UserManager.java revision 655d0e2029e6ae77a47e922dce4c4989818b8dd1
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package android.os; 17 18import android.app.ActivityManagerNative; 19import android.content.Context; 20import android.content.RestrictionEntry; 21import android.content.pm.UserInfo; 22import android.content.res.Resources; 23import android.graphics.Bitmap; 24import android.util.Log; 25 26import com.android.internal.R; 27 28import java.util.List; 29 30/** 31 * Manages users and user details on a multi-user system. 32 */ 33public class UserManager { 34 35 private static String TAG = "UserManager"; 36 private final IUserManager mService; 37 private final Context mContext; 38 39 /** 40 * Key for user restrictions. Specifies if a user is disallowed from adding and removing 41 * accounts. 42 * The default value is <code>false</code>. 43 * <p/> 44 * Type: Boolean 45 * @see #setUserRestrictions(Bundle) 46 * @see #getUserRestrictions() 47 */ 48 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 49 50 /** 51 * Key for user restrictions. Specifies if a user is disallowed from changing Wi-Fi 52 * access points. 53 * The default value is <code>false</code>. 54 * <p/> 55 * Type: Boolean 56 * @see #setUserRestrictions(Bundle) 57 * @see #getUserRestrictions() 58 */ 59 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 60 61 /** 62 * Key for user restrictions. Specifies if a user is disallowed from installing applications. 63 * The default value is <code>false</code>. 64 * <p/> 65 * Type: Boolean 66 * @see #setUserRestrictions(Bundle) 67 * @see #getUserRestrictions() 68 */ 69 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 70 71 /** 72 * Key for user restrictions. Specifies if a user is disallowed from uninstalling applications. 73 * The default value is <code>false</code>. 74 * <p/> 75 * Type: Boolean 76 * @see #setUserRestrictions(Bundle) 77 * @see #getUserRestrictions() 78 */ 79 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 80 81 /** 82 * Key for user restrictions. Specifies if a user is disallowed from toggling location sharing. 83 * The default value is <code>false</code>. 84 * <p/> 85 * Type: Boolean 86 * @see #setUserRestrictions(Bundle) 87 * @see #getUserRestrictions() 88 */ 89 90 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 91 92 /** 93 * Key for user restrictions. Specifies if a user is disallowed from enabling the 94 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 95 * The default value is <code>false</code>. 96 * <p/> 97 * Type: Boolean 98 * @see #setUserRestrictions(Bundle) 99 * @see #getUserRestrictions() 100 */ 101 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 102 103 /** 104 * Key for user restrictions. Specifies if a user is disallowed from configuring bluetooth. 105 * The default value is <code>false</code>. 106 * <p/> 107 * Type: Boolean 108 * @see #setUserRestrictions(Bundle) 109 * @see #getUserRestrictions() 110 */ 111 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 112 113 /** 114 * Key for user restrictions. Specifies if a user is disallowed from transferring files over 115 * USB. The default value is <code>false</code>. 116 * <p/> 117 * Type: Boolean 118 * @see #setUserRestrictions(Bundle) 119 * @see #getUserRestrictions() 120 */ 121 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 122 123 /** 124 * Key for user restrictions. Specifies if a user is disallowed from configuring user 125 * credentials. The default value is <code>false</code>. 126 * <p/> 127 * Type: Boolean 128 * @see #setUserRestrictions(Bundle) 129 * @see #getUserRestrictions() 130 */ 131 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 132 133 /** 134 * Key for user restrictions. Specifies if a user is disallowed from removing users. 135 * The default value is <code>false</code>. 136 * <p/> 137 * Type: Boolean 138 * @see #setUserRestrictions(Bundle) 139 * @see #getUserRestrictions() 140 */ 141 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 142 143 /** @hide */ 144 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 145 /** @hide */ 146 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 147 /** @hide */ 148 public static final int PIN_VERIFICATION_SUCCESS = -1; 149 150 private static UserManager sInstance = null; 151 152 /** @hide */ 153 public synchronized static UserManager get(Context context) { 154 if (sInstance == null) { 155 sInstance = (UserManager) context.getSystemService(Context.USER_SERVICE); 156 } 157 return sInstance; 158 } 159 160 /** @hide */ 161 public UserManager(Context context, IUserManager service) { 162 mService = service; 163 mContext = context; 164 } 165 166 /** 167 * Returns whether the system supports multiple users. 