1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import com.google.android.collect.Sets; 20 21import com.android.internal.util.Preconditions; 22 23import android.annotation.NonNull; 24import android.annotation.Nullable; 25import android.app.ActivityManager; 26import android.content.ContentResolver; 27import android.content.Context; 28import android.os.Binder; 29import android.os.Bundle; 30import android.os.RemoteException; 31import android.os.UserHandle; 32import android.os.UserManager; 33import android.os.UserManagerInternal; 34import android.service.persistentdata.PersistentDataBlockManager; 35import android.telephony.SubscriptionInfo; 36import android.telephony.SubscriptionManager; 37import android.util.Log; 38import android.util.Slog; 39import android.util.SparseArray; 40 41import org.xmlpull.v1.XmlPullParser; 42import org.xmlpull.v1.XmlSerializer; 43 44import java.io.IOException; 45import java.io.PrintWriter; 46import java.util.List; 47import java.util.Set; 48 49/** 50 * Utility methods for user restrictions. 51 * 52 * <p>See {@link UserManagerService} for the method suffixes. 53 */ 54public class UserRestrictionsUtils { 55 private static final String TAG = "UserRestrictionsUtils"; 56 57 private UserRestrictionsUtils() { 58 } 59 60 private static Set<String> newSetWithUniqueCheck(String[] strings) { 61 final Set<String> ret = Sets.newArraySet(strings); 62 63 // Make sure there's no overlap. 64 Preconditions.checkState(ret.size() == strings.length); 65 return ret; 66 } 67 68 public static final Set<String> USER_RESTRICTIONS = newSetWithUniqueCheck(new String[] { 69 UserManager.DISALLOW_CONFIG_WIFI, 70 UserManager.DISALLOW_MODIFY_ACCOUNTS, 71 UserManager.DISALLOW_INSTALL_APPS, 72 UserManager.DISALLOW_UNINSTALL_APPS, 73 UserManager.DISALLOW_SHARE_LOCATION, 74 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, 75 UserManager.DISALLOW_CONFIG_BLUETOOTH, 76 UserManager.DISALLOW_BLUETOOTH, 77 UserManager.DISALLOW_BLUETOOTH_SHARING, 78 UserManager.DISALLOW_USB_FILE_TRANSFER, 79 UserManager.DISALLOW_CONFIG_CREDENTIALS, 80 UserManager.DISALLOW_REMOVE_USER, 81 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 82 UserManager.DISALLOW_DEBUGGING_FEATURES, 83 UserManager.DISALLOW_CONFIG_VPN, 84 UserManager.DISALLOW_CONFIG_TETHERING, 85 UserManager.DISALLOW_NETWORK_RESET, 86 UserManager.DISALLOW_FACTORY_RESET, 87 UserManager.DISALLOW_ADD_USER, 88 UserManager.DISALLOW_ADD_MANAGED_PROFILE, 89 UserManager.ENSURE_VERIFY_APPS, 90 UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 91 UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 92 UserManager.DISALLOW_APPS_CONTROL, 93 UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 94 UserManager.DISALLOW_UNMUTE_MICROPHONE, 95 UserManager.DISALLOW_ADJUST_VOLUME, 96 UserManager.DISALLOW_OUTGOING_CALLS, 97 UserManager.DISALLOW_SMS, 98 UserManager.DISALLOW_FUN, 99 UserManager.DISALLOW_CREATE_WINDOWS, 100 UserManager.DISALLOW_CROSS_PROFILE_COPY_PASTE, 101 UserManager.DISALLOW_OUTGOING_BEAM, 102 UserManager.DISALLOW_WALLPAPER, 103 UserManager.DISALLOW_SAFE_BOOT, 104 UserManager.ALLOW_PARENT_PROFILE_APP_LINKING, 105 UserManager.DISALLOW_RECORD_AUDIO, 106 UserManager.DISALLOW_CAMERA, 107 UserManager.DISALLOW_RUN_IN_BACKGROUND, 108 UserManager.DISALLOW_DATA_ROAMING, 109 UserManager.DISALLOW_SET_USER_ICON, 110 UserManager.DISALLOW_SET_WALLPAPER, 111 UserManager.DISALLOW_OEM_UNLOCK, 112 UserManager.DISALLOW_UNMUTE_DEVICE, 113 UserManager.DISALLOW_AUTOFILL, 114 }); 115 116 /** 117 * Set of user restriction which we don't want to persist. 