UserManager.java revision 6090995951c6e2e4dcf38102f01793f8a94166e1 
1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16package android.os;
17
18import android.app.ActivityManagerNative;
19import android.content.Context;
20import android.content.pm.UserInfo;
21import android.content.res.Resources;
22import android.graphics.Bitmap;
23import android.util.Log;
24
25import com.android.internal.R;
26
27import java.util.List;
28
29/**
30 * Manages users and user details on a multi-user system.
31 */
32public class UserManager {
33
34    private static String TAG = "UserManager";
35    private final IUserManager mService;
36    private final Context mContext;
37
38    /**
39     * Key for user restrictions. Specifies if a user is disallowed from adding and removing
40     * accounts.
41     * The default value is <code>false</code>.
42     * <p/>
43     * Type: Boolean
44     * @see #setUserRestrictions(Bundle)
45     * @see #getUserRestrictions()
46     */
47    public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";
48
49    /**
50     * Key for user restrictions. Specifies if a user is disallowed from changing Wi-Fi
51     * access points.
52     * The default value is <code>false</code>.
53     * <p/>
54     * Type: Boolean
55     * @see #setUserRestrictions(Bundle)
56     * @see #getUserRestrictions()
57     */
58    public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi";
59
60    /**
61     * Key for user restrictions. Specifies if a user is disallowed from installing applications.
62     * The default value is <code>false</code>.
63     * <p/>
64     * Type: Boolean
65     * @see #setUserRestrictions(Bundle)
66     * @see #getUserRestrictions()
67     */
68    public static final String DISALLOW_INSTALL_APPS = "no_install_apps";
69
70    /**
71     * Key for user restrictions. Specifies if a user is disallowed from uninstalling applications.
72     * The default value is <code>false</code>.
73     * <p/>
74     * Type: Boolean
75     * @see #setUserRestrictions(Bundle)
76     * @see #getUserRestrictions()
77     */
78    public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps";
79
80    /**
81     * Key for user restrictions. Specifies if a user is disallowed from toggling location sharing.
82     * The default value is <code>false</code>.
83     * <p/>
84     * Type: Boolean
85     * @see #setUserRestrictions(Bundle)
86     * @see #getUserRestrictions()
87     */
88
89    public static final String DISALLOW_SHARE_LOCATION = "no_share_location";
90
91    /**
92     * Key for user restrictions. Specifies if a user is disallowed from enabling the
93     * "Unknown Sources" setting, that allows installation of apps from unknown sources.
94     * The default value is <code>false</code>.
95     * <p/>
96     * Type: Boolean
97     * @see #setUserRestrictions(Bundle)
98     * @see #getUserRestrictions()
99     */
100    public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources";
101
102    /**
103     * Key for user restrictions. Specifies if a user is disallowed from configuring bluetooth.
104     * The default value is <code>false</code>.
105     * <p/>
106     * Type: Boolean
107     * @see #setUserRestrictions(Bundle)
108     * @see #getUserRestrictions()
109     */
110    public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth";
111
112    /**
113     * Key for user restrictions. Specifies if a user is disallowed from transferring files over
114     * USB. The default value is <code>false</code>.
115     * <p/>
116     * Type: Boolean
117     * @see #setUserRestrictions(Bundle)
118     * @see #getUserRestrictions()
119     */
120    public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer";
121
122    /**
123     * Key for user restrictions. Specifies if a user is disallowed from configuring user
124     * credentials. The default value is <code>false</code>.
125     * <p/>
126     * Type: Boolean
127     * @see #setUserRestrictions(Bundle)
128     * @see #getUserRestrictions()
129     */
130    public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials";
131
132    /**
133     * Key for user restrictions. Specifies if a user is disallowed from removing users.
134     * The default value is <code>false</code>.
135     * <p/>
136     * Type: Boolean
137     * @see #setUserRestrictions(Bundle)
138     * @see #getUserRestrictions()
139     */
140    public static final String DISALLOW_REMOVE_USER = "no_remove_user";
141
142    /** @hide */
143    public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;
144    /** @hide */
145    public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2;
146    /** @hide */
147    public static final int PIN_VERIFICATION_SUCCESS = -1;
148
149    private static UserManager sInstance = null;
150
151    /** @hide */
152    public synchronized static UserManager get(Context context) {
153        if (sInstance == null) {
154            sInstance = (UserManager) context.getSystemService(Context.USER_SERVICE);
155        }
156        return sInstance;
157    }
158
159    /** @hide */
160    public UserManager(Context context, IUserManager service) {
161        mService = service;
162        mContext = context;
163    }
164
165    /**
166     * Returns whether the system supports multiple users.
