History log of /frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
1219c924bdf98fd5342fe5bb7cd09da1012d2e1a 20-Jun-2016 Nicolas Prevot <nprevot@google.com> Don't allow showing an activity if user is stopping or shutting down.

BUG:29264996
Change-Id: I9fc97c5dc37e6d5656b82b277954b5963eb345c4
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1347cdb2e1adf2e892e2bb0640b546bb86d1cec2 17-Jun-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Call AppOpsService from the handler thread" into nyc-dev
48ee87d4a7e6a1f9127875fd4ecf99f62d1faedb 17-Jun-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow apps with CREATE_USERS permission to create restricted users." into nyc-dev
ec30ca35aa6bb51643d266b73f3c93d30c96ac3f 17-Jun-2016 Fyodor Kupolov <fkupolov@google.com> Call AppOpsService from the handler thread

Otherwise it may cause deadlocks, for instance if
updateUserRestrictionsInternalLR is called with AMS lock held.

Bug: 28888422
Change-Id: I455c7392f206ff0bb6c99ec5c4a531921a115070
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
53d414745c60407b032db543219616b0b74d1557 16-Jun-2016 Sudheer Shanka <sudheersai@google.com> Allow apps with CREATE_USERS permission to create restricted users.

Bug: 29189712
Change-Id: I0f2677adddb22c11cb5a3e38763b0967d9cbd541
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
d04aaa323c3a788d26f18fc66e0a59b47e525b38 13-Jun-2016 Amith Yamasani <yamasani@google.com> More thorough cleansing of expired users

If any /data/system_[c|d]e folders were not erased
when the user was removed (maybe due to a reboot),
make sure they're cleaned up on restart as well
as when the userId is recycled later.

Mark the users' system folders with the correct
serial number for later verification.

AccountManager shouldn't be querying accounts of
partially created/destroyed users.

Change-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb
Fixes: 29285673
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
accaa08c98d5c4dd012149e452d6fb19ce0c134b 15-Jun-2016 Sudheer Shanka <sudheersai@google.com> Allow apps with CREATE_USERS permission to call UM.getUserInfo.

Bug: 29355382
Change-Id: Iaf73c453156e3a989660d05124b0c0938619abd7
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
6f1ed200b3aa01af88eb309a55a428ceac56a9a2 13-Jun-2016 Ricky Wai <rickywai@google.com> Merge "Disable quiet mode after UserManager.trySetQuietModeDisabled() is unlocked" into nyc-dev
f5cea03eb036c05cacc711ff90c97a48ffb2bc17 09-Jun-2016 Sudheer Shanka <sudheersai@google.com> Reduce shell power over user management.

Remove MANAGE_USERS permission from shell and whitelist it for
some specific functionality.

Bug: 29189712
Change-Id: Ifb37448c091af91991964511e3efb1bb4dea1ff3
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
b1dd80bcfe8d495478d185a5d88fc2cb981e9c47 07-Jun-2016 Ricky Wai <rickywai@google.com> Disable quiet mode after UserManager.trySetQuietModeDisabled() is unlocked

Bug: 29150970
Change-Id: Ie04cec116564147272896e4a5ca076bbc08e60b1
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
8a5536d53ef1eea92e1a2b997744a27ce904134c 27-May-2016 Zoltan Szatmary-Ban <szatmz@google.com> Only reset global restriction owner on DO->PO for the right user

Bug:28972648
Change-Id: I4ef727205bbd8ec319672480bac7b519b33d2a58
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
ac06a4907bff7d5ee0612dbb85180222e1455791 25-May-2016 Fyodor Kupolov <fkupolov@google.com> Remove ActivityManager calls with PM.mInstallLock held

UserController now pushes user state to UMS.

PM now checks user running/unlocking/unlocked state by calling
UserManagerInternal.

Bug: 28090199
Change-Id: I20e62b37f78238f28dd81f49f876732bbd3c6b34
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
690c2ea117f90b7759ac280a1c84f5966b1e7938 17-May-2016 Zoltan Szatmary-Ban <szatmz@google.com> Merge "Introduce system API to get source of user restriction" into nyc-dev
b45d9833aa3e8bbfdb819c7bcd104c95c8424f05 16-May-2016 Fyodor Kupolov <fkupolov@google.com> Delay grantDefaultPermissions until user's first start

Bug: 28765487
Change-Id: I6a7b0a9fc85964def1e991aafe967977080dfdab
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9cc7ad65a13b5d40566ea18be41a3c5a3610d4ab 11-May-2016 Ricky Wai <rickywai@google.com> Use userHandle not credentialOwnerUserId to check if it needs to show lock

It is possible that unified keys stored in keystore is not migrated,
while work mode is off and upgrade happens.
At this moment, user not able to turn on work mode as work is not unlocked,
and user cannot unlock work as parent's has a challenge.
mLockPatternUtils.isSecure(userHandle) should be the same as
mLockPatternUtils.isSecure(credentialOwnerUserId), except it is a unified
lock and work profile does not setup a lock/key in keystore yet(migration).

Bug: 28689675
Change-Id: Ia0755caa10ff94a25cf26c3e5907ecd33abd866e
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
6c915ead38db0a2a6393c40d4fbac959399439c5 10-May-2016 Fyodor Kupolov <fkupolov@google.com> Push unlocking/unlocked state to UserManager

Push unlocking/unlocked state to UserManagerInternal when it's changed in
UserController. Use UserManagerInternal.isUserUnlockingOrUnlocked when
updating flags for filtering in PackageManager.

Bug: 28629076
Change-Id: I8440af090f533f93870d0cff0e3871e114c37efa
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
e783460274047ab38e3b9c4294339ff130fe566c 08-Apr-2016 Zoltan Szatmary-Ban <szatmz@google.com> Introduce system API to get source of user restriction

Clients can query who has set a particular user restriction on a user.
Currently the result can be a combination of none, system/user, or admin.

Bug: 27830375
Change-Id: I50ea9db0a59ffe3abbdcbb1a436d9ace7a35a851
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
ce18c8167766f92856f94a8e88e19de4698960e6 28-Apr-2016 Jeff Sharkey <jsharkey@android.com> Introduce "unlocking" vs "unlocked" nuance.

There is a narrow window of time during user unlock where we're
reconciling user storage and dispatching the "unlock" status to
various internal system services. While in this "unlocking" state,
apps need to be told that the user still isn't actually "unlocked"
so they don't try making calls to AccountManager, etc.

The majority of internal services are interested in merging together
both the "unlocking" and "unlocked" state, so update them.

Clarify naming in AccountManagerService to make it clear that a local
list is being used, which mirrors the naming in MountService.

To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch
after the user is unlocked, but block BOOT_COMPLETED dispatch until
after all PRE_BOOT receivers are finished to avoid ANRs.

Bug: 28040947, 28164677
Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
7881cf8f818317cc6efe4d6a4c42da94d6bab223 15-Apr-2016 Ricky Wai <rickywai@google.com> Make "work mode on dialog" show personal challenge in unified work lock

Bug: 28183335
Change-Id: Ib212b283b9561f88899f6e7ea130944391b6e558
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
b40667eccdd797d08560c33e696625509f90d52b 22-Apr-2016 Rubin Xu <rubinxu@google.com> Merge "Remove MANAGED_PROFILE_AVAILABILITY_CHANGED broadcast" into nyc-dev
49425d612cee3864a316e9ecb6ec3faeae519b1e 20-Apr-2016 Rubin Xu <rubinxu@google.com> Merge "Kill foreground apps when turning off work" into nyc-dev
f33e2da0378a20bfc096fabcd3d8ef255e39eaeb 19-Apr-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Call defuse even when restrictions bundle is empty" into nyc-dev
0d88d54c34fef668c6ba74249b7f0003bff823a7 19-Apr-2016 Fyodor Kupolov <fkupolov@google.com> Call defuse even when restrictions bundle is empty

Bug: 28259217
Change-Id: I3e9ba60ee80d1fedef4844d264b312418c287be4
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f8451b98150564b340207327d0951f44753338d1 01-Apr-2016 Rubin Xu <rubinxu@google.com> Kill foreground apps when turning off work

While work apps will all be killed as we stop the profile user when
turning off work, this can sometimes take a while. So let's kill the
foreground apps as soon as work profile is being turned off to make
the user experience nicer.

Bug: 27631526
Change-Id: Icdd3799385a98ee531b0b4247e8ede78f6f10da8
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
ad14b884f4110e03ec7b5ba7b913be25d19aa95c 18-Apr-2016 Jeff Sharkey <jsharkey@google.com> Merge "Consistent creation/destruction of user data." into nyc-dev
fcf1e55821b694df3b8434f40aa3b6d3c3e7ea50 15-Apr-2016 Jeff Sharkey <jsharkey@android.com> Consistent creation/destruction of user data.

Preparing and destroying users currently needs to be split across
installd, system_server, and vold, since no single party has all the
required SELinux permissions.

When preparing user directories on a storage device, always enforce
the serial number and destroy data if we run into a mismatch. When
deleting a user, write the updated user list first before we start
destroying data. Also start reconciling users on internal storage
at boot, so we can recover from stale data left behind from partially
destroyed users.

Check both CE and DE user directories when reconciling user storage
on a newly mounted storage device.

Bug: 27896918
Change-Id: I4536c82b0196e2720628c4f73fccb742c233350b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
19c2a57c24fa337030ff31867380b685e9a5b586 15-Apr-2016 Rubin Xu <rubinxu@google.com> Remove MANAGED_PROFILE_AVAILABILITY_CHANGED broadcast

Bug: 27532254
Change-Id: Iaca17355d3ec75fa09c36a5353f40d678cc2c812
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f02420c5e1bcc8b2c278f272aca633fe6d2b4e88 04-Apr-2016 Benjamin Franz <bfranz@google.com> Maybe decrypt user when quiet mode is disabled

When quiet mode is disabled for a user and that user is not currently
decrypted, we show a confirm credentials screen to trigger decryption
of that user. Only if that was successful, do we actually disable quiet
mode.

Bug: 27764124
Change-Id: Ib1f649194d89e225dad62c14f3ddba1fa3d79da2
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
7f98aa4aa93497692f200c553d2d6fff402e3de2 07-Apr-2016 Fyodor Kupolov <fkupolov@google.com> Added getProfileIds method returning array of userIds

Previously many usages of UserManager.getProfiles and getEnabledProfiles
were only using ids of returned users. Given that the list of users needs
to be parceled and unparceled for Binder calls, returning array of ids
minimizes memory usage and serialization time.

A new method getProfileIds was introduced which returns an array of userIds.
Existing method calls were updated where appropriate.

Bug: 27705805
Change-Id: Ic5d5decd77567ba0f749e48837a2c6fa10e812c0
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
c533b566ff60041d4964765ce09a3da78e8866ca 01-Apr-2016 Fyodor Kupolov <fkupolov@google.com> Lock down access to getProfiles for 3P apps

MANAGE_USERS permission is not required if calling userId is the same as
requested user id. Theoretically this allows any 3P app to read UserInfo
state including PII fields like name and icon. The change clears PII fields
if the caller doesn't have MANAGE_USERS permission.