118 */ 119 private static final Set<String> NON_PERSIST_USER_RESTRICTIONS = Sets.newArraySet( 120 UserManager.DISALLOW_RECORD_AUDIO 121 ); 122 123 /** 124 * User restrictions that cannot be set by profile owners of secondary users. When set by DO 125 * they will be applied to all users. 126 */ 127 private static final Set<String> PRIMARY_USER_ONLY_RESTRICTIONS = Sets.newArraySet( 128 UserManager.DISALLOW_BLUETOOTH, 129 UserManager.DISALLOW_USB_FILE_TRANSFER, 130 UserManager.DISALLOW_CONFIG_TETHERING, 131 UserManager.DISALLOW_NETWORK_RESET, 132 UserManager.DISALLOW_FACTORY_RESET, 133 UserManager.DISALLOW_ADD_USER, 134 UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 135 UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 136 UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 137 UserManager.DISALLOW_SMS, 138 UserManager.DISALLOW_FUN, 139 UserManager.DISALLOW_SAFE_BOOT, 140 UserManager.DISALLOW_CREATE_WINDOWS, 141 UserManager.DISALLOW_DATA_ROAMING 142 ); 143 144 /** 145 * User restrictions that can't be changed by device owner or profile owner. 146 */ 147 private static final Set<String> IMMUTABLE_BY_OWNERS = Sets.newArraySet( 148 UserManager.DISALLOW_RECORD_AUDIO, 149 UserManager.DISALLOW_WALLPAPER, 150 UserManager.DISALLOW_OEM_UNLOCK 151 ); 152 153 /** 154 * Special user restrictions that can be applied to a user as well as to all users globally, 155 * depending on callers. When device owner sets them, they'll be applied to all users. 156 */ 157 private static final Set<String> GLOBAL_RESTRICTIONS = Sets.newArraySet( 158 UserManager.DISALLOW_ADJUST_VOLUME, 159 UserManager.DISALLOW_BLUETOOTH_SHARING, 160 UserManager.DISALLOW_RUN_IN_BACKGROUND, 161 UserManager.DISALLOW_UNMUTE_MICROPHONE, 162 UserManager.DISALLOW_UNMUTE_DEVICE 163 ); 164 165 /** 166 * User restrictions that default to {@code true} for device owners. 167 */ 168 private static final Set<String> DEFAULT_ENABLED_FOR_DEVICE_OWNERS = Sets.newArraySet( 169 UserManager.DISALLOW_ADD_MANAGED_PROFILE 170 ); 171 172 /** 173 * User restrictions that default to {@code true} for managed profile owners. 174 * 175 * NB: {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES} is also set by default but it is 176 * not set to existing profile owners unless they used to have INSTALL_NON_MARKET_APPS disabled 177 * in settings. So it is handled separately. 178 */ 179 private static final Set<String> DEFAULT_ENABLED_FOR_MANAGED_PROFILES = Sets.newArraySet( 180 UserManager.DISALLOW_BLUETOOTH_SHARING 181 ); 182 183 /* 184 * Special user restrictions that are always applied to all users no matter who sets them. 185 */ 186 private static final Set<String> PROFILE_GLOBAL_RESTRICTIONS = Sets.newArraySet( 187 UserManager.ENSURE_VERIFY_APPS 188 ); 189 190 /** 191 * Throws {@link IllegalArgumentException} if the given restriction name is invalid. 192 */ 193 public static boolean isValidRestriction(@NonNull String restriction) { 194 if (!USER_RESTRICTIONS.contains(restriction)) { 195 Slog.e(TAG, "Unknown restriction: " + restriction); 196 return false; 197 } 198 return true; 199 } 200 201 public static void writeRestrictions(@NonNull XmlSerializer serializer, 202 @Nullable Bundle restrictions, @NonNull String tag) throws IOException { 203 if (restrictions == null) { 204 return; 205 } 206 207 serializer.startTag(null, tag); 208 for (String key : restrictions.keySet()) { 209 if (NON_PERSIST_USER_RESTRICTIONS.contains(key)) { 210 continue; // Don't persist. 