UserManager.java revision b12ba933f3db9280edcb6a3591741d29c109a4e2
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package android.os; 17 18import android.app.ActivityManagerNative; 19import android.content.Context; 20import android.content.RestrictionEntry; 21import android.content.pm.UserInfo; 22import android.content.res.Resources; 23import android.graphics.Bitmap; 24import android.util.Log; 25 26import com.android.internal.R; 27 28import java.util.List; 29 30/** 31 * Manages users and user details on a multi-user system. 32 */ 33public class UserManager { 34 35 private static String TAG = "UserManager"; 36 private final IUserManager mService; 37 private final Context mContext; 38 39 /** 40 * Key for user restrictions. Specifies if a user is disallowed from adding and removing 41 * accounts. 42 * The default value is <code>false</code>. 43 * <p/> 44 * Type: Boolean 45 * @see #setUserRestrictions(Bundle) 46 * @see #getUserRestrictions() 47 */ 48 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 49 50 /** 51 * Key for user restrictions. Specifies if a user is disallowed from changing Wi-Fi 52 * access points. 53 * The default value is <code>false</code>. 54 * <p/> 55 * Type: Boolean 56 * @see #setUserRestrictions(Bundle) 57 * @see #getUserRestrictions() 58 */ 59 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 60 61 /** 62 * Key for user restrictions. Specifies if a user is disallowed from installing applications. 63 * The default value is <code>false</code>. 64 * <p/> 65 * Type: Boolean 66 * @see #setUserRestrictions(Bundle) 67 * @see #getUserRestrictions() 68 */ 69 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 70 71 /** 72 * Key for user restrictions. Specifies if a user is disallowed from uninstalling applications. 73 * The default value is <code>false</code>. 74 * <p/> 75 * Type: Boolean 76 * @see #setUserRestrictions(Bundle) 77 * @see #getUserRestrictions() 78 */ 79 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 80 81 /** 82 * Key for user restrictions. Specifies if a user is disallowed from toggling location sharing. 83 * The default value is <code>false</code>. 84 * <p/> 85 * Type: Boolean 86 * @see #setUserRestrictions(Bundle) 87 * @see #getUserRestrictions() 88 */ 89 90 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 91 92 /** 93 * Key for user restrictions. Specifies if a user is disallowed from enabling the 94 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 95 * The default value is <code>false</code>. 96 * <p/> 97 * Type: Boolean 98 * @see #setUserRestrictions(Bundle) 99 * @see #getUserRestrictions() 100 */ 101 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 102 103 /** 104 * Key for user restrictions. Specifies if a user is disallowed from configuring bluetooth. 105 * The default value is <code>false</code>. 106 * <p/> 107 * Type: Boolean 108 * @see #setUserRestrictions(Bundle) 109 * @see #getUserRestrictions() 110 */ 111 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 112 113 /** 114 * Key for user restrictions. Specifies if a user is disallowed from transferring files over 115 * USB. The default value is <code>false</code>. 116 * <p/> 117 * Type: Boolean 118 * @see #setUserRestrictions(Bundle) 119 * @see #getUserRestrictions() 120 */ 121 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 122 123 /** 124 * Key for user restrictions. Specifies if a user is disallowed from configuring user 125 * credentials. The default value is <code>false</code>. 126 * <p/> 127 * Type: Boolean 128 * @see #setUserRestrictions(Bundle) 129 * @see #getUserRestrictions() 130 */ 131 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 132 133 /** 134 * Key for user restrictions. Specifies if a user is disallowed from removing users. 135 * The default value is <code>false</code>. 136 * <p/> 137 * Type: Boolean 138 * @see #setUserRestrictions(Bundle) 139 * @see #getUserRestrictions() 140 */ 141 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 142 143 /** 144 * Key for user restrictions. Specifies if a user is disallowed from setting app restrictions 145 * via a restrictions PIN. The default is <code>false</code>. If app restrictions have already 146 * been set up, then this user restriction cannot be set to true. 147 * <p/> 148 * Type: Boolean 149 * @see #hasRestrictionsPin() 150 */ 151 public static final String DISALLOW_APP_RESTRICTIONS = "no_app_restrictions"; 152 153 /** @hide */ 154 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 155 /** @hide */ 156 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 157 /** @hide */ 158 public static final int PIN_VERIFICATION_SUCCESS = -1; 159 160 private static UserManager sInstance = null; 161 162 /** @hide */ 163 public synchronized static UserManager get(Context context) { 164 if (sInstance == null) { 165 sInstance = (UserManager) context.getSystemService(Context.USER_SERVICE); 166 } 167 return sInstance; 168 } 169 170 /** @hide */ 171 public UserManager(Context context, IUserManager service) { 172 mService = service; 173 mContext = context; 174 } 175 176 /** 177 * Returns whether the system supports multiple users. 