1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package android.os; 17 18import android.app.ActivityManagerNative; 19import android.content.Context; 20import android.content.RestrictionEntry; 21import android.content.pm.UserInfo; 22import android.content.res.Resources; 23import android.graphics.Bitmap; 24import android.util.Log; 25 26import com.android.internal.R; 27 28import java.util.List; 29 30/** 31 * Manages users and user details on a multi-user system. 32 */ 33public class UserManager { 34 35 private static String TAG = "UserManager"; 36 private final IUserManager mService; 37 private final Context mContext; 38 39 /** 40 * Key for user restrictions. Specifies if a user is disallowed from adding and removing 41 * accounts. 42 * The default value is <code>false</code>. 43 * <p/> 44 * Type: Boolean 45 * @see #setUserRestrictions(Bundle) 46 * @see #getUserRestrictions() 47 */ 48 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 49 50 /** 51 * Key for user restrictions. Specifies if a user is disallowed from changing Wi-Fi 52 * access points. 53 * The default value is <code>false</code>. 54 * <p/> 55 * Type: Boolean 56 * @see #setUserRestrictions(Bundle) 57 * @see #getUserRestrictions() 58 */ 59 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 60 61 /** 62 * Key for user restrictions. Specifies if a user is disallowed from installing applications. 63 * The default value is <code>false</code>. 64 * <p/> 65 * Type: Boolean 66 * @see #setUserRestrictions(Bundle) 67 * @see #getUserRestrictions() 68 */ 69 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 70 71 /** 72 * Key for user restrictions. Specifies if a user is disallowed from uninstalling applications. 73 * The default value is <code>false</code>. 74 * <p/> 75 * Type: Boolean 76 * @see #setUserRestrictions(Bundle) 77 * @see #getUserRestrictions() 78 */ 79 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 80 81 /** 82 * Key for user restrictions. Specifies if a user is disallowed from toggling location sharing. 83 * The default value is <code>false</code>. 84 * <p/> 85 * Type: Boolean 86 * @see #setUserRestrictions(Bundle) 87 * @see #getUserRestrictions() 88 */ 89 90 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 91 92 /** 93 * Key for user restrictions. Specifies if a user is disallowed from enabling the 94 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 95 * The default value is <code>false</code>. 96 * <p/> 97 * Type: Boolean 98 * @see #setUserRestrictions(Bundle) 99 * @see #getUserRestrictions() 100 */ 101 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 102 103 /** 104 * Key for user restrictions. Specifies if a user is disallowed from configuring bluetooth. 105 * The default value is <code>false</code>. 106 * <p/> 107 * Type: Boolean 108 * @see #setUserRestrictions(Bundle) 109 * @see #getUserRestrictions() 110 */ 111 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 112 113 /** 114 * Key for user restrictions. Specifies if a user is disallowed from transferring files over 115 * USB. The default value is <code>false</code>. 116 * <p/> 117 * Type: Boolean 118 * @see #setUserRestrictions(Bundle) 119 * @see #getUserRestrictions() 120 */ 121 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 122 123 /** 124 * Key for user restrictions. Specifies if a user is disallowed from configuring user 125 * credentials. The default value is <code>false</code>. 126 * <p/> 127 * Type: Boolean 128 * @see #setUserRestrictions(Bundle) 129 * @see #getUserRestrictions() 130 */ 131 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 132 133 /** 134 * Key for user restrictions. Specifies if a user is disallowed from removing users. 135 * The default value is <code>false</code>. 136 * <p/> 137 * Type: Boolean 138 * @see #setUserRestrictions(Bundle) 139 * @see #getUserRestrictions() 140 */ 141 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 142 143 /** @hide */ 144 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 145 /** @hide */ 146 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 147 /** @hide */ 148 public static final int PIN_VERIFICATION_SUCCESS = -1; 149 150 private static UserManager sInstance = null; 151 152 /** @hide */ 153 public synchronized static UserManager get(Context context) { 154 if (sInstance == null) { 155 sInstance = (UserManager) context.getSystemService(Context.USER_SERVICE); 156 } 157 return sInstance; 158 } 159 160 /** @hide */ 161 public UserManager(Context context, IUserManager service) { 162 mService = service; 163 mContext = context; 164 } 165 166 /** 167 * Returns whether the system supports multiple users. 