UserManager.java revision ef24909d84db9d5aefb825ee1556089fcdcc1678
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package android.os; 17 18import android.annotation.SystemApi; 19import android.app.ActivityManager; 20import android.app.ActivityManagerNative; 21import android.content.Context; 22import android.content.pm.UserInfo; 23import android.content.res.Resources; 24import android.graphics.Bitmap; 25import android.graphics.BitmapFactory; 26import android.graphics.Rect; 27import android.graphics.drawable.Drawable; 28import android.provider.Settings; 29import android.util.Log; 30import android.view.WindowManager.LayoutParams; 31 32import com.android.internal.R; 33 34import java.io.IOException; 35import java.util.ArrayList; 36import java.util.List; 37 38/** 39 * Manages users and user details on a multi-user system. 40 */ 41public class UserManager { 42 43 private static String TAG = "UserManager"; 44 private final IUserManager mService; 45 private final Context mContext; 46 47 /** 48 * Specifies if a user is disallowed from adding and removing accounts. 49 * The default value is <code>false</code>. 50 * 51 * <p/>Key for user restrictions. 52 * <p/>Type: Boolean 53 * @see #setUserRestrictions(Bundle) 54 * @see #getUserRestrictions() 55 */ 56 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 57 58 /** 59 * Specifies if a user is disallowed from changing Wi-Fi 60 * access points. The default value is <code>false</code>. 61 * <p/>This restriction has no effect in a managed profile. 62 * 63 * <p/>Key for user restrictions. 64 * <p/>Type: Boolean 65 * @see #setUserRestrictions(Bundle) 66 * @see #getUserRestrictions() 67 */ 68 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 69 70 /** 71 * Specifies if a user is disallowed from installing applications. 72 * The default value is <code>false</code>. 73 * 74 * <p/>Key for user restrictions. 75 * <p/>Type: Boolean 76 * @see #setUserRestrictions(Bundle) 77 * @see #getUserRestrictions() 78 */ 79 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 80 81 /** 82 * Specifies if a user is disallowed from uninstalling applications. 83 * The default value is <code>false</code>. 84 * 85 * <p/>Key for user restrictions. 86 * <p/>Type: Boolean 87 * @see #setUserRestrictions(Bundle) 88 * @see #getUserRestrictions() 89 */ 90 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 91 92 /** 93 * Specifies if a user is disallowed from turning on location sharing. 94 * The default value is <code>false</code>. 95 * <p/>In a managed profile, location sharing always reflects the primary user's setting, but 96 * can be overridden and forced off by setting this restriction to true in the managed profile. 97 * 98 * <p/>Key for user restrictions. 99 * <p/>Type: Boolean 100 * @see #setUserRestrictions(Bundle) 101 * @see #getUserRestrictions() 102 */ 103 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 104 105 /** 106 * Specifies if a user is disallowed from enabling the 107 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 108 * The default value is <code>false</code>. 109 * 110 * <p/>Key for user restrictions. 111 * <p/>Type: Boolean 112 * @see #setUserRestrictions(Bundle) 113 * @see #getUserRestrictions() 114 */ 115 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 116 117 /** 118 * Specifies if a user is disallowed from configuring bluetooth. 119 * This does <em>not</em> restrict the user from turning bluetooth on or off. 120 * The default value is <code>false</code>. 121 * <p/>This restriction has no effect in a managed profile. 122 * 123 * <p/>Key for user restrictions. 124 * <p/>Type: Boolean 125 * @see #setUserRestrictions(Bundle) 126 * @see #getUserRestrictions() 127 */ 128 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 129 130 /** 131 * Specifies if a user is disallowed from transferring files over 132 * USB. This can only be set by device owners and profile owners on the primary user. 133 * The default value is <code>false</code>. 134 * 135 * <p/>Key for user restrictions. 136 * <p/>Type: Boolean 137 * @see #setUserRestrictions(Bundle) 138 * @see #getUserRestrictions() 139 */ 140 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 141 142 /** 143 * Specifies if a user is disallowed from configuring user 144 * credentials. The default value is <code>false</code>. 145 * 146 * <p/>Key for user restrictions. 147 * <p/>Type: Boolean 148 * @see #setUserRestrictions(Bundle) 149 * @see #getUserRestrictions() 150 */ 151 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 152 153 /** 154 * When set on the primary user this specifies if the user can remove other users. 155 * When set on a secondary user, this specifies if the user can remove itself. 156 * This restriction has no effect on managed profiles. 157 * The default value is <code>false</code>. 158 * 159 * <p/>Key for user restrictions. 160 * <p/>Type: Boolean 161 * @see #setUserRestrictions(Bundle) 162 * @see #getUserRestrictions() 163 */ 164 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 165 166 /** 167 * Specifies if a user is disallowed from enabling or 168 * accessing debugging features. The default value is <code>false</code>. 169 * 170 * <p/>Key for user restrictions. 171 * <p/>Type: Boolean 172 * @see #setUserRestrictions(Bundle) 173 * @see #getUserRestrictions() 174 */ 175 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features"; 176 177 /** 178 * Specifies if a user is disallowed from configuring VPN. 179 * The default value is <code>false</code>. 180 * This restriction has no effect in a managed profile. 181 * 182 * <p/>Key for user restrictions. 