168 * @return true if multiple users can be created, false if it is a single user device. 169 * @hide 170 */ 171 public static boolean supportsMultipleUsers() { 172 return getMaxSupportedUsers() > 1; 173 } 174 175 /** 176 * Returns the user handle for the user that this application is running for. 177 * @return the user handle of the user making this call. 178 * @hide 179 */ 180 public int getUserHandle() { 181 return UserHandle.myUserId(); 182 } 183 184 /** 185 * Returns the user name of the user making this call. This call is only 186 * available to applications on the system image; it requires the 187 * MANAGE_USERS permission. 188 * @return the user name 189 */ 190 public String getUserName() { 191 try { 192 return mService.getUserInfo(getUserHandle()).name; 193 } catch (RemoteException re) { 194 Log.w(TAG, "Could not get user name", re); 195 return ""; 196 } 197 } 198 199 /** 200 * Used to determine whether the user making this call is subject to 201 * teleportations. 202 * @return whether the user making this call is a goat 203 */ 204 public boolean isUserAGoat() { 205 return false; 206 } 207 208 /** 209 * Used to check if the user making this call is linked to another user. Linked users may have 210 * a reduced number of available apps, app restrictions and account restrictions. 211 * @return whether the user making this call is a linked user 212 * @hide 213 */ 214 public boolean isLinkedUser() { 215 try { 216 return mService.isRestricted(); 217 } catch (RemoteException re) { 218 Log.w(TAG, "Could not check if user is limited ", re); 219 return false; 220 } 221 } 222 223 /** 224 * Return whether the given user is actively running. This means that 225 * the user is in the "started" state, not "stopped" -- it is currently 226 * allowed to run code through scheduled alarms, receiving broadcasts, 227 * etc. A started user may be either the current foreground user or a 228 * background user; the result here does not distinguish between the two. 229 * @param user The user to retrieve the running state for. 230 */ 231 public boolean isUserRunning(UserHandle user) { 232 try { 233 return ActivityManagerNative.getDefault().isUserRunning( 234 user.getIdentifier(), false); 235 } catch (RemoteException e) { 236 return false; 237 } 238 } 239 240 /** 241 * Return whether the given user is actively running <em>or</em> stopping. 242 * This is like {@link #isUserRunning(UserHandle)}, but will also return 243 * true if the user had been running but is in the process of being stopped 244 * (but is not yet fully stopped, and still running some code). 245 * @param user The user to retrieve the running state for. 246 */ 247 public boolean isUserRunningOrStopping(UserHandle user) { 248 try { 249 return ActivityManagerNative.getDefault().isUserRunning( 250 user.getIdentifier(), true); 251 } catch (RemoteException e) { 252 return false; 253 } 254 } 255 256 /** 257 * Returns the UserInfo object describing a specific user. 258 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 259 * @param userHandle the user handle of the user whose information is being requested. 260 * @return the UserInfo object for a specific user. 261 * @hide 262 */ 263 public UserInfo getUserInfo(int userHandle) { 264 try { 265 return mService.getUserInfo(userHandle); 266 } catch (RemoteException re) { 267 Log.w(TAG, "Could not get user info", re); 268 return null; 269 } 270 } 271 272 /** 273 * Returns the user-wide restrictions imposed on this user. 274 * @return a Bundle containing all the restrictions. 275 */ 276 public Bundle getUserRestrictions() { 277 return getUserRestrictions(Process.myUserHandle()); 278 } 279 280 /** 281 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 282 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 283 * @return a Bundle containing all the restrictions. 284 */ 285 public Bundle getUserRestrictions(UserHandle userHandle) { 286 try { 287 return mService.getUserRestrictions(userHandle.getIdentifier()); 288 } catch (RemoteException re) { 289 Log.w(TAG, "Could not get user restrictions", re); 290 return Bundle.EMPTY; 291 } 292 } 293 294 /** 295 * Sets all the user-wide restrictions for this user. 296 * Requires the MANAGE_USERS permission. 