UserManager.java revision 0343ec3abb205b21d554ab432710ff854f3d9d75
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package android.os; 17 18import android.app.ActivityManagerNative; 19import android.content.Context; 20import android.content.RestrictionEntry; 21import android.content.pm.UserInfo; 22import android.content.res.Resources; 23import android.graphics.Bitmap; 24import android.util.Log; 25 26import com.android.internal.R; 27 28import java.util.List; 29 30/** 31 * Manages users and user details on a multi-user system. 32 */ 33public class UserManager { 34 35 private static String TAG = "UserManager"; 36 private final IUserManager mService; 37 private final Context mContext; 38 39 /** 40 * Key for user restrictions. Specifies if a user is disallowed from adding and removing 41 * accounts. 42 * The default value is <code>false</code>. 43 * <p/> 44 * Type: Boolean 45 * @see #setUserRestrictions(Bundle) 46 * @see #getUserRestrictions() 47 */ 48 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 49 50 /** 51 * Key for user restrictions. Specifies if a user is disallowed from changing Wi-Fi 52 * access points. 53 * The default value is <code>false</code>. 54 * <p/> 55 * Type: Boolean 56 * @see #setUserRestrictions(Bundle) 57 * @see #getUserRestrictions() 58 */ 59 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 60 61 /** 62 * Key for user restrictions. Specifies if a user is disallowed from installing applications. 63 * The default value is <code>false</code>. 64 * <p/> 65 * Type: Boolean 66 * @see #setUserRestrictions(Bundle) 67 * @see #getUserRestrictions() 68 */ 69 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 70 71 /** 72 * Key for user restrictions. Specifies if a user is disallowed from uninstalling applications. 73 * The default value is <code>false</code>. 74 * <p/> 75 * Type: Boolean 76 * @see #setUserRestrictions(Bundle) 77 * @see #getUserRestrictions() 78 */ 79 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 80 81 /** 82 * Key for user restrictions. Specifies if a user is disallowed from toggling location sharing. 83 * The default value is <code>false</code>. 84 * <p/> 85 * Type: Boolean 86 * @see #setUserRestrictions(Bundle) 87 * @see #getUserRestrictions() 88 */ 89 90 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 91 92 /** 93 * Key for user restrictions. Specifies if a user is disallowed from enabling the 94 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 95 * The default value is <code>false</code>. 96 * <p/> 97 * Type: Boolean 98 * @see #setUserRestrictions(Bundle) 99 * @see #getUserRestrictions() 100 */ 101 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 102 103 /** 104 * Key for user restrictions. Specifies if a user is disallowed from configuring bluetooth. 105 * The default value is <code>false</code>. 106 * <p/> 107 * Type: Boolean 108 * @see #setUserRestrictions(Bundle) 109 * @see #getUserRestrictions() 110 */ 111 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 112 113 /** 114 * Key for user restrictions. Specifies if a user is disallowed from transferring files over 115 * USB. The default value is <code>false</code>. 116 * <p/> 117 * Type: Boolean 118 * @see #setUserRestrictions(Bundle) 119 * @see #getUserRestrictions() 120 */ 121 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 122 123 /** 124 * Key for user restrictions. Specifies if a user is disallowed from configuring user 125 * credentials. The default value is <code>false</code>. 126 * <p/> 127 * Type: Boolean 128 * @see #setUserRestrictions(Bundle) 129 * @see #getUserRestrictions() 130 */ 131 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 132 133 /** 134 * Key for user restrictions. Specifies if a user is disallowed from removing users. 135 * The default value is <code>false</code>. 136 * <p/> 137 * Type: Boolean 138 * @see #setUserRestrictions(Bundle) 139 * @see #getUserRestrictions() 140 */ 141 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 142 143 /** 144 * Key for user restrictions. Specifies if a user is disallowed from setting app restrictions 145 * via a restrictions PIN. The default is <code>false</code>. If app restrictions have already 146 * been set up, then this user restriction cannot be set to true. 147 * <p/> 148 * Type: Boolean 149 * @see #hasRestrictionsPin() 150 */ 151 public static final String DISALLOW_APP_RESTRICTIONS = "no_app_restrictions"; 152 153 /** @hide */ 154 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 155 /** @hide */ 156 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 157 /** @hide */ 158 public static final int PIN_VERIFICATION_SUCCESS = -1; 159 160 private static UserManager sInstance = null; 161 162 /** @hide */ 163 public synchronized static UserManager get(Context context) { 164 if (sInstance == null) { 165 sInstance = (UserManager) context.getSystemService(Context.USER_SERVICE); 166 } 167 return sInstance; 168 } 169 170 /** @hide */ 171 public UserManager(Context context, IUserManager service) { 172 mService = service; 173 mContext = context; 174 } 175 176 /** 177 * Returns whether the system supports multiple users. 