ae23d8ce7d30717add211c01cde251c8d

src/com/android/settings/CredentialStorage.java

diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java
index 07b1776..c737c7d 100644
--- a/src/com/android/settings/CredentialStorage.java
+++ b/src/com/android/settings/CredentialStorage.java
@@ -25,6 +25,7 @@
 import android.os.AsyncTask;
 import android.os.Bundle;
 import android.os.RemoteException;
+import android.os.UserHandle;
 import android.security.Credentials;
 import android.security.KeyChain.KeyChainConnection;
 import android.security.KeyChain;
@@ -104,17 +105,24 @@
      */
     private int mRetriesRemaining = -1;
 
-    @Override protected void onResume() {
+    @Override
+    protected void onResume() {
         super.onResume();
 
+        if (UserHandle.myUserId() != UserHandle.USER_OWNER) {
+            Log.i(TAG, "Cannot install to CredentialStorage as non-primary user");
+            finish();
+            return;
+        }
+
         Intent intent = getIntent();
         String action = intent.getAction();
 
         if (ACTION_RESET.equals(action)) {
             new ResetDialog();
         } else {
-            if (ACTION_INSTALL.equals(action) &&
-                    "com.android.certinstaller".equals(getCallingPackage())) {
+            if (ACTION_INSTALL.equals(action)
+                    && "com.android.certinstaller".equals(getCallingPackage())) {
                 mInstallBundle = intent.getExtras();
             }
             // ACTION_UNLOCK also handled here in addition to ACTION_INSTALL