297 * @param restrictions the Bundle containing all the restrictions. 298 */ 299 public void setUserRestrictions(Bundle restrictions) { 300 setUserRestrictions(restrictions, Process.myUserHandle()); 301 } 302 303 /** 304 * Sets all the user-wide restrictions for the specified user. 305 * Requires the MANAGE_USERS permission. 306 * @param restrictions the Bundle containing all the restrictions. 307 * @param userHandle the UserHandle of the user for whom to set the restrictions. 308 */ 309 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 310 try { 311 mService.setUserRestrictions(restrictions, userHandle.getIdentifier()); 312 } catch (RemoteException re) { 313 Log.w(TAG, "Could not set user restrictions", re); 314 } 315 } 316 317 /** 318 * Sets the value of a specific restriction. 319 * Requires the MANAGE_USERS permission. 320 * @param key the key of the restriction 321 * @param value the value for the restriction 322 */ 323 public void setUserRestriction(String key, boolean value) { 324 Bundle bundle = getUserRestrictions(); 325 bundle.putBoolean(key, value); 326 setUserRestrictions(bundle); 327 } 328 329 /** 330 * @hide 331 * Sets the value of a specific restriction on a specific user. 332 * Requires the {@link android.Manifest.permission#MANAGE_USERS} permission. 333 * @param key the key of the restriction 334 * @param value the value for the restriction 335 * @param userHandle the user whose restriction is to be changed. 336 */ 337 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 338 Bundle bundle = getUserRestrictions(userHandle); 339 bundle.putBoolean(key, value); 340 setUserRestrictions(bundle, userHandle); 341 } 342 343 /** 344 * @hide 345 * Returns whether the current user has been disallowed from performing certain actions 346 * or setting certain settings. 347 * @param restrictionKey the string key representing the restriction 348 */ 349 public boolean hasUserRestriction(String restrictionKey) { 350 return getUserRestrictions().getBoolean(restrictionKey, false); 351 } 352 353 /** 354 * Return the serial number for a user. This is a device-unique 355 * number assigned to that user; if the user is deleted and then a new 356 * user created, the new users will not be given the same serial number. 357 * @param user The user whose serial number is to be retrieved. 358 * @return The serial number of the given user; returns -1 if the 359 * given UserHandle does not exist. 360 * @see #getUserForSerialNumber(long) 361 */ 362 public long getSerialNumberForUser(UserHandle user) { 363 return getUserSerialNumber(user.getIdentifier()); 364 } 365 366 /** 367 * Return the user associated with a serial number previously 368 * returned by {@link #getSerialNumberForUser(UserHandle)}. 369 * @param serialNumber The serial number of the user that is being 370 * retrieved. 371 * @return Return the user associated with the serial number, or null 372 * if there is not one. 373 * @see #getSerialNumberForUser(UserHandle) 374 */ 375 public UserHandle getUserForSerialNumber(long serialNumber) { 376 int ident = getUserHandle((int)serialNumber); 377 return ident >= 0 ? new UserHandle(ident) : null; 378 } 379 380 /** 381 * Creates a user with the specified name and options. 382 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 383 * 384 * @param name the user's name 385 * @param flags flags that identify the type of user and other properties. 386 * @see UserInfo 387 * 388 * @return the UserInfo object for the created user, or null if the user could not be created. 389 * @hide 390 */ 391 public UserInfo createUser(String name, int flags) { 392 try { 393 return mService.createUser(name, flags); 394 } catch (RemoteException re) { 395 Log.w(TAG, "Could not create a user", re); 396 return null; 397 } 398 } 399 400 /** 401 * Return the number of users currently created on the device. 402 */ 403 public int getUserCount() { 404 List<UserInfo> users = getUsers(); 405 return users != null ? users.size() : 1; 406 } 407 408 /** 409 * Returns information for all users on this device. 410 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 411 * @return the list of users that were created. 