211 } 212 if (USER_RESTRICTIONS.contains(key)) { 213 if (restrictions.getBoolean(key)) { 214 serializer.attribute(null, key, "true"); 215 } 216 continue; 217 } 218 Log.w(TAG, "Unknown user restriction detected: " + key); 219 } 220 serializer.endTag(null, tag); 221 } 222 223 public static void readRestrictions(XmlPullParser parser, Bundle restrictions) { 224 restrictions.clear(); 225 for (String key : USER_RESTRICTIONS) { 226 final String value = parser.getAttributeValue(null, key); 227 if (value != null) { 228 restrictions.putBoolean(key, Boolean.parseBoolean(value)); 229 } 230 } 231 } 232 233 public static Bundle readRestrictions(XmlPullParser parser) { 234 final Bundle result = new Bundle(); 235 readRestrictions(parser, result); 236 return result; 237 } 238 239 /** 240 * @return {@code in} itself when it's not null, or an empty bundle (which can writable). 241 */ 242 public static Bundle nonNull(@Nullable Bundle in) { 243 return in != null ? in : new Bundle(); 244 } 245 246 public static boolean isEmpty(@Nullable Bundle in) { 247 return (in == null) || (in.size() == 0); 248 } 249 250 /** 251 * Returns {@code true} if given bundle is not null and contains {@code true} for a given 252 * restriction. 253 */ 254 public static boolean contains(@Nullable Bundle in, String restriction) { 255 return in != null && in.getBoolean(restriction); 256 } 257 258 /** 259 * Creates a copy of the {@code in} Bundle. If {@code in} is null, it'll return an empty 260 * bundle. 261 * 262 * <p>The resulting {@link Bundle} is always writable. (i.e. it won't return 263 * {@link Bundle#EMPTY}) 264 */ 265 public static @NonNull Bundle clone(@Nullable Bundle in) { 266 return (in != null) ? new Bundle(in) : new Bundle(); 267 } 268 269 public static void merge(@NonNull Bundle dest, @Nullable Bundle in) { 270 Preconditions.checkNotNull(dest); 271 Preconditions.checkArgument(dest != in); 272 if (in == null) { 273 return; 274 } 275 for (String key : in.keySet()) { 276 if (in.getBoolean(key, false)) { 277 dest.putBoolean(key, true); 278 } 279 } 280 } 281 282 /** 283 * Merges a sparse array of restrictions bundles into one. 284 */ 285 @Nullable 286 public static Bundle mergeAll(SparseArray<Bundle> restrictions) { 287 if (restrictions.size() == 0) { 288 return null; 289 } else { 290 final Bundle result = new Bundle(); 291 for (int i = 0; i < restrictions.size(); i++) { 292 merge(result, restrictions.valueAt(i)); 293 } 294 return result; 295 } 296 } 297 298 /** 299 * @return true if a restriction is settable by device owner. 300 */ 301 public static boolean canDeviceOwnerChange(String restriction) { 302 return !IMMUTABLE_BY_OWNERS.contains(restriction); 303 } 304 305 /** 306 * @return true if a restriction is settable by profile owner. Note it takes a user ID because 307 * some restrictions can be changed by PO only when it's running on the system user. 308 */ 309 public static boolean canProfileOwnerChange(String restriction, int userId) { 310 return !IMMUTABLE_BY_OWNERS.contains(restriction) 311 && !(userId != UserHandle.USER_SYSTEM 312 && PRIMARY_USER_ONLY_RESTRICTIONS.contains(restriction)); 313 } 314 315 /** 316 * Returns the user restrictions that default to {@code true} for device owners. 