183 * <p/>Type: Boolean 184 * @see #setUserRestrictions(Bundle) 185 * @see #getUserRestrictions() 186 */ 187 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn"; 188 189 /** 190 * Specifies if a user is disallowed from configuring Tethering 191 * & portable hotspots. This can only be set by device owners and profile owners on the 192 * primary user. The default value is <code>false</code>. 193 * 194 * <p/>Key for user restrictions. 195 * <p/>Type: Boolean 196 * @see #setUserRestrictions(Bundle) 197 * @see #getUserRestrictions() 198 */ 199 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering"; 200 201 /** 202 * Specifies if a user is disallowed from factory resetting 203 * from Settings. This can only be set by device owners and profile owners on the primary user. 204 * The default value is <code>false</code>. 205 * <p/>This restriction has no effect on secondary users and managed profiles since only the 206 * primary user can factory reset the device. 207 * 208 * <p/>Key for user restrictions. 209 * <p/>Type: Boolean 210 * @see #setUserRestrictions(Bundle) 211 * @see #getUserRestrictions() 212 */ 213 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset"; 214 215 /** 216 * Specifies if a user is disallowed from adding new users and 217 * profiles. This can only be set by device owners and profile owners on the primary user. 218 * The default value is <code>false</code>. 219 * <p/>This restriction has no effect on secondary users and managed profiles since only the 220 * primary user can add other users. 221 * 222 * <p/>Key for user restrictions. 223 * <p/>Type: Boolean 224 * @see #setUserRestrictions(Bundle) 225 * @see #getUserRestrictions() 226 */ 227 public static final String DISALLOW_ADD_USER = "no_add_user"; 228 229 /** 230 * Specifies if a user is disallowed from disabling application 231 * verification. The default value is <code>false</code>. 232 * 233 * <p/>Key for user restrictions. 234 * <p/>Type: Boolean 235 * @see #setUserRestrictions(Bundle) 236 * @see #getUserRestrictions() 237 */ 238 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps"; 239 240 /** 241 * Specifies if a user is disallowed from configuring cell 242 * broadcasts. This can only be set by device owners and profile owners on the primary user. 243 * The default value is <code>false</code>. 244 * <p/>This restriction has no effect on secondary users and managed profiles since only the 245 * primary user can configure cell broadcasts. 246 * 247 * <p/>Key for user restrictions. 248 * <p/>Type: Boolean 249 * @see #setUserRestrictions(Bundle) 250 * @see #getUserRestrictions() 251 */ 252 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts"; 253 254 /** 255 * Specifies if a user is disallowed from configuring mobile 256 * networks. This can only be set by device owners and profile owners on the primary user. 257 * The default value is <code>false</code>. 258 * <p/>This restriction has no effect on secondary users and managed profiles since only the 259 * primary user can configure mobile networks. 260 * 261 * <p/>Key for user restrictions. 262 * <p/>Type: Boolean 263 * @see #setUserRestrictions(Bundle) 264 * @see #getUserRestrictions() 265 */ 266 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks"; 267 268 /** 269 * Specifies if a user is disallowed from modifying 270 * applications in Settings or launchers. The following actions will not be allowed when this 271 * restriction is enabled: 272 * <li>uninstalling apps</li> 273 * <li>disabling apps</li> 274 * <li>clearing app caches</li> 275 * <li>clearing app data</li> 276 * <li>force stopping apps</li> 277 * <li>clearing app defaults</li> 278 * <p> 279 * The default value is <code>false</code>. 280 * 281 * <p/>Key for user restrictions. 282 * <p/>Type: Boolean 283 * @see #setUserRestrictions(Bundle) 284 * @see #getUserRestrictions() 285 */ 286 public static final String DISALLOW_APPS_CONTROL = "no_control_apps"; 287 288 /** 289 * Specifies if a user is disallowed from mounting 290 * physical external media. This can only be set by device owners and profile owners on the 291 * primary user. The default value is <code>false</code>. 292 * 293 * <p/>Key for user restrictions. 294 * <p/>Type: Boolean 295 * @see #setUserRestrictions(Bundle) 296 * @see #getUserRestrictions() 297 */ 298 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media"; 299 300 /** 301 * Specifies if a user is disallowed from adjusting microphone 302 * volume. If set, the microphone will be muted. This can only be set by device owners 303 * and profile owners on the primary user. The default value is <code>false</code>. 304 * 305 * <p/>Key for user restrictions. 306 * <p/>Type: Boolean 307 * @see #setUserRestrictions(Bundle) 308 * @see #getUserRestrictions() 309 */ 310 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone"; 311 312 /** 313 * Specifies if a user is disallowed from adjusting the master 314 * volume. If set, the master volume will be muted. This can only be set by device owners 315 * and profile owners on the primary user. The default value is <code>false</code>. 316 * 317 * <p/>Key for user restrictions. 318 * <p/>Type: Boolean 319 * @see #setUserRestrictions(Bundle) 320 * @see #getUserRestrictions() 321 */ 322 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume"; 323 324 /** 325 * Specifies that the user is not allowed to make outgoing 326 * phone calls. Emergency calls are still permitted. 327 * The default value is <code>false</code>. 328 * <p/>This restriction has no effect on managed profiles since call intents are normally 329 * forwarded to the primary user. 330 * 331 * <p/>Key for user restrictions. 