412 * @hide 413 */ 414 public List<UserInfo> getUsers() { 415 try { 416 return mService.getUsers(false); 417 } catch (RemoteException re) { 418 Log.w(TAG, "Could not get user list", re); 419 return null; 420 } 421 } 422 423 /** 424 * Returns information for all users on this device. 425 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 426 * @param excludeDying specify if the list should exclude users being removed. 427 * @return the list of users that were created. 428 * @hide 429 */ 430 public List<UserInfo> getUsers(boolean excludeDying) { 431 try { 432 return mService.getUsers(excludeDying); 433 } catch (RemoteException re) { 434 Log.w(TAG, "Could not get user list", re); 435 return null; 436 } 437 } 438 439 /** 440 * Removes a user and all associated data. 441 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 442 * @param userHandle the integer handle of the user, where 0 is the primary user. 443 * @hide 444 */ 445 public boolean removeUser(int userHandle) { 446 try { 447 return mService.removeUser(userHandle); 448 } catch (RemoteException re) { 449 Log.w(TAG, "Could not remove user ", re); 450 return false; 451 } 452 } 453 454 /** 455 * Updates the user's name. 456 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 457 * 458 * @param userHandle the user's integer handle 459 * @param name the new name for the user 460 * @hide 461 */ 462 public void setUserName(int userHandle, String name) { 463 try { 464 mService.setUserName(userHandle, name); 465 } catch (RemoteException re) { 466 Log.w(TAG, "Could not set the user name ", re); 467 } 468 } 469 470 /** 471 * Sets the user's photo. 472 * @param userHandle the user for whom to change the photo. 473 * @param icon the bitmap to set as the photo. 474 * @hide 475 */ 476 public void setUserIcon(int userHandle, Bitmap icon) { 477 try { 478 mService.setUserIcon(userHandle, icon); 479 } catch (RemoteException re) { 480 Log.w(TAG, "Could not set the user icon ", re); 481 } 482 } 483 484 /** 485 * Returns a file descriptor for the user's photo. PNG data can be read from this file. 486 * @param userHandle the user whose photo we want to read. 487 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 488 * @hide 489 */ 490 public Bitmap getUserIcon(int userHandle) { 491 try { 492 return mService.getUserIcon(userHandle); 493 } catch (RemoteException re) { 494 Log.w(TAG, "Could not get the user icon ", re); 495 return null; 496 } 497 } 498 499 /** 500 * Enable or disable the use of a guest account. If disabled, the existing guest account 501 * will be wiped. 502 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 503 * @param enable whether to enable a guest account. 504 * @hide 505 */ 506 public void setGuestEnabled(boolean enable) { 507 try { 508 mService.setGuestEnabled(enable); 509 } catch (RemoteException re) { 510 Log.w(TAG, "Could not change guest account availability to " + enable); 511 } 512 } 513 514 /** 515 * Checks if a guest user is enabled for this device. 516 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 517 * @return whether a guest user is enabled 518 * @hide 519 */ 520 public boolean isGuestEnabled() { 521 try { 522 return mService.isGuestEnabled(); 523 } catch (RemoteException re) { 524 Log.w(TAG, "Could not retrieve guest enabled state"); 525 return false; 526 } 527 } 528 529 /** 530 * Wipes all the data for a user, but doesn't remove the user. 531 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 532 * @param userHandle 533 * @hide 534 */ 535 public void wipeUser(int userHandle) { 536 try { 537 mService.wipeUser(userHandle); 538 } catch (RemoteException re) { 539 Log.w(TAG, "Could not wipe user " + userHandle); 540 } 541 } 542 543 /** 544 * Returns the maximum number of users that can be created on this device. A return value 545 * of 1 means that it is a single user device. 546 * @hide 547 * @return a value greater than or equal to 1 548 */ 549 public static int getMaxSupportedUsers() { 550 // Don't allow multiple users on certain builds 551 if (android.os.Build.ID.startsWith("JVP")) return 1; 552 return SystemProperties.getInt("fw.max_users", 553 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 554 } 555 556 /** 557 * Returns a serial number on this device for a given userHandle. User handles can be recycled 558 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 559 * @param userHandle 560 * @return a serial number associated with that user, or -1 if the userHandle is not valid. 