Bug: 27705805
Change-Id: Ic69c8cc6aafb7ac72b4fc2b9691cb8e4bef3fb2c
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
80189cdece046e2e915e07c0ee166b6375dbde84 05-Apr-2016 Tony Mak <tonymak@google.com> getProfiles should only returns non-partial user info

Bug: 26928524
Change-Id: I537bb0a9632cad603717a367b81d5e072452a6d7
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
e95057ade126e9e159fe05b69c32f85f7891490f 01-Apr-2016 Rubin Xu <rubinxu@google.com> Split ACTION_MANAGED_PROFILE_AVAILABILITY_CHANGED into two.

Add more comment to EXTRA_QUIET_MODE

Bug: 27532254
Change-Id: I68a217561afca8b87f523c62393cdad097d5b75d
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
83c2424141d2fdc3ce22c42620b4355feedf3efe 31-Mar-2016 Fyodor Kupolov <fkupolov@google.com> Set build fingerprint for the new user

This change will prevent PRE_BOOT_COMPLETED from being sent to new users

Bug: 27939609
Change-Id: I0e49a467c792c972e0e3fc76e06842a80810e14b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
2387932b74699c4d5baa493271e999e31b09d2b8 31-Mar-2016 Amith Yamasani <yamasani@google.com> Fix a deadlock due to wtf in BaseBundle

Use Slog.wtf instead of Log.wtf, so that it is
asynchronously reported.

Mark incoming application restrictions as defusable
since they are being unparceled.

Bug: 27811728
Change-Id: I166de69a74417e439ec5ef9159fbbfbfe711dde6
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
cd57599273738c30cc209894d1f87731c9defb16 29-Mar-2016 Jeff Sharkey <jsharkey@android.com> Delay vold connectors until published, fix NPE.

If they connect too quickly, PackageManager could end up trying to
obtain the yet-unpublished MountService.

Fix NPE in UserManagerService when trying to persist fingerprints,
and fix write ordering to always write [id].xml before userlist.xml
to avoid battery pull issues. Simlarly, delete [id].xml only after
updating userlist.xml.

Bug: 27869443
Change-Id: I43d8552e5e37b9ca4137cca3e3e76684c7dee605
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f41024461bf14a768ee39edf5f857e45725ee0fe 29-Mar-2016 Paul Crowley <paulcrowley@google.com> Merge "Continue to remove users when destroyUserKey fails." into nyc-dev
bd91e2f3f6aca512a02be645b2515b5e3331e177 22-Mar-2016 Jeff Sharkey <jsharkey@android.com> Update PRE_BOOT_COMPLETED for FBE.

Now that CE data isn't available until after a user is unlocked, we
need to delay the PRE_BOOT_COMPLETED broadcasts. This is done by
adding a new RUNNING_UNLOCKING user state to the UserController
lifecycle.

We now track the last fingerprint a user was logged in under, and we
dispatch PRE_BOOT receivers when that fingerprint changes. To work
around battery pull issues, we only persist the updated fingerprint
once all PRE_BOOT receivers have finished. This is less granular
than the original solution, but it's still correct. We only consider
a user as "logged in" once it transitions into the RUNNING_UNLOCKED
state.

When starting a process, track if the user was "unlocked" when
started, so that we only spin up unaware providers in processes
started before user unlock.

Add generic IProgressListener to communicate PRE_BOOT progress and
strings up to lock screen. For now, LockSettingsService just blocks
until finished, but it could display these strings in the future.

Bug: 27220885
Change-Id: I349439776b885acd32f6a578d8951ffd95640be2
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
91293794bfe2ed9ac7bbb7b652d3fb78665d3b0f 25-Mar-2016 Paul Crowley <paulcrowley@google.com> Continue to remove users when destroyUserKey fails.

destroyUserKey can fail if the user is partially created; even when
something fails it still destroys all it can. Its failure shouldn't
halt user removal.

Bug: 26847403
Change-Id: Iab1f551d19fd777198387b463b270c2508d07fd5
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
6f48d6ef35df55e092d18619fe1f92a2593682d4 23-Mar-2016 Amith Yamasani <yamasani@google.com> Localize owner's name to current locale until changed

Don't set a name for the system user and always return a localized
name until the user explicitly sets a name.

Bug: 27814125
Change-Id: I7972a45d77c07d9efbd67d5b360bacee46247a66
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
8673b2899e775014336efff44ea88dcac2b25bdd 21-Mar-2016 Tony Mak <tonymak@google.com> Revert getUserInfo change and add isManagedPorfile(int userId)


Bug: 26469166
Change-Id: I60b70170ddc80432fc8f638b1f63c4e9f5212785
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
d9453b8ba17f93643d9b98b19247f5b243d25dc0 14-Mar-2016 Samuel Tan <samueltan@google.com> Disallow guest user from changing Wifi settings

Disallow existing and newly created guest users from
changing Wifi settings.

BUG: 27411179
TEST: Flashed device, switched to existing guest user, and verified
that Wifi settings are disabled.
TEST: Flashed device, created new guest user, and verified that Wifi
settings are disabled.

Change-Id: Ia1bf4cce0369017b62f69d317c7ab2e30e3949b3
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
b531d086a61077ebc6c756f2294754b1bdb81616 16-Mar-2016 Tony Mak <tonymak@google.com> getUserInfo fail when app trying to get self user info

isSameProfileGroupLP return false when user has no profile, we should
check callingUserId != userId explictly.
Please notice that isSameProfileGroup handles this case, but we would like
to avoid the permission checking of isSameProfileGroup.

Change-Id: Ibb2d09eaaf7e8f099445490aa9ec287e86945125
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
4dc008cda2980fabb6acbf8a3b7096d1090ee36f 16-Mar-2016 Tony Mak <tonymak@google.com> Fix NotificationListenerService fail to mirror work notification

1. Instead of getting application info in runtime, just retrieve the
one in the context to avoid cross user operation.

2. Functions in PackageManager that retrieve badged icon now return
badged icon if the targer user is managed profile instead of checking
whether target user is a managed profile of the user in mContext.

3. Relax the restriction of getUserInfo, if the caller is asking a user
in the same profile group or having the manage user permission, we let
it go.

Bug: 26469166

Change-Id: Ia1ffc5743f7d94bd489cdb7571eaed51499ebdd9
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
cd6fa30fda78ce26cfe8e741d60867248b0ead7a 25-Feb-2016 Oleksandr Peletskyi <peletskyi@google.com> Allow user to get his own icon.

Fixed behavior in order to let user without MANAGE_USERS permission
to obtain his own icon or any icon of the user's 'user group'.

BUG: 27583869
Change-Id: I71a86b0816db1d9c4543db375de504395a726a8d
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1ddda4793c26fd249590fd3549cf060ecb7c157b 12-Feb-2016 Lenka Trochtova <ltrochtova@google.com> Prevent ephemeral user from being re-entered after stop.

Once the ephemeral user stops, the user's deletion is scheduled.
It takes a while before the user actually disappears and it is not
desirable for the user to be re-entered in the meantime.
Mark the user as disabled on stop and check this flag
in the activity manager to prevent the user from being switched
to again. Also hide the user from user-switching UI.

BUG: 26795729
BUG: 26780152

Change-Id: I83a61674958954b5a210114b88ffa5ae55922c1f
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9cea80cdddbecadb304eb7c8373cf1ed397f433a 16-Feb-2016 Svet Ganov <svetoslavganov@google.com> No overlay when permissions shown - framework

bug:26973205

Change-Id: I88395e47649191bb7db6dd8723c49e741ef4f1e4
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
024f979dfdae1938afc3c509ea9762c06784cef5 17-Feb-2016 Lenka Trochtova <ltrochtova@google.com> Allow ephemeral users on the split-system-user systems only.

BUG: 27143201

Change-Id: I37f3ca7366648dbf07df39a7a972857e0ff78a9a
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
2a3c3da0fc07ef37abc45cfb0166bdf5f7f202b6 18-Feb-2016 Makoto Onuki <omakoto@google.com> Clean up on UserManagerService and DPMS

- Avoid the ART warning about 4.1 compatibility
- Avoid integer overflow in DPMS

Bug 27243525
Bug 27242859

Change-Id: I92af323287e348fbd0eff31e6cf9823be8e41024
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
05bdf88bdfed76f01a1db8eb73b57a43d939f512 17-Feb-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Remove isPackageInstalled" into nyc-dev
d284612d8f12be8f6ab8fb275e71bbfa6c422b9a 12-Feb-2016 Fyodor Kupolov <fkupolov@google.com> Remove isPackageInstalled

It's not required to check whether package is installed before sending a
broadcast.

Change-Id: I132e49087faad28b637f98cf79d7ec56dcb26ecd
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
50b5616dcc7ba8a235f3e2f4c7507372a41224ba 12-Feb-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Clear calling identity before setting restrictions" into nyc-dev
e9c440638e27a123a82feb5e4677ce1242785288 10-Feb-2016 phweiss <phweiss@google.com> DPM.createAndManageUser should work even with DISALLOW_ADD_USER set

For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().

Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.

Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9e912ba0fb3dd7fc1b01f4bef37eb5189ef273fe 10-Feb-2016 Fyodor Kupolov <fkupolov@google.com> Clear calling identity before setting restrictions

Previously Settings.Secure.putIntForUser was failing with AppOps package
mismatch exception when createRestrictedProfile method was called from
a shell process.

Bug: 24212155
Change-Id: I47ecfa572b110d627e5b049aa98ed4d10b2e1374
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
47f7108c1270a9e81d9560b6b0570c659bb93a71 02-Feb-2016 Jeff Sharkey <jsharkey@android.com> Prepare user storage just before using it.

Wire up preparing of user-specific app storage to existing user
lifecycle hooks. This way we're sure the storage is ready to roll
just before we start reconciling app data directories.

This also has the nice property that we only prepare storage when
we know that keys are unlocked.

Bug: 25796509
Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4 28-Jan-2016 Makoto Onuki <omakoto@google.com> Ignore unknown user restrictions and WTF instead.

Bug 23902097

Change-Id: I1ac147ecd0286a8eb674d6f9f527edfea6e1198e
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
2ec157d928b7804367091ee6c146b196ac6841e2 01-Feb-2016 Makoto Onuki <omakoto@google.com> Revert "Throw for unknown user restrictions."

This reverts commit 3861bf7e73fab9e39e8d1f6e5194f3600ed929a0.

Bug 26896902

Change-Id: I26fa0159b5bb832048ccd013054a01f91b54947b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
3861bf7e73fab9e39e8d1f6e5194f3600ed929a0 28-Jan-2016 Makoto Onuki <omakoto@google.com> Throw for unknown user restrictions.

Bug 23902097

Change-Id: I78a4b09db880134577d690be0c50ee9a64e6a309
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f348e8e22bed4b56fdb0c02702d12b36467dedd7 07-Jan-2016 Lenka Trochtova <ltrochtova@google.com> Add policy for enforcing that all users are ephemeral.

BUG: 24883058

Change-Id: I8e53ca677c935a6c828dd6ece00b345d0eff182a
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
795c458c89418885f146f40b8d4de96fb0d08ffe 25-Jan-2016 Rubin Xu <rubinxu@google.com> Merge "Turn off profile by stopping the user."
f13c9801697ccac3171137df10dd15f491dd15bd 21-Jan-2016 Rubin Xu <rubinxu@google.com> Turn off profile by stopping the user.

