1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.os; 18 19import android.Manifest; 20import android.accounts.AccountManager; 21import android.annotation.IntDef; 22import android.annotation.NonNull; 23import android.annotation.Nullable; 24import android.annotation.RequiresPermission; 25import android.annotation.SystemApi; 26import android.annotation.SystemService; 27import android.annotation.TestApi; 28import android.annotation.UserIdInt; 29import android.annotation.WorkerThread; 30import android.app.Activity; 31import android.app.ActivityManager; 32import android.app.admin.DevicePolicyManager; 33import android.content.ComponentName; 34import android.content.Context; 35import android.content.Intent; 36import android.content.IntentFilter; 37import android.content.IntentSender; 38import android.content.pm.UserInfo; 39import android.content.res.Configuration; 40import android.content.res.Resources; 41import android.graphics.Bitmap; 42import android.graphics.BitmapFactory; 43import android.graphics.Rect; 44import android.graphics.drawable.Drawable; 45import android.provider.Settings; 46import android.telephony.TelephonyManager; 47import android.view.WindowManager.LayoutParams; 48 49import com.android.internal.R; 50import com.android.internal.os.RoSystemProperties; 51 52import java.io.IOException; 53import java.lang.annotation.Retention; 54import java.lang.annotation.RetentionPolicy; 55import java.util.ArrayList; 56import java.util.List; 57 58/** 59 * Manages users and user details on a multi-user system. There are two major categories of 60 * users: fully customizable users with their own login, and managed profiles that share a workspace 61 * with a related user. 62 * <p> 63 * Users are different from accounts, which are managed by 64 * {@link AccountManager}. Each user can have their own set of accounts. 65 * <p> 66 * See {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} for more on managed profiles. 67 */ 68@SystemService(Context.USER_SERVICE) 69public class UserManager { 70 71 private static final String TAG = "UserManager"; 72 private final IUserManager mService; 73 private final Context mContext; 74 75 private Boolean mIsManagedProfileCached; 76 77 /** 78 * @hide 79 * No user restriction. 80 */ 81 @SystemApi 82 public static final int RESTRICTION_NOT_SET = 0x0; 83 84 /** 85 * @hide 86 * User restriction set by system/user. 87 */ 88 @SystemApi 89 public static final int RESTRICTION_SOURCE_SYSTEM = 0x1; 90 91 /** 92 * @hide 93 * User restriction set by a device owner. 94 */ 95 @SystemApi 96 public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 0x2; 97 98 /** 99 * @hide 100 * User restriction set by a profile owner. 101 */ 102 @SystemApi 103 public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 0x4; 104 105 /** @hide */ 106 @Retention(RetentionPolicy.SOURCE) 107 @IntDef(flag = true, prefix = { "RESTRICTION_" }, value = { 108 RESTRICTION_NOT_SET, 109 RESTRICTION_SOURCE_SYSTEM, 110 RESTRICTION_SOURCE_DEVICE_OWNER, 111 RESTRICTION_SOURCE_PROFILE_OWNER 112 }) 113 @SystemApi 114 public @interface UserRestrictionSource {} 115 116 /** 117 * Specifies if a user is disallowed from adding and removing accounts, unless they are 118 * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by 119 * Authenticator. 120 * The default value is <code>false</code>. 121 * 122 * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still 123 * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account 124 * management is disallowed. 125 * 126 * <p>Key for user restrictions. 127 * <p>Type: Boolean 128 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 129 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 130 * @see #getUserRestrictions() 131 */ 132 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 133 134 /** 135 * Specifies if a user is disallowed from changing Wi-Fi 136 * access points. The default value is <code>false</code>. 137 * <p>This restriction has no effect in a managed profile. 138 * 139 * <p>Key for user restrictions. 140 * <p>Type: Boolean 141 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 142 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 143 * @see #getUserRestrictions() 144 */ 145 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 146 147 /** 148 * Specifies if a user is disallowed from changing the device 149 * language. The default value is <code>false</code>. 150 * 151 * <p>Key for user restrictions. 152 * <p>Type: Boolean 153 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 154 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 155 * @see #getUserRestrictions() 156 */ 157 public static final String DISALLOW_CONFIG_LOCALE = "no_config_locale"; 158 159 /** 160 * Specifies if a user is disallowed from installing applications. This user restriction also 161 * prevents device owners and profile owners installing apps. The default value is 162 * {@code false}. 163 * 164 * <p>Key for user restrictions. 165 * <p>Type: Boolean 166 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 167 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 168 * @see #getUserRestrictions() 169 */ 170 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 171 172 /** 173 * Specifies if a user is disallowed from uninstalling applications. 174 * The default value is <code>false</code>. 175 * 176 * <p>Key for user restrictions. 177 * <p>Type: Boolean 178 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 179 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 180 * @see #getUserRestrictions() 181 */ 182 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 183 184 /** 185 * Specifies if a user is disallowed from turning on location sharing. 