167     * @return true if multiple users can be created, false if it is a single user device.
168     * @hide
169     */
170    public static boolean supportsMultipleUsers() {
171        return getMaxSupportedUsers() > 1;
172    }
173
174    /**
175     * Returns the user handle for the user that this application is running for.
176     * @return the user handle of the user making this call.
177     * @hide
178     */
179    public int getUserHandle() {
180        return UserHandle.myUserId();
181    }
182
183    /**
184     * Returns the user name of the user making this call.  This call is only
185     * available to applications on the system image; it requires the
186     * MANAGE_USERS permission.
187     * @return the user name
188     */
189    public String getUserName() {
190        try {
191            return mService.getUserInfo(getUserHandle()).name;
192        } catch (RemoteException re) {
193            Log.w(TAG, "Could not get user name", re);
194            return "";
195        }
196    }
197
198   /**
199     * Used to determine whether the user making this call is subject to
200     * teleportations.
201     * @return whether the user making this call is a goat
202     */
203    public boolean isUserAGoat() {
204        return false;
205    }
206
207    /**
208     * Used to check if the user making this call is linked to another user. Linked users may have
209     * a reduced number of available apps, app restrictions and account restrictions.
210     * @return whether the user making this call is a linked user
211     * @hide
212     */
213    public boolean isLinkedUser() {
214        try {
215            return mService.isRestricted();
216        } catch (RemoteException re) {
217            Log.w(TAG, "Could not check if user is limited ", re);
218            return false;
219        }
220    }
221
222    /**
223     * Return whether the given user is actively running.  This means that
224     * the user is in the "started" state, not "stopped" -- it is currently
225     * allowed to run code through scheduled alarms, receiving broadcasts,
226     * etc.  A started user may be either the current foreground user or a
227     * background user; the result here does not distinguish between the two.
228     * @param user The user to retrieve the running state for.
229     */
230    public boolean isUserRunning(UserHandle user) {
231        try {
232            return ActivityManagerNative.getDefault().isUserRunning(
233                    user.getIdentifier(), false);
234        } catch (RemoteException e) {
235            return false;
236        }
237    }
238
239    /**
240     * Return whether the given user is actively running <em>or</em> stopping.
241     * This is like {@link #isUserRunning(UserHandle)}, but will also return
242     * true if the user had been running but is in the process of being stopped
243     * (but is not yet fully stopped, and still running some code).
244     * @param user The user to retrieve the running state for.
245     */
246    public boolean isUserRunningOrStopping(UserHandle user) {
247        try {
248            return ActivityManagerNative.getDefault().isUserRunning(
249                    user.getIdentifier(), true);
250        } catch (RemoteException e) {
251            return false;
252        }
253    }
254
255    /**
256     * Returns the UserInfo object describing a specific user.
257     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
258     * @param userHandle the user handle of the user whose information is being requested.
259     * @return the UserInfo object for a specific user.
260     * @hide
261     */
262    public UserInfo getUserInfo(int userHandle) {
263        try {
264            return mService.getUserInfo(userHandle);
265        } catch (RemoteException re) {
266            Log.w(TAG, "Could not get user info", re);
267            return null;
268        }
269    }
270
271    /**
272     * Returns the user-wide restrictions imposed on this user.
273     * @return a Bundle containing all the restrictions.
274     */
275    public Bundle getUserRestrictions() {
276        return getUserRestrictions(Process.myUserHandle());
277    }
278
279    /**
280     * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>.
281     * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
282     * @return a Bundle containing all the restrictions.
283     */
284    public Bundle getUserRestrictions(UserHandle userHandle) {
285        try {
286            return mService.getUserRestrictions(userHandle.getIdentifier());
287        } catch (RemoteException re) {
288            Log.w(TAG, "Could not get user restrictions", re);
289            return Bundle.EMPTY;
290        }
291    }
292
293    /**
294     * Sets all the user-wide restrictions for this user.
295     * Requires the MANAGE_USERS permission.
296     * @param restrictions the Bundle containing all the restrictions.