332 * <p/>Type: Boolean 333 * @see #setUserRestrictions(Bundle) 334 * @see #getUserRestrictions() 335 */ 336 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls"; 337 338 /** 339 * Specifies that the user is not allowed to send or receive 340 * SMS messages. The default value is <code>false</code>. 341 * 342 * <p/>Key for user restrictions. 343 * <p/>Type: Boolean 344 * @see #setUserRestrictions(Bundle) 345 * @see #getUserRestrictions() 346 */ 347 public static final String DISALLOW_SMS = "no_sms"; 348 349 /** 350 * Specifies that windows besides app windows should not be 351 * created. This will block the creation of the following types of windows. 352 * <li>{@link LayoutParams#TYPE_TOAST}</li> 353 * <li>{@link LayoutParams#TYPE_PHONE}</li> 354 * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li> 355 * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li> 356 * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li> 357 * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li> 358 * 359 * <p>This can only be set by device owners and profile owners on the primary user. 360 * The default value is <code>false</code>. 361 * 362 * <p/>Key for user restrictions. 363 * <p/>Type: Boolean 364 * @see #setUserRestrictions(Bundle) 365 * @see #getUserRestrictions() 366 */ 367 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows"; 368 369 /** 370 * Specifies if what is copied in the clipboard of this profile can 371 * be pasted in related profiles. Does not restrict if the clipboard of related profiles can be 372 * pasted in this profile. 373 * The default value is <code>false</code>. 374 * 375 * <p/>Key for user restrictions. 376 * <p/>Type: Boolean 377 * @see #setUserRestrictions(Bundle) 378 * @see #getUserRestrictions() 379 */ 380 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste"; 381 382 /** 383 * Specifies if the user is not allowed to use NFC to beam out data from apps. 384 * The default value is <code>false</code>. 385 * 386 * <p/>Key for user restrictions. 387 * <p/>Type: Boolean 388 * @see #setUserRestrictions(Bundle) 389 * @see #getUserRestrictions() 390 */ 391 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam"; 392 393 /** 394 * Hidden user restriction to disallow access to wallpaper manager APIs. This user restriction 395 * is always set for managed profiles. 396 * @hide 397 * @see #setUserRestrictions(Bundle) 398 * @see #getUserRestrictions() 399 */ 400 public static final String DISALLOW_WALLPAPER = "no_wallpaper"; 401 402 /** 403 * Specifies if the user is not allowed to reboot the device into safe boot mode. 404 * This can only be set by device owners and profile owners on the primary user. 405 * The default value is <code>false</code>. 406 * 407 * <p/>Key for user restrictions. 408 * <p/>Type: Boolean 409 * @see #setUserRestrictions(Bundle) 410 * @see #getUserRestrictions() 411 */ 412 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot"; 413 414 /** 415 * Application restriction key that is used to indicate the pending arrival 416 * of real restrictions for the app. 417 * 418 * <p> 419 * Applications that support restrictions should check for the presence of this key. 420 * A <code>true</code> value indicates that restrictions may be applied in the near 421 * future but are not available yet. It is the responsibility of any 422 * management application that sets this flag to update it when the final 423 * restrictions are enforced. 424 * 425 * <p/>Key for application restrictions. 426 * <p/>Type: Boolean 427 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions( 428 * android.content.ComponentName, String, Bundle) 429 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions( 430 * android.content.ComponentName, String) 431 */ 432 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending"; 433 434 /** @hide */ 435 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 436 /** @hide */ 437 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 438 /** @hide */ 439 public static final int PIN_VERIFICATION_SUCCESS = -1; 440 441 private static UserManager sInstance = null; 442 443 /** @hide */ 444 public synchronized static UserManager get(Context context) { 445 if (sInstance == null) { 446 sInstance = (UserManager) context.getSystemService(Context.USER_SERVICE); 447 } 448 return sInstance; 449 } 450 451 /** @hide */ 452 public UserManager(Context context, IUserManager service) { 453 mService = service; 454 mContext = context; 455 } 456 457 /** 458 * Returns whether the system supports multiple users. 459 * @return true if multiple users can be created by user, false if it is a single user device. 460 * @hide 461 */ 462 public static boolean supportsMultipleUsers() { 463 return getMaxSupportedUsers() > 1 464 && SystemProperties.getBoolean("fw.show_multiuserui", 465 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI)); 466 } 467 468 /** 469 * Returns the user handle for the user that this process is running under. 470 * 471 * @return the user handle of this process. 472 * @hide 473 */ 474 public int getUserHandle() { 475 return UserHandle.myUserId(); 476 } 477 478 /** 479 * Returns the user name of the user making this call. This call is only 480 * available to applications on the system image; it requires the 481 * MANAGE_USERS permission. 482 * @return the user name 483 */ 484 public String getUserName() { 485 try { 486 return mService.getUserInfo(getUserHandle()).name; 487 } catch (RemoteException re) { 488 Log.w(TAG, "Could not get user name", re); 489 return ""; 490 } 491 } 492 493 /** 494 * Used to determine whether the user making this call is subject to 495 * teleportations. 