Bug: 22541941
Change-Id: I713ab9b87f3dd1b7bd6206af137562d20a44d76d
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
81c61eabba101f81b3f1395cd849e7b20d59a0d2 22-Jan-2016 Makoto Onuki <omakoto@google.com> Disable log

Change-Id: I373e3f7e31dc697bd5f62d226e2a0e3e7a4aeffd
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
b7cc096fd49e99c01a9e963a895f6d26d685e474 21-Jan-2016 Oleksandr Peletskyi <peletskyi@google.com> Merge "Added restriction if a user is allowed to change the icon. BUG: 25305966"
7f1f1dfc8713fbecbab60cfbe14ab4d97d27deee 18-Jan-2016 Oleksandr Peletskyi <peletskyi@google.com> Added restriction if a user is allowed to change the icon.
BUG: 25305966

Change-Id: I3d527224f00087b2bd959879ebb143e2ecb9c914
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
02fee15d854722955a90a4079a9163a66eee9b36 22-Dec-2015 Lenka Trochtova <ltrochtova@google.com> Add a system config flag for making all guests ephemeral.

BUG: 25737696

Change-Id: I4c915ba97431a6f9f0aee2d93b618a5add51c766
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
12747879b0204b9dfee997eddc981d09289e8b77 07-Dec-2015 Amith Yamasani <yamasani@google.com> User creation with an intent

New API for an app to request creating a new user with
a given user name and seed account information for the
SetupWizard to use when that user is switched into.

Also adds system APIs to read the seed account data from
UserManager.

Bug: 22776757
Change-Id: I0bc3f11ee19c15e0ee2a908c88d98b13296cc30d
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
0e62384ccbd00e9f78851929ca88b919679ee32e 14-Jan-2016 Jeff Sharkey <jsharkey@android.com> Prepare app data only when storage is available.

Before this change, scanning a package aggressively tried checking
to ensure that private app data was prepared. However, in an FBE
world we may not have access to that data at scan time. So this
change shifts the preparing of private app data until later: it
prepares DE storage when a user is started, and CE storage when a
user is unlocked. Wire ourselves into the user lifecycle so we can
prepare storage at both user start and unlock.

When DE/CE storage becomes available, this change reconciles any
found packages against known installed apps, and deletes any orphaned
data directories.

We now need to store the last-restorecon hash in an xattr on a
per-user directory basis, since we can't restorecon CE storage until
it's unlocked, or adopted storage until it's mounted. Remove a
bunch of used logic for loading dynamic SELinux policy at runtime;
our policy always comes from the system image.

Bug: 26466827, 26544104
Change-Id: I8d0a4ef862c35f4e4ef5c7f20d3bb8f12ba3fd4b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
a1771110d67fa7361f92d92f2e91019882ce3305 18-Dec-2015 Clara Bayarri <clarabayarri@google.com> Create Work Challenge per-user condition

Change the current static condition to a per-user condition so we
can check and enable/disable the work challenge properly. Also add
an isAllowed API, as the Work Challenge can only be used when the
user's DPC targets N or above to maintain backwards compatibility.

Change-Id: I0cb8b475838816801868ffb24726407aa257b4de
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
8385e4b9d27c5139c643f078a5f94a49f91f2523 30-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Collect user creation metrics

Bug: 26348624
Change-Id: Idb2ac10c6f3fd525ac652e242fa2647cc4cc7249
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
af6ec296ec200726ac86ff53efc64e221ed6f2f6 17-Dec-2015 Jeff Sharkey <jsharkey@android.com> Make AppWidgets encryption-aware.

Only parse and load AppWidget configuration details after a user has
been unlocked. Yell loudly if someone accidentally tries loading
data for a locked user.

Tidy up protected broadcast logic a bit more to handle persistent
processes. Add backwards compatible behavior for APPWIDGET_UPDATE
broadcast simliar to APPWIDGET_CONFIGURE, since some apps are sending
it to themselves.

Add hidden USER_HANDLE extra to a handful of broadcasts to make
logic more consistent.

Bug: 26247049, 26219971
Change-Id: I54e4f2e343488571f9baa1a316962f41186c1a2c
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
5b9f167a8e7395ca54fc0ef78af4523858de87a7 11-Dec-2015 Esteban Talavera <etalavera@google.com> Only system can set application restrictions via UserManager

Preventing apps with MANAGE_USERS from managing application
restrictions via UserManager. Application restrictions should
only be set via DevicePolicyManager.setApplicationRestrictions,
or via Settings (for restricted profiles).

Bug: 22541936
Change-Id: Ieed51ef54b4c23a73f383465e9af9b3bcf18a514
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
13b80b2303f4cd183e5f1ec4956c6770fea64cfb 08-Dec-2015 Xiaohui Chen <xiaohuic@google.com> Merge "UserManager: get/set user account name"
c4dd021322d38ea32ac49930e904b6d08ce6490c 18-Nov-2015 Lenka Trochtova <ltrochtova@google.com> Introduce ephemeral users.

BUG: 24883058

Change-Id: I2e1d6aa184142c2a3dc0415c0cd407573453cf41
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
ed6c8cd6ca377ba51243c70844c6dd074abbd0fc 08-Dec-2015 Zoltan Szatmary-Ban <szatmz@google.com> Merge "Make base user restrictions queriable for system apps"
b3b9258ab6a01af5e0df4b8385b73084cd9ec530 07-Dec-2015 Xiaohui Chen <xiaohuic@google.com> UserManager: get/set user account name

Bug: 25935510
Change-Id: I0b621fb300be74209534e08a11f1d1a7c049cd5a
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
0a29ecd8a53b5ac63b628e870a344650ff34c4b0 04-Nov-2015 Rubin Xu <rubinxu@google.com> Introduce quiet mode state to managed profile users

Quiet mode means the user will be free from visual and audio interruptions
from apps inside the managed profile, including notifications, widgets and
others. This CL adds the underlying state bit to users and exposes various
APIs to control and query the quiet mode state.

Bug: 22541941
Change-Id: If5f8e5a897843050e83b6ec26cb39561098f12b9
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
3bbceddb94d627495c0022d6e3f92a5cb16aebea 26-Nov-2015 Zoltan Szatmary-Ban <szatmz@google.com> Make base user restrictions queriable for system apps

Needed by e.g. Settings > Location

Bug:22541939
Change-Id: I6cdd5f1c32cde143232eb53f531bbf3a737d8a9a
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
10ad84a17d7248488c1653bacc9f20d3a7193999 01-Dec-2015 Clara Bayarri <clarabayarri@google.com> Create a separate Work Challenge check

This allows us to tell lock checks from FBE checks separately,
and will be useful when dealing with password unification.

Change-Id: Ifbea425f749fee4d6d51faddd8b64bf717a1a5f8
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9cbfc9e212151e84910a22387365644916dde446 08-Oct-2015 Fyodor Kupolov <fkupolov@google.com> Added DISALLOW_RUN_IN_BACKGROUND user restriction

It forces the user to stop instead of going into the background. Also
changed behavior of stopUser method. Now it also attempts to stop related
users along with the specified userId.

Based on ag/807976, with the only difference that it's now a user restriction.

Bug: 24579258
Bug: 24708668
Change-Id: I357298908816fc58feeed83b7e9979fc33d25da6
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
8286a6d85fc01a972f6ee0ffab459364e68c5d8a 01-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Correctly set default restrictions when creating guest"
e04462caa46803c64dac5107a8d7b07894e23b9d 01-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Correctly set default restrictions when creating guest

Use restrictions from mGuestRestrictions when creating a guest. Initially
phone calls, SMS and installing from unknown sources is not allowed.

Bug: 25904144
Bug: 25729516
Change-Id: I461c492ad64842d3707f73dfd83b533aa31b63ef
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
e7927da1b6dc4f96714aa9bc4fbb71b3659f8cea 25-Nov-2015 Makoto Onuki <omakoto@google.com> Don't call DPM from UserManager to avoid lock inversion

- Also make sure DPMS.mOwners is always guarded with DPMS.this.
(and remove synchronization from Owners.)

Bug 25796840

Change-Id: I83f7b78e7b437d9c2a2b1d6e714346cd15f95330
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
c8a5a555f1482d0f45b538eb898d6ee7e26552a6 19-Nov-2015 Makoto Onuki <omakoto@google.com> DPM.isDeviceOwnerApp() and getDeviceOwner() now check calling user

- Previously on MNC, they would return the same result regardless who
the calling user is.

- Now they properly take DO user-id into account. Meaning, they'll
always return false and null respectively, if the calling user doesn't
run device owner.

- Note isDeviceOwnerApp() is a public API and getDeviceOwner() is
a system API. Meaning we're changing the behavior or non-private
APIs.

- Also cleaned up hidden APIs, and gave them explicit suffixes
to avoid confusion. Bundled code should prefer them for clarity.

Now we have:

* APIs that work cross-users: They all require MANAGE_USERS.
boolean isDeviceOwnerAppOnAnyUser(String packageName)
ComponentName getDeviceOwnerComponentOnAnyUser()

int getDeviceOwnerUserId()
boolean isDeviceOwnedByDeviceOwner()

String getDeviceOwnerNameOnAnyUser()

* APIs that work within user. No permissions are required.

boolean isDeviceOwnerAppOnCallingUser(String packageName)
ComponentName getDeviceOwnerComponentOnCallingUser()

Bug 24676413

Change-Id: I751a907c7aaf7b019335d67065d183236effaa80
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
ac65e1e1dba1cf0ea237a389220ec818ade07a16 21-Nov-2015 Makoto Onuki <omakoto@google.com> Remove UserManager.setSystemControlledUserRestriction()

Now that we don't have UM.setUserRestriction*s*() that could remove
all existing restrictions, there's almost no point handling
DISALLOW_RECORD_AUDIO differently.

Now DISALLOW_RECORD_AUDIO is handled just like other restrictions,
except we don't persist it.

Bug 24954662

Change-Id: I27875b4a74dd95a3ce6bb774081eeaf718eaec15
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1fae502824dfb77a109fedd80dad61fe094d8284 19-Nov-2015 Makoto Onuki <omakoto@google.com> Merge "More work on layered user restrictions."
1a2cd74526113b45d9108b6997609122c4311fb1 16-Nov-2015 Makoto Onuki <omakoto@google.com> More work on layered user restrictions.

- Now when DO/PO sets a user restriction, DPMS pushes it to UMS and
then UMS persists it, in order for UserManager.hasUserRestriction()
to never have to talk with DPMS, which would cause lock inversion.

- Also apply user restrictions when a user start.

- This is an updated version of the abandoned CL -- the difference
is, ActivityManager no longer has to call DPMS.

- Also removed an unnecessary write to userlist.xml in UMS.
upgradeIfNecessaryLP().

Bug 23902097
Bug 25388912
Bug 25354031
Bug 25641040

Change-Id: I0948aea06ad7d0f45fe612a431d765faddfe3c58
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
ba51235ef5c598d845b77fcf14491329493da34f 13-Nov-2015 Jeff Sharkey <jsharkey@android.com> More file-based encryption work.

Add new "am unlock-user" command so we can trigger changes from the
command line.

Move FBE check to static method so it can safely be called early
during boot before the mount service is ready. Move FBE emulation
to persisted system property, and start reading/writing that value.

Change default permission grants to ignore current encryption-aware
flags, since many of the target apps aren't crypto aware.

Always prepare package data directories, which is how we create the
new "user_de" paths during boot.

Bug: 22358539
Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
d3e9e1835b599a6d1dbe50ca1175b80023c6b5f0 18-Nov-2015 Xiaohui Chen <xiaohuic@google.com> Skip dead users when getting primary.