186 * The default value is <code>false</code>. 187 * <p>In a managed profile, location sharing always reflects the primary user's setting, but 188 * can be overridden and forced off by setting this restriction to true in the managed profile. 189 * 190 * <p>Key for user restrictions. 191 * <p>Type: Boolean 192 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 193 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 194 * @see #getUserRestrictions() 195 */ 196 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 197 198 /** 199 * Specifies if airplane mode is disallowed on the device. 200 * 201 * <p> This restriction can only be set by the device owner and the profile owner on the 202 * primary user and it applies globally - i.e. it disables airplane mode on the entire device. 203 * <p>The default value is <code>false</code>. 204 * 205 * <p>Key for user restrictions. 206 * <p>Type: Boolean 207 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 208 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 209 * @see #getUserRestrictions() 210 */ 211 public static final String DISALLOW_AIRPLANE_MODE = "no_airplane_mode"; 212 213 /** 214 * Specifies if a user is disallowed from configuring brightness. When device owner sets it, 215 * it'll only be applied on the target(system) user. 216 * 217 * <p>The default value is <code>false</code>. 218 * 219 * <p>This user restriction has no effect on managed profiles. 220 * <p>Key for user restrictions. 221 * <p>Type: Boolean 222 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 223 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 224 * @see #getUserRestrictions() 225 */ 226 public static final String DISALLOW_CONFIG_BRIGHTNESS = "no_config_brightness"; 227 228 /** 229 * Specifies if ambient display is disallowed for the user. 230 * 231 * <p>The default value is <code>false</code>. 232 * 233 * <p>This user restriction has no effect on managed profiles. 234 * <p>Key for user restrictions. 235 * <p>Type: Boolean 236 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 237 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 238 * @see #getUserRestrictions() 239 */ 240 public static final String DISALLOW_AMBIENT_DISPLAY = "no_ambient_display"; 241 242 /** 243 * Specifies if a user is disallowed from changing screen off timeout. 244 * 245 * <p>The default value is <code>false</code>. 246 * 247 * <p>This user restriction has no effect on managed profiles. 248 * <p>Key for user restrictions. 249 * <p>Type: Boolean 250 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 251 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 252 * @see #getUserRestrictions() 253 */ 254 public static final String DISALLOW_CONFIG_SCREEN_TIMEOUT = "no_config_screen_timeout"; 255 256 /** 257 * Specifies if a user is disallowed from enabling the 258 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 259 * The default value is <code>false</code>. 260 * 261 * <p>Key for user restrictions. 262 * <p>Type: Boolean 263 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 264 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 265 * @see #getUserRestrictions() 266 */ 267 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 268 269 /** 270 * Specifies if a user is disallowed from configuring bluetooth. 271 * This does <em>not</em> restrict the user from turning bluetooth on or off. 272 * The default value is <code>false</code>. 273 * <p>This restriction doesn't prevent the user from using bluetooth. For disallowing usage of 274 * bluetooth completely on the device, use {@link #DISALLOW_BLUETOOTH}. 275 * <p>This restriction has no effect in a managed profile. 276 * 277 * <p>Key for user restrictions. 278 * <p>Type: Boolean 279 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 280 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 281 * @see #getUserRestrictions() 282 */ 283 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 284 285 /** 286 * Specifies if bluetooth is disallowed on the device. 287 * 288 * <p> This restriction can only be set by the device owner and the profile owner on the 289 * primary user and it applies globally - i.e. it disables bluetooth on the entire device. 290 * <p>The default value is <code>false</code>. 291 * <p>Key for user restrictions. 292 * <p>Type: Boolean 293 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 294 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 295 * @see #getUserRestrictions() 296 */ 297 public static final String DISALLOW_BLUETOOTH = "no_bluetooth"; 298 299 /** 300 * Specifies if outgoing bluetooth sharing is disallowed on the device. Device owner and profile 301 * owner can set this restriction. When it is set by device owner, all users on this device will 302 * be affected. 303 * 304 * <p>Default is <code>true</code> for managed profiles and false for otherwise. When a device 305 * upgrades to {@link android.os.Build.VERSION_CODES#O}, the system sets it for all existing 306 * managed profiles. 307 * 308 * <p>Key for user restrictions. 309 * <p>Type: Boolean 310 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 311 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 312 * @see #getUserRestrictions() 313 */ 314 public static final String DISALLOW_BLUETOOTH_SHARING = "no_bluetooth_sharing"; 315 316 /** 317 * Specifies if a user is disallowed from transferring files over 318 * USB. This can only be set by device owners and profile owners on the primary user. 319 * The default value is <code>false</code>. 320 * 321 * <p>Key for user restrictions. 