496 * 497 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can 498 * now automatically identify goats using advanced goat recognition technology.</p> 499 * 500 * @return Returns true if the user making this call is a goat. 501 */ 502 public boolean isUserAGoat() { 503 return mContext.getPackageManager() 504 .isPackageAvailable("com.coffeestainstudios.goatsimulator"); 505 } 506 507 /** 508 * Used to check if this process is running under the system user. The system user 509 * is the initial user that is implicitly created on first boot and hosts most of the 510 * system services. 511 * 512 * @return whether this process is running under the system user. 513 */ 514 public boolean isSystemUser() { 515 return UserHandle.myUserId() == UserHandle.USER_OWNER; 516 } 517 518 /** 519 * Used to check if the user making this call is linked to another user. Linked users may have 520 * a reduced number of available apps, app restrictions and account restrictions. 521 * @return whether the user making this call is a linked user 522 * @hide 523 */ 524 public boolean isLinkedUser() { 525 try { 526 return mService.isRestricted(); 527 } catch (RemoteException re) { 528 Log.w(TAG, "Could not check if user is limited ", re); 529 return false; 530 } 531 } 532 533 /** 534 * Checks if the calling app is running as a guest user. 535 * @return whether the caller is a guest user. 536 * @hide 537 */ 538 public boolean isGuestUser() { 539 UserInfo user = getUserInfo(UserHandle.myUserId()); 540 return user != null ? user.isGuest() : false; 541 } 542 543 /** 544 * Checks if the calling app is running in a managed profile. 545 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 546 * 547 * @return whether the caller is in a managed profile. 548 * @hide 549 */ 550 @SystemApi 551 public boolean isManagedProfile() { 552 UserInfo user = getUserInfo(UserHandle.myUserId()); 553 return user != null ? user.isManagedProfile() : false; 554 } 555 556 /** 557 * Return whether the given user is actively running. This means that 558 * the user is in the "started" state, not "stopped" -- it is currently 559 * allowed to run code through scheduled alarms, receiving broadcasts, 560 * etc. A started user may be either the current foreground user or a 561 * background user; the result here does not distinguish between the two. 562 * @param user The user to retrieve the running state for. 563 */ 564 public boolean isUserRunning(UserHandle user) { 565 try { 566 return ActivityManagerNative.getDefault().isUserRunning( 567 user.getIdentifier(), false); 568 } catch (RemoteException e) { 569 return false; 570 } 571 } 572 573 /** 574 * Return whether the given user is actively running <em>or</em> stopping. 575 * This is like {@link #isUserRunning(UserHandle)}, but will also return 576 * true if the user had been running but is in the process of being stopped 577 * (but is not yet fully stopped, and still running some code). 578 * @param user The user to retrieve the running state for. 579 */ 580 public boolean isUserRunningOrStopping(UserHandle user) { 581 try { 582 return ActivityManagerNative.getDefault().isUserRunning( 583 user.getIdentifier(), true); 584 } catch (RemoteException e) { 585 return false; 586 } 587 } 588 589 /** 590 * Returns the UserInfo object describing a specific user. 591 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 592 * @param userHandle the user handle of the user whose information is being requested. 593 * @return the UserInfo object for a specific user. 594 * @hide 595 */ 596 public UserInfo getUserInfo(int userHandle) { 597 try { 598 return mService.getUserInfo(userHandle); 599 } catch (RemoteException re) { 600 Log.w(TAG, "Could not get user info", re); 601 return null; 602 } 603 } 604 605 /** 606 * Returns the user-wide restrictions imposed on this user. 607 * @return a Bundle containing all the restrictions. 608 */ 609 public Bundle getUserRestrictions() { 610 return getUserRestrictions(Process.myUserHandle()); 611 } 612 613 /** 614 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 615 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 616 * @return a Bundle containing all the restrictions. 617 */ 618 public Bundle getUserRestrictions(UserHandle userHandle) { 619 try { 620 return mService.getUserRestrictions(userHandle.getIdentifier()); 621 } catch (RemoteException re) { 622 Log.w(TAG, "Could not get user restrictions", re); 623 return Bundle.EMPTY; 624 } 625 } 626 627 /** 628 * Sets all the user-wide restrictions for this user. 629 * Requires the MANAGE_USERS permission. 630 * @param restrictions the Bundle containing all the restrictions. 631 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 632 * android.content.ComponentName, String)} or 633 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 634 * android.content.ComponentName, String)} instead. 635 */ 636 @Deprecated 637 public void setUserRestrictions(Bundle restrictions) { 638 setUserRestrictions(restrictions, Process.myUserHandle()); 639 } 640 641 /** 642 * Sets all the user-wide restrictions for the specified user. 643 * Requires the MANAGE_USERS permission. 644 * @param restrictions the Bundle containing all the restrictions. 645 * @param userHandle the UserHandle of the user for whom to set the restrictions. 646 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 647 * android.content.ComponentName, String)} or 648 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 649 * android.content.ComponentName, String)} instead. 650 */ 651 @Deprecated 652 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 653 try { 654 mService.setUserRestrictions(restrictions, userHandle.getIdentifier()); 655 } catch (RemoteException re) { 656 Log.w(TAG, "Could not set user restrictions", re); 657 } 658 } 659 660 /** 661 * Sets the value of a specific restriction. 