561 * @hide 562 */ 563 public int getUserSerialNumber(int userHandle) { 564 try { 565 return mService.getUserSerialNumber(userHandle); 566 } catch (RemoteException re) { 567 Log.w(TAG, "Could not get serial number for user " + userHandle); 568 } 569 return -1; 570 } 571 572 /** 573 * Returns a userHandle on this device for a given user serial number. User handles can be 574 * recycled when deleting and creating users, but serial numbers are not reused until the device 575 * is wiped. 576 * @param userSerialNumber 577 * @return the userHandle associated with that user serial number, or -1 if the serial number 578 * is not valid. 579 * @hide 580 */ 581 public int getUserHandle(int userSerialNumber) { 582 try { 583 return mService.getUserHandle(userSerialNumber); 584 } catch (RemoteException re) { 585 Log.w(TAG, "Could not get userHandle for user " + userSerialNumber); 586 } 587 return -1; 588 } 589 590 /** 591 * Returns a Bundle containing any saved application restrictions for this user, for the 592 * given package name. Only an application with this package name can call this method. 593 * @param packageName the package name of the calling application 594 * @return a Bundle with the restrictions as key/value pairs, or null if there are no 595 * saved restrictions. The values can be of type Boolean, String or String[], depending 596 * on the restriction type, as defined by the application. 597 */ 598 public Bundle getApplicationRestrictions(String packageName) { 599 try { 600 return mService.getApplicationRestrictions(packageName); 601 } catch (RemoteException re) { 602 Log.w(TAG, "Could not get application restrictions for package " + packageName); 603 } 604 return null; 605 } 606 607 /** 608 * @hide 609 */ 610 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 611 try { 612 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 613 } catch (RemoteException re) { 614 Log.w(TAG, "Could not get application restrictions for user " + user.getIdentifier()); 615 } 616 return null; 617 } 618 619 /** 620 * @hide 621 */ 622 public void setApplicationRestrictions(String packageName, Bundle restrictions, 623 UserHandle user) { 624 try { 625 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 626 } catch (RemoteException re) { 627 Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier()); 628 } 629 } 630 631 /** 632 * @hide 633 * Sets a new restrictions PIN. This should only be called after verifying that there 634 * currently isn't a PIN set, or after the user successfully enters the current PIN. 635 * @param newPin 636 * @return Returns true if the PIN was changed successfully. 637 */ 638 public boolean changeRestrictionsPin(String newPin) { 639 try { 640 return mService.changeRestrictionsPin(newPin); 641 } catch (RemoteException re) { 642 Log.w(TAG, "Could not change restrictions pin"); 643 } 644 return false; 645 } 646 647 /** 648 * @hide 649 * @param pin The PIN to verify, or null to get the number of milliseconds to wait for before 650 * allowing the user to enter the PIN. 651 * @return Returns a positive number (including zero) for how many milliseconds before 652 * you can accept another PIN, when the input is null or the input doesn't match the saved PIN. 653 * Returns {@link #PIN_VERIFICATION_SUCCESS} if the input matches the saved PIN. Returns 654 * {@link #PIN_VERIFICATION_FAILED_NOT_SET} if there is no PIN set. 655 */ 656 public int checkRestrictionsPin(String pin) { 657 try { 658 return mService.checkRestrictionsPin(pin); 659 } catch (RemoteException re) { 660 Log.w(TAG, "Could not check restrictions pin"); 661 } 662 return PIN_VERIFICATION_FAILED_INCORRECT; 663 } 664 665 /** 666 * Checks whether the user has restrictions that are PIN-protected. An application that 667 * participates in restrictions can check if the owner has requested a PIN challenge for 668 * any restricted operations. If there is a PIN in effect, the application should launch 669 * the PIN challenge activity {@link android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE}. 670 * @see android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE 671 * @return whether a restrictions PIN is in effect. 672 */ 673 public boolean hasRestrictionsPin() { 674 try { 675 return mService.hasRestrictionsPin(); 676 } catch (RemoteException re) { 677 Log.w(TAG, "Could not change restrictions pin"); 678 } 679 return false; 680 } 681} 682