322 * <p>Type: Boolean 323 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 324 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 325 * @see #getUserRestrictions() 326 */ 327 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 328 329 /** 330 * Specifies if a user is disallowed from configuring user 331 * credentials. The default value is <code>false</code>. 332 * 333 * <p>Key for user restrictions. 334 * <p>Type: Boolean 335 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 336 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 337 * @see #getUserRestrictions() 338 */ 339 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 340 341 /** 342 * When set on the primary user this specifies if the user can remove other users. 343 * When set on a secondary user, this specifies if the user can remove itself. 344 * This restriction has no effect on managed profiles. 345 * The default value is <code>false</code>. 346 * 347 * <p>Key for user restrictions. 348 * <p>Type: Boolean 349 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 350 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 351 * @see #getUserRestrictions() 352 */ 353 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 354 355 /** 356 * Specifies if managed profiles of this user can be removed, other than by its profile owner. 357 * The default value is <code>false</code>. 358 * <p> 359 * This restriction has no effect on managed profiles. 360 * 361 * <p>Key for user restrictions. 362 * <p>Type: Boolean 363 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 364 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 365 * @see #getUserRestrictions() 366 */ 367 public static final String DISALLOW_REMOVE_MANAGED_PROFILE = "no_remove_managed_profile"; 368 369 /** 370 * Specifies if a user is disallowed from enabling or 371 * accessing debugging features. The default value is <code>false</code>. 372 * 373 * <p>Key for user restrictions. 374 * <p>Type: Boolean 375 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 376 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 377 * @see #getUserRestrictions() 378 */ 379 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features"; 380 381 /** 382 * Specifies if a user is disallowed from configuring a VPN. The default value is 383 * <code>false</code>. This restriction has an effect when set by device owners and, in Android 384 * 6.0 ({@linkplain android.os.Build.VERSION_CODES#M API level 23}) or higher, profile owners. 385 * <p>This restriction also prevents VPNs from starting. However, in Android 7.0 386 * ({@linkplain android.os.Build.VERSION_CODES#N API level 24}) or higher, the system does 387 * start always-on VPNs created by the device or profile owner. 388 * 389 * <p>Key for user restrictions. 390 * <p>Type: Boolean 391 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 392 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 393 * @see #getUserRestrictions() 394 */ 395 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn"; 396 397 /** 398 * Specifies if a user is disallowed from enabling or disabling location providers. As a 399 * result, user is disallowed from turning on or off location. Device owner and profile owners 400 * can set this restriction and it only applies on the managed user. 401 * 402 * <p>In a managed profile, location sharing is forced off when it's off on primary user, so 403 * user can still turn off location sharing on managed profile when the restriction is set by 404 * profile owner on managed profile. 405 * 406 * <p>This user restriction is different from {@link #DISALLOW_SHARE_LOCATION}, 407 * as the device owner or profile owner can still enable or disable location mode via 408 * {@link DevicePolicyManager#setSecureSetting} when this restriction is on. 409 * 410 * <p>The default value is <code>false</code>. 411 * 412 * <p>Key for user restrictions. 413 * <p>Type: Boolean 414 * @see android.location.LocationManager#isProviderEnabled(String) 415 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 416 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 417 * @see #getUserRestrictions() 418 */ 419 public static final String DISALLOW_CONFIG_LOCATION = "no_config_location"; 420 421 /** 422 * Specifies if date, time and timezone configuring is disallowed. 423 * 424 * <p>When restriction is set by device owners, it applies globally - i.e., it disables date, 425 * time and timezone setting on the entire device and all users will be affected. When it's set 426 * by profile owners, it's only applied to the managed user. 427 * <p>The default value is <code>false</code>. 428 * 429 * <p>This user restriction has no effect on managed profiles. 430 * <p>Key for user restrictions. 431 * <p>Type: Boolean 432 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 433 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 434 * @see #getUserRestrictions() 435 */ 436 public static final String DISALLOW_CONFIG_DATE_TIME = "no_config_date_time"; 437 438 /** 439 * Specifies if a user is disallowed from configuring Tethering 440 * & portable hotspots. This can only be set by device owners and profile owners on the 441 * primary user. The default value is <code>false</code>. 442 * <p>In Android 9.0 or higher, if tethering is enabled when this restriction is set, 443 * tethering will be automatically turned off. 444 * 445 * <p>Key for user restrictions. 446 * <p>Type: Boolean 447 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 448 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 449 * @see #getUserRestrictions() 450 */ 451 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering"; 452 453 /** 454 * Specifies if a user is disallowed from resetting network settings 455 * from Settings. This can only be set by device owners and profile owners on the primary user. 456 * The default value is <code>false</code>. 