317 * These user restrictions are local, though. ie only for the device owner's user id. 318 */ 319 public static @NonNull Set<String> getDefaultEnabledForDeviceOwner() { 320 return DEFAULT_ENABLED_FOR_DEVICE_OWNERS; 321 } 322 323 /** 324 * Returns the user restrictions that default to {@code true} for managed profile owners. 325 */ 326 public static @NonNull Set<String> getDefaultEnabledForManagedProfiles() { 327 return DEFAULT_ENABLED_FOR_MANAGED_PROFILES; 328 } 329 330 /** 331 * Takes restrictions that can be set by device owner, and sort them into what should be applied 332 * globally and what should be applied only on the current user. 333 */ 334 public static void sortToGlobalAndLocal(@Nullable Bundle in, boolean isDeviceOwner, 335 int cameraRestrictionScope, 336 @NonNull Bundle global, @NonNull Bundle local) { 337 // Camera restriction (as well as all others) goes to at most one bundle. 338 if (cameraRestrictionScope == UserManagerInternal.CAMERA_DISABLED_GLOBALLY) { 339 global.putBoolean(UserManager.DISALLOW_CAMERA, true); 340 } else if (cameraRestrictionScope == UserManagerInternal.CAMERA_DISABLED_LOCALLY) { 341 local.putBoolean(UserManager.DISALLOW_CAMERA, true); 342 } 343 if (in == null || in.size() == 0) { 344 return; 345 } 346 for (String key : in.keySet()) { 347 if (!in.getBoolean(key)) { 348 continue; 349 } 350 if (isGlobal(isDeviceOwner, key)) { 351 global.putBoolean(key, true); 352 } else { 353 local.putBoolean(key, true); 354 } 355 } 356 } 357 358 /** 359 * Whether given user restriction should be enforced globally. 360 */ 361 private static boolean isGlobal(boolean isDeviceOwner, String key) { 362 return (isDeviceOwner && 363 (PRIMARY_USER_ONLY_RESTRICTIONS.contains(key)|| GLOBAL_RESTRICTIONS.contains(key))) 364 || PROFILE_GLOBAL_RESTRICTIONS.contains(key); 365 } 366 367 /** 368 * @return true if two Bundles contain the same user restriction. 369 * A null bundle and an empty bundle are considered to be equal. 370 */ 371 public static boolean areEqual(@Nullable Bundle a, @Nullable Bundle b) { 372 if (a == b) { 373 return true; 374 } 375 if (isEmpty(a)) { 376 return isEmpty(b); 377 } 378 if (isEmpty(b)) { 379 return false; 380 } 381 for (String key : a.keySet()) { 382 if (a.getBoolean(key) != b.getBoolean(key)) { 383 return false; 384 } 385 } 386 for (String key : b.keySet()) { 387 if (a.getBoolean(key) != b.getBoolean(key)) { 388 return false; 389 } 390 } 391 return true; 392 } 393 394 /** 395 * Takes a new use restriction set and the previous set, and apply the restrictions that have 396 * changed. 397 * 398 * <p>Note this method is called by {@link UserManagerService} without holding any locks. 399 */ 400 public static void applyUserRestrictions(Context context, int userId, 401 Bundle newRestrictions, Bundle prevRestrictions) { 402 for (String key : USER_RESTRICTIONS) { 403 final boolean newValue = newRestrictions.getBoolean(key); 404 final boolean prevValue = prevRestrictions.getBoolean(key); 405 406 if (newValue != prevValue) { 407 applyUserRestriction(context, userId, key, newValue); 408 } 409 } 410 } 411 412 /** 413 * Apply each user restriction. 414 * 415 * <p>See also {@link 416 * com.android.providers.settings.SettingsProvider#isGlobalOrSecureSettingRestrictedForUser}, 417 * which should be in sync with this method. 