297     */
298    public void setUserRestrictions(Bundle restrictions) {
299        setUserRestrictions(restrictions, Process.myUserHandle());
300    }
301
302    /**
303     * Sets all the user-wide restrictions for the specified user.
304     * Requires the MANAGE_USERS permission.
305     * @param restrictions the Bundle containing all the restrictions.
306     * @param userHandle the UserHandle of the user for whom to set the restrictions.
307     */
308    public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) {
309        try {
310            mService.setUserRestrictions(restrictions, userHandle.getIdentifier());
311        } catch (RemoteException re) {
312            Log.w(TAG, "Could not set user restrictions", re);
313        }
314    }
315
316    /**
317     * Sets the value of a specific restriction.
318     * Requires the MANAGE_USERS permission.
319     * @param key the key of the restriction
320     * @param value the value for the restriction
321     */
322    public void setUserRestriction(String key, boolean value) {
323        Bundle bundle = getUserRestrictions();
324        bundle.putBoolean(key, value);
325        setUserRestrictions(bundle);
326    }
327
328    /**
329     * @hide
330     * Sets the value of a specific restriction on a specific user.
331     * Requires the {@link android.Manifest.permission#MANAGE_USERS} permission.
332     * @param key the key of the restriction
333     * @param value the value for the restriction
334     * @param userHandle the user whose restriction is to be changed.
335     */
336    public void setUserRestriction(String key, boolean value, UserHandle userHandle) {
337        Bundle bundle = getUserRestrictions(userHandle);
338        bundle.putBoolean(key, value);
339        setUserRestrictions(bundle, userHandle);
340    }
341
342    /**
343     * @hide
344     * Returns whether the current user has been disallowed from performing certain actions
345     * or setting certain settings.
346     * @param restrictionKey the string key representing the restriction
347     */
348    public boolean hasUserRestriction(String restrictionKey) {
349        return hasUserRestriction(restrictionKey, Process.myUserHandle());
350    }
351
352    /**
353     * @hide
354     * Returns whether the given user has been disallowed from performing certain actions
355     * or setting certain settings.
356     * @param restrictionKey the string key representing the restriction
357     * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
358     */
359    public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) {
360        return getUserRestrictions(userHandle).getBoolean(restrictionKey, false);
361    }
362
363    /**
364     * Return the serial number for a user.  This is a device-unique
365     * number assigned to that user; if the user is deleted and then a new
366     * user created, the new users will not be given the same serial number.
367     * @param user The user whose serial number is to be retrieved.
368     * @return The serial number of the given user; returns -1 if the
369     * given UserHandle does not exist.
370     * @see #getUserForSerialNumber(long)
371     */
372    public long getSerialNumberForUser(UserHandle user) {
373        return getUserSerialNumber(user.getIdentifier());
374    }
375
376    /**
377     * Return the user associated with a serial number previously
378     * returned by {@link #getSerialNumberForUser(UserHandle)}.
379     * @param serialNumber The serial number of the user that is being
380     * retrieved.
381     * @return Return the user associated with the serial number, or null
382     * if there is not one.
383     * @see #getSerialNumberForUser(UserHandle)
384     */
385    public UserHandle getUserForSerialNumber(long serialNumber) {
386        int ident = getUserHandle((int)serialNumber);
387        return ident >= 0 ? new UserHandle(ident) : null;
388    }
389
390    /**
391     * Creates a user with the specified name and options.
392     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
393     *
394     * @param name the user's name
395     * @param flags flags that identify the type of user and other properties.
396     * @see UserInfo
397     *
398     * @return the UserInfo object for the created user, or null if the user could not be created.
399     * @hide
400     */
401    public UserInfo createUser(String name, int flags) {
402        try {
403            return mService.createUser(name, flags);
404        } catch (RemoteException re) {
405            Log.w(TAG, "Could not create a user", re);
406            return null;
407        }
408    }
409
410    /**
411     * Return the number of users currently created on the device.
412     */
413    public int getUserCount() {
414        List<UserInfo> users = getUsers();
415        return users != null ? users.size() : 1;
416    }
417
418    /**
419     * Returns information for all users on this device.
420     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
421     * @return the list of users that were created.
422     * @hide
423     */
424    public List<UserInfo> getUsers() {
425        try {
426            return mService.getUsers(false);
427        } catch (RemoteException re) {
428            Log.w(TAG, "Could not get user list", re);
429            return null;
430        }
431    }
432
433    /**
434     * Returns information for all users on this device.