178 * @return true if multiple users can be created, false if it is a single user device. 179 * @hide 180 */ 181 public static boolean supportsMultipleUsers() { 182 return getMaxSupportedUsers() > 1; 183 } 184 185 /** 186 * Returns the user handle for the user that this application is running for. 187 * @return the user handle of the user making this call. 188 * @hide 189 */ 190 public int getUserHandle() { 191 return UserHandle.myUserId(); 192 } 193 194 /** 195 * Returns the user name of the user making this call. This call is only 196 * available to applications on the system image; it requires the 197 * MANAGE_USERS permission. 198 * @return the user name 199 */ 200 public String getUserName() { 201 try { 202 return mService.getUserInfo(getUserHandle()).name; 203 } catch (RemoteException re) { 204 Log.w(TAG, "Could not get user name", re); 205 return ""; 206 } 207 } 208 209 /** 210 * Used to determine whether the user making this call is subject to 211 * teleportations. 212 * @return whether the user making this call is a goat 213 */ 214 public boolean isUserAGoat() { 215 return false; 216 } 217 218 /** 219 * Used to check if the user making this call is linked to another user. Linked users may have 220 * a reduced number of available apps, app restrictions and account restrictions. 221 * @return whether the user making this call is a linked user 222 * @hide 223 */ 224 public boolean isLinkedUser() { 225 try { 226 return mService.isRestricted(); 227 } catch (RemoteException re) { 228 Log.w(TAG, "Could not check if user is limited ", re); 229 return false; 230 } 231 } 232 233 /** 234 * Return whether the given user is actively running. This means that 235 * the user is in the "started" state, not "stopped" -- it is currently 236 * allowed to run code through scheduled alarms, receiving broadcasts, 237 * etc. A started user may be either the current foreground user or a 238 * background user; the result here does not distinguish between the two. 239 * @param user The user to retrieve the running state for. 240 */ 241 public boolean isUserRunning(UserHandle user) { 242 try { 243 return ActivityManagerNative.getDefault().isUserRunning( 244 user.getIdentifier(), false); 245 } catch (RemoteException e) { 246 return false; 247 } 248 } 249 250 /** 251 * Return whether the given user is actively running <em>or</em> stopping. 252 * This is like {@link #isUserRunning(UserHandle)}, but will also return 253 * true if the user had been running but is in the process of being stopped 254 * (but is not yet fully stopped, and still running some code). 255 * @param user The user to retrieve the running state for. 256 */ 257 public boolean isUserRunningOrStopping(UserHandle user) { 258 try { 259 return ActivityManagerNative.getDefault().isUserRunning( 260 user.getIdentifier(), true); 261 } catch (RemoteException e) { 262 return false; 263 } 264 } 265 266 /** 267 * Returns the UserInfo object describing a specific user. 268 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 269 * @param userHandle the user handle of the user whose information is being requested. 270 * @return the UserInfo object for a specific user. 271 * @hide 272 */ 273 public UserInfo getUserInfo(int userHandle) { 274 try { 275 return mService.getUserInfo(userHandle); 276 } catch (RemoteException re) { 277 Log.w(TAG, "Could not get user info", re); 278 return null; 279 } 280 } 281 282 /** 283 * Returns the user-wide restrictions imposed on this user. 284 * @return a Bundle containing all the restrictions. 285 */ 286 public Bundle getUserRestrictions() { 287 return getUserRestrictions(Process.myUserHandle()); 288 } 289 290 /** 291 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 292 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 293 * @return a Bundle containing all the restrictions. 