418 */ 419 private static void applyUserRestriction(Context context, int userId, String key, 420 boolean newValue) { 421 if (UserManagerService.DBG) { 422 Log.d(TAG, "Applying user restriction: userId=" + userId 423 + " key=" + key + " value=" + newValue); 424 } 425 // When certain restrictions are cleared, we don't update the system settings, 426 // because these settings are changeable on the Settings UI and we don't know the original 427 // value -- for example LOCATION_MODE might have been off already when the restriction was 428 // set, and in that case even if the restriction is lifted, changing it to ON would be 429 // wrong. So just don't do anything in such a case. If the user hopes to enable location 430 // later, they can do it on the Settings UI. 431 // WARNING: Remember that Settings.Global and Settings.Secure are changeable via adb. 432 // To prevent this from happening for a given user restriction, you have to add a check to 433 // SettingsProvider.isGlobalOrSecureSettingRestrictedForUser. 434 435 final ContentResolver cr = context.getContentResolver(); 436 final long id = Binder.clearCallingIdentity(); 437 try { 438 switch (key) { 439 case UserManager.DISALLOW_DATA_ROAMING: 440 if (newValue) { 441 // DISALLOW_DATA_ROAMING user restriction is set. 442 443 // Multi sim device. 444 SubscriptionManager subscriptionManager = new SubscriptionManager(context); 445 final List<SubscriptionInfo> subscriptionInfoList = 446 subscriptionManager.getActiveSubscriptionInfoList(); 447 if (subscriptionInfoList != null) { 448 for (SubscriptionInfo subInfo : subscriptionInfoList) { 449 android.provider.Settings.Global.putStringForUser(cr, 450 android.provider.Settings.Global.DATA_ROAMING 451 + subInfo.getSubscriptionId(), "0", userId); 452 } 453 } 454 455 // Single sim device. 456 android.provider.Settings.Global.putStringForUser(cr, 457 android.provider.Settings.Global.DATA_ROAMING, "0", userId); 458 } 459 break; 460 case UserManager.DISALLOW_SHARE_LOCATION: 461 if (newValue) { 462 android.provider.Settings.Secure.putIntForUser(cr, 463 android.provider.Settings.Secure.LOCATION_MODE, 464 android.provider.Settings.Secure.LOCATION_MODE_OFF, 465 userId); 466 } 467 break; 468 case UserManager.DISALLOW_DEBUGGING_FEATURES: 469 if (newValue) { 470 // Only disable adb if changing for system user, since it is global 471 // TODO: should this be admin user? 472 if (userId == UserHandle.USER_SYSTEM) { 473 android.provider.Settings.Global.putStringForUser(cr, 474 android.provider.Settings.Global.ADB_ENABLED, "0", 475 userId); 476 } 477 } 478 break; 479 case UserManager.ENSURE_VERIFY_APPS: 480 if (newValue) { 481 android.provider.Settings.Global.putStringForUser( 482 context.getContentResolver(), 483 android.provider.Settings.Global.PACKAGE_VERIFIER_ENABLE, "1", 484 userId); 485 android.provider.Settings.Global.putStringForUser( 486 context.getContentResolver(), 487 android.provider.Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, "1", 488 userId); 489 } 490 break; 491 case UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES: 492 // Since Android O, the secure setting is not available to be changed by the 493 // user. Hence, when the restriction is cleared, we need to reset the state of 494 // the setting to its default value which is now 1. 495 android.provider.Settings.Secure.putIntForUser(cr, 496 android.provider.Settings.Secure.INSTALL_NON_MARKET_APPS, 497 newValue ? 