178 * @return true if multiple users can be created, false if it is a single user device. 179 * @hide 180 */ 181 public static boolean supportsMultipleUsers() { 182 return getMaxSupportedUsers() > 1; 183 } 184 185 /** 186 * Returns the user handle for the user that this application is running for. 187 * @return the user handle of the user making this call. 188 * @hide 189 */ 190 public int getUserHandle() { 191 return UserHandle.myUserId(); 192 } 193 194 /** 195 * Returns the user name of the user making this call. This call is only 196 * available to applications on the system image; it requires the 197 * MANAGE_USERS permission. 198 * @return the user name 199 */ 200 public String getUserName() { 201 try { 202 return mService.getUserInfo(getUserHandle()).name; 203 } catch (RemoteException re) { 204 Log.w(TAG, "Could not get user name", re); 205 return ""; 206 } 207 } 208 209 /** 210 * Used to determine whether the user making this call is subject to 211 * teleportations. 212 * @return whether the user making this call is a goat 213 */ 214 public boolean isUserAGoat() { 215 return false; 216 } 217 218 /** 219 * Used to check if the user making this call is linked to another user. Linked users may have 220 * a reduced number of available apps, app restrictions and account restrictions. 221 * @return whether the user making this call is a linked user 222 * @hide 223 */ 224 public boolean isLinkedUser() { 225 try { 226 return mService.isRestricted(); 227 } catch (RemoteException re) { 228 Log.w(TAG, "Could not check if user is limited ", re); 229 return false; 230 } 231 } 232 233 /** 234 * Return whether the given user is actively running. This means that 235 * the user is in the "started" state, not "stopped" -- it is currently 236 * allowed to run code through scheduled alarms, receiving broadcasts, 237 * etc. A started user may be either the current foreground user or a 238 * background user; the result here does not distinguish between the two. 239 * @param user The user to retrieve the running state for. 240 */ 241 public boolean isUserRunning(UserHandle user) { 242 try { 243 return ActivityManagerNative.getDefault().isUserRunning( 244 user.getIdentifier(), false); 245 } catch (RemoteException e) { 246 return false; 247 } 248 } 249 250 /** 251 * Return whether the given user is actively running <em>or</em> stopping. 252 * This is like {@link #isUserRunning(UserHandle)}, but will also return 253 * true if the user had been running but is in the process of being stopped 254 * (but is not yet fully stopped, and still running some code). 255 * @param user The user to retrieve the running state for. 256 */ 257 public boolean isUserRunningOrStopping(UserHandle user) { 258 try { 259 return ActivityManagerNative.getDefault().isUserRunning( 260 user.getIdentifier(), true); 261 } catch (RemoteException e) { 262 return false; 263 } 264 } 265 266 /** 267 * Returns the UserInfo object describing a specific user. 268 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 269 * @param userHandle the user handle of the user whose information is being requested. 270 * @return the UserInfo object for a specific user. 271 * @hide 272 */ 273 public UserInfo getUserInfo(int userHandle) { 274 try { 275 return mService.getUserInfo(userHandle); 276 } catch (RemoteException re) { 277 Log.w(TAG, "Could not get user info", re); 278 return null; 279 } 280 } 281 282 /** 283 * Returns the user-wide restrictions imposed on this user. 284 * @return a Bundle containing all the restrictions. 285 */ 286 public Bundle getUserRestrictions() { 287 return getUserRestrictions(Process.myUserHandle()); 288 } 289 290 /** 291 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 292 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 293 * @return a Bundle containing all the restrictions. 294 */ 295 public Bundle getUserRestrictions(UserHandle userHandle) { 296 try { 297 return mService.getUserRestrictions(userHandle.getIdentifier()); 298 } catch (RemoteException re) { 299 Log.w(TAG, "Could not get user restrictions", re); 300 return Bundle.EMPTY; 301 } 302 } 303 304 /** 305 * Sets all the user-wide restrictions for this user. 306 * Requires the MANAGE_USERS permission. 