662 * Requires the MANAGE_USERS permission. 663 * @param key the key of the restriction 664 * @param value the value for the restriction 665 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 666 * android.content.ComponentName, String)} or 667 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 668 * android.content.ComponentName, String)} instead. 669 */ 670 @Deprecated 671 public void setUserRestriction(String key, boolean value) { 672 Bundle bundle = getUserRestrictions(); 673 bundle.putBoolean(key, value); 674 setUserRestrictions(bundle); 675 } 676 677 /** 678 * @hide 679 * Sets the value of a specific restriction on a specific user. 680 * Requires the MANAGE_USERS permission. 681 * @param key the key of the restriction 682 * @param value the value for the restriction 683 * @param userHandle the user whose restriction is to be changed. 684 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 685 * android.content.ComponentName, String)} or 686 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 687 * android.content.ComponentName, String)} instead. 688 */ 689 @Deprecated 690 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 691 Bundle bundle = getUserRestrictions(userHandle); 692 bundle.putBoolean(key, value); 693 setUserRestrictions(bundle, userHandle); 694 } 695 696 /** 697 * Returns whether the current user has been disallowed from performing certain actions 698 * or setting certain settings. 699 * 700 * @param restrictionKey The string key representing the restriction. 701 * @return {@code true} if the current user has the given restriction, {@code false} otherwise. 702 */ 703 public boolean hasUserRestriction(String restrictionKey) { 704 return hasUserRestriction(restrictionKey, Process.myUserHandle()); 705 } 706 707 /** 708 * @hide 709 * Returns whether the given user has been disallowed from performing certain actions 710 * or setting certain settings. 711 * @param restrictionKey the string key representing the restriction 712 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 713 */ 714 public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) { 715 try { 716 return mService.hasUserRestriction(restrictionKey, 717 userHandle.getIdentifier()); 718 } catch (RemoteException re) { 719 Log.w(TAG, "Could not check user restrictions", re); 720 return false; 721 } 722 } 723 724 /** 725 * Return the serial number for a user. This is a device-unique 726 * number assigned to that user; if the user is deleted and then a new 727 * user created, the new users will not be given the same serial number. 728 * @param user The user whose serial number is to be retrieved. 729 * @return The serial number of the given user; returns -1 if the 730 * given UserHandle does not exist. 731 * @see #getUserForSerialNumber(long) 732 */ 733 public long getSerialNumberForUser(UserHandle user) { 734 return getUserSerialNumber(user.getIdentifier()); 735 } 736 737 /** 738 * Return the user associated with a serial number previously 739 * returned by {@link #getSerialNumberForUser(UserHandle)}. 740 * @param serialNumber The serial number of the user that is being 741 * retrieved. 742 * @return Return the user associated with the serial number, or null 743 * if there is not one. 744 * @see #getSerialNumberForUser(UserHandle) 745 */ 746 public UserHandle getUserForSerialNumber(long serialNumber) { 747 int ident = getUserHandle((int) serialNumber); 748 return ident >= 0 ? new UserHandle(ident) : null; 749 } 750 751 /** 752 * Creates a user with the specified name and options. 753 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 754 * 755 * @param name the user's name 756 * @param flags flags that identify the type of user and other properties. 757 * @see UserInfo 758 * 759 * @return the UserInfo object for the created user, or null if the user could not be created. 760 * @hide 761 */ 762 public UserInfo createUser(String name, int flags) { 763 try { 764 return mService.createUser(name, flags); 765 } catch (RemoteException re) { 766 Log.w(TAG, "Could not create a user", re); 767 return null; 768 } 769 } 770 771 /** 772 * Creates a guest user and configures it. 773 * @param context an application context 774 * @param name the name to set for the user 775 * @hide 776 */ 777 public UserInfo createGuest(Context context, String name) { 778 UserInfo guest = createUser(name, UserInfo.FLAG_GUEST); 779 if (guest != null) { 780 Settings.Secure.putStringForUser(context.getContentResolver(), 781 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id); 782 try { 783 Bundle guestRestrictions = mService.getDefaultGuestRestrictions(); 784 guestRestrictions.putBoolean(DISALLOW_SMS, true); 785 guestRestrictions.putBoolean(DISALLOW_INSTALL_UNKNOWN_SOURCES, true); 786 mService.setUserRestrictions(guestRestrictions, guest.id); 787 } catch (RemoteException re) { 788 Log.w(TAG, "Could not update guest restrictions"); 789 } 790 } 791 return guest; 792 } 793 794 /** 795 * Creates a secondary user with the specified name and options and configures it with default 796 * restrictions. 797 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 798 * 799 * @param name the user's name 800 * @param flags flags that identify the type of user and other properties. 801 * @see UserInfo 802 * 803 * @return the UserInfo object for the created user, or null if the user could not be created. 