457 * <p>This restriction has no effect on secondary users and managed profiles since only the 458 * primary user can reset the network settings of the device. 459 * 460 * <p>Key for user restrictions. 461 * <p>Type: Boolean 462 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 463 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 464 * @see #getUserRestrictions() 465 */ 466 public static final String DISALLOW_NETWORK_RESET = "no_network_reset"; 467 468 /** 469 * Specifies if a user is disallowed from factory resetting 470 * from Settings. This can only be set by device owners and profile owners on the primary user. 471 * The default value is <code>false</code>. 472 * <p>This restriction has no effect on secondary users and managed profiles since only the 473 * primary user can factory reset the device. 474 * 475 * <p>Key for user restrictions. 476 * <p>Type: Boolean 477 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 478 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 479 * @see #getUserRestrictions() 480 */ 481 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset"; 482 483 /** 484 * Specifies if a user is disallowed from adding new users. This can only be set by device 485 * owners and profile owners on the primary user. 486 * The default value is <code>false</code>. 487 * <p>This restriction has no effect on secondary users and managed profiles since only the 488 * primary user can add other users. 489 * 490 * <p>Key for user restrictions. 491 * <p>Type: Boolean 492 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 493 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 494 * @see #getUserRestrictions() 495 */ 496 public static final String DISALLOW_ADD_USER = "no_add_user"; 497 498 /** 499 * Specifies if a user is disallowed from adding managed profiles. 500 * <p>The default value for an unmanaged user is <code>false</code>. 501 * For users with a device owner set, the default is <code>true</code>. 502 * <p>This restriction has no effect on managed profiles. 503 * 504 * <p>Key for user restrictions. 505 * <p>Type: Boolean 506 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 507 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 508 * @see #getUserRestrictions() 509 */ 510 public static final String DISALLOW_ADD_MANAGED_PROFILE = "no_add_managed_profile"; 511 512 /** 513 * Specifies if a user is disallowed from disabling application verification. The default 514 * value is <code>false</code>. 515 * 516 * <p>In Android 8.0 ({@linkplain android.os.Build.VERSION_CODES#O API level 26}) and higher, 517 * this is a global user restriction. If a device owner or profile owner sets this restriction, 518 * the system enforces app verification across all users on the device. Running in earlier 519 * Android versions, this restriction affects only the profile that sets it. 520 * 521 * <p>Key for user restrictions. 522 * <p>Type: Boolean 523 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 524 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 525 * @see #getUserRestrictions() 526 */ 527 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps"; 528 529 /** 530 * Specifies if a user is disallowed from configuring cell 531 * broadcasts. This can only be set by device owners and profile owners on the primary user. 532 * The default value is <code>false</code>. 533 * <p>This restriction has no effect on secondary users and managed profiles since only the 534 * primary user can configure cell broadcasts. 535 * 536 * <p>Key for user restrictions. 537 * <p>Type: Boolean 538 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 539 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 540 * @see #getUserRestrictions() 541 */ 542 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts"; 543 544 /** 545 * Specifies if a user is disallowed from configuring mobile 546 * networks. This can only be set by device owners and profile owners on the primary user. 547 * The default value is <code>false</code>. 548 * <p>This restriction has no effect on secondary users and managed profiles since only the 549 * primary user can configure mobile networks. 550 * 551 * <p>Key for user restrictions. 552 * <p>Type: Boolean 553 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 554 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 555 * @see #getUserRestrictions() 556 */ 557 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks"; 558 559 /** 560 * Specifies if a user is disallowed from modifying 561 * applications in Settings or launchers. The following actions will not be allowed when this 562 * restriction is enabled: 563 * <li>uninstalling apps</li> 564 * <li>disabling apps</li> 565 * <li>clearing app caches</li> 566 * <li>clearing app data</li> 567 * <li>force stopping apps</li> 568 * <li>clearing app defaults</li> 569 * <p> 570 * The default value is <code>false</code>. 571 * 572 * <p><strong>Note:</strong> The user will still be able to perform those actions via other 573 * means (such as adb). Third party apps will also be able to uninstall apps via the 574 * {@link android.content.pm.PackageInstaller}. {@link #DISALLOW_UNINSTALL_APPS} or 575 * {@link DevicePolicyManager#setUninstallBlocked(ComponentName, String, boolean)} should be 576 * used to prevent the user from uninstalling apps completely, and 577 * {@link DevicePolicyManager#addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName)} 578 * to add a default intent handler for a given intent filter. 579 * 580 * <p>Key for user restrictions. 