307 * @param restrictions the Bundle containing all the restrictions. 308 */ 309 public void setUserRestrictions(Bundle restrictions) { 310 setUserRestrictions(restrictions, Process.myUserHandle()); 311 } 312 313 /** 314 * Sets all the user-wide restrictions for the specified user. 315 * Requires the MANAGE_USERS permission. 316 * @param restrictions the Bundle containing all the restrictions. 317 * @param userHandle the UserHandle of the user for whom to set the restrictions. 318 */ 319 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 320 try { 321 mService.setUserRestrictions(restrictions, userHandle.getIdentifier()); 322 } catch (RemoteException re) { 323 Log.w(TAG, "Could not set user restrictions", re); 324 } 325 } 326 327 /** 328 * Sets the value of a specific restriction. 329 * Requires the MANAGE_USERS permission. 330 * @param key the key of the restriction 331 * @param value the value for the restriction 332 */ 333 public void setUserRestriction(String key, boolean value) { 334 Bundle bundle = getUserRestrictions(); 335 bundle.putBoolean(key, value); 336 setUserRestrictions(bundle); 337 } 338 339 /** 340 * @hide 341 * Sets the value of a specific restriction on a specific user. 342 * Requires the {@link android.Manifest.permission#MANAGE_USERS} permission. 343 * @param key the key of the restriction 344 * @param value the value for the restriction 345 * @param userHandle the user whose restriction is to be changed. 346 */ 347 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 348 Bundle bundle = getUserRestrictions(userHandle); 349 bundle.putBoolean(key, value); 350 setUserRestrictions(bundle, userHandle); 351 } 352 353 /** 354 * @hide 355 * Returns whether the current user has been disallowed from performing certain actions 356 * or setting certain settings. 357 * @param restrictionKey the string key representing the restriction 358 */ 359 public boolean hasUserRestriction(String restrictionKey) { 360 return hasUserRestriction(restrictionKey, Process.myUserHandle()); 361 } 362 363 /** 364 * @hide 365 * Returns whether the given user has been disallowed from performing certain actions 366 * or setting certain settings. 367 * @param restrictionKey the string key representing the restriction 368 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 369 */ 370 public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) { 371 return getUserRestrictions(userHandle).getBoolean(restrictionKey, false); 372 } 373 374 /** 375 * Return the serial number for a user. This is a device-unique 376 * number assigned to that user; if the user is deleted and then a new 377 * user created, the new users will not be given the same serial number. 378 * @param user The user whose serial number is to be retrieved. 379 * @return The serial number of the given user; returns -1 if the 380 * given UserHandle does not exist. 381 * @see #getUserForSerialNumber(long) 382 */ 383 public long getSerialNumberForUser(UserHandle user) { 384 return getUserSerialNumber(user.getIdentifier()); 385 } 386 387 /** 388 * Return the user associated with a serial number previously 389 * returned by {@link #getSerialNumberForUser(UserHandle)}. 390 * @param serialNumber The serial number of the user that is being 391 * retrieved. 392 * @return Return the user associated with the serial number, or null 393 * if there is not one. 394 * @see #getSerialNumberForUser(UserHandle) 395 */ 396 public UserHandle getUserForSerialNumber(long serialNumber) { 397 int ident = getUserHandle((int)serialNumber); 398 return ident >= 0 ? new UserHandle(ident) : null; 399 } 400 401 /** 402 * Creates a user with the specified name and options. 403 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 404 * 405 * @param name the user's name 406 * @param flags flags that identify the type of user and other properties. 407 * @see UserInfo 408 * 409 * @return the UserInfo object for the created user, or null if the user could not be created. 410 * @hide 411 */ 412 public UserInfo createUser(String name, int flags) { 413 try { 414 return mService.createUser(name, flags); 415 } catch (RemoteException re) { 416 Log.w(TAG, "Could not create a user", re); 417 return null; 418 } 419 } 420 421 /** 422 * Return the number of users currently created on the device. 423 */ 424 public int getUserCount() { 425 List<UserInfo> users = getUsers(); 426 return users != null ? users.size() : 1; 427 } 428 429 /** 430 * Returns information for all users on this device. 