435     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
436     * @param excludeDying specify if the list should exclude users being removed.
437     * @return the list of users that were created.
438     * @hide
439     */
440    public List<UserInfo> getUsers(boolean excludeDying) {
441        try {
442            return mService.getUsers(excludeDying);
443        } catch (RemoteException re) {
444            Log.w(TAG, "Could not get user list", re);
445            return null;
446        }
447    }
448
449    /**
450     * Removes a user and all associated data.
451     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
452     * @param userHandle the integer handle of the user, where 0 is the primary user.
453     * @hide
454     */
455    public boolean removeUser(int userHandle) {
456        try {
457            return mService.removeUser(userHandle);
458        } catch (RemoteException re) {
459            Log.w(TAG, "Could not remove user ", re);
460            return false;
461        }
462    }
463
464    /**
465     * Updates the user's name.
466     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
467     *
468     * @param userHandle the user's integer handle
469     * @param name the new name for the user
470     * @hide
471     */
472    public void setUserName(int userHandle, String name) {
473        try {
474            mService.setUserName(userHandle, name);
475        } catch (RemoteException re) {
476            Log.w(TAG, "Could not set the user name ", re);
477        }
478    }
479
480    /**
481     * Sets the user's photo.
482     * @param userHandle the user for whom to change the photo.
483     * @param icon the bitmap to set as the photo.
484     * @hide
485     */
486    public void setUserIcon(int userHandle, Bitmap icon) {
487        try {
488            mService.setUserIcon(userHandle, icon);
489        } catch (RemoteException re) {
490            Log.w(TAG, "Could not set the user icon ", re);
491        }
492    }
493
494    /**
495     * Returns a file descriptor for the user's photo. PNG data can be read from this file.
496     * @param userHandle the user whose photo we want to read.
497     * @return a {@link Bitmap} of the user's photo, or null if there's no photo.
498     * @hide
499     */
500    public Bitmap getUserIcon(int userHandle) {
501        try {
502            return mService.getUserIcon(userHandle);
503        } catch (RemoteException re) {
504            Log.w(TAG, "Could not get the user icon ", re);
505            return null;
506        }
507    }
508
509    /**
510     * Enable or disable the use of a guest account. If disabled, the existing guest account
511     * will be wiped.
512     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
513     * @param enable whether to enable a guest account.
514     * @hide
515     */
516    public void setGuestEnabled(boolean enable) {
517        try {
518            mService.setGuestEnabled(enable);
519        } catch (RemoteException re) {
520            Log.w(TAG, "Could not change guest account availability to " + enable);
521        }
522    }
523
524    /**
525     * Checks if a guest user is enabled for this device.
526     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
527     * @return whether a guest user is enabled
528     * @hide
529     */
530    public boolean isGuestEnabled() {
531        try {
532            return mService.isGuestEnabled();
533        } catch (RemoteException re) {
534            Log.w(TAG, "Could not retrieve guest enabled state");
535            return false;
536        }
537    }
538
539    /**
540     * Wipes all the data for a user, but doesn't remove the user.
541     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
542     * @param userHandle
543     * @hide
544     */
545    public void wipeUser(int userHandle) {
546        try {
547            mService.wipeUser(userHandle);
548        } catch (RemoteException re) {
549            Log.w(TAG, "Could not wipe user " + userHandle);
550        }
551    }
552
553    /**
554     * Returns the maximum number of users that can be created on this device. A return value
555     * of 1 means that it is a single user device.
556     * @hide
557     * @return a value greater than or equal to 1
558     */
559    public static int getMaxSupportedUsers() {
560        // Don't allow multiple users on certain builds
561        if (android.os.Build.ID.startsWith("JVP")) return 1;
562        return SystemProperties.getInt("fw.max_users",
563                Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers));
564    }
565
566    /**
567     * Returns a serial number on this device for a given userHandle. User handles can be recycled
568     * when deleting and creating users, but serial numbers are not reused until the device is wiped.
569     * @param userHandle
570     * @return a serial number associated with that user, or -1 if the userHandle is not valid.