Bug: 25769085
Change-Id: I220d175839509e4dbf3f2992a90e9625d0caf825
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
e80085d61ae6d9e496101f29051cfbb69185f96e 07-Nov-2015 Fyodor Kupolov <fkupolov@google.com> Reduce excessive locking in UserManager

Bug: 24979571
Change-Id: I1cfbe48712ae26ec134354d109d2538d566b92d7
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f9fc6d6cc05595241bc7ced6d4cab97b45f9b901 09-Nov-2015 Jeff Sharkey <jsharkey@android.com> More file-based encryption work.

Add granular StorageManager APIs for key creation/destruction and
unlocking/locking. Start passing through an opaque token as part
of the unlock command, but leave it empty for now. We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.

Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE. Wire
a command to "sm", but persisting will come later.

Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model. Small tweaks to handle non-encryptionAware voice interaction
services. Switch PackageManager to consult StorageManager about the
unlocked state of a user.

Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
d59262667cbcdfedd9b03dccaa26a9a000486350 09-Nov-2015 Nicolas Prévot <nprevot@google.com> Merge "Add method to tell the dpc if provisioning is allowed."
5d7e9516861b8248f728641d7ae7a54b82a1255d 08-Nov-2015 Jeff Sharkey <jsharkey@google.com> Merge "More APIs for encryption-aware apps."
e17ac1569793c333bb4dce86607a342e7c982ae7 07-Nov-2015 Jeff Sharkey <jsharkey@android.com> More APIs for encryption-aware apps.

Apps can mark manifest components as being encryption-aware, which
means they can safely be run before the credential encrypted storage
is available.

Start adding filtering logic so that we only return these components
when a user is running "with amnesia." That is to say, only device
encrypted storage is available, so the user is running but with only
partial knowledge of its data.

To avoid calling into ActivityManager with the PackageManager lock
held, we quickly determine user state and splice the state into the
flags for later per-component evaluation.

Bug: 22358539
Change-Id: Idc56ec29f1ef04da8963e004314d7f5e47400997
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9e935a3bc9d1426a974fbe918d095900c3947ecd 06-Nov-2015 Makoto Onuki <omakoto@google.com> Make sure to persist user restrictions in UMS

Bug 25565111

Change-Id: Ic48ce728a1c2b55d70276a37b9a359407167edf1
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
86cd001e364d0d0a8253cf4ee14acd13915cbd9a 06-Nov-2015 Makoto Onuki <omakoto@google.com> Merge "Have AudioService listen to DISALLOW_UNMUTE_MICROPHONE and"
d45a4a2ecb18701b4cfadcb4a26663f2eab642fe 03-Nov-2015 Makoto Onuki <omakoto@google.com> Have AudioService listen to DISALLOW_UNMUTE_MICROPHONE and

... DISALLOW_ADJUST_VOLUME, instead of UserManager pushing
new settings to AudioService.

Also:
- Allow PO to set these two restrictions.

- Now AS.setMasterMuteInternal() respects mUseFixedVolume to make
it consistent with readPersistedSettings().

- When a user switches and restores the mute state in
AS.readPersistedSettings(), also check the current user restrictions
in addition to system settings. Because of the delay in AudioService
before persisting the mute settings in setMasterMuteInternal() and
setMicrophoneMute(), there's was an edge case
DISALLOW_UNMUTE_MICROPHONE and DISALLOW_ADJUST_VOLUME would be ignored
when the user switches right after they are set.

Bug 24981972

Change-Id: I4d9b709a0a0e6812319204568c6e44d6664bdeb4
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
07387fedfafa72bcb68defd801eef82f1f494d7c 30-Oct-2015 Nicolas Prevot <nprevot@google.com> Add method to tell the dpc if provisioning is allowed.

The DPC can use it to tell if provisioning a managed profile or for
device owner would work or not.

BUG:25338478
Change-Id: I09ea6a9f23a8e88e4ed37c048170b2a68213086e
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
965da39942f9a8736f785f7c57a6c351a8c89d6b 28-Oct-2015 Clara Bayarri <clarabayarri@google.com> Create a File Based Encryption check API

Change-Id: Ibf41f98818ea801b9f690200c340be80c3b9bf31
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
598ee3f6c2cca9eecc7ad90f2003e36f5fb04114 03-Nov-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Introduced short-term lock for UMS internal state"
82402753815ff4633cc572713ae490a17d9129e5 28-Oct-2015 Fyodor Kupolov <fkupolov@google.com> Introduced short-term lock for UMS internal state

Added mUsersLock - short-term lock for internal state, when interaction and
synchronization with PM is not required. Modifications to mUsers and
mRemovingUserIds must be guarded by 3 locks: mInstallLock, mPackagesLock and
mUsersLock. While reads can use mUsersLock.

Testing revealed that the following methods in UMS often cause contention:
- exists
- getUserInfo
- getProfileParent

They all now use a short-term lock mUsersLock for reads.

Bug: 24979571
Change-Id: Ie3a22ea7cbb450c7969800fe2a4a2b2516165e5b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
671b8721b01d911cabee8467290f363becbe49c7 03-Nov-2015 Todd Kennedy <toddke@google.com> Merge "Implement shell commands for package and user services"
60459abb211a11caf71238a44f543fdc18289772 30-Oct-2015 Todd Kennedy <toddke@google.com> Implement shell commands for package and user services

Only implement the 'list' package service command. More will follow
in future CLs.

Change-Id: Iae225cd4ee63c7d468a4fd882d8cb4b6b76ccc09
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
4f16073556f7978708fb71c87628cfe1692412d5 28-Oct-2015 Makoto Onuki <omakoto@google.com> Make UserManager enforce user restrictions, not DPM.

- Now even if a user restriction is set via UserManager, it'll be correctly
enforced.

- Changed the way AudioService enforces the OP_MUTE_MICROPHONE and
OP_AUDIO_MASTER_VOLUME app ops -- previously, when they're set, even a muting
call would be rejected. This was why DPMS.setUserRestriction() used different
calling orders for DISALLOW_UNMUTE_MICROPHONE/DISALLOW_ADJUST_VOLUME depending
on setting them or clearing them.
Now, even when the app ops are set, we still allow muting calls.

Bug 23902097
Bug 24981972

Change-Id: I865b5de43e15f5955f94006475a5ec6254904d31
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
5263492de62c4dac099d0aa0f70056dbc729b06b 02-Nov-2015 Makoto Onuki <omakoto@google.com> Merge "Allow DO to disable camera device-wise."
759a763f5f03fda86b96d238faedb870fbee24ec 29-Oct-2015 Makoto Onuki <omakoto@google.com> Allow DO to disable camera device-wise.

Bug 24538855

Change-Id: I421690f14ee57fa818d2b233fe48a90a0a575a9e
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
e19dcaa50f1a74d0151891826402b2802b6526ea 02-Nov-2015 Clara Bayarri <clarabayarri@google.com> Merge "Return actual userId when File Based Encryption is present"
068c54a5be697c3df4657dcda33cd17c4b547710 13-Oct-2015 Makoto Onuki <omakoto@google.com> Layer user restrictions

- Now DPMS remembers user restrictions set by DO / PO in their ActiveAdmin.

- User restrictions set by DO/PO will no longer be saved by UserManger. Instead,
when needed, UMS will consult DPMS to build "effective" user restrictions.

- UM.getUserRestrictions() will now always return "effective" user restrictions.

- DPMS migrates existing user restrictions per the eng spec.

- Also now UM.setUserRestrictions() will crash. UMS.setUserRestrictions() has
been removed.
This was needed because UM.setUserRestrctions(UM.getUserRestrictions()) will no
longer be a valid use like it used to be.

- Also introduced a fined-grained lock for user restrictions in UM to avoid
deadlock between DPMS and also for better performance.

Bug 23902097

Change-Id: If0e1e49344e2f3e9226532d00777976d1eaa7df3
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f05b9d0830ab7fd1ba4da8801194353889919ffc 23-Oct-2015 Clara Bayarri <clarabayarri@google.com> Return actual userId when File Based Encryption is present

The existing UserManagerService#getCredentialOwnerProfile always
returned the parent profile for the given userId. With File
Based Encryption, we want to enable per-user credentials.

This is part of the Separate Work Challenge feature.

Change-Id: If5b32d22a5da63103b773acbe4a6d1396d34412b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
b32f8a2b53655fe5380ec8ed3880c5bed3209dca 22-Oct-2015 Esteban Talavera <etalavera@google.com> Merge "Only system can set app restrictions"
2a5d6c6cbd0286ebca844d4fb8f4d3437ad1ecdd 21-Oct-2015 Esteban Talavera <etalavera@google.com> Only system can set app restrictions

Only system/root UIDs or components with MANAGE_USERS permission
can set app restrictions. Apps should only be able to retrieve their
own restrictions, but not set them.

Change-Id: I1ebf30dc6ef5af12fa79230618f89b43aa7b1fb6
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
fd5b77444edaec88895344a629d071ecf352cf36 15-Oct-2015 Xiaohui Chen <xiaohuic@google.com> Add UM.isSameProfileGroup()

This optimizes the performance to check if two users are in the same
profile group.

Change-Id: I493a3475b848487836f4dbe01529c63165ace483
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
a4f119790e32fcce56586e7324d508e35cb30a2a 01-Oct-2015 Makoto Onuki <omakoto@google.com> First cut of user restriction layering.

- Start persisting restrictions set by DO/PO.

- Also dump user restrictions on dumpsys

- More changes will follow, including migration.

- Now System settings are mockable.

Bug 23902097
Bug 23902477

Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
4a305c95e1669222f2b835a3b85fee77d72fab57 03-Oct-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Do now allow current user to be removed"
369d3dcda03090c314ad2a350335b060eeb1bbd6 02-Oct-2015 Xiaohui Chen <xiaohuic@google.com> Merge "Cleanup USER_OWNER in pm"
bb7e5ac58e74667799662cfa0f780ce8eaad053f 02-Oct-2015 Xiaohui Chen <xiaohuic@google.com> Merge "Cleanup USER_OWNER in mount service"
47f0795d171a25d30ee5b48a6ff1828fb5c92c19 02-Oct-2015 Xiaohui Chen <xiaohuic@google.com> Cleanup USER_OWNER in pm

Bug: 19913735
Change-Id: I27947f539ca8346e3abd96fc1f800a65945be128
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
621b3fc7a94a9b1bbbb230f264899299a806237b 02-Oct-2015 Xiaohui Chen <xiaohuic@google.com> Cleanup USER_OWNER in mount service

Also removed a failing unit test and the related code which is
now deprecated.

Bug: 19913735
Bug: 24064753
Change-Id: I9b11130b52caeb0ad890cc6adaaf7fb2fc7b5db6
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
0df68cd13b8121aa4e582d8fb59c7589079d6ff9 01-Oct-2015 Fyodor Kupolov <fkupolov@google.com> Do now allow current user to be removed

It was possible to remove a foreground user using pm remove-user command.
The system ends up in the inconsistent state, because switch does not happen
and the removed user stays in the foreground, but its state is removed.

Also added am get-current-user command.

Change-Id: Ida2dce8f99bac55e106cdd44c93e96cc9142d7fb
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
11f15a3727854c45a0228fc70d08a3a02b9c9f39 01-Oct-2015 Amith Yamasani <yamasani@google.com> Merge "Delay cleaning user tasks until user is removed"
515d40600e1f11c7cea3a2bfbbb49e7d86ff801f 28-Sep-2015 Amith Yamasani <yamasani@google.com> Delay cleaning user tasks until user is removed

Fixes #24301208 No recent apps shows when switching
between users.