168 * @return true if multiple users can be created, false if it is a single user device. 169 * @hide 170 */ 171 public static boolean supportsMultipleUsers() { 172 return getMaxSupportedUsers() > 1; 173 } 174 175 /** 176 * Returns the user handle for the user that this application is running for. 177 * @return the user handle of the user making this call. 178 * @hide 179 */ 180 public int getUserHandle() { 181 return UserHandle.myUserId(); 182 } 183 184 /** 185 * Returns the user name of the user making this call. This call is only 186 * available to applications on the system image; it requires the 187 * MANAGE_USERS permission. 188 * @return the user name 189 */ 190 public String getUserName() { 191 try { 192 return mService.getUserInfo(getUserHandle()).name; 193 } catch (RemoteException re) { 194 Log.w(TAG, "Could not get user name", re); 195 return ""; 196 } 197 } 198 199 /** 200 * Used to determine whether the user making this call is subject to 201 * teleportations. 202 * @return whether the user making this call is a goat 203 */ 204 public boolean isUserAGoat() { 205 return false; 206 } 207 208 /** 209 * Used to check if the user making this call is linked to another user. Linked users may have 210 * a reduced number of available apps, app restrictions and account restrictions. 211 * @return whether the user making this call is a linked user 212 * @hide 213 */ 214 public boolean isLinkedUser() { 215 try { 216 return mService.isRestricted(); 217 } catch (RemoteException re) { 218 Log.w(TAG, "Could not check if user is limited ", re); 219 return false; 220 } 221 } 222 223 /** 224 * Return whether the given user is actively running. This means that 225 * the user is in the "started" state, not "stopped" -- it is currently 226 * allowed to run code through scheduled alarms, receiving broadcasts, 227 * etc. A started user may be either the current foreground user or a 228 * background user; the result here does not distinguish between the two. 229 * @param user The user to retrieve the running state for. 230 */ 231 public boolean isUserRunning(UserHandle user) { 232 try { 233 return ActivityManagerNative.getDefault().isUserRunning( 234 user.getIdentifier(), false); 235 } catch (RemoteException e) { 236 return false; 237 } 238 } 239 240 /** 241 * Return whether the given user is actively running <em>or</em> stopping. 242 * This is like {@link #isUserRunning(UserHandle)}, but will also return 243 * true if the user had been running but is in the process of being stopped 244 * (but is not yet fully stopped, and still running some code). 245 * @param user The user to retrieve the running state for. 246 */ 247 public boolean isUserRunningOrStopping(UserHandle user) { 248 try { 249 return ActivityManagerNative.getDefault().isUserRunning( 250 user.getIdentifier(), true); 251 } catch (RemoteException e) { 252 return false; 253 } 254 } 255 256 /** 257 * Returns the UserInfo object describing a specific user. 258 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 259 * @param userHandle the user handle of the user whose information is being requested. 260 * @return the UserInfo object for a specific user. 261 * @hide 262 */ 263 public UserInfo getUserInfo(int userHandle) { 264 try { 265 return mService.getUserInfo(userHandle); 266 } catch (RemoteException re) { 267 Log.w(TAG, "Could not get user info", re); 268 return null; 269 } 270 } 271 272 /** 273 * Returns the user-wide restrictions imposed on this user. 274 * @return a Bundle containing all the restrictions. 275 */ 276 public Bundle getUserRestrictions() { 277 return getUserRestrictions(Process.myUserHandle()); 278 } 279 280 /** 281 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 282 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 283 * @return a Bundle containing all the restrictions. 284 */ 285 public Bundle getUserRestrictions(UserHandle userHandle) { 286 try { 287 return mService.getUserRestrictions(userHandle.getIdentifier()); 288 } catch (RemoteException re) { 289 Log.w(TAG, "Could not get user restrictions", re); 290 return Bundle.EMPTY; 291 } 292 } 293 294 /** 295 * Sets all the user-wide restrictions for this user. 296 * Requires the MANAGE_USERS permission. 297 * @param restrictions the Bundle containing all the restrictions. 