571     * @hide
572     */
573    public int getUserSerialNumber(int userHandle) {
574        try {
575            return mService.getUserSerialNumber(userHandle);
576        } catch (RemoteException re) {
577            Log.w(TAG, "Could not get serial number for user " + userHandle);
578        }
579        return -1;
580    }
581
582    /**
583     * Returns a userHandle on this device for a given user serial number. User handles can be
584     * recycled when deleting and creating users, but serial numbers are not reused until the device
585     * is wiped.
586     * @param userSerialNumber
587     * @return the userHandle associated with that user serial number, or -1 if the serial number
588     * is not valid.
589     * @hide
590     */
591    public int getUserHandle(int userSerialNumber) {
592        try {
593            return mService.getUserHandle(userSerialNumber);
594        } catch (RemoteException re) {
595            Log.w(TAG, "Could not get userHandle for user " + userSerialNumber);
596        }
597        return -1;
598    }
599
600    /**
601     * Returns a Bundle containing any saved application restrictions for this user, for the
602     * given package name. Only an application with this package name can call this method.
603     * @param packageName the package name of the calling application
604     * @return a Bundle with the restrictions as key/value pairs, or null if there are no
605     * saved restrictions. The values can be of type Boolean, String or String[], depending
606     * on the restriction type, as defined by the application.
607     */
608    public Bundle getApplicationRestrictions(String packageName) {
609        try {
610            return mService.getApplicationRestrictions(packageName);
611        } catch (RemoteException re) {
612            Log.w(TAG, "Could not get application restrictions for package " + packageName);
613        }
614        return null;
615    }
616
617    /**
618     * @hide
619     */
620    public Bundle getApplicationRestrictions(String packageName, UserHandle user) {
621        try {
622            return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier());
623        } catch (RemoteException re) {
624            Log.w(TAG, "Could not get application restrictions for user " + user.getIdentifier());
625        }
626        return null;
627    }
628
629    /**
630     * @hide
631     */
632    public void setApplicationRestrictions(String packageName, Bundle restrictions,
633            UserHandle user) {
634        try {
635            mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier());
636        } catch (RemoteException re) {
637            Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier());
638        }
639    }
640
641    /**
642     * Sets a new challenge PIN for restrictions. This is only for use by pre-installed
643     * apps and requires the MANAGE_USERS permission.
644     * @param newPin the PIN to use for challenge dialogs.
645     * @return Returns true if the challenge PIN was set successfully.
646     */
647    public boolean setRestrictionsChallenge(String newPin) {
648        try {
649            return mService.setRestrictionsChallenge(newPin);
650        } catch (RemoteException re) {
651            Log.w(TAG, "Could not change restrictions pin");
652        }
653        return false;
654    }
655
656    /**
657     * @hide
658     * @param pin The PIN to verify, or null to get the number of milliseconds to wait for before
659     * allowing the user to enter the PIN.
660     * @return Returns a positive number (including zero) for how many milliseconds before
661     * you can accept another PIN, when the input is null or the input doesn't match the saved PIN.
662     * Returns {@link #PIN_VERIFICATION_SUCCESS} if the input matches the saved PIN. Returns
663     * {@link #PIN_VERIFICATION_FAILED_NOT_SET} if there is no PIN set.
664     */
665    public int checkRestrictionsChallenge(String pin) {
666        try {
667            return mService.checkRestrictionsChallenge(pin);
668        } catch (RemoteException re) {
669            Log.w(TAG, "Could not check restrictions pin");
670        }
671        return PIN_VERIFICATION_FAILED_INCORRECT;
672    }
673
674    /**
675     * @hide
676     * Checks whether the user has restrictions that are PIN-protected. An application that
677     * participates in restrictions can check if the owner has requested a PIN challenge for
678     * any restricted operations. If there is a PIN in effect, the application should launch
679     * the PIN challenge activity {@link android.content.Intent#ACTION_RESTRICTIONS_CHALLENGE}.
680     * @see android.content.Intent#ACTION_RESTRICTIONS_CHALLENGE
681     * @return whether a restrictions PIN is in effect.
682     */
683    public boolean hasRestrictionsChallenge() {
684        try {
685            return mService.hasRestrictionsChallenge();
686        } catch (RemoteException re) {
687            Log.w(TAG, "Could not change restrictions pin");
688        }
689        return false;
690    }
691
692    /** @hide */
693    public void removeRestrictions() {
694        try {
695            mService.removeRestrictions();
696        } catch (RemoteException re) {
697            Log.w(TAG, "Could not change restrictions pin");
698        }
699    }
700}
701