UserManager.java revision a52dc3eb40777b055c0ca8d7885bd2c9577bcd1a 
1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16package android.os;
17
18import android.app.ActivityManagerNative;
19import android.content.Context;
20import android.content.pm.UserInfo;
21import android.content.res.Resources;
22import android.graphics.Bitmap;
23import android.util.Log;
24
25import com.android.internal.R;
26
27import java.util.List;
28
29/**
30 * Manages users and user details on a multi-user system.
31 */
32public class UserManager {
33
34    private static String TAG = "UserManager";
35    private final IUserManager mService;
36    private final Context mContext;
37
38    /**
39     * Key for user restrictions. Specifies if a user is disallowed from adding and removing
40     * accounts.
41     * The default value is <code>false</code>.
42     * <p/>
43     * Type: Boolean
44     * @see #setUserRestrictions(Bundle)
45     * @see #getUserRestrictions()
46     */
47    public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";
48
49    /**
50     * Key for user restrictions. Specifies if a user is disallowed from changing Wi-Fi
51     * access points.
52     * The default value is <code>false</code>.
53     * <p/>
54     * Type: Boolean
55     * @see #setUserRestrictions(Bundle)
56     * @see #getUserRestrictions()
57     */
58    public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi";
59
60    /**
61     * Key for user restrictions. Specifies if a user is disallowed from installing applications.
62     * The default value is <code>false</code>.
63     * <p/>
64     * Type: Boolean
65     * @see #setUserRestrictions(Bundle)
66     * @see #getUserRestrictions()
67     */
68    public static final String DISALLOW_INSTALL_APPS = "no_install_apps";
69
70    /**
71     * Key for user restrictions. Specifies if a user is disallowed from uninstalling applications.
72     * The default value is <code>false</code>.
73     * <p/>
74     * Type: Boolean
75     * @see #setUserRestrictions(Bundle)
76     * @see #getUserRestrictions()
77     */
78    public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps";
79
80    /**
81     * Key for user restrictions. Specifies if a user is disallowed from toggling location sharing.
82     * The default value is <code>false</code>.
83     * <p/>
84     * Type: Boolean
85     * @see #setUserRestrictions(Bundle)
86     * @see #getUserRestrictions()
87     */
88
89    public static final String DISALLOW_SHARE_LOCATION = "no_share_location";
90
91    /**
92     * Key for user restrictions. Specifies if a user is disallowed from enabling the
93     * "Unknown Sources" setting, that allows installation of apps from unknown sources.
94     * The default value is <code>false</code>.
95     * <p/>
96     * Type: Boolean
97     * @see #setUserRestrictions(Bundle)
98     * @see #getUserRestrictions()
99     */
100    public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources";
101
102    /**
103     * Key for user restrictions. Specifies if a user is disallowed from configuring bluetooth.
104     * The default value is <code>false</code>.
105     * <p/>
106     * Type: Boolean
107     * @see #setUserRestrictions(Bundle)
108     * @see #getUserRestrictions()
109     */
110    public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth";
111
112    /**
113     * Key for user restrictions. Specifies if a user is disallowed from transferring files over
114     * USB. The default value is <code>false</code>.
115     * <p/>
116     * Type: Boolean
117     * @see #setUserRestrictions(Bundle)
118     * @see #getUserRestrictions()
119     */
120    public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer";
121
122    /**
123     * Key for user restrictions. Specifies if a user is disallowed from configuring user
124     * credentials. The default value is <code>false</code>.
125     * <p/>
126     * Type: Boolean
127     * @see #setUserRestrictions(Bundle)
128     * @see #getUserRestrictions()
129     */
130    public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials";
131
132    /**
133     * Key for user restrictions. Specifies if a user is disallowed from removing users.
134     * The default value is <code>false</code>.
135     * <p/>
136     * Type: Boolean
137     * @see #setUserRestrictions(Bundle)
138     * @see #getUserRestrictions()
139     */
140    public static final String DISALLOW_REMOVE_USER = "no_remove_user";
141
142    /** @hide */
143    public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;
144    /** @hide */
145    public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2;
146    /** @hide */
147    public static final int PIN_VERIFICATION_SUCCESS = -1;
148
149    private static UserManager sInstance = null;
150
151    /** @hide */
152    public synchronized static UserManager get(Context context) {
153        if (sInstance == null) {
154            sInstance = (UserManager) context.getSystemService(Context.USER_SERVICE);
155        }
156        return sInstance;
157    }
158
159    /** @hide */
160    public UserManager(Context context, IUserManager service) {
161        mService = service;
162        mContext = context;
163    }
164
165    /**
166     * Returns whether the system supports multiple users.