804 * @hide 805 */ 806 public UserInfo createSecondaryUser(String name, int flags) { 807 try { 808 UserInfo user = mService.createUser(name, flags); 809 if (user == null) { 810 return null; 811 } 812 Bundle userRestrictions = mService.getUserRestrictions(user.id); 813 addDefaultUserRestrictions(userRestrictions); 814 mService.setUserRestrictions(userRestrictions, user.id); 815 return user; 816 } catch (RemoteException re) { 817 Log.w(TAG, "Could not create a user", re); 818 return null; 819 } 820 } 821 822 private static void addDefaultUserRestrictions(Bundle restrictions) { 823 restrictions.putBoolean(DISALLOW_OUTGOING_CALLS, true); 824 restrictions.putBoolean(DISALLOW_SMS, true); 825 } 826 827 /** 828 * Creates a user with the specified name and options as a profile of another user. 829 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 830 * 831 * @param name the user's name 832 * @param flags flags that identify the type of user and other properties. 833 * @see UserInfo 834 * @param userHandle new user will be a profile of this use. 835 * 836 * @return the UserInfo object for the created user, or null if the user could not be created. 837 * @hide 838 */ 839 public UserInfo createProfileForUser(String name, int flags, int userHandle) { 840 try { 841 return mService.createProfileForUser(name, flags, userHandle); 842 } catch (RemoteException re) { 843 Log.w(TAG, "Could not create a user", re); 844 return null; 845 } 846 } 847 848 /** 849 * @hide 850 * Marks the guest user for deletion to allow a new guest to be created before deleting 851 * the current user who is a guest. 852 * @param userHandle 853 * @return 854 */ 855 public boolean markGuestForDeletion(int userHandle) { 856 try { 857 return mService.markGuestForDeletion(userHandle); 858 } catch (RemoteException re) { 859 Log.w(TAG, "Could not mark guest for deletion", re); 860 return false; 861 } 862 } 863 864 /** 865 * Sets the user as enabled, if such an user exists. 866 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 867 * Note that the default is true, it's only that managed profiles might not be enabled. 868 * 869 * @param userHandle the id of the profile to enable 870 * @hide 871 */ 872 public void setUserEnabled(int userHandle) { 873 try { 874 mService.setUserEnabled(userHandle); 875 } catch (RemoteException e) { 876 Log.w(TAG, "Could not enable the profile", e); 877 } 878 } 879 880 /** 881 * Return the number of users currently created on the device. 882 */ 883 public int getUserCount() { 884 List<UserInfo> users = getUsers(); 885 return users != null ? users.size() : 1; 886 } 887 888 /** 889 * Returns information for all users on this device. 890 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 891 * @return the list of users that were created. 892 * @hide 893 */ 894 public List<UserInfo> getUsers() { 895 try { 896 return mService.getUsers(false); 897 } catch (RemoteException re) { 898 Log.w(TAG, "Could not get user list", re); 899 return null; 900 } 901 } 902 903 /** 904 * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS 905 * permission. 906 * 907 * @return true if more users can be added, false if limit has been reached. 908 * @hide 909 */ 910 public boolean canAddMoreUsers() { 911 final List<UserInfo> users = getUsers(true); 912 final int totalUserCount = users.size(); 913 int aliveUserCount = 0; 914 for (int i = 0; i < totalUserCount; i++) { 915 UserInfo user = users.get(i); 916 if (!user.isGuest()) { 917 aliveUserCount++; 918 } 919 } 920 return aliveUserCount < getMaxSupportedUsers(); 921 } 922 923 /** 924 * Returns list of the profiles of userHandle including 925 * userHandle itself. 926 * Note that this returns both enabled and not enabled profiles. See 927 * {@link #getUserProfiles()} if you need only the enabled ones. 928 * 929 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 930 * @param userHandle profiles of this user will be returned. 931 * @return the list of profiles. 932 * @hide 933 */ 934 public List<UserInfo> getProfiles(int userHandle) { 935 try { 936 return mService.getProfiles(userHandle, false /* enabledOnly */); 937 } catch (RemoteException re) { 938 Log.w(TAG, "Could not get user list", re); 939 return null; 940 } 941 } 942 943 /** 944 * Returns a list of UserHandles for profiles associated with the user that the calling process 945 * is running on, including the user itself. 946 * 947 * @return A non-empty list of UserHandles associated with the calling user. 948 */ 949 public List<UserHandle> getUserProfiles() { 950 ArrayList<UserHandle> profiles = new ArrayList<UserHandle>(); 951 List<UserInfo> users = new ArrayList<UserInfo>(); 952 try { 953 users = mService.getProfiles(UserHandle.myUserId(), true /* enabledOnly */); 954 } catch (RemoteException re) { 955 Log.w(TAG, "Could not get user list", re); 956 return null; 957 } 958 for (UserInfo info : users) { 959 UserHandle userHandle = new UserHandle(info.id); 960 profiles.add(userHandle); 961 } 962 return profiles; 963 } 964 965 /** 966 * Returns the parent of the profile which this method is called from 967 * or null if called from a user that is not a profile. 968 * 969 * @hide 970 */ 971 public UserInfo getProfileParent(int userHandle) { 972 try { 973 return mService.getProfileParent(userHandle); 974 } catch (RemoteException re) { 975 Log.w(TAG, "Could not get profile parent", re); 976 return null; 977 } 978 } 979 980 /** 981 * If the target user is a managed profile of the calling user or the caller 982 * is itself a managed profile, then this returns a badged copy of the given 983 * icon to be able to distinguish it from the original icon. For badging an 984 * arbitrary drawable use {@link #getBadgedDrawableForUser( 985 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}. 