581 * <p>Type: Boolean 582 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 583 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 584 * @see #getUserRestrictions() 585 */ 586 public static final String DISALLOW_APPS_CONTROL = "no_control_apps"; 587 588 /** 589 * Specifies if a user is disallowed from mounting 590 * physical external media. This can only be set by device owners and profile owners on the 591 * primary user. The default value is <code>false</code>. 592 * 593 * <p>Key for user restrictions. 594 * <p>Type: Boolean 595 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 596 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 597 * @see #getUserRestrictions() 598 */ 599 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media"; 600 601 /** 602 * Specifies if a user is disallowed from adjusting microphone volume. If set, the microphone 603 * will be muted. This can be set by device owners and profile owners. The default value is 604 * <code>false</code>. 605 * 606 * <p>This restriction has no effect on managed profiles. 607 * <p>Key for user restrictions. 608 * <p>Type: Boolean 609 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 610 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 611 * @see #getUserRestrictions() 612 */ 613 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone"; 614 615 /** 616 * Specifies if a user is disallowed from adjusting the master volume. If set, the master volume 617 * will be muted. This can be set by device owners from API 21 and profile owners from API 24. 618 * The default value is <code>false</code>. 619 * 620 * <p>When the restriction is set by profile owners, then it only applies to relevant 621 * profiles. 622 * 623 * <p>This restriction has no effect on managed profiles. 624 * <p>Key for user restrictions. 625 * <p>Type: Boolean 626 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 627 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 628 * @see #getUserRestrictions() 629 */ 630 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume"; 631 632 /** 633 * Specifies that the user is not allowed to make outgoing 634 * phone calls. Emergency calls are still permitted. 635 * The default value is <code>false</code>. 636 * <p>This restriction has no effect on managed profiles. 637 * 638 * <p>Key for user restrictions. 639 * <p>Type: Boolean 640 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 641 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 642 * @see #getUserRestrictions() 643 */ 644 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls"; 645 646 /** 647 * Specifies that the user is not allowed to send or receive 648 * SMS messages. The default value is <code>false</code>. 649 * 650 * <p>Key for user restrictions. 651 * <p>Type: Boolean 652 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 653 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 654 * @see #getUserRestrictions() 655 */ 656 public static final String DISALLOW_SMS = "no_sms"; 657 658 /** 659 * Specifies if the user is not allowed to have fun. In some cases, the 660 * device owner may wish to prevent the user from experiencing amusement or 661 * joy while using the device. The default value is <code>false</code>. 662 * 663 * <p>Key for user restrictions. 664 * <p>Type: Boolean 665 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 666 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 667 * @see #getUserRestrictions() 668 */ 669 public static final String DISALLOW_FUN = "no_fun"; 670 671 /** 672 * Specifies that windows besides app windows should not be 673 * created. This will block the creation of the following types of windows. 674 * <li>{@link LayoutParams#TYPE_TOAST}</li> 675 * <li>{@link LayoutParams#TYPE_PHONE}</li> 676 * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li> 677 * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li> 678 * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li> 679 * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li> 680 * <li>{@link LayoutParams#TYPE_APPLICATION_OVERLAY}</li> 681 * 682 * <p>This can only be set by device owners and profile owners on the primary user. 683 * The default value is <code>false</code>. 684 * 685 * <p>Key for user restrictions. 686 * <p>Type: Boolean 687 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 688 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 689 * @see #getUserRestrictions() 690 */ 691 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows"; 692 693 /** 694 * Specifies that system error dialogs for crashed or unresponsive apps should not be shown. 695 * In this case, the system will force-stop the app as if the user chooses the "close app" 696 * option on the UI. A feedback report isn't collected as there is no way for the user to 697 * provide explicit consent. The default value is <code>false</code>. 698 * 699 * <p>When this user restriction is set by device owners, it's applied to all users. When set by 700 * the profile owner of the primary user or a secondary user, the restriction affects only the 701 * calling user. This user restriction has no effect on managed profiles. 702 * 703 * <p>Key for user restrictions. 704 * <p>Type: Boolean 705 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 706 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 707 * @see #getUserRestrictions() 708 */ 709 public static final String DISALLOW_SYSTEM_ERROR_DIALOGS = "no_system_error_dialogs"; 710 711 /** 712 * Specifies if what is copied in the clipboard of this profile can 713 * be pasted in related profiles. Does not restrict if the clipboard of related profiles can be 714 * pasted in this profile. 715 * The default value is <code>false</code>. 