167     * @return true if multiple users can be created, false if it is a single user device.
168     * @hide
169     */
170    public static boolean supportsMultipleUsers() {
171        return getMaxSupportedUsers() > 1;
172    }
173
174    /**
175     * Returns the user handle for the user that this application is running for.
176     * @return the user handle of the user making this call.
177     * @hide
178     */
179    public int getUserHandle() {
180        return UserHandle.myUserId();
181    }
182
183    /**
184     * Returns the user name of the user making this call.  This call is only
185     * available to applications on the system image; it requires the
186     * MANAGE_USERS permission.
187     * @return the user name
188     */
189    public String getUserName() {
190        try {
191            return mService.getUserInfo(getUserHandle()).name;
192        } catch (RemoteException re) {
193            Log.w(TAG, "Could not get user name", re);
194            return "";
195        }
196    }
197
198   /**
199     * Used to determine whether the user making this call is subject to
200     * teleportations.
201     * @return whether the user making this call is a goat
202     */
203    public boolean isUserAGoat() {
204        return false;
205    }
206
207    /**
208     * Used to check if the user making this call is linked to another user. Linked users may have
209     * a reduced number of available apps, app restrictions and account restrictions.
210     * @return whether the user making this call is a linked user
211     * @hide
212     */
213    public boolean isLinkedUser() {
214        try {
215            return mService.isRestricted();
216        } catch (RemoteException re) {
217            Log.w(TAG, "Could not check if user is limited ", re);
218            return false;
219        }
220    }
221
222    /**
223     * Return whether the given user is actively running.  This means that
224     * the user is in the "started" state, not "stopped" -- it is currently
225     * allowed to run code through scheduled alarms, receiving broadcasts,
226     * etc.  A started user may be either the current foreground user or a
227     * background user; the result here does not distinguish between the two.
228     * @param user The user to retrieve the running state for.
229     */
230    public boolean isUserRunning(UserHandle user) {
231        try {
232            return ActivityManagerNative.getDefault().isUserRunning(
233                    user.getIdentifier(), false);
234        } catch (RemoteException e) {
235            return false;
236        }
237    }
238
239    /**
240     * Return whether the given user is actively running <em>or</em> stopping.
241     * This is like {@link #isUserRunning(UserHandle)}, but will also return
242     * true if the user had been running but is in the process of being stopped
243     * (but is not yet fully stopped, and still running some code).
244     * @param user The user to retrieve the running state for.
245     */
246    public boolean isUserRunningOrStopping(UserHandle user) {
247        try {
248            return ActivityManagerNative.getDefault().isUserRunning(
249                    user.getIdentifier(), true);
250        } catch (RemoteException e) {
251            return false;
252        }
253    }
254
255    /**
256     * Returns the UserInfo object describing a specific user.
257     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
258     * @param userHandle the user handle of the user whose information is being requested.
259     * @return the UserInfo object for a specific user.
260     * @hide
261     */
262    public UserInfo getUserInfo(int userHandle) {
263        try {
264            return mService.getUserInfo(userHandle);
265        } catch (RemoteException re) {
266            Log.w(TAG, "Could not get user info", re);
267            return null;
268        }
269    }
270
271    /**
272     * Returns the user-wide restrictions imposed on this user.
273     * @return a Bundle containing all the restrictions.
274     */
275    public Bundle getUserRestrictions() {
276        return getUserRestrictions(Process.myUserHandle());
277    }
278
279    /**
280     * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>.
281     * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
282     * @return a Bundle containing all the restrictions.
283     */
284    public Bundle getUserRestrictions(UserHandle userHandle) {
285        try {
286            return mService.getUserRestrictions(userHandle.getIdentifier());
287        } catch (RemoteException re) {
288            Log.w(TAG, "Could not get user restrictions", re);
289            return Bundle.EMPTY;
290        }
291    }
292
293    /**
294     * Sets all the user-wide restrictions for this user.
295     * Requires the MANAGE_USERS permission.
296     * @param restrictions the Bundle containing all the restrictions.
297     */
298    public void setUserRestrictions(Bundle restrictions) {
299        setUserRestrictions(restrictions, Process.myUserHandle());
300    }
301
302    /**
303     * Sets all the user-wide restrictions for the specified user.
304     * Requires the MANAGE_USERS permission.
305     * @param restrictions the Bundle containing all the restrictions.
306     * @param userHandle the UserHandle of the user for whom to set the restrictions.