431 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 432 * @return the list of users that were created. 433 * @hide 434 */ 435 public List<UserInfo> getUsers() { 436 try { 437 return mService.getUsers(false); 438 } catch (RemoteException re) { 439 Log.w(TAG, "Could not get user list", re); 440 return null; 441 } 442 } 443 444 /** 445 * Returns information for all users on this device. 446 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 447 * @param excludeDying specify if the list should exclude users being removed. 448 * @return the list of users that were created. 449 * @hide 450 */ 451 public List<UserInfo> getUsers(boolean excludeDying) { 452 try { 453 return mService.getUsers(excludeDying); 454 } catch (RemoteException re) { 455 Log.w(TAG, "Could not get user list", re); 456 return null; 457 } 458 } 459 460 /** 461 * Removes a user and all associated data. 462 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 463 * @param userHandle the integer handle of the user, where 0 is the primary user. 464 * @hide 465 */ 466 public boolean removeUser(int userHandle) { 467 try { 468 return mService.removeUser(userHandle); 469 } catch (RemoteException re) { 470 Log.w(TAG, "Could not remove user ", re); 471 return false; 472 } 473 } 474 475 /** 476 * Updates the user's name. 477 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 478 * 479 * @param userHandle the user's integer handle 480 * @param name the new name for the user 481 * @hide 482 */ 483 public void setUserName(int userHandle, String name) { 484 try { 485 mService.setUserName(userHandle, name); 486 } catch (RemoteException re) { 487 Log.w(TAG, "Could not set the user name ", re); 488 } 489 } 490 491 /** 492 * Sets the user's photo. 493 * @param userHandle the user for whom to change the photo. 494 * @param icon the bitmap to set as the photo. 495 * @hide 496 */ 497 public void setUserIcon(int userHandle, Bitmap icon) { 498 try { 499 mService.setUserIcon(userHandle, icon); 500 } catch (RemoteException re) { 501 Log.w(TAG, "Could not set the user icon ", re); 502 } 503 } 504 505 /** 506 * Returns a file descriptor for the user's photo. PNG data can be read from this file. 507 * @param userHandle the user whose photo we want to read. 508 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 509 * @hide 510 */ 511 public Bitmap getUserIcon(int userHandle) { 512 try { 513 return mService.getUserIcon(userHandle); 514 } catch (RemoteException re) { 515 Log.w(TAG, "Could not get the user icon ", re); 516 return null; 517 } 518 } 519 520 /** 521 * Enable or disable the use of a guest account. If disabled, the existing guest account 522 * will be wiped. 523 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 524 * @param enable whether to enable a guest account. 525 * @hide 526 */ 527 public void setGuestEnabled(boolean enable) { 528 try { 529 mService.setGuestEnabled(enable); 530 } catch (RemoteException re) { 531 Log.w(TAG, "Could not change guest account availability to " + enable); 532 } 533 } 534 535 /** 536 * Checks if a guest user is enabled for this device. 537 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 538 * @return whether a guest user is enabled 539 * @hide 540 */ 541 public boolean isGuestEnabled() { 542 try { 543 return mService.isGuestEnabled(); 544 } catch (RemoteException re) { 545 Log.w(TAG, "Could not retrieve guest enabled state"); 546 return false; 547 } 548 } 549 550 /** 551 * Wipes all the data for a user, but doesn't remove the user. 552 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 553 * @param userHandle 554 * @hide 555 */ 556 public void wipeUser(int userHandle) { 557 try { 558 mService.wipeUser(userHandle); 559 } catch (RemoteException re) { 560 Log.w(TAG, "Could not wipe user " + userHandle); 561 } 562 } 563 564 /** 565 * Returns the maximum number of users that can be created on this device. A return value 566 * of 1 means that it is a single user device. 567 * @hide 568 * @return a value greater than or equal to 1 569 */ 570 public static int getMaxSupportedUsers() { 571 // Don't allow multiple users on certain builds 572 if (android.os.Build.ID.startsWith("JVP")) return 1; 573 return SystemProperties.getInt("fw.max_users", 574 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 575 } 576 577 /** 578 * Returns a serial number on this device for a given userHandle. User handles can be recycled 579 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 580 * @param userHandle 581 * @return a serial number associated with that user, or -1 if the userHandle is not valid. 