294 */ 295 public Bundle getUserRestrictions(UserHandle userHandle) { 296 try { 297 return mService.getUserRestrictions(userHandle.getIdentifier()); 298 } catch (RemoteException re) { 299 Log.w(TAG, "Could not get user restrictions", re); 300 return Bundle.EMPTY; 301 } 302 } 303 304 /** 305 * Sets all the user-wide restrictions for this user. 306 * Requires the MANAGE_USERS permission. 307 * @param restrictions the Bundle containing all the restrictions. 308 */ 309 public void setUserRestrictions(Bundle restrictions) { 310 setUserRestrictions(restrictions, Process.myUserHandle()); 311 } 312 313 /** 314 * Sets all the user-wide restrictions for the specified user. 315 * Requires the MANAGE_USERS permission. 316 * @param restrictions the Bundle containing all the restrictions. 317 * @param userHandle the UserHandle of the user for whom to set the restrictions. 318 */ 319 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 320 try { 321 mService.setUserRestrictions(restrictions, userHandle.getIdentifier()); 322 } catch (RemoteException re) { 323 Log.w(TAG, "Could not set user restrictions", re); 324 } 325 } 326 327 /** 328 * Sets the value of a specific restriction. 329 * Requires the MANAGE_USERS permission. 330 * @param key the key of the restriction 331 * @param value the value for the restriction 332 */ 333 public void setUserRestriction(String key, boolean value) { 334 Bundle bundle = getUserRestrictions(); 335 bundle.putBoolean(key, value); 336 setUserRestrictions(bundle); 337 } 338 339 /** 340 * @hide 341 * Sets the value of a specific restriction on a specific user. 342 * Requires the {@link android.Manifest.permission#MANAGE_USERS} permission. 343 * @param key the key of the restriction 344 * @param value the value for the restriction 345 * @param userHandle the user whose restriction is to be changed. 346 */ 347 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 348 Bundle bundle = getUserRestrictions(userHandle); 349 bundle.putBoolean(key, value); 350 setUserRestrictions(bundle, userHandle); 351 } 352 353 /** 354 * @hide 355 * Returns whether the current user has been disallowed from performing certain actions 356 * or setting certain settings. 357 * @param restrictionKey the string key representing the restriction 358 */ 359 public boolean hasUserRestriction(String restrictionKey) { 360 return getUserRestrictions().getBoolean(restrictionKey, false); 361 } 362 363 /** 364 * Return the serial number for a user. This is a device-unique 365 * number assigned to that user; if the user is deleted and then a new 366 * user created, the new users will not be given the same serial number. 367 * @param user The user whose serial number is to be retrieved. 368 * @return The serial number of the given user; returns -1 if the 369 * given UserHandle does not exist. 370 * @see #getUserForSerialNumber(long) 371 */ 372 public long getSerialNumberForUser(UserHandle user) { 373 return getUserSerialNumber(user.getIdentifier()); 374 } 375 376 /** 377 * Return the user associated with a serial number previously 378 * returned by {@link #getSerialNumberForUser(UserHandle)}. 379 * @param serialNumber The serial number of the user that is being 380 * retrieved. 381 * @return Return the user associated with the serial number, or null 382 * if there is not one. 383 * @see #getSerialNumberForUser(UserHandle) 384 */ 385 public UserHandle getUserForSerialNumber(long serialNumber) { 386 int ident = getUserHandle((int)serialNumber); 387 return ident >= 0 ? new UserHandle(ident) : null; 388 } 389 390 /** 391 * Creates a user with the specified name and options. 392 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 393 * 394 * @param name the user's name 395 * @param flags flags that identify the type of user and other properties. 396 * @see UserInfo 397 * 398 * @return the UserInfo object for the created user, or null if the user could not be created. 399 * @hide 400 */ 401 public UserInfo createUser(String name, int flags) { 402 try { 403 return mService.createUser(name, flags); 404 } catch (RemoteException re) { 405 Log.w(TAG, "Could not create a user", re); 406 return null; 407 } 408 } 409 410 /** 411 * Return the number of users currently created on the device. 412 */ 413 public int getUserCount() { 414 List<UserInfo> users = getUsers(); 415 return users != null ? users.size() : 1; 416 } 417 418 /** 419 * Returns information for all users on this device. 420 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 421 * @return the list of users that were created. 