Instead of cleaning up when stopping a user, we
should remove tasks when removing a user, since
recents tasks should be persisted across reboots.
Reboots are similar to stopping and starting users.

Change-Id: I9a250792077cca5f18ae1a10bc36f7b97e8ea867
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1c36315a36962321dfe870b07e28b04a1d6777e9 02-Sep-2015 Fyodor Kupolov <fkupolov@google.com> Fixed VPN support for restricted profiles in split system user model

In a new split system user model, owner of a restricted profile is not limited
to just user0. restrictedProfileParentId field should be used to get an owner.

Bug: 22950929
Change-Id: I928319a9450e543972237a42267eb2404e117c83
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
02cb6e773b323a0d54b21f43460a23f668b7727c 19-Sep-2015 Fyodor Kupolov <fkupolov@google.com> Added --restricted option for create-user command

Also moved restricted profile create/setup logic from Settings to
UMS.createRestrictedProfile.

Bug: 24212155
Bug: 24303609
Change-Id: I0346a3368de53f4bb4b6e054349f19adac959d7f
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9249a9097707bb57ae0a7d114eff54bc82ad462d 26-Sep-2015 Bart Sears <bsears@google.com> Revert "Added --restricted option for create-user command"

This reverts commit 737b216b5c28f7d7162f219136d4e8a9eb1a486b.

Change-Id: I4c43967933bb2e46cdb8ad6e643d7037d722cab2
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
737b216b5c28f7d7162f219136d4e8a9eb1a486b 19-Sep-2015 Fyodor Kupolov <fkupolov@google.com> Added --restricted option for create-user command

Also moved restricted profile create/setup logic from Settings to
UMS.createRestrictedProfile.

Bug: 24212155
Bug: 24303609
Change-Id: I5f0d48bcbd3c0b51927926b874fd057c15ac5219
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
06a484adb93c6c969321147b07112684383305f6 22-Aug-2015 Fyodor Kupolov <fkupolov@google.com> Non-system users can now have restricted profiles

In the non split system user, only USER_OWNER is allowed to have restricted
profiles. This is now changed in split user mode, where multiple secondary
users can have restricted profiles.

Added UserInfo.restrictedProfileGroupId field, which defines parent/child
relationship between secondary users and linked restricted profiles. Adjusted
shared accounts handling logic to not assume that USER_OWNER is the only owner.

Bug: 23191995
Change-Id: I5f3fc2aa4f229103d6e75ec2c3dfce866b8007de
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
be8b98b939639a579444de64ce2fd86cccf91daf 20-Aug-2015 Nicolas Prévot <nprevot@google.com> Merge "Allow non-owner users to have managed profiles."
b818681dcae157412b897587ff856cd0c531c3f4 06-Aug-2015 Nicolas Prevot <nprevot@google.com> Allow non-owner users to have managed profiles.

In the split system user model:
The only users that are not allowed to have managed profiles are:
- purely system user (user 0)
- guest users
- restricted profiles
- managed profiles

In the non-split system user model, the behavior does not change:
only the primary user can have managed profiles.

BUG:22956426
Change-Id: If908c30f110fd3e740770174f050c9b6cf87ce1b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
50b1bd2485ed538310f60b25c7a1213c32b41767 19-Aug-2015 Amith Yamasani <yamasani@google.com> am a79f37c3: am 6e6fbc93: am 7102fb5f: am e1df482c: am e3de6c5d: Merge "Fix crashes when removing work profile" into mnc-dev

* commit 'a79f37c31fb0605465d1d6a1ccfdbf9b821fcd96':
Fix crashes when removing work profile
e1df482c173d975923dba2d3cf644f5a0fadee17 19-Aug-2015 Amith Yamasani <yamasani@google.com> am e3de6c5d: Merge "Fix crashes when removing work profile" into mnc-dev

* commit 'e3de6c5df5a94e627c5ee0f188cbb066233a3dd0':
Fix crashes when removing work profile
594f208d661bc29dafef91e948d36cac652d59db 18-Aug-2015 Xiaohui Chen <xiaohuic@google.com> Clean up USER_OWNER reference in pm/Settings

Bug: 19913735
Change-Id: I538ed443b945e9cbb731520450bf5ef39882ae37
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
236b2b5d28f430a79d3155115b57ea8d80ad27ea 18-Aug-2015 Amith Yamasani <yamasani@google.com> Fix crashes when removing work profile

This isn't specific to work profile. When multiple user
deletions happen in sequence, a race causes a dying user
to lose permissions prematurely. This fix delays removal of
user state until the user is completely cleaned up and all the
processes have been killed.

Bug: 23178833
Change-Id: I1636bc2022416359a25f19a3f65d113c05289cd3
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
56088b329b4d0ec96c9d6e8a25f91080db50fe9c 08-Aug-2015 Amith Yamasani <yamasani@google.com> am 8857528d: am d7256292: am 3ad53f76: am 85b3d034: am 1fbc1b3b: Merge "Fix partial user cleanup on restart" into mnc-dev

* commit '8857528dd454f3b1f6ec140c945275bb3690aae7':
Fix partial user cleanup on restart
85b3d0347955d7244f7d5b89f80482a73e70a0ed 07-Aug-2015 Amith Yamasani <yamasani@google.com> am 1fbc1b3b: Merge "Fix partial user cleanup on restart" into mnc-dev

* commit '1fbc1b3b4b742cdba25d32d65a9813933a37005f':
Fix partial user cleanup on restart
a7892486c2100d99abef355f2bd2c919e6516a6d 07-Aug-2015 Amith Yamasani <yamasani@google.com> Fix partial user cleanup on restart

Internal volume was not available during PackageManagerService creation,
which resulted in a zombie user's folder not being cleaned after a reboot.

Add the internal volume earlier in the boot cycle so that it can be accessed
for user cleanup.

Bug: 22483086
Change-Id: I8f3ffbb25f3902d00a96d1ee2d7a79373c5e35b7
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
768352fdae6fc92805d11dd4e1a1220a25b5f5a5 07-Aug-2015 Andres Morales <anmorales@google.com> am e0a7cfa0: am 981c4561: am 7ab11e45: am 5fd47543: am 85c73c40: Merge "[UserManager] expose method to retrieve credential owner" into mnc-dev

* commit 'e0a7cfa026da56f1197c1feea79f76153c5eddd5':
[UserManager] expose method to retrieve credential owner
5fd4754310a9b19c7b880197e5bd237e2959c040 07-Aug-2015 Andres Morales <anmorales@google.com> am 85c73c40: Merge "[UserManager] expose method to retrieve credential owner" into mnc-dev

* commit '85c73c40d1fd76e8a7bbd90ab80458082764c1c3':
[UserManager] expose method to retrieve credential owner
c5548c02fe0aa768ebfce88ac09393dabe61ec06 05-Aug-2015 Andres Morales <anmorales@google.com> [UserManager] expose method to retrieve credential owner

Certain operations (like ConfirmCredential) can be invoked
in the context of a profile, in which case the calling code
needs to know under what profile the credential is registered.

Expose a centralized location for this information for Settings
and GateKeeper to consume.

Bug: 22257554
Change-Id: Iffe4f6a254f52d1269b9287edabcf6efa515d9d2
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
8bcd8411111c7199dd5cbd90748d34765fa35c84 28-Jul-2015 Fyodor Kupolov <fkupolov@google.com> am 4e5a63fe: am 820b1395: am 9b02cff8: am 0bc60661: am 67a32c49: Merge "Added missing check for MANAGE_USERS" into mnc-dev

* commit '4e5a63fe1c6f4f7e95cd8eb0f469f77590a6c4b2':
Added missing check for MANAGE_USERS
0bc606614ab4c7ec20b6696e0a6bba4f46568925 28-Jul-2015 Fyodor Kupolov <fkupolov@google.com> am 67a32c49: Merge "Added missing check for MANAGE_USERS" into mnc-dev

* commit '67a32c499177d41e48c3ac5a803f883fd97acf37':
Added missing check for MANAGE_USERS
d4b2604109c9239e14b5c96678d751bf05ba4657 27-Jul-2015 Fyodor Kupolov <fkupolov@google.com> Added missing check for MANAGE_USERS

setUserRestriction should do the same permission check as setUserRestrictions
method.

Bug: 22767990
Change-Id: I01f0508ebb23deafaa32ad5dd7063b98a78641be
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
203243aeaeb20027f2292dc0cec715e159ad1213 16-Jul-2015 Xiaohui Chen <xiaohuic@google.com> sys user split: fix primary flag bug.

When the end user first login as Guest, and the device rebooted during
the session (Guest user not removed), then the first user created
afterwards would not be correctly marked as primary. We need to
explicitly looks through all current users to be able to tell for
sure.

Bug: 19913735
Change-Id: Iab1160c17c8dfdc054fd5dd136435fe2711dfa0c
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
b31e14a3d939999a2f325c38c79f8664e0b25878 14-Jul-2015 Xiaohui Chen <xiaohuic@google.com> sys user split: assign admin/primary flag

Assigning admin and primary flags to the primary user instead of the
system user.

BUG:19913735
Change-Id: I64c28538fc688cd8ce0fb4878ece5e629d8e0abf
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
5cc9a7a801f3a1995cbb2a7dae3f9a716d51df0e 14-Jul-2015 Amith Yamasani <yamasani@google.com> am b646cd6d: am f62ca82b: am a5aaf335: am 0fd2d2b1: am 292eb65f: Merge "Fix new user creation regression due to vold remount calls" into mnc-dev

* commit 'b646cd6df50e99464335f3c196e386c8743fd29e':
Fix new user creation regression due to vold remount calls
0fd2d2b124d2aa614131c7b9cedde9d18e830724 14-Jul-2015 Amith Yamasani <yamasani@google.com> am 292eb65f: Merge "Fix new user creation regression due to vold remount calls" into mnc-dev

* commit '292eb65f1ee0747e60899c1b1d0b6cb16c9cd37a':
Fix new user creation regression due to vold remount calls
bb054c9dcc68d24e1d2ded709b721948b939018c 09-Jul-2015 Amith Yamasani <yamasani@google.com> Fix new user creation regression due to vold remount calls

When creating a new user, there's no need to call into vold when
setting up default system permissions for storage. This was otherwise
adding 2 seconds to the user creation time, causing a frozen screen
before showing "Switching to user ...".

Fix is to call the permission setup code synchronously and not
call into vold if the user hasn't been initialized yet.

Bug: 22356546
Change-Id: I4c8632813e8c0f2ac90da386691af439521bb25a
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
7ec733fad39ff9e439a67c9cf51b88bc84cdfda0 19-May-2015 Paul Crowley <paulcrowley@google.com> Delete the user key when deleting a user.

Bug: 19706593

(cherry-picked from commit 85e4e818d83dbc65b1e6e3ed9d39c656188acaec)

Change-Id: Icc6d53a99558317b2ec154f931e481ad9fe64aa3
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
bcf48ed2262d655ebf59153dea645ca761b73db5 22-Apr-2015 Paul Crowley <paulcrowley@google.com> Use mount service to create user dirs.

Bug: 19704432

(cherry-picked from commit 9102f5d953fbde03e12f385b2225004edc43d202)

Change-Id: I64a2c85beef115158feed3953deae32f692e750f
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
3bb8c854189591fcee16d2a6854fae862b02d1e8 07-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge commit '1db64c19' into merge3

Change-Id: I0aea6817876a5820a7d67a4de5bef0f86ce702a2
6dce4964b4d1a13d276d95730b8fb09d6a5a8d04 04-Jul-2015 Jeff Sharkey <jsharkey@android.com> Reconcile private volumes when mounted.