307     */
308    public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) {
309        try {
310            mService.setUserRestrictions(restrictions, userHandle.getIdentifier());
311        } catch (RemoteException re) {
312            Log.w(TAG, "Could not set user restrictions", re);
313        }
314    }
315
316    /**
317     * Sets the value of a specific restriction.
318     * Requires the MANAGE_USERS permission.
319     * @param key the key of the restriction
320     * @param value the value for the restriction
321     */
322    public void setUserRestriction(String key, boolean value) {
323        Bundle bundle = getUserRestrictions();
324        bundle.putBoolean(key, value);
325        setUserRestrictions(bundle);
326    }
327
328    /**
329     * @hide
330     * Sets the value of a specific restriction on a specific user.
331     * Requires the {@link android.Manifest.permission#MANAGE_USERS} permission.
332     * @param key the key of the restriction
333     * @param value the value for the restriction
334     * @param userHandle the user whose restriction is to be changed.
335     */
336    public void setUserRestriction(String key, boolean value, UserHandle userHandle) {
337        Bundle bundle = getUserRestrictions(userHandle);
338        bundle.putBoolean(key, value);
339        setUserRestrictions(bundle, userHandle);
340    }
341
342    /**
343     * @hide
344     * Returns whether the current user has been disallowed from performing certain actions
345     * or setting certain settings.
346     * @param restrictionKey the string key representing the restriction
347     */
348    public boolean hasUserRestriction(String restrictionKey) {
349        return hasUserRestriction(restrictionKey, Process.myUserHandle());
350    }
351
352    /**
353     * @hide
354     * Returns whether the given user has been disallowed from performing certain actions
355     * or setting certain settings.
356     * @param restrictionKey the string key representing the restriction
357     * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
358     */
359    public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) {
360        return getUserRestrictions(userHandle).getBoolean(restrictionKey, false);
361    }
362
363    /**
364     * Return the serial number for a user.  This is a device-unique
365     * number assigned to that user; if the user is deleted and then a new
366     * user created, the new users will not be given the same serial number.
367     * @param user The user whose serial number is to be retrieved.
368     * @return The serial number of the given user; returns -1 if the
369     * given UserHandle does not exist.
370     * @see #getUserForSerialNumber(long)
371     */
372    public long getSerialNumberForUser(UserHandle user) {
373        return getUserSerialNumber(user.getIdentifier());
374    }
375
376    /**
377     * Return the user associated with a serial number previously
378     * returned by {@link #getSerialNumberForUser(UserHandle)}.
379     * @param serialNumber The serial number of the user that is being
380     * retrieved.
381     * @return Return the user associated with the serial number, or null
382     * if there is not one.
383     * @see #getSerialNumberForUser(UserHandle)
384     */
385    public UserHandle getUserForSerialNumber(long serialNumber) {
386        int ident = getUserHandle((int)serialNumber);
387        return ident >= 0 ? new UserHandle(ident) : null;
388    }
389
390    /**
391     * Creates a user with the specified name and options.
392     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
393     *
394     * @param name the user's name
395     * @param flags flags that identify the type of user and other properties.
396     * @see UserInfo
397     *
398     * @return the UserInfo object for the created user, or null if the user could not be created.
399     * @hide
400     */
401    public UserInfo createUser(String name, int flags) {
402        try {
403            return mService.createUser(name, flags);
404        } catch (RemoteException re) {
405            Log.w(TAG, "Could not create a user", re);
406            return null;
407        }
408    }
409
410    /**
411     * Creates a user with the specified name and options.
412     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
413     *
414     * @param name the user's name
415     * @param flags flags that identify the type of user and other properties.
416     * @see UserInfo
417     * @param relatedUserId new user will be related to this user id.
418     *
419     * @return the UserInfo object for the created user, or null if the user could not be created.
420     * @hide
421     */
422    public UserInfo createRelatedUser(String name, int flags, int relatedUserId) {
423        try {
424            return mService.createRelatedUser(name, flags, relatedUserId);
425        } catch (RemoteException re) {
426            Log.w(TAG, "Could not create a user", re);
427            return null;
428        }
429    }
430
431    /**
432     * Return the number of users currently created on the device.
433     */
434    public int getUserCount() {
435        List<UserInfo> users = getUsers();
436        return users != null ? users.size() : 1;
437    }
438
439    /**
440     * Returns information for all users on this device.
441     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
442     * @return the list of users that were created.
443     * @hide
444     */
445    public List<UserInfo> getUsers() {
446        try {
447            return mService.getUsers(false);
448        } catch (RemoteException re) {
449            Log.w(TAG, "Could not get user list", re);
450            return null;
451        }
452    }
453
454    /**
455     * Returns information for all users related to userId
456     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
457     * @param userHandle users related to this user id will be returned.