422 * @hide 423 */ 424 public List<UserInfo> getUsers() { 425 try { 426 return mService.getUsers(false); 427 } catch (RemoteException re) { 428 Log.w(TAG, "Could not get user list", re); 429 return null; 430 } 431 } 432 433 /** 434 * Returns information for all users on this device. 435 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 436 * @param excludeDying specify if the list should exclude users being removed. 437 * @return the list of users that were created. 438 * @hide 439 */ 440 public List<UserInfo> getUsers(boolean excludeDying) { 441 try { 442 return mService.getUsers(excludeDying); 443 } catch (RemoteException re) { 444 Log.w(TAG, "Could not get user list", re); 445 return null; 446 } 447 } 448 449 /** 450 * Removes a user and all associated data. 451 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 452 * @param userHandle the integer handle of the user, where 0 is the primary user. 453 * @hide 454 */ 455 public boolean removeUser(int userHandle) { 456 try { 457 return mService.removeUser(userHandle); 458 } catch (RemoteException re) { 459 Log.w(TAG, "Could not remove user ", re); 460 return false; 461 } 462 } 463 464 /** 465 * Updates the user's name. 466 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 467 * 468 * @param userHandle the user's integer handle 469 * @param name the new name for the user 470 * @hide 471 */ 472 public void setUserName(int userHandle, String name) { 473 try { 474 mService.setUserName(userHandle, name); 475 } catch (RemoteException re) { 476 Log.w(TAG, "Could not set the user name ", re); 477 } 478 } 479 480 /** 481 * Sets the user's photo. 482 * @param userHandle the user for whom to change the photo. 483 * @param icon the bitmap to set as the photo. 484 * @hide 485 */ 486 public void setUserIcon(int userHandle, Bitmap icon) { 487 try { 488 mService.setUserIcon(userHandle, icon); 489 } catch (RemoteException re) { 490 Log.w(TAG, "Could not set the user icon ", re); 491 } 492 } 493 494 /** 495 * Returns a file descriptor for the user's photo. PNG data can be read from this file. 496 * @param userHandle the user whose photo we want to read. 497 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 498 * @hide 499 */ 500 public Bitmap getUserIcon(int userHandle) { 501 try { 502 return mService.getUserIcon(userHandle); 503 } catch (RemoteException re) { 504 Log.w(TAG, "Could not get the user icon ", re); 505 return null; 506 } 507 } 508 509 /** 510 * Enable or disable the use of a guest account. If disabled, the existing guest account 511 * will be wiped. 512 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 513 * @param enable whether to enable a guest account. 514 * @hide 515 */ 516 public void setGuestEnabled(boolean enable) { 517 try { 518 mService.setGuestEnabled(enable); 519 } catch (RemoteException re) { 520 Log.w(TAG, "Could not change guest account availability to " + enable); 521 } 522 } 523 524 /** 525 * Checks if a guest user is enabled for this device. 526 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 527 * @return whether a guest user is enabled 528 * @hide 529 */ 530 public boolean isGuestEnabled() { 531 try { 532 return mService.isGuestEnabled(); 533 } catch (RemoteException re) { 534 Log.w(TAG, "Could not retrieve guest enabled state"); 535 return false; 536 } 537 } 538 539 /** 540 * Wipes all the data for a user, but doesn't remove the user. 541 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 542 * @param userHandle 543 * @hide 544 */ 545 public void wipeUser(int userHandle) { 546 try { 547 mService.wipeUser(userHandle); 548 } catch (RemoteException re) { 549 Log.w(TAG, "Could not wipe user " + userHandle); 550 } 551 } 552 553 /** 554 * Returns the maximum number of users that can be created on this device. A return value 555 * of 1 means that it is a single user device. 556 * @hide 557 * @return a value greater than or equal to 1 558 */ 559 public static int getMaxSupportedUsers() { 560 // Don't allow multiple users on certain builds 561 if (android.os.Build.ID.startsWith("JVP")) return 1; 562 return SystemProperties.getInt("fw.max_users", 563 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 564 } 565 566 /** 567 * Returns a serial number on this device for a given userHandle. User handles can be recycled 568 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 569 * @param userHandle 570 * @return a serial number associated with that user, or -1 if the userHandle is not valid. 