Many things can happen while a private volume is ejected, so we need
to reconcile newly mounted volumes against known state.

First, user IDs can be recycled, so we store the serial number in the
extended attributes of the /data/user/[id] directory inode. Since a
serial number is always unique, we can quickly determine if a user
directory "10" really belongs to the current user "10". When we
detect a mismatched serial number, we destroy all data belonging to
that user. Gracefully handles upgrade case and assumes current serial
number is valid when none is defined.

Second, we destroy apps that we find no record of, either due to
uninstallation while the volume was unmounted, or reinstallation on
another volume.

When mounting a volume, ensure that data directories exist for all
current users. Similarly, create data directories on all mounted
volumes when creating a user. When forgetting a volume, gracefully
uninstall any apps that had been installed on that volume.

Bug: 20674082, 20275572
Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
2f37bd39217177fc2d49b07a9d1b2821d3177e80 29-Jun-2015 Nicolas Prevot <nprevot@google.com> am d1d1a700: am 64c0c4da: am 6fd49936: Merge "Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING" into mnc-dev

* commit 'd1d1a700501242cca06b5729c2bd888d6f2d4d52':
Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING
f0029c1ddb2875583e62c6a3f96d288e21f2efe2 25-Jun-2015 Nicolas Prevot <nprevot@google.com> Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING

Also improve the javadoc.

BUG:21701782
Change-Id: I88a75ccfa71b0d5df2f4779987cf0fff56001fd3
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
70f6c38644a4a6e28c016c265e6987bf00dd61f1 28-Apr-2015 Xiaohui Chen <xiaohuic@google.com> Introduce system user and primary user.

Bug: 19913735
Change-Id: I2c7855915d778cf80a7154314321ddd90e2eaaac
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9a0f9682a91e4000de50c2ced20506516af28342 23-Jun-2015 Nicolas Prevot <nprevot@google.com> am 69042609: am 2e70cf73: am 3ab6f9e6: Merge "Allow cross-profile app linking from work to personal." into mnc-dev

* commit '6904260904176c67f200654d48fd8046c63011f4':
Allow cross-profile app linking from work to personal.
9edbda18df025527e18614cf0c45d538a27af30f 17-Jun-2015 Nicolas Prevot <nprevot@google.com> Allow cross-profile app linking from work to personal.

If the profile owner sets ALLOW_PARENT_APP_LINKING:

ACTION_VIEW, scheme http/https intents sent from the work profile
can be resolved by personal apps if they specify a host.

BUG:21701782
Change-Id: I372e2405345539eac9d6b4fb08def6bf84da14a6
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1142341872befc70d2d37c3b8bac66e2f77f633d 16-Jun-2015 Jeff Sharkey <jsharkey@android.com> am 10d045cd: am 716978e3: am 2cc03e56: Yet another user restriction.

* commit '10d045cd08a60403056f90f03b8f79dc0bf18571':
Yet another user restriction.
2cc03e5606ad7cd473283898400506d5ac2237ba 20-Mar-2015 Jeff Sharkey <jsharkey@android.com> Yet another user restriction.

Change-Id: Ia2952da19cb974a6a9ba0271a298a10df58b8d18
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
39947d63dd6585312a9f1bab8aac1c8deb9fb3c0 10-Jun-2015 Fyodor Kupolov <fkupolov@google.com> am 7e1c4917: am 1f6cbb5d: am c2ae0090: Merge "Do not create profile if FEATURE_MANAGED_USERS is not available" into mnc-dev

* commit '7e1c4917aba076b2d92e66f6971002996ab63e44':
Do not create profile if FEATURE_MANAGED_USERS is not available
b61579950461fca161e570f079f1f4d09389c49f 06-Jun-2015 Fyodor Kupolov <fkupolov@google.com> Do not create profile if FEATURE_MANAGED_USERS is not available

Bug: 21629701
Change-Id: Ia0f720eee0faa0d565701064a268948f6dea82e4
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
326a0acde1fd2e790b9a854d1ac4610b16224a17 04-Jun-2015 Paul Crowley <paulcrowley@google.com> Merge "Delete the user key when deleting a user."
e3e314df4d52881225326d426a76e3e7f1bc40d3 20-Apr-2015 Stuart Scott <stuartscott@google.com> Network Reset should have a lockdown like Factory Reset.

bug:20332322
Change-Id: I7c61a011d11e89513757f112abf320bb2a785edb
(cherry picked from commit 94b038bbb291431a7b39611d72f206b07e839891)
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
94b038bbb291431a7b39611d72f206b07e839891 20-Apr-2015 Stuart Scott <stuartscott@google.com> Network Reset should have a lockdown like Factory Reset.

bug:20332322
Change-Id: I7c61a011d11e89513757f112abf320bb2a785edb
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
85e4e818d83dbc65b1e6e3ed9d39c656188acaec 19-May-2015 Paul Crowley <paulcrowley@google.com> Delete the user key when deleting a user.

BUG=19706593

Change-Id: I36ec1b987f5a07450c6a564c74f124ec8d3403ad
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
d763aae7c7269c5094137df402166284d7d45d93 19-May-2015 Fyodor Kupolov <fkupolov@google.com> am 5053258e: Merge "Allow creating a managed profile if there is only one user."

* commit '5053258e200973d6ae4fec705ea766e0a58a61c9':
Allow creating a managed profile if there is only one user.
12678a99f12ae20fa8518bb8199c35d52be17954 13-May-2015 Nicolas Prevot <nprevot@google.com> Allow creating a managed profile if there is only one user.

BUG:21119929

Change-ID: Ice1cf25f8ae8199228f828d22118c94b9e11b567
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
72434b7088591828082dd952496d523ef3622de2 13-May-2015 Nicolas Prevot <nprevot@google.com> Allow creating a managed profile if there is only one user.

BUG:21119929

Change-ID: Ice1cf25f8ae8199228f828d22118c94b9e11b567
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4 08-May-2015 Wojciech Staszkiewicz <staszkiewicz@google.com> Pass charset to XmlPullParser.setInput instead of null

Passing null to XmlPullParser.setInput forces it to do additional
work, which can be easily avoided if we know the charset beforehand.

bug: b/20849543

Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
06bf824628c118fbd5ad6756913d7fd63a6f4ce5 09-May-2015 Amith Yamasani <yamasani@google.com> Idle timebase

Use screen on time as timebase for idling out apps
that have been inactive.

Store the time when an app was last active as an additional
package state in UsageStats. Compare it to screenOnTime to decide
if it's inactive.

Exclude device idle whitelist from apps that can go inactive.

Bug: 20066058

Change-Id: I709f9f31a9affa7ca6e1ae3e4c5729c5fb221669
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
b501330a1b6ef14ff512a5727f7a01bc423d6fbb 18-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Disable multi-user background recording

On user switch, kill existing processes of the background user with
android.permission.RECORD_AUDIO permission. Home activity should not be
killed to avoid an expensive restart of the home launcher, when the
user switches back.

Introduced DISALLOW_RECORD_AUDIO user restriction, which is enabled for the
background user, and removed for the foreground user.

Introduced a concept of system controlled user restriction, which can only
be set by the system, rather than device administrator.

Bug: 20346194
Change-Id: Ic942fd565e80d14424230dae612965a8e229c4ef
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
4f434a04708e7a254afe2e0d362f715229dc15d1 09-May-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Remove restrictions PIN functionality" into mnc-dev
ef24909d84db9d5aefb825ee1556089fcdcc1678 06-May-2015 Fyodor Kupolov <fkupolov@google.com> Remove restrictions PIN functionality

Bug: 20852231
Change-Id: I5666ee28ff1341ead9b258bc0852d8ba6d313c5e
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
4be96e4e47d249d07d3e7dae5578e87aef90bd07 06-May-2015 Xiaohui Chen <xiaohuic@google.com> multiuser: postpone user cleanup to systemready

User cleanup was too early and causing exceptions during boot.

Bug: 20826665
Change-Id: Idace66d41cefaff1d80f490c161f8868e91d36d9
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
ff7233e2e3df4965b9ecadabfd78bb991fd1e102 08-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Added getUserCreationTime to query user/profile creation time

Added public api to query creation time of the user or of a managed profile
associated with the calling user.

Bug: 20049349
Change-Id: I7f9263fe434233e6f7d4f165c974cab64ca7107c
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f6ee2244a4f4ddb1ddf2ae21a7e3acd6dab1880b 06-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Restored original behavior of getApplicationRestrictions

JavaDoc for getApplicationRestrictions states that null is a valid return
value, but it turns out some apps do not expect that. This fix restores
the original behavior of returning an empty bundle.

Bug: 20081431
Change-Id: I30a4aa6aba14307eba59ba0015f80f14107269af
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
6f34d363c32ec3295fd77257648d1291ea31c33f 02-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Do not log an error when app restriction file does not exist

Bug: 20040207
Change-Id: Ibd257388a185020258e36bddf5b451dc24c0b7ee
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
262f9952e6e78e00a6d42bab97d73dccfb9607f4 24-Mar-2015 Fyodor Kupolov <fkupolov@google.com> Support for nested bundles in setApplicationRestrictions

Added new restriction types - bundle and bundle-array.

Modified RestrictionsManager.getManifestRestrictions to support new
hierarchical restrictions.
Added RestrictionsManager.convertRestrictionsToBundle, which enables
programmatic conversion from a list of RestrictionEntries to a Bundle.

Modified read/write methods for application restrictions in UserManagerService.
Added unit tests.

Bug: 19540606
Change-Id: I32b264e04d5d177ea5b4c39a8ace5ee0ce907970
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
78027f3b72ad0cad4c39c3947985526ac31a6d3e 25-Mar-2015 Svet Ganov <svetoslavganov@google.com> Properly handle system app permissions.

System apps targeting SDK grater than Lollipop MR1 get runtime
permissions and when a new user is added we update the permissions
for all packages to ensure that the new user gets the runtime
permissions.

Change-Id: Ic7dc5b5a94b034e00d715a60b12f613803524c3b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
bff46bac807ae8a9ebdc22c449a8d4f78711b4d2 05-Mar-2015 Benjamin Franz <bfranz@google.com> Add DO policy to disable safe boot mode.

Bug: 19615843
Change-Id: I14dbe911995ec216c57bd285d6b7b04c9684591a
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f3ece36535d4999cf2bfd2175a33da6c3cdf298e 11-Feb-2015 Benjamin Franz <bfranz@google.com> Block setting wallpapers from managed profiles.

Silently fail when a managed profile app tries to change the
wallpaper and return default values for getters in that case.
This is implemented through a new AppOp that is controlled by
a new user restriction that will be set during provisioning.

Bug: 18725052
Change-Id: I1601852617e738be86560f054daf3435dd9f5a9f
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
7478de1e87b3c1941b43eafc2ff9e9a4bafead7e 18-Feb-2015 Adrian Roos <roosa@google.com> Merge "Decouple package manager lock and bitmap decoding"
c627484653fef1066f442034acf8e127153bec83 18-Feb-2015 Kenny Guy <kennyguy@google.com> Merge "Handle users being deleted in getUserHandle."
1bdff9139fd412b36d5d2d783574b6418fcb198a 17-Feb-2015 Adrian Roos <roosa@google.com> Decouple package manager lock and bitmap decoding

Also moves the actual reading and decoding of the
icon into the client process to avoid unnecessary
copies.