0 : 1, userId); 498 break; 499 case UserManager.DISALLOW_RUN_IN_BACKGROUND: 500 if (newValue) { 501 int currentUser = ActivityManager.getCurrentUser(); 502 if (currentUser != userId && userId != UserHandle.USER_SYSTEM) { 503 try { 504 ActivityManager.getService().stopUser(userId, false, null); 505 } catch (RemoteException e) { 506 throw e.rethrowAsRuntimeException(); 507 } 508 } 509 } 510 break; 511 case UserManager.DISALLOW_SAFE_BOOT: 512 // Unlike with the other restrictions, we want to propagate the new value to 513 // the system settings even if it is false. The other restrictions modify 514 // settings which could be manually changed by the user from the Settings app 515 // after the policies enforcing these restrictions have been revoked, so we 516 // leave re-setting of those settings to the user. 517 android.provider.Settings.Global.putInt( 518 context.getContentResolver(), 519 android.provider.Settings.Global.SAFE_BOOT_DISALLOWED, 520 newValue ? 1 : 0); 521 break; 522 case UserManager.DISALLOW_FACTORY_RESET: 523 case UserManager.DISALLOW_OEM_UNLOCK: 524 if (newValue) { 525 PersistentDataBlockManager manager = (PersistentDataBlockManager) context 526 .getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 527 if (manager != null 528 && manager.getOemUnlockEnabled() 529 && manager.getFlashLockState() 530 != PersistentDataBlockManager.FLASH_LOCK_UNLOCKED) { 531 // Only disable OEM unlock if the bootloader is locked. If it's already 532 // unlocked, setting the OEM unlock enabled flag to false has no effect 533 // (the bootloader would remain unlocked). 534 manager.setOemUnlockEnabled(false); 535 } 536 } 537 break; 538 } 539 } finally { 540 Binder.restoreCallingIdentity(id); 541 } 542 } 543 544 public static void dumpRestrictions(PrintWriter pw, String prefix, Bundle restrictions) { 545 boolean noneSet = true; 546 if (restrictions != null) { 547 for (String key : restrictions.keySet()) { 548 if (restrictions.getBoolean(key, false)) { 549 pw.println(prefix + key); 550 noneSet = false; 551 } 552 } 553 if (noneSet) { 554 pw.println(prefix + "none"); 555 } 556 } else { 557 pw.println(prefix + "null"); 558 } 559 } 560 561 /** 562 * Moves a particular restriction from one array of bundles to another, e.g. for all users. 563 */ 564 public static void moveRestriction(String restrictionKey, SparseArray<Bundle> srcRestrictions, 565 SparseArray<Bundle> destRestrictions) { 566 for (int i = 0; i < srcRestrictions.size(); i++) { 567 final int key = srcRestrictions.keyAt(i); 568 final Bundle from = srcRestrictions.valueAt(i); 569 if (contains(from, restrictionKey)) { 570 from.remove(restrictionKey); 571 Bundle to = destRestrictions.get(key); 572 if (to == null) { 573 to = new Bundle(); 574 destRestrictions.append(key, to); 575 } 576 to.putBoolean(restrictionKey, true); 577 // Don't keep empty bundles. 578 if (from.isEmpty()) { 579 srcRestrictions.removeAt(i); 580 i--; 581 } 582 } 583 } 584 } 585 586 /** 587 * Returns whether restrictions differ between two bundles. 588 * @param oldRestrictions old bundle of restrictions. 589 * @param newRestrictions new bundle of restrictions 590 * @param restrictions restrictions of interest, if empty, all restrictions are checked. 591 */ 592 public static boolean restrictionsChanged(Bundle oldRestrictions, Bundle newRestrictions, 593 String... restrictions) { 594 if (restrictions.length == 0) { 595 return areEqual(oldRestrictions, newRestrictions); 596 } 597 for (final String restriction : restrictions) { 598 if (oldRestrictions.getBoolean(restriction, false) != 599 newRestrictions.getBoolean(restriction, false)) { 600 return true; 601 } 602 } 603 return false; 604 } 605} 606