571 * @hide 572 */ 573 public int getUserSerialNumber(int userHandle) { 574 try { 575 return mService.getUserSerialNumber(userHandle); 576 } catch (RemoteException re) { 577 Log.w(TAG, "Could not get serial number for user " + userHandle); 578 } 579 return -1; 580 } 581 582 /** 583 * Returns a userHandle on this device for a given user serial number. User handles can be 584 * recycled when deleting and creating users, but serial numbers are not reused until the device 585 * is wiped. 586 * @param userSerialNumber 587 * @return the userHandle associated with that user serial number, or -1 if the serial number 588 * is not valid. 589 * @hide 590 */ 591 public int getUserHandle(int userSerialNumber) { 592 try { 593 return mService.getUserHandle(userSerialNumber); 594 } catch (RemoteException re) { 595 Log.w(TAG, "Could not get userHandle for user " + userSerialNumber); 596 } 597 return -1; 598 } 599 600 /** 601 * Returns a Bundle containing any saved application restrictions for this user, for the 602 * given package name. Only an application with this package name can call this method. 603 * @param packageName the package name of the calling application 604 * @return a Bundle with the restrictions as key/value pairs, or null if there are no 605 * saved restrictions. The values can be of type Boolean, String or String[], depending 606 * on the restriction type, as defined by the application. 607 */ 608 public Bundle getApplicationRestrictions(String packageName) { 609 try { 610 return mService.getApplicationRestrictions(packageName); 611 } catch (RemoteException re) { 612 Log.w(TAG, "Could not get application restrictions for package " + packageName); 613 } 614 return null; 615 } 616 617 /** 618 * @hide 619 */ 620 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 621 try { 622 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 623 } catch (RemoteException re) { 624 Log.w(TAG, "Could not get application restrictions for user " + user.getIdentifier()); 625 } 626 return null; 627 } 628 629 /** 630 * @hide 631 */ 632 public void setApplicationRestrictions(String packageName, Bundle restrictions, 633 UserHandle user) { 634 try { 635 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 636 } catch (RemoteException re) { 637 Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier()); 638 } 639 } 640 641 /** 642 * @hide 643 * Sets a new restrictions PIN. This should only be called after verifying that there 644 * currently isn't a PIN set, or after the user successfully enters the current PIN. 645 * @param newPin 646 * @return Returns true if the PIN was changed successfully. 647 */ 648 public boolean changeRestrictionsPin(String newPin) { 649 try { 650 return mService.changeRestrictionsPin(newPin); 651 } catch (RemoteException re) { 652 Log.w(TAG, "Could not change restrictions pin"); 653 } 654 return false; 655 } 656 657 /** 658 * @hide 659 * @param pin The PIN to verify, or null to get the number of milliseconds to wait for before 660 * allowing the user to enter the PIN. 661 * @return Returns a positive number (including zero) for how many milliseconds before 662 * you can accept another PIN, when the input is null or the input doesn't match the saved PIN. 663 * Returns {@link #PIN_VERIFICATION_SUCCESS} if the input matches the saved PIN. Returns 664 * {@link #PIN_VERIFICATION_FAILED_NOT_SET} if there is no PIN set. 665 */ 666 public int checkRestrictionsPin(String pin) { 667 try { 668 return mService.checkRestrictionsPin(pin); 669 } catch (RemoteException re) { 670 Log.w(TAG, "Could not check restrictions pin"); 671 } 672 return PIN_VERIFICATION_FAILED_INCORRECT; 673 } 674 675 /** 676 * Checks whether the user has restrictions that are PIN-protected. An application that 677 * participates in restrictions can check if the owner has requested a PIN challenge for 678 * any restricted operations. If there is a PIN in effect, the application should launch 679 * the PIN challenge activity {@link android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE}. 680 * @see android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE 681 * @return whether a restrictions PIN is in effect. 682 */ 683 public boolean hasRestrictionsPin() { 684 try { 685 return mService.hasRestrictionsPin(); 686 } catch (RemoteException re) { 687 Log.w(TAG, "Could not change restrictions pin"); 688 } 689 return false; 690 } 691 692 /** @hide */ 693 public void removeRestrictions() { 694 try { 695 mService.removeRestrictions(); 696 } catch (RemoteException re) { 697 Log.w(TAG, "Could not change restrictions pin"); 698 } 699 } 700} 701