298 */ 299 public void setUserRestrictions(Bundle restrictions) { 300 setUserRestrictions(restrictions, Process.myUserHandle()); 301 } 302 303 /** 304 * Sets all the user-wide restrictions for the specified user. 305 * Requires the MANAGE_USERS permission. 306 * @param restrictions the Bundle containing all the restrictions. 307 * @param userHandle the UserHandle of the user for whom to set the restrictions. 308 */ 309 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 310 try { 311 mService.setUserRestrictions(restrictions, userHandle.getIdentifier()); 312 } catch (RemoteException re) { 313 Log.w(TAG, "Could not set user restrictions", re); 314 } 315 } 316 317 /** 318 * Sets the value of a specific restriction. 319 * Requires the MANAGE_USERS permission. 320 * @param key the key of the restriction 321 * @param value the value for the restriction 322 */ 323 public void setUserRestriction(String key, boolean value) { 324 Bundle bundle = getUserRestrictions(); 325 bundle.putBoolean(key, value); 326 setUserRestrictions(bundle); 327 } 328 329 /** 330 * @hide 331 * Sets the value of a specific restriction on a specific user. 332 * Requires the {@link android.Manifest.permission#MANAGE_USERS} permission. 333 * @param key the key of the restriction 334 * @param value the value for the restriction 335 * @param userHandle the user whose restriction is to be changed. 336 */ 337 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 338 Bundle bundle = getUserRestrictions(userHandle); 339 bundle.putBoolean(key, value); 340 setUserRestrictions(bundle, userHandle); 341 } 342 343 /** 344 * @hide 345 * Returns whether the current user has been disallowed from performing certain actions 346 * or setting certain settings. 347 * @param restrictionKey the string key representing the restriction 348 */ 349 public boolean hasUserRestriction(String restrictionKey) { 350 return hasUserRestriction(restrictionKey, Process.myUserHandle()); 351 } 352 353 /** 354 * @hide 355 * Returns whether the given user has been disallowed from performing certain actions 356 * or setting certain settings. 357 * @param restrictionKey the string key representing the restriction 358 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 359 */ 360 public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) { 361 return getUserRestrictions(userHandle).getBoolean(restrictionKey, false); 362 } 363 364 /** 365 * Return the serial number for a user. This is a device-unique 366 * number assigned to that user; if the user is deleted and then a new 367 * user created, the new users will not be given the same serial number. 368 * @param user The user whose serial number is to be retrieved. 369 * @return The serial number of the given user; returns -1 if the 370 * given UserHandle does not exist. 371 * @see #getUserForSerialNumber(long) 372 */ 373 public long getSerialNumberForUser(UserHandle user) { 374 return getUserSerialNumber(user.getIdentifier()); 375 } 376 377 /** 378 * Return the user associated with a serial number previously 379 * returned by {@link #getSerialNumberForUser(UserHandle)}. 380 * @param serialNumber The serial number of the user that is being 381 * retrieved. 382 * @return Return the user associated with the serial number, or null 383 * if there is not one. 384 * @see #getSerialNumberForUser(UserHandle) 385 */ 386 public UserHandle getUserForSerialNumber(long serialNumber) { 387 int ident = getUserHandle((int)serialNumber); 388 return ident >= 0 ? new UserHandle(ident) : null; 389 } 390 391 /** 392 * Creates a user with the specified name and options. 393 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 394 * 395 * @param name the user's name 396 * @param flags flags that identify the type of user and other properties. 397 * @see UserInfo 398 * 399 * @return the UserInfo object for the created user, or null if the user could not be created. 400 * @hide 401 */ 402 public UserInfo createUser(String name, int flags) { 403 try { 404 return mService.createUser(name, flags); 405 } catch (RemoteException re) { 406 Log.w(TAG, "Could not create a user", re); 407 return null; 408 } 409 } 410 411 /** 412 * Return the number of users currently created on the device. 413 */ 414 public int getUserCount() { 415 List<UserInfo> users = getUsers(); 416 return users != null ? users.size() : 1; 417 } 418 419 /** 420 * Returns information for all users on this device. 421 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 422 * @return the list of users that were created. 