582 * @hide 583 */ 584 public int getUserSerialNumber(int userHandle) { 585 try { 586 return mService.getUserSerialNumber(userHandle); 587 } catch (RemoteException re) { 588 Log.w(TAG, "Could not get serial number for user " + userHandle); 589 } 590 return -1; 591 } 592 593 /** 594 * Returns a userHandle on this device for a given user serial number. User handles can be 595 * recycled when deleting and creating users, but serial numbers are not reused until the device 596 * is wiped. 597 * @param userSerialNumber 598 * @return the userHandle associated with that user serial number, or -1 if the serial number 599 * is not valid. 600 * @hide 601 */ 602 public int getUserHandle(int userSerialNumber) { 603 try { 604 return mService.getUserHandle(userSerialNumber); 605 } catch (RemoteException re) { 606 Log.w(TAG, "Could not get userHandle for user " + userSerialNumber); 607 } 608 return -1; 609 } 610 611 /** 612 * Returns a Bundle containing any saved application restrictions for this user, for the 613 * given package name. Only an application with this package name can call this method. 614 * @param packageName the package name of the calling application 615 * @return a Bundle with the restrictions as key/value pairs, or null if there are no 616 * saved restrictions. The values can be of type Boolean, String or String[], depending 617 * on the restriction type, as defined by the application. 618 */ 619 public Bundle getApplicationRestrictions(String packageName) { 620 try { 621 return mService.getApplicationRestrictions(packageName); 622 } catch (RemoteException re) { 623 Log.w(TAG, "Could not get application restrictions for package " + packageName); 624 } 625 return null; 626 } 627 628 /** 629 * @hide 630 */ 631 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 632 try { 633 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 634 } catch (RemoteException re) { 635 Log.w(TAG, "Could not get application restrictions for user " + user.getIdentifier()); 636 } 637 return null; 638 } 639 640 /** 641 * @hide 642 */ 643 public void setApplicationRestrictions(String packageName, Bundle restrictions, 644 UserHandle user) { 645 try { 646 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 647 } catch (RemoteException re) { 648 Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier()); 649 } 650 } 651 652 /** 653 * @hide 654 * Sets a new restrictions PIN. This should only be called after verifying that there 655 * currently isn't a PIN set, or after the user successfully enters the current PIN. 656 * @param newPin 657 * @return Returns true if the PIN was changed successfully. 658 */ 659 public boolean changeRestrictionsPin(String newPin) { 660 try { 661 return mService.changeRestrictionsPin(newPin); 662 } catch (RemoteException re) { 663 Log.w(TAG, "Could not change restrictions pin"); 664 } 665 return false; 666 } 667 668 /** 669 * @hide 670 * @param pin The PIN to verify, or null to get the number of milliseconds to wait for before 671 * allowing the user to enter the PIN. 672 * @return Returns a positive number (including zero) for how many milliseconds before 673 * you can accept another PIN, when the input is null or the input doesn't match the saved PIN. 674 * Returns {@link #PIN_VERIFICATION_SUCCESS} if the input matches the saved PIN. Returns 675 * {@link #PIN_VERIFICATION_FAILED_NOT_SET} if there is no PIN set. 676 */ 677 public int checkRestrictionsPin(String pin) { 678 try { 679 return mService.checkRestrictionsPin(pin); 680 } catch (RemoteException re) { 681 Log.w(TAG, "Could not check restrictions pin"); 682 } 683 return PIN_VERIFICATION_FAILED_INCORRECT; 684 } 685 686 /** 687 * Checks whether the user has restrictions that are PIN-protected. An application that 688 * participates in restrictions can check if the owner has requested a PIN challenge for 689 * any restricted operations. If there is a PIN in effect, the application should launch 690 * the PIN challenge activity {@link android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE}. 691 * @see android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE 692 * @return whether a restrictions PIN is in effect. 693 */ 694 public boolean hasRestrictionsPin() { 695 try { 696 return mService.hasRestrictionsPin(); 697 } catch (RemoteException re) { 698 Log.w(TAG, "Could not change restrictions pin"); 699 } 700 return false; 701 } 702 703 /** @hide */ 704 public void removeRestrictions() { 705 try { 706 mService.removeRestrictions(); 707 } catch (RemoteException re) { 708 Log.w(TAG, "Could not change restrictions pin"); 709 } 710 } 711} 712