716 * 717 * <p>Key for user restrictions. 718 * <p>Type: Boolean 719 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 720 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 721 * @see #getUserRestrictions() 722 */ 723 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste"; 724 725 /** 726 * Specifies if the user is not allowed to use NFC to beam out data from apps. 727 * The default value is <code>false</code>. 728 * 729 * <p>Key for user restrictions. 730 * <p>Type: Boolean 731 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 732 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 733 * @see #getUserRestrictions() 734 */ 735 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam"; 736 737 /** 738 * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction 739 * generally means that wallpapers are not supported for the particular user. This user 740 * restriction is always set for managed profiles, because such profiles don't have wallpapers. 741 * @hide 742 * @see #DISALLOW_SET_WALLPAPER 743 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 744 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 745 * @see #getUserRestrictions() 746 */ 747 public static final String DISALLOW_WALLPAPER = "no_wallpaper"; 748 749 /** 750 * User restriction to disallow setting a wallpaper. Profile owner and device owner 751 * are able to set wallpaper regardless of this restriction. 752 * The default value is <code>false</code>. 753 * 754 * <p>Key for user restrictions. 755 * <p>Type: Boolean 756 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 757 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 758 * @see #getUserRestrictions() 759 */ 760 public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper"; 761 762 /** 763 * Specifies if the user is not allowed to reboot the device into safe boot mode. 764 * This can only be set by device owners and profile owners on the primary user. 765 * The default value is <code>false</code>. 766 * 767 * <p>Key for user restrictions. 768 * <p>Type: Boolean 769 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 770 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 771 * @see #getUserRestrictions() 772 */ 773 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot"; 774 775 /** 776 * Specifies if a user is not allowed to record audio. This restriction is always enabled for 777 * background users. The default value is <code>false</code>. 778 * 779 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 780 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 781 * @see #getUserRestrictions() 782 * @hide 783 */ 784 public static final String DISALLOW_RECORD_AUDIO = "no_record_audio"; 785 786 /** 787 * Specifies if a user is not allowed to run in the background and should be stopped during 788 * user switch. The default value is <code>false</code>. 789 * 790 * <p>This restriction can be set by device owners and profile owners. 791 * 792 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 793 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 794 * @see #getUserRestrictions() 795 * @hide 796 */ 797 @SystemApi 798 public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background"; 799 800 /** 801 * Specifies if a user is not allowed to use the camera. 802 * 803 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 804 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 805 * @see #getUserRestrictions() 806 * @hide 807 */ 808 public static final String DISALLOW_CAMERA = "no_camera"; 809 810 /** 811 * Specifies if a user is not allowed to unmute the device's master volume. 812 * 813 * @see DevicePolicyManager#setMasterVolumeMuted(ComponentName, boolean) 814 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 815 * @see #getUserRestrictions() 816 * @hide 817 */ 818 public static final String DISALLOW_UNMUTE_DEVICE = "disallow_unmute_device"; 819 820 /** 821 * Specifies if a user is not allowed to use cellular data when roaming. This can only be set by 822 * device owners. The default value is <code>false</code>. 823 * 824 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 825 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 826 * @see #getUserRestrictions() 827 */ 828 public static final String DISALLOW_DATA_ROAMING = "no_data_roaming"; 829 830 /** 831 * Specifies if a user is not allowed to change their icon. Device owner and profile owner 832 * can set this restriction. When it is set by device owner, only the target user will be 833 * affected. The default value is <code>false</code>. 834 * 835 * <p>Key for user restrictions. 836 * <p>Type: Boolean 837 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 838 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 839 * @see #getUserRestrictions() 840 */ 841 public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon"; 842 843 /** 844 * Specifies if a user is not allowed to enable the oem unlock setting. The default value is 845 * <code>false</code>. Setting this restriction has no effect if the bootloader is already 846 * unlocked. 847 * 848 * <p>Not for use by third-party applications. 849 * 850 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 851 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 852 * @see #getUserRestrictions() 853 * @deprecated use {@link OemLockManager#setOemUnlockAllowedByCarrier(boolean, byte[])} instead. 854 * @hide 855 */ 856 @Deprecated 857 @SystemApi 858 public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock"; 859 860 /** 861 * Specifies that the managed profile is not allowed to have unified lock screen challenge with 862 * the primary user. 863 * 864 * <p><strong>Note:</strong> Setting this restriction alone doesn't automatically set a 865 * separate challenge. Profile owner can ask the user to set a new password using 866 * {@link DevicePolicyManager#ACTION_SET_NEW_PASSWORD} and verify it using 867 * {@link DevicePolicyManager#isUsingUnifiedPassword(ComponentName)}. 