458     * @return the list of related users.
459     * @hide
460     */
461    public List<UserInfo> getRelatedUsers(int userHandle) {
462        try {
463            return mService.getRelatedUsers(userHandle);
464        } catch (RemoteException re) {
465            Log.w(TAG, "Could not get user list", re);
466            return null;
467        }
468    }
469
470    /**
471     * Returns information for all users on this device.
472     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
473     * @param excludeDying specify if the list should exclude users being removed.
474     * @return the list of users that were created.
475     * @hide
476     */
477    public List<UserInfo> getUsers(boolean excludeDying) {
478        try {
479            return mService.getUsers(excludeDying);
480        } catch (RemoteException re) {
481            Log.w(TAG, "Could not get user list", re);
482            return null;
483        }
484    }
485
486    /**
487     * Removes a user and all associated data.
488     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
489     * @param userHandle the integer handle of the user, where 0 is the primary user.
490     * @hide
491     */
492    public boolean removeUser(int userHandle) {
493        try {
494            return mService.removeUser(userHandle);
495        } catch (RemoteException re) {
496            Log.w(TAG, "Could not remove user ", re);
497            return false;
498        }
499    }
500
501    /**
502     * Updates the user's name.
503     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
504     *
505     * @param userHandle the user's integer handle
506     * @param name the new name for the user
507     * @hide
508     */
509    public void setUserName(int userHandle, String name) {
510        try {
511            mService.setUserName(userHandle, name);
512        } catch (RemoteException re) {
513            Log.w(TAG, "Could not set the user name ", re);
514        }
515    }
516
517    /**
518     * Sets the user's photo.
519     * @param userHandle the user for whom to change the photo.
520     * @param icon the bitmap to set as the photo.
521     * @hide
522     */
523    public void setUserIcon(int userHandle, Bitmap icon) {
524        try {
525            mService.setUserIcon(userHandle, icon);
526        } catch (RemoteException re) {
527            Log.w(TAG, "Could not set the user icon ", re);
528        }
529    }
530
531    /**
532     * Returns a file descriptor for the user's photo. PNG data can be read from this file.
533     * @param userHandle the user whose photo we want to read.
534     * @return a {@link Bitmap} of the user's photo, or null if there's no photo.
535     * @hide
536     */
537    public Bitmap getUserIcon(int userHandle) {
538        try {
539            return mService.getUserIcon(userHandle);
540        } catch (RemoteException re) {
541            Log.w(TAG, "Could not get the user icon ", re);
542            return null;
543        }
544    }
545
546    /**
547     * Enable or disable the use of a guest account. If disabled, the existing guest account
548     * will be wiped.
549     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
550     * @param enable whether to enable a guest account.
551     * @hide
552     */
553    public void setGuestEnabled(boolean enable) {
554        try {
555            mService.setGuestEnabled(enable);
556        } catch (RemoteException re) {
557            Log.w(TAG, "Could not change guest account availability to " + enable);
558        }
559    }
560
561    /**
562     * Checks if a guest user is enabled for this device.
563     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
564     * @return whether a guest user is enabled
565     * @hide
566     */
567    public boolean isGuestEnabled() {
568        try {
569            return mService.isGuestEnabled();
570        } catch (RemoteException re) {
571            Log.w(TAG, "Could not retrieve guest enabled state");
572            return false;
573        }
574    }
575
576    /**
577     * Wipes all the data for a user, but doesn't remove the user.
578     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
579     * @param userHandle
580     * @hide
581     */
582    public void wipeUser(int userHandle) {
583        try {
584            mService.wipeUser(userHandle);
585        } catch (RemoteException re) {
586            Log.w(TAG, "Could not wipe user " + userHandle);
587        }
588    }
589
590    /**
591     * Returns the maximum number of users that can be created on this device. A return value
592     * of 1 means that it is a single user device.
593     * @hide
594     * @return a value greater than or equal to 1
595     */
596    public static int getMaxSupportedUsers() {
597        // Don't allow multiple users on certain builds
598        if (android.os.Build.ID.startsWith("JVP")) return 1;
599        return SystemProperties.getInt("fw.max_users",
600                Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers));
601    }
602
603    /**
604     * Returns a serial number on this device for a given userHandle. User handles can be recycled
605     * when deleting and creating users, but serial numbers are not reused until the device is wiped.
606     * @param userHandle
607     * @return a serial number associated with that user, or -1 if the userHandle is not valid.