986 * <p> 987 * If the original drawable is a BitmapDrawable and the backing bitmap is 988 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the bading 989 * is performed in place and the original drawable is returned. 990 * </p> 991 * 992 * @param icon The icon to badge. 993 * @param user The target user. 994 * @return A drawable that combines the original icon and a badge as 995 * determined by the system. 996 * @removed 997 */ 998 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) { 999 return mContext.getPackageManager().getUserBadgedIcon(icon, user); 1000 } 1001 1002 /** 1003 * If the target user is a managed profile of the calling user or the caller 1004 * is itself a managed profile, then this returns a badged copy of the given 1005 * drawable allowing the user to distinguish it from the original drawable. 1006 * The caller can specify the location in the bounds of the drawable to be 1007 * badged where the badge should be applied as well as the density of the 1008 * badge to be used. 1009 * <p> 1010 * If the original drawable is a BitmapDrawable and the backing bitmap is 1011 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the bading 1012 * is performed in place and the original drawable is returned. 1013 * </p> 1014 * 1015 * @param badgedDrawable The drawable to badge. 1016 * @param user The target user. 1017 * @param badgeLocation Where in the bounds of the badged drawable to place 1018 * the badge. If not provided, the badge is applied on top of the entire 1019 * drawable being badged. 1020 * @param badgeDensity The optional desired density for the badge as per 1021 * {@link android.util.DisplayMetrics#densityDpi}. If not provided, 1022 * the density of the display is used. 1023 * @return A drawable that combines the original drawable and a badge as 1024 * determined by the system. 1025 * @removed 1026 */ 1027 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, 1028 Rect badgeLocation, int badgeDensity) { 1029 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user, 1030 badgeLocation, badgeDensity); 1031 } 1032 1033 /** 1034 * If the target user is a managed profile of the calling user or the caller 1035 * is itself a managed profile, then this returns a copy of the label with 1036 * badging for accessibility services like talkback. E.g. passing in "Email" 1037 * and it might return "Work Email" for Email in the work profile. 1038 * 1039 * @param label The label to change. 1040 * @param user The target user. 1041 * @return A label that combines the original label and a badge as 1042 * determined by the system. 1043 * @removed 1044 */ 1045 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) { 1046 return mContext.getPackageManager().getUserBadgedLabel(label, user); 1047 } 1048 1049 /** 1050 * Returns information for all users on this device. Requires 1051 * {@link android.Manifest.permission#MANAGE_USERS} permission. 1052 * 1053 * @param excludeDying specify if the list should exclude users being 1054 * removed. 1055 * @return the list of users that were created. 1056 * @hide 1057 */ 1058 public List<UserInfo> getUsers(boolean excludeDying) { 1059 try { 1060 return mService.getUsers(excludeDying); 1061 } catch (RemoteException re) { 1062 Log.w(TAG, "Could not get user list", re); 1063 return null; 1064 } 1065 } 1066 1067 /** 1068 * Removes a user and all associated data. 1069 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1070 * @param userHandle the integer handle of the user, where 0 is the primary user. 1071 * @hide 1072 */ 1073 public boolean removeUser(int userHandle) { 1074 try { 1075 return mService.removeUser(userHandle); 1076 } catch (RemoteException re) { 1077 Log.w(TAG, "Could not remove user ", re); 1078 return false; 1079 } 1080 } 1081 1082 /** 1083 * Updates the user's name. 1084 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1085 * 1086 * @param userHandle the user's integer handle 1087 * @param name the new name for the user 1088 * @hide 1089 */ 1090 public void setUserName(int userHandle, String name) { 1091 try { 1092 mService.setUserName(userHandle, name); 1093 } catch (RemoteException re) { 1094 Log.w(TAG, "Could not set the user name ", re); 1095 } 1096 } 1097 1098 /** 1099 * Sets the user's photo. 1100 * @param userHandle the user for whom to change the photo. 1101 * @param icon the bitmap to set as the photo. 1102 * @hide 1103 */ 1104 public void setUserIcon(int userHandle, Bitmap icon) { 1105 try { 1106 mService.setUserIcon(userHandle, icon); 1107 } catch (RemoteException re) { 1108 Log.w(TAG, "Could not set the user icon ", re); 1109 } 1110 } 1111 1112 /** 1113 * Returns a file descriptor for the user's photo. PNG data can be read from this file. 1114 * @param userHandle the user whose photo we want to read. 1115 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 1116 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 1117 * @hide 1118 */ 1119 public Bitmap getUserIcon(int userHandle) { 1120 try { 1121 ParcelFileDescriptor fd = mService.getUserIcon(userHandle); 1122 if (fd != null) { 1123 try { 1124 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor()); 1125 } finally { 1126 try { 1127 fd.close(); 1128 } catch (IOException e) { 1129 } 1130 } 1131 } 1132 } catch (RemoteException re) { 1133 Log.w(TAG, "Could not get the user icon ", re); 1134 } 1135 return null; 1136 } 1137 1138 /** 1139 * Returns the maximum number of users that can be created on this device. A return value 1140 * of 1 means that it is a single user device. 