423 * @hide 424 */ 425 public List<UserInfo> getUsers() { 426 try { 427 return mService.getUsers(false); 428 } catch (RemoteException re) { 429 Log.w(TAG, "Could not get user list", re); 430 return null; 431 } 432 } 433 434 /** 435 * Returns information for all users on this device. 436 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 437 * @param excludeDying specify if the list should exclude users being removed. 438 * @return the list of users that were created. 439 * @hide 440 */ 441 public List<UserInfo> getUsers(boolean excludeDying) { 442 try { 443 return mService.getUsers(excludeDying); 444 } catch (RemoteException re) { 445 Log.w(TAG, "Could not get user list", re); 446 return null; 447 } 448 } 449 450 /** 451 * Removes a user and all associated data. 452 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 453 * @param userHandle the integer handle of the user, where 0 is the primary user. 454 * @hide 455 */ 456 public boolean removeUser(int userHandle) { 457 try { 458 return mService.removeUser(userHandle); 459 } catch (RemoteException re) { 460 Log.w(TAG, "Could not remove user ", re); 461 return false; 462 } 463 } 464 465 /** 466 * Updates the user's name. 467 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 468 * 469 * @param userHandle the user's integer handle 470 * @param name the new name for the user 471 * @hide 472 */ 473 public void setUserName(int userHandle, String name) { 474 try { 475 mService.setUserName(userHandle, name); 476 } catch (RemoteException re) { 477 Log.w(TAG, "Could not set the user name ", re); 478 } 479 } 480 481 /** 482 * Sets the user's photo. 483 * @param userHandle the user for whom to change the photo. 484 * @param icon the bitmap to set as the photo. 485 * @hide 486 */ 487 public void setUserIcon(int userHandle, Bitmap icon) { 488 try { 489 mService.setUserIcon(userHandle, icon); 490 } catch (RemoteException re) { 491 Log.w(TAG, "Could not set the user icon ", re); 492 } 493 } 494 495 /** 496 * Returns a file descriptor for the user's photo. PNG data can be read from this file. 497 * @param userHandle the user whose photo we want to read. 498 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 499 * @hide 500 */ 501 public Bitmap getUserIcon(int userHandle) { 502 try { 503 return mService.getUserIcon(userHandle); 504 } catch (RemoteException re) { 505 Log.w(TAG, "Could not get the user icon ", re); 506 return null; 507 } 508 } 509 510 /** 511 * Enable or disable the use of a guest account. If disabled, the existing guest account 512 * will be wiped. 513 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 514 * @param enable whether to enable a guest account. 515 * @hide 516 */ 517 public void setGuestEnabled(boolean enable) { 518 try { 519 mService.setGuestEnabled(enable); 520 } catch (RemoteException re) { 521 Log.w(TAG, "Could not change guest account availability to " + enable); 522 } 523 } 524 525 /** 526 * Checks if a guest user is enabled for this device. 527 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 528 * @return whether a guest user is enabled 529 * @hide 530 */ 531 public boolean isGuestEnabled() { 532 try { 533 return mService.isGuestEnabled(); 534 } catch (RemoteException re) { 535 Log.w(TAG, "Could not retrieve guest enabled state"); 536 return false; 537 } 538 } 539 540 /** 541 * Wipes all the data for a user, but doesn't remove the user. 542 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 543 * @param userHandle 544 * @hide 545 */ 546 public void wipeUser(int userHandle) { 547 try { 548 mService.wipeUser(userHandle); 549 } catch (RemoteException re) { 550 Log.w(TAG, "Could not wipe user " + userHandle); 551 } 552 } 553 554 /** 555 * Returns the maximum number of users that can be created on this device. A return value 556 * of 1 means that it is a single user device. 557 * @hide 558 * @return a value greater than or equal to 1 559 */ 560 public static int getMaxSupportedUsers() { 561 // Don't allow multiple users on certain builds 562 if (android.os.Build.ID.startsWith("JVP")) return 1; 563 return SystemProperties.getInt("fw.max_users", 564 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 565 } 566 567 /** 568 * Returns a serial number on this device for a given userHandle. User handles can be recycled 569 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 570 * @param userHandle 571 * @return a serial number associated with that user, or -1 if the userHandle is not valid. 