608     * @hide
609     */
610    public int getUserSerialNumber(int userHandle) {
611        try {
612            return mService.getUserSerialNumber(userHandle);
613        } catch (RemoteException re) {
614            Log.w(TAG, "Could not get serial number for user " + userHandle);
615        }
616        return -1;
617    }
618
619    /**
620     * Returns a userHandle on this device for a given user serial number. User handles can be
621     * recycled when deleting and creating users, but serial numbers are not reused until the device
622     * is wiped.
623     * @param userSerialNumber
624     * @return the userHandle associated with that user serial number, or -1 if the serial number
625     * is not valid.
626     * @hide
627     */
628    public int getUserHandle(int userSerialNumber) {
629        try {
630            return mService.getUserHandle(userSerialNumber);
631        } catch (RemoteException re) {
632            Log.w(TAG, "Could not get userHandle for user " + userSerialNumber);
633        }
634        return -1;
635    }
636
637    /**
638     * Returns a Bundle containing any saved application restrictions for this user, for the
639     * given package name. Only an application with this package name can call this method.
640     * @param packageName the package name of the calling application
641     * @return a Bundle with the restrictions as key/value pairs, or null if there are no
642     * saved restrictions. The values can be of type Boolean, String or String[], depending
643     * on the restriction type, as defined by the application.
644     */
645    public Bundle getApplicationRestrictions(String packageName) {
646        try {
647            return mService.getApplicationRestrictions(packageName);
648        } catch (RemoteException re) {
649            Log.w(TAG, "Could not get application restrictions for package " + packageName);
650        }
651        return null;
652    }
653
654    /**
655     * @hide
656     */
657    public Bundle getApplicationRestrictions(String packageName, UserHandle user) {
658        try {
659            return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier());
660        } catch (RemoteException re) {
661            Log.w(TAG, "Could not get application restrictions for user " + user.getIdentifier());
662        }
663        return null;
664    }
665
666    /**
667     * @hide
668     */
669    public void setApplicationRestrictions(String packageName, Bundle restrictions,
670            UserHandle user) {
671        try {
672            mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier());
673        } catch (RemoteException re) {
674            Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier());
675        }
676    }
677
678    /**
679     * Sets a new challenge PIN for restrictions. This is only for use by pre-installed
680     * apps and requires the MANAGE_USERS permission.
681     * @param newPin the PIN to use for challenge dialogs.
682     * @return Returns true if the challenge PIN was set successfully.
683     */
684    public boolean setRestrictionsChallenge(String newPin) {
685        try {
686            return mService.setRestrictionsChallenge(newPin);
687        } catch (RemoteException re) {
688            Log.w(TAG, "Could not change restrictions pin");
689        }
690        return false;
691    }
692
693    /**
694     * @hide
695     * @param pin The PIN to verify, or null to get the number of milliseconds to wait for before
696     * allowing the user to enter the PIN.
697     * @return Returns a positive number (including zero) for how many milliseconds before
698     * you can accept another PIN, when the input is null or the input doesn't match the saved PIN.
699     * Returns {@link #PIN_VERIFICATION_SUCCESS} if the input matches the saved PIN. Returns
700     * {@link #PIN_VERIFICATION_FAILED_NOT_SET} if there is no PIN set.
701     */
702    public int checkRestrictionsChallenge(String pin) {
703        try {
704            return mService.checkRestrictionsChallenge(pin);
705        } catch (RemoteException re) {
706            Log.w(TAG, "Could not check restrictions pin");
707        }
708        return PIN_VERIFICATION_FAILED_INCORRECT;
709    }
710
711    /**
712     * @hide
713     * Checks whether the user has restrictions that are PIN-protected. An application that
714     * participates in restrictions can check if the owner has requested a PIN challenge for
715     * any restricted operations. If there is a PIN in effect, the application should launch
716     * the PIN challenge activity {@link android.content.Intent#ACTION_RESTRICTIONS_CHALLENGE}.
717     * @see android.content.Intent#ACTION_RESTRICTIONS_CHALLENGE
718     * @return whether a restrictions PIN is in effect.
719     */
720    public boolean hasRestrictionsChallenge() {
721        try {
722            return mService.hasRestrictionsChallenge();
723        } catch (RemoteException re) {
724            Log.w(TAG, "Could not change restrictions pin");
725        }
726        return false;
727    }
728
729    /** @hide */
730    public void removeRestrictions() {
731        try {
732            mService.removeRestrictions();
733        } catch (RemoteException re) {
734            Log.w(TAG, "Could not change restrictions pin");
735        }
736    }
737}
738