868 * 869 * <p>Can be set by profile owners. It only has effect on managed profiles when set by managed 870 * profile owner. Has no effect on non-managed profiles or users. 871 * <p>Key for user restrictions. 872 * <p>Type: Boolean 873 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 874 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 875 * @see #getUserRestrictions() 876 */ 877 public static final String DISALLOW_UNIFIED_PASSWORD = "no_unified_password"; 878 879 /** 880 * Allows apps in the parent profile to handle web links from the managed profile. 881 * 882 * This user restriction has an effect only in a managed profile. 883 * If set: 884 * Intent filters of activities in the parent profile with action 885 * {@link android.content.Intent#ACTION_VIEW}, 886 * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which 887 * define a host can handle intents from the managed profile. 888 * The default value is <code>false</code>. 889 * 890 * <p>Key for user restrictions. 891 * <p>Type: Boolean 892 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 893 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 894 * @see #getUserRestrictions() 895 */ 896 public static final String ALLOW_PARENT_PROFILE_APP_LINKING 897 = "allow_parent_profile_app_linking"; 898 899 /** 900 * Specifies if a user is not allowed to use Autofill Services. 901 * 902 * <p>Device owner and profile owner can set this restriction. When it is set by device owner, 903 * only the target user will be affected. 904 * 905 * <p>The default value is <code>false</code>. 906 * 907 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 908 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 909 * @see #getUserRestrictions() 910 */ 911 public static final String DISALLOW_AUTOFILL = "no_autofill"; 912 913 /** 914 * Specifies if user switching is blocked on the current user. 915 * 916 * <p> This restriction can only be set by the device owner, it will be applied to all users. 917 * Device owner can still switch user via 918 * {@link DevicePolicyManager#switchUser(ComponentName, UserHandle)} when this restriction is 919 * set. 920 * 921 * <p>The default value is <code>false</code>. 922 * 923 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 924 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 925 * @see #getUserRestrictions() 926 */ 927 public static final String DISALLOW_USER_SWITCH = "no_user_switch"; 928 929 /** 930 * Specifies whether the user can share file / picture / data from the primary user into the 931 * managed profile, either by sending them from the primary side, or by picking up data within 932 * an app in the managed profile. 933 * <p> 934 * When a managed profile is created, the system allows the user to send data from the primary 935 * side to the profile by setting up certain default cross profile intent filters. If 936 * this is undesired, this restriction can be set to disallow it. Note that this restriction 937 * will not block any sharing allowed by explicit 938 * {@link DevicePolicyManager#addCrossProfileIntentFilter} calls by the profile owner. 939 * <p> 940 * This restriction is only meaningful when set by profile owner. When it is set by device 941 * owner, it does not have any effect. 942 * <p> 943 * The default value is <code>false</code>. 944 * 945 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 946 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 947 * @see #getUserRestrictions() 948 */ 949 public static final String DISALLOW_SHARE_INTO_MANAGED_PROFILE = "no_sharing_into_profile"; 950 951 /** 952 * Specifies whether the user is allowed to print. 953 * 954 * This restriction can be set by device or profile owner. 955 * 956 * The default value is {@code false}. 957 * 958 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 959 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 960 * @see #getUserRestrictions() 961 */ 962 public static final String DISALLOW_PRINTING = "no_printing"; 963 964 /** 965 * Application restriction key that is used to indicate the pending arrival 966 * of real restrictions for the app. 967 * 968 * <p> 969 * Applications that support restrictions should check for the presence of this key. 970 * A <code>true</code> value indicates that restrictions may be applied in the near 971 * future but are not available yet. It is the responsibility of any 972 * management application that sets this flag to update it when the final 973 * restrictions are enforced. 974 * 975 * <p>Key for application restrictions. 976 * <p>Type: Boolean 977 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions( 978 * android.content.ComponentName, String, Bundle) 979 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions( 980 * android.content.ComponentName, String) 981 */ 982 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending"; 983 984 private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER"; 985 986 /** 987 * Extra containing a name for the user being created. Optional parameter passed to 988 * ACTION_CREATE_USER activity. 989 * @hide 990 */ 991 public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME"; 992 993 /** 994 * Extra containing account name for the user being created. Optional parameter passed to 995 * ACTION_CREATE_USER activity. 996 * @hide 997 */ 998 public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME"; 999 1000 /** 1001 * Extra containing account type for the user being created. Optional parameter passed to 1002 * ACTION_CREATE_USER activity. 