572 * @hide 573 */ 574 public int getUserSerialNumber(int userHandle) { 575 try { 576 return mService.getUserSerialNumber(userHandle); 577 } catch (RemoteException re) { 578 Log.w(TAG, "Could not get serial number for user " + userHandle); 579 } 580 return -1; 581 } 582 583 /** 584 * Returns a userHandle on this device for a given user serial number. User handles can be 585 * recycled when deleting and creating users, but serial numbers are not reused until the device 586 * is wiped. 587 * @param userSerialNumber 588 * @return the userHandle associated with that user serial number, or -1 if the serial number 589 * is not valid. 590 * @hide 591 */ 592 public int getUserHandle(int userSerialNumber) { 593 try { 594 return mService.getUserHandle(userSerialNumber); 595 } catch (RemoteException re) { 596 Log.w(TAG, "Could not get userHandle for user " + userSerialNumber); 597 } 598 return -1; 599 } 600 601 /** 602 * Returns a Bundle containing any saved application restrictions for this user, for the 603 * given package name. Only an application with this package name can call this method. 604 * @param packageName the package name of the calling application 605 * @return a Bundle with the restrictions as key/value pairs, or null if there are no 606 * saved restrictions. The values can be of type Boolean, String or String[], depending 607 * on the restriction type, as defined by the application. 608 */ 609 public Bundle getApplicationRestrictions(String packageName) { 610 try { 611 return mService.getApplicationRestrictions(packageName); 612 } catch (RemoteException re) { 613 Log.w(TAG, "Could not get application restrictions for package " + packageName); 614 } 615 return null; 616 } 617 618 /** 619 * @hide 620 */ 621 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 622 try { 623 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 624 } catch (RemoteException re) { 625 Log.w(TAG, "Could not get application restrictions for user " + user.getIdentifier()); 626 } 627 return null; 628 } 629 630 /** 631 * @hide 632 */ 633 public void setApplicationRestrictions(String packageName, Bundle restrictions, 634 UserHandle user) { 635 try { 636 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 637 } catch (RemoteException re) { 638 Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier()); 639 } 640 } 641 642 /** 643 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed 644 * apps and requires the MANAGE_USERS permission. 645 * @param newPin the PIN to use for challenge dialogs. 646 * @return Returns true if the challenge PIN was set successfully. 647 */ 648 public boolean setRestrictionsChallenge(String newPin) { 649 try { 650 return mService.setRestrictionsChallenge(newPin); 651 } catch (RemoteException re) { 652 Log.w(TAG, "Could not change restrictions pin"); 653 } 654 return false; 655 } 656 657 /** 658 * @hide 659 * @param pin The PIN to verify, or null to get the number of milliseconds to wait for before 660 * allowing the user to enter the PIN. 661 * @return Returns a positive number (including zero) for how many milliseconds before 662 * you can accept another PIN, when the input is null or the input doesn't match the saved PIN. 663 * Returns {@link #PIN_VERIFICATION_SUCCESS} if the input matches the saved PIN. Returns 664 * {@link #PIN_VERIFICATION_FAILED_NOT_SET} if there is no PIN set. 665 */ 666 public int checkRestrictionsChallenge(String pin) { 667 try { 668 return mService.checkRestrictionsChallenge(pin); 669 } catch (RemoteException re) { 670 Log.w(TAG, "Could not check restrictions pin"); 671 } 672 return PIN_VERIFICATION_FAILED_INCORRECT; 673 } 674 675 /** 676 * @hide 677 * Checks whether the user has restrictions that are PIN-protected. An application that 678 * participates in restrictions can check if the owner has requested a PIN challenge for 679 * any restricted operations. If there is a PIN in effect, the application should launch 680 * the PIN challenge activity {@link android.content.Intent#ACTION_RESTRICTIONS_CHALLENGE}. 681 * @see android.content.Intent#ACTION_RESTRICTIONS_CHALLENGE 682 * @return whether a restrictions PIN is in effect. 683 */ 684 public boolean hasRestrictionsChallenge() { 685 try { 686 return mService.hasRestrictionsChallenge(); 687 } catch (RemoteException re) { 688 Log.w(TAG, "Could not change restrictions pin"); 689 } 690 return false; 691 } 692 693 /** @hide */ 694 public void removeRestrictions() { 695 try { 696 mService.removeRestrictions(); 697 } catch (RemoteException re) { 698 Log.w(TAG, "Could not change restrictions pin"); 699 } 700 } 701} 702