Do not allow non-primary user to install certs
Change-Id: If0896215a4fe1fc0d982a74bd6fee8551e4671fd
diff --git a/res/values/strings.xml b/res/values/strings.xml
index d4b8edd..34d70b0 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -70,4 +70,8 @@
<!-- Shown when USB storage can't be found to look for a certificate. [CHAR LIMIT=30] -->
<string name="sdcard_not_present" product="nosdcard">USB storage not available.</string>
<string name="sdcard_not_present" product="default">SD card isn\'t present.</string>
+
+ <!-- Message displayed when a user other than the owner on a multi-user system tries to
+ install a certificate into the certificate store. [CHAR LIMIT=NONE] -->
+ <string name="only_primary_user_allowed">Only the owner of this device may install certificates.</string>
</resources>
diff --git a/src/com/android/certinstaller/CertInstaller.java b/src/com/android/certinstaller/CertInstaller.java
index d6e3ed6..c953416 100644
--- a/src/com/android/certinstaller/CertInstaller.java
+++ b/src/com/android/certinstaller/CertInstaller.java
@@ -25,6 +25,7 @@
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Bundle;
+import android.os.UserHandle;
import android.security.Credentials;
import android.security.KeyChain;
import android.security.KeyChain.KeyChainConnection;
@@ -84,6 +85,12 @@
protected void onCreate(Bundle savedStates) {
super.onCreate(savedStates);
+ if (UserHandle.myUserId() != UserHandle.USER_OWNER) {
+ toastErrorAndFinish(R.string.only_primary_user_allowed);
+ finish();
+ return;
+ }
+
mCredentials = createCredentialHelper(getIntent());
mState = (savedStates == null) ? STATE_INIT : STATE_RUNNING;