Bug: 18474438
Change-Id: I71623ef48c770d752593aa97d69517f6139cc947
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
05ecfd308d983755bc7cab39ba99a37c321f176b 11-Feb-2015 Alex Klyubin <klyubin@google.com> am 33d3c53d: resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp

* commit '33d3c53da021f0d044028860ace0f4ad817273f5':
Move hidden ApplicationInfo flags into a separate field.
33d3c53da021f0d044028860ace0f4ad817273f5 11-Feb-2015 Alex Klyubin <klyubin@google.com> resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp

Change-Id: Ic20b6c8851458483dd73a144bd5ae6e8d141e62a
b9f8a5204a1b0b3919fa921e858d04124c582828 03-Feb-2015 Alex Klyubin <klyubin@google.com> Move hidden ApplicationInfo flags into a separate field.

The public API field android.content.pm.ApplicationInfo.flags can
support only 32 flags. This limit has been reached. As a short term
workaround to enable new public flags to be added, this CL moves flags
which are not public API into a separate new field privateFlags and
renames the affected flags constants accordingly (e.g., FLAG_PRIVILEGED
is now PRIVATE_FLAG_PRIVILEGED).

The new privateFlags field is not public API and should not be used
for flags that are public API.

The flags that are moved out of ApplicationInfo.flags are:
* FLAG_HIDDEN,
* FLAG_CANT_SAVE_STATE,
* FLAG_FORWARD_LOCK, and
* FLAG_PRIVILEGED.

NOTE: This changes the format of packages.xml. Prior to this CL flags
were stored in the "flags" attribute. With this CL, the public flags
are stored in a new "publicFlags" attribute and private flags are
stored in a new "privateFlags" attribute. The old "flags" attribute
is interpreted by using the old values of hidden/private flags.

Change-Id: Ie23eb8ddd5129de3c6e008c5261b639e22182ee5
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
945f8836a68599a633a42dbb11b2f28d0c7beb6d 10-Feb-2015 Kenny Guy <kennyguy@google.com> Handle users being deleted in getUserHandle.

getUserHandle by serial number calls getUserInfoLocked
which may return null for a user that exists when its
being deleted.

Change-Id: I949831f8bc959e5ec1f3cb907d86313f10e12554
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
adf1c93ff77c996be7952f98b9f554befb089543 08-Jan-2015 Dianne Hackborn <hackbod@google.com> am 3968820f: am cb8d8e10: Merge "Fix issue #18827122: system server crashed on broadcasting..." into lmp-mr1-dev automerge: 16e4324

* commit '3968820fc75e1eac03e54cba45b5a0adc28ee87d':
Fix issue #18827122: system server crashed on broadcasting...
56ef86d4d116b037107c4054a0a76c46778e8a3b 08-Jan-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Use scheduled writes to package-restrictions and user xml"
29cd7f19625a2a2a8528469e55f3aa495107b9e7 08-Jan-2015 Dianne Hackborn <hackbod@google.com> Fix issue #18827122: system server crashed on broadcasting...

...an intent with invalid or null package uri

Also tweak battery stats to record in the history when we shut
down, to understand when restarts are due to clean shutdowns or
crashes.

Change-Id: I6443dafc23e356be9f569906f6081152d4f92d2b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
290e91107c168210fa0583c5e3751821812277d0 30-Dec-2014 Robin Lee <rgl@google.com> Remove deprecated upgrade path for relatedGroupId

As per note this has been unused for upwards of 6 months and its
attribute string is no longer referenced anywhere else in Android.

Change-Id: I5f95ffa6b3d91fca203f2d030d40df3fd55b6a70
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
75d0ea8785163d5b0fddaec339f68bacdf52df82 16-Dec-2014 Fyodor Kupolov <fkupolov@google.com> Use scheduled writes to package-restrictions and user xml

When user is initialized, PackageManager.setEnabledSetting is called
multiple times. Each call triggers a write to user's
package-restrictions.xml file.

Using scheduleWritePackageRestrictionsLocked should help to reduce the
number of writes during initialization time and reduce creation/switching
time for a new user.

Change-Id: I5bd8609e3a79bdc3f198a169ede8005dc0186612
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
da0b16825466b9b23c24e1bc2a567afa8e690ec7 21-Nov-2014 Amith Yamasani <yamasani@google.com> Fix parsing bug that affects reading back guest restrictions

Now it remembers guest default restrictions across reboots.

Bug: 18477780
Change-Id: I3a2c0d47825c8fcfc69edf791ddd6329e23ee04b
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
6eb093909c5711f2482952e3d85dab66bad234c3 15-Nov-2014 Jeff Sharkey <jsharkey@android.com> Prevent user ID reuse until after reboot.

We're still seeing rare cases where a device struggles to create a
new user, probably because of a subtle bug in the FUSE daemon. To
work around this, only allow user IDs reuse after reboot.

Bug: 8302014
Change-Id: Id7f9fb539c6d6d1ff3d47d941af1d9e6b93eca03
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
aa6634eaca707f7cbf5f5a1d75b90d8d775d254b 06-Oct-2014 Amith Yamasani <yamasani@google.com> Set the default user restrictions to disallow calling and sms

When creating a user via the UI, disallow phone calls and SMS by
default. Primary user must explicitly enable it via Settings.

Bug: 17832802
Change-Id: I18cad4be8493ddc8890b5d90da2df256cb3f1ec9
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f58e532e015ef31d879ee51aeeb251349784717c 11-Sep-2014 Amith Yamasani <yamasani@google.com> Merge "Apply cross-user restrictions to Shell" into lmp-dev
8cd28b57ed732656d002d97879e15c5695b54fff 09-Jun-2014 Amith Yamasani <yamasani@google.com> Apply cross-user restrictions to Shell

Even though Shell user is allowed to perform cross-user actions,
lock that path down if the target user has restrictions imposed by
the profile owner device admin that prevents access via adb.

If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't
allow the shell user to make the following types of calls:
start activities, make service calls, access content providers,
send broadcasts, block/unblock packages, clear user data, etc.

Bug: 15086577
Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
732edf098fe9728238bf3b69a3b3cfcb221edf35 10-Sep-2014 Adam Lesinski <adamlesinski@google.com> Merge changes I79ba54d7,I224fb4b6 into lmp-dev

* changes:
Make UsageStats API default on only for the system
ActivityManager shouldn't return null for getCurrentUser
26af829fd70609cf073b56e54e1f78faf83a5e8b 09-Sep-2014 Amith Yamasani <yamasani@google.com> User restriction to disallow outgoing NFC beam

This can be controlled by MDMs via DPM.

Also fixes:
- javadoc for restrictions
- persisting of cross profile copy/paste restriction

Bug: 17387303
Change-Id: Ie148f56189181d2a4c6345c0823d417ab13a94a3
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
eddeb49a734a524347587e7654025c489fb6331e 09-Sep-2014 Adam Lesinski <adamlesinski@google.com> ActivityManager shouldn't return null for getCurrentUser

There was a race where ActivityManager would return null
for getCurrentUser() when switching between guest accounts.
This is because the Guest account was marked for deletion
while it was still active.

Bug:17290209

Change-Id: I224fb4b6836380e5acb7dbeb8f3343d74505f88a
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1df1473008c24487701c5bc15f39ed9f9697f421 30-Aug-2014 Amith Yamasani <yamasani@google.com> Make it possible to remove current user

Due to the async nature of switching users, it's not possible to
switch and remove immediately. So mark the switch target user as
soon as the user switch is requested, so that a remove will proceed
without failing at stopUserLocked().

Also, fix a similar problem with deleting the current guest and
switching to a new guest. It was attempting to remove the current
user which will result in a failed stopping of the user.
Added a way to mark the current guest
for deletion so that a new one can be created, switched to and the
old one deleted. If runtime fails, old guest is already marked for
deletion and will be cleaned up on restart.

Bug: 17321533
Change-Id: I4be0fb956227e0bb95588b5b1f2867fb1e655c0d
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
dda003ffa84f986bfaba4344124eafa533f5039d 29-Aug-2014 Amith Yamasani <yamasani@google.com> Clean up apks installed for a removed user

When a user is removed, enumerate through all installed packages
to see if any of them are not installed for any user. Delete the
package if no user has it "installed".

Added a pm option to install an apk for a specific user.

Fixed a crash in UserManagerService when executing the above
cleanup - dying users generate a null UserInfo.

Bug: 15426024
Change-Id: I571decde1ae1c257d0da6db153b896aad6d6bcb4
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
e084039dd29f63f6e56c91615bc0da6d638c6ea9 27-Aug-2014 Amith Yamasani <yamasani@google.com> Fix incorrect reading of multichoice app restrictions

Clear the list of choices values before putting new ones in.

Bug: 17299310
Change-Id: I01051d1703adcbdd7d0b5fb4ee423404f98489e8
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
95ab7849444125387dc88088bb5197ee463d8c17 12-Aug-2014 Amith Yamasani <yamasani@google.com> Decouple user limit from guest creation

Allow Guest to be created even if there are N users.
Allow N users to be created even if there are N-1 users
and a Guest.
Limit number of guests and managed profiles that can
be added.

Added unit tests.

Bug: 15934700
Change-Id: I1a8f0fa38a91d71ef7b2980e05c974244dfc337a
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
e5bcff624fb58b6f95be8ddff7f5b6b3bf5d19c7 20-Jul-2014 Amith Yamasani <yamasani@google.com> Rename setApplicationBlocked to setApplicationHidden

This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.

Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
390989da1967f9d385212cd2e22a50589ce69046 17-Jul-2014 Amith Yamasani <yamasani@google.com> Split telephony restrictions into outgoing calls and sms

DISALLOW_TELEPHONY renamed to DISALLOW_OUTGOING_CALLS and introduced
DISALLOW_SMS.

Outgoing emergency calls should always be permitted.

Change-Id: I0a38ef6e2df9dcf62d16fd93622ad61f4327614f
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
d21b2181390fb96e3a0742be9b985a52d4de2d2c 17-Jul-2014 Kenny Guy <kennyguy@google.com> Allow app restrictions for uninstalled packages.

Stop cleaning up app restrictions for packages
that aren't installed.
Remove app restriction file if restrictions is
set to an empty or null bundle.
All user types may now have restrictions if a
profile or device owner is present.

Bug: 15565914
Change-Id: I55f38ca0ad7794b9fc2967113973dc035a416558
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
70fcf0c75fee68873a2f1abfe26c8afd669c51ba 11-Jul-2014 Amith Yamasani <yamasani@google.com> Fix apparent delay in removing a managed profile

Bug: 15268575

When returning the list of profiles, don't include dying users.

Change-Id: Ifeaed5c7c2b93922cddea22057dd890a1b3750fc
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9a944532af0f07d8b916556d229c21d3eda91a59 08-Jul-2014 Jason Monk <jmonk@google.com> Fix UserManagerService.setUserIcon throwing expt.

setUserIcon sends a broadcast that requires INTERACT_ACROSS_USERS.
Since the function directly checks MANAGE_USERS permission, added
a clear calling identity.

Alternative solution would be to make function check for one of
INTERACT_ACROSS_USERS permissions before performing any actions.

Change-Id: Ibbf27d4e188d059671024e4bb62f92a2daea3661
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1c7c319bb89b9988bfd12afc3e8d89449fd163fc 26-Jun-2014 Jason Monk <jmonk@google.com> User restriction for disallowing window creation

Block any types of windows that could by used by apps to create
views on top of a locked app. This can be used by device admins
in conjunction with lock task mode.