1141 * @hide 1142 * @return a value greater than or equal to 1 1143 */ 1144 public static int getMaxSupportedUsers() { 1145 // Don't allow multiple users on certain builds 1146 if (android.os.Build.ID.startsWith("JVP")) return 1; 1147 // Svelte devices don't get multi-user. 1148 if (ActivityManager.isLowRamDeviceStatic()) return 1; 1149 return SystemProperties.getInt("fw.max_users", 1150 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 1151 } 1152 1153 /** 1154 * Returns true if the user switcher should be shown, this will be if there 1155 * are multiple users that aren't managed profiles. 1156 * @hide 1157 * @return true if user switcher should be shown. 1158 */ 1159 public boolean isUserSwitcherEnabled() { 1160 List<UserInfo> users = getUsers(true); 1161 if (users == null) { 1162 return false; 1163 } 1164 int switchableUserCount = 0; 1165 for (UserInfo user : users) { 1166 if (user.supportsSwitchTo()) { 1167 ++switchableUserCount; 1168 } 1169 } 1170 final boolean guestEnabled = Settings.Global.getInt(mContext.getContentResolver(), 1171 Settings.Global.GUEST_USER_ENABLED, 0) == 1; 1172 return switchableUserCount > 1 || guestEnabled; 1173 } 1174 1175 /** 1176 * Returns a serial number on this device for a given userHandle. User handles can be recycled 1177 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 1178 * @param userHandle 1179 * @return a serial number associated with that user, or -1 if the userHandle is not valid. 1180 * @hide 1181 */ 1182 public int getUserSerialNumber(int userHandle) { 1183 try { 1184 return mService.getUserSerialNumber(userHandle); 1185 } catch (RemoteException re) { 1186 Log.w(TAG, "Could not get serial number for user " + userHandle); 1187 } 1188 return -1; 1189 } 1190 1191 /** 1192 * Returns a userHandle on this device for a given user serial number. User handles can be 1193 * recycled when deleting and creating users, but serial numbers are not reused until the device 1194 * is wiped. 1195 * @param userSerialNumber 1196 * @return the userHandle associated with that user serial number, or -1 if the serial number 1197 * is not valid. 1198 * @hide 1199 */ 1200 public int getUserHandle(int userSerialNumber) { 1201 try { 1202 return mService.getUserHandle(userSerialNumber); 1203 } catch (RemoteException re) { 1204 Log.w(TAG, "Could not get userHandle for user " + userSerialNumber); 1205 } 1206 return -1; 1207 } 1208 1209 /** 1210 * Returns a Bundle containing any saved application restrictions for this user, for the 1211 * given package name. Only an application with this package name can call this method. 1212 * @param packageName the package name of the calling application 1213 * @return a Bundle with the restrictions as key/value pairs, or null if there are no 1214 * saved restrictions. The values can be of type Boolean, String or String[], depending 1215 * on the restriction type, as defined by the application. 1216 */ 1217 public Bundle getApplicationRestrictions(String packageName) { 1218 try { 1219 return mService.getApplicationRestrictions(packageName); 1220 } catch (RemoteException re) { 1221 Log.w(TAG, "Could not get application restrictions for package " + packageName); 1222 } 1223 return null; 1224 } 1225 1226 /** 1227 * @hide 1228 */ 1229 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 1230 try { 1231 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 1232 } catch (RemoteException re) { 1233 Log.w(TAG, "Could not get application restrictions for user " + user.getIdentifier()); 1234 } 1235 return null; 1236 } 1237 1238 /** 1239 * @hide 1240 */ 1241 public void setApplicationRestrictions(String packageName, Bundle restrictions, 1242 UserHandle user) { 1243 try { 1244 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 1245 } catch (RemoteException re) { 1246 Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier()); 1247 } 1248 } 1249 1250 /** 1251 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed 1252 * apps and requires the MANAGE_USERS permission. 1253 * @param newPin the PIN to use for challenge dialogs. 1254 * @return Returns true if the challenge PIN was set successfully. 1255 * @deprecated The restrictions PIN functionality is no longer provided by the system. 1256 * This method is preserved for backwards compatibility reasons and always returns false. 1257 */ 1258 public boolean setRestrictionsChallenge(String newPin) { 1259 return false; 1260 } 1261 1262 /** @hide */ 1263 public void removeRestrictions() { 1264 try { 1265 mService.removeRestrictions(); 1266 } catch (RemoteException re) { 1267 Log.w(TAG, "Could not change restrictions pin"); 1268 } 1269 } 1270 1271 /** 1272 * @hide 1273 * Set restrictions that should apply to any future guest user that's created. 1274 */ 1275 public void setDefaultGuestRestrictions(Bundle restrictions) { 1276 try { 1277 mService.setDefaultGuestRestrictions(restrictions); 1278 } catch (RemoteException re) { 1279 Log.w(TAG, "Could not set guest restrictions"); 1280 } 1281 } 1282 1283 /** 1284 * @hide 1285 * Gets the default guest restrictions. 1286 */ 1287 public Bundle getDefaultGuestRestrictions() { 1288 try { 1289 return mService.getDefaultGuestRestrictions(); 1290 } catch (RemoteException re) { 1291 Log.w(TAG, "Could not set guest restrictions"); 1292 } 1293 return new Bundle(); 1294 } 1295 1296 /** 1297 * Returns creation time of the user or of a managed profile associated with the calling user. 1298 * @param userHandle user handle of the user or a managed profile associated with the 1299 * calling user. 1300 * @return creation time in milliseconds since Epoch time. 1301 */ 1302 public long getUserCreationTime(UserHandle userHandle) { 1303 try { 1304 return mService.getUserCreationTime(userHandle.getIdentifier()); 1305 } catch (RemoteException re) { 1306 Log.w(TAG, "Could not get user creation time", re); 1307 return 0; 1308 } 1309 } 1310} 1311