Added a way for system (and priv apps) to bypass user restrictions
for specified op codes.

Bug: 15279535
Change-Id: I2381530ef6226a5bb32a99bb4030baafb39bf564
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
e4afaa3a3d7c2885b82fe43f51bcf04e036f7462 30-Jun-2014 Amith Yamasani <yamasani@google.com> Store and retrieve default Guest settings

Save the default guest restrictions for use when a guest is created.

Bug: 15761405
Change-Id: I28db7d823944b0b47527a4909c10cc856c842a62
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
37271629b5bcf54858d6b4c4f5dbde6e85614d79 30-Jun-2014 Julia Reynolds <juliacr@google.com> Merge "If DISALLOW_REMOVE_USER is enabled, UserManager.removeUser should not remove users."
75175025f8d727d9841308fa0afcb9a7a1a118cd 26-Jun-2014 Julia Reynolds <juliacr@google.com> If DISALLOW_ADD_USER is enabled, do not allow users to be created.

Bug: 15910634
Change-Id: I7e14bf7d71001f218402a5d90e2aadc54fcfd875
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
4ac5f85482de4f1845b21567ec510d79878552cd 23-Jun-2014 Julia Reynolds <juliacr@google.com> If DISALLOW_REMOVE_USER is enabled, UserManager.removeUser should not remove users.

Bug: 15834711
Change-Id: I8048c971401fe3216a6e92aae1c961a3aee02dde
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
88cc346d0602e0b173b5076cd0051120682da601 14-May-2014 Nicolas Prevot <nprevot@google.com> Show the icon of the personal space.

In an intent disambiguation dialog from a managed profile,
when the intent can be forwarded to the personal space:
show the icon of the parent next to "Personal apps".
And put it at the bottom of the dialog.

Change-Id: I523222aac5dde9653e784eb26cf23cdaf018b86c
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
36fbc8d6453da438a8ab83352ff1bcfcba5f25b5 18-Jun-2014 Julia Reynolds <juliacr@google.com> Rename apps User Restriction.

Change-Id: I9f81a6b94ba06b593e7213967df51c7cb30a7b31
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
17c9d69d7018c62d9d08ceecc6218df6704832dd 13-Jun-2014 Kenny Guy <kennyguy@google.com> Don't remove a user already being removed.

Check if UserManager is already removing
a user before starting to remove it.

Bug: 15583858
Change-Id: If9763e9b47355d9ae35cc621367c74725029aa90
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
1e9c21871e81642669079cd290ef47818a3165bd 12-Jun-2014 Amith Yamasani <yamasani@google.com> Guest user first iteration

Setting for controlling if guest is enabled on the device.
Setting to hint to apps that they should skip showing first use clings.

User switcher handles creation and deletion of the guest user.
Some tweaks to the user switcher to show some feedback and make the icons
circular.

Change-Id: I187dc381d2ee7c372ec6d35e14aa9ea4dfbe5936
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
d4b584ea7f6da5c06b7ba9b1ea75428dcc5fe7b2 09-Jun-2014 Adam Connors <adamconnors@google.com> Api review: Make ACTION_MANAGED_PROFILE_REMOVED registered only.

And update the javadoc to explain use-case.

Bug: 15025562
Change-Id: I8eb2666c8480f873e042687223b1a1f82e7919c9
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
5b5aa4072fb58aea47f523c724878c579adae294 02-Jun-2014 Amith Yamasani <yamasani@google.com> Handle saving and restoring ints in application restrictions

Unit tests for restrictions types and proper escaping.

Change-Id: Iac35521faf5798398a89fecbad82fcdd256a4146
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
ee58b4f44d1c2ecd94e9b39fe74b70b28c859c1a 23-May-2014 Kenny Guy <kennyguy@google.com> Fix bug with removeUser assuming it is called from system uid.

This causes adb shell pm remove-user to fail.

Bug: 15160176
Change-Id: If1ff61dbde90f930d32affd87f935b318df813df
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9f6c25f57e26f3e2f9c744547a139d14b7d3db5c 16-May-2014 Amith Yamasani <yamasani@google.com> Per-user telephony restrictions

Allow profile owners or administrators of restricted profiles
to restrict access to telephony features such as calling and
texting for a user.

Change-Id: I89f97608c07c647ad8a7b43fef9d1e6bc4a84e95
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f584f014dbb281727fccfea10bc9c2539a752f17 20-May-2014 Amith Yamasani <yamasani@google.com> Allow adding a user while still removing other users

When at the user limit, removing and adding a user causes a race
condition where the deleted user is still being removed and adding
another one fails.

This change excludes deleted users from the counting to compare
against the limit.

Also fix an ArrayIndexOutOfBounds recently introduced in AppOpsService.

Bug: 13282768
Change-Id: Ib79659e7604396583a280dbbc560b288a6d9051c
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
8974f2490992b2921b636c0b65ebeb5b19dda89b 16-May-2014 Jason Monk <jmonk@google.com> Merge "Notify AppOpsService of UserRestrictions and Owners"
62062996dd256df8b575b2ba1f0bf97109c4e0ba 06-May-2014 Jason Monk <jmonk@google.com> Notify AppOpsService of UserRestrictions and Owners

This makes the DevicePolicyManagerService and UserManagerService
push the DeviceOwner/ProfileOwners and user restrictions on boot
as well as on any change.

This also adds a list of restrictions that allow any op to connected with
a user restriction such that it will return MODE_IGNORED when the user
restriction is present (except for the device/profile owner).

Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
f8d3a232e8df65aa75545963ee0ccf753b2d8fb9 15-May-2014 Kenny Guy <kennyguy@google.com> Send profile removed intent earlier so launchers updates.

This sends the profile removed intent when the user has
been disabled.

Bug: 14981942
Change-Id: I32ab9c68ca53ec3aac0c930c0bbf93da7ff5b479
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
be81c800ae6216e30b6008b4c73172b36531c405 22-Apr-2014 Jessica Hummel <jhummel@google.com> Add api for getting the parent of a profile.

Change-Id: Ife59665cdf6531a118d74def864c8cfc92c92a42
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
394a6cdd987fed79bd040f39e2d3e47d4484bab4 07-May-2014 Emily Bernier <ember@google.com> New user restrictions for EDU

New user restrictions will allow schools to prevent students from 1) using
device microphones, 2) adjusting device volume, and 3) mounting physical
external media.

Change-Id: Ib2fcb7ce8fbc489a25d2c97a122b2124012a9e3c
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
d46d0f9dcd72dfaa93a57d07d896def6ce53bbae 23-Apr-2014 Julia Reynolds <juliacr@google.com> Add new EDU user restrictions.

Change-Id: I6aad10466d99cda6be378c72025df686fe665071
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
7b66ed588525d2d79ef0df8b3024bae138d8681d 14-Apr-2014 Adam Connors <adamconnors@google.com> Send ACTION_MANAGED_PROFILE_REMOVED broadcast.

When the managed profile is removed, this new intent
is used to inform the rest of the system.

Change-Id: I1748bed0a7ee0122f69d5c78235a79f8e205efec
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
df35d570ed25257c6782e632ab1bae5e1603855a 09-Apr-2014 Alexandra Gherghina <alexgherghina@google.com> Adds an enabled state in UserInfo instead of DevicePolicyManager

Bug: 14377459
Change-Id: Ib4ec43d87da96c3dddaf9b7ae1796f261863a182
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
be46532c9fbebf3ab6498c1b78013a33f620cd31 24-Apr-2014 Amith Yamasani <yamasani@google.com> Allow profile owners to set user restrictions

Pass the setting along to UserManager.

Fixes a security exception when fetching the profile's enabled state.

Change-Id: If71698cf32c52cce1158cf2027443a339bc58488
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
385124d8cee38dee00d4fac31e8fbe46fb30565b 03-Apr-2014 Alexandra Gherghina <alexgherghina@google.com> Modify getUserProfiles to return only enabled profiles:

Add a new enabled state for a managed profile.
Expose that as a new API on DevicePolicyManager.
Set the new state when enabling the profile.
Return only enabled profiles from the user manager.

Bug: 13755441
Bug: 13755091
Change-Id: I2907b182e19b3562592da688b3f68ef5f4088557
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
7a2b4d11c741de8b78570c0e11f49deb165e35da 23-Apr-2014 Emily Bernier <ember@google.com> Allow device or profile owner app to modify user restrictions.

Currently this is gated on being a system or root app with the
MANAGE_USERS permission; third-party MDM apps set as device or profile
owner should have this ability as well.

Bug: 13585295

Change-Id: I61d21b13b9ec66fc0cb497ec2007ee732461d448
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
66e5d96cf9e689148b202787bdc269519c4b6f8f 09-Apr-2014 Robin Lee <rgl@google.com> Allow ProfileOwner apps to manage app restrictions

Simple wrapper around the UserManager.{get|set}ApplicationRestrictions
APIs. Also added a new Intent to signal to running apps that the set
of restrictions has changed since startup.

Change-Id: Ifd108108a73f87325b499d9de2e1b2aacc59b264
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
4f58263d02f296430a9653126d28501e95c7bb6c 19-Feb-2014 Amith Yamasani <yamasani@google.com> Launcher APIs and broadcasts for managed profiles

UserManager
- Corp badging
- Querying list of managed profiles

Launcher API
- LauncherApps and Service to proxy changes in managed profile
to the launcher in the primary profile
- Querying and launching launchable apps across profiles

Change-Id: Id8f7b4201afdfb5f414d04156d7b81300119289e
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
2a764949c943681a4d25a17a0b203a0127a4a486 02-Apr-2014 Kenny Guy <kennyguy@google.com> Rename related users to profiles.

Rename the related user concept as profiles.
When returning profiles of a user include the
user as a profile of itself.

Change-Id: Id5d4f29017b7ca6844632ce643f10331ad733e1d
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
10ad98223fd1fabb7b893de55d1384fd012aed7b 17-Mar-2014 Dianne Hackborn <hackbod@google.com> Start enforcing explicit intents for Context.bindService()

No longer prints a warning, now throws an exception.

Also fix a bug in UserManagerService that was causing an
exception while booting.

Change-Id: I3b43cfe08067da840b6850b9bed58664d36d34f1
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
c6d033ed11f3b6b73f2650c56827ed0427411e9e 27-Feb-2014 Nicolas Prevot <nprevot@google.com> Correcting a deadlock in CreateRelatedUser

A deadlock sometimes happened in CreateRelatedUser of UserManagerService.
A lock was kept when it should have been released.

Change-Id: I15444c0b5d0d5d1e14e7bf29c2115aa954b7dfc0
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
a52dc3eb40777b055c0ca8d7885bd2c9577bcd1a 11-Feb-2014 Kenny Guy <kennyguy@google.com> Add concepts of related users and managed profiles to user manager.

Related users are a group that will share things like notifications.
Managed profiles are a profile of another user.

Change-Id: I2d0532f1abf939810f0fa3fc7c77ad13fa567833
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java
9158825f9c41869689d6b1786d7c7aa8bdd524ce 22-Nov-2013 Amith Yamasani <yamasani@google.com> Move some system services to separate directories

Refactored the directory structure so that services can be optionally
excluded. This is step 1. Will be followed by another change that makes
it possible to remove services from the build.

Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/core/java/com/android/server/pm/UserManagerService.java