1003 * @hide 1004 */ 1005 public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE"; 1006 1007 /** 1008 * Extra containing account-specific data for the user being created. Optional parameter passed 1009 * to ACTION_CREATE_USER activity. 1010 * @hide 1011 */ 1012 public static final String EXTRA_USER_ACCOUNT_OPTIONS 1013 = "android.os.extra.USER_ACCOUNT_OPTIONS"; 1014 1015 /** @hide */ 1016 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 1017 /** @hide */ 1018 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 1019 /** @hide */ 1020 public static final int PIN_VERIFICATION_SUCCESS = -1; 1021 1022 /** 1023 * Sent when user restrictions have changed. 1024 * 1025 * @hide 1026 */ 1027 @SystemApi 1028 @TestApi // To allow seeing it from CTS. 1029 public static final String ACTION_USER_RESTRICTIONS_CHANGED = 1030 "android.os.action.USER_RESTRICTIONS_CHANGED"; 1031 1032 /** 1033 * Error result indicating that this user is not allowed to add other users on this device. 1034 * This is a result code returned from the activity created by the intent 1035 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 1036 */ 1037 public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER; 1038 1039 /** 1040 * Error result indicating that no more users can be created on this device. 1041 * This is a result code returned from the activity created by the intent 1042 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 1043 */ 1044 public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1; 1045 1046 /** 1047 * Indicates user operation is successful. 1048 */ 1049 public static final int USER_OPERATION_SUCCESS = 0; 1050 1051 /** 1052 * Indicates user operation failed for unknown reason. 1053 */ 1054 public static final int USER_OPERATION_ERROR_UNKNOWN = 1; 1055 1056 /** 1057 * Indicates user operation failed because target user is a managed profile. 1058 */ 1059 public static final int USER_OPERATION_ERROR_MANAGED_PROFILE = 2; 1060 1061 /** 1062 * Indicates user operation failed because maximum running user limit has been reached. 1063 */ 1064 public static final int USER_OPERATION_ERROR_MAX_RUNNING_USERS = 3; 1065 1066 /** 1067 * Indicates user operation failed because the target user is in the foreground. 1068 */ 1069 public static final int USER_OPERATION_ERROR_CURRENT_USER = 4; 1070 1071 /** 1072 * Indicates user operation failed because device has low data storage. 1073 */ 1074 public static final int USER_OPERATION_ERROR_LOW_STORAGE = 5; 1075 1076 /** 1077 * Indicates user operation failed because maximum user limit has been reached. 1078 */ 1079 public static final int USER_OPERATION_ERROR_MAX_USERS = 6; 1080 1081 /** 1082 * Result returned from various user operations. 1083 * 1084 * @hide 1085 */ 1086 @Retention(RetentionPolicy.SOURCE) 1087 @IntDef(prefix = { "USER_OPERATION_" }, value = { 1088 USER_OPERATION_SUCCESS, 1089 USER_OPERATION_ERROR_UNKNOWN, 1090 USER_OPERATION_ERROR_MANAGED_PROFILE, 1091 USER_OPERATION_ERROR_MAX_RUNNING_USERS, 1092 USER_OPERATION_ERROR_CURRENT_USER, 1093 USER_OPERATION_ERROR_LOW_STORAGE, 1094 USER_OPERATION_ERROR_MAX_USERS 1095 }) 1096 public @interface UserOperationResult {} 1097 1098 /** 1099 * Thrown to indicate user operation failed. 1100 */ 1101 public static class UserOperationException extends RuntimeException { 1102 private final @UserOperationResult int mUserOperationResult; 1103 1104 /** 1105 * Constructs a UserOperationException with specific result code. 1106 * 1107 * @param message the detail message 1108 * @param userOperationResult the result code 1109 * @hide 1110 */ 1111 public UserOperationException(String message, 1112 @UserOperationResult int userOperationResult) { 1113 super(message); 1114 mUserOperationResult = userOperationResult; 1115 } 1116 1117 /** 1118 * Returns the operation result code. 1119 */ 1120 public @UserOperationResult int getUserOperationResult() { 1121 return mUserOperationResult; 1122 } 1123 } 1124 1125 /** @hide */ 1126 public static UserManager get(Context context) { 1127 return (UserManager) context.getSystemService(Context.USER_SERVICE); 1128 } 1129 1130 /** @hide */ 1131 public UserManager(Context context, IUserManager service) { 1132 mService = service; 1133 mContext = context.getApplicationContext(); 1134 } 1135 1136 /** 1137 * Returns whether this device supports multiple users with their own login and customizable 1138 * space. 1139 * @return whether the device supports multiple users. 1140 */ 1141 public static boolean supportsMultipleUsers() { 1142 return getMaxSupportedUsers() > 1 1143 && SystemProperties.getBoolean("fw.show_multiuserui", 1144 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI)); 1145 } 1146 1147 /** 1148 * @hide 1149 * @return Whether the device is running with split system user. It means the system user and 1150 * primary user are two separate users. Previously system user and primary user are combined as 1151 * a single owner user. see @link {android.os.UserHandle#USER_OWNER} 1152 */ 1153 @TestApi 1154 public static boolean isSplitSystemUser() { 1155 return RoSystemProperties.FW_SYSTEM_USER_SPLIT; 1156 } 1157 1158 /** 1159 * @return Whether guest user is always ephemeral 1160 * @hide 1161 */ 1162 public static boolean isGuestUserEphemeral() { 1163 return Resources.getSystem() 1164 .getBoolean(com.android.internal.R.bool.config_guestUserEphemeral); 1165 } 1166 1167 /** 1168 * Returns whether switching users is currently allowed. 1169 * <p>For instance switching users is not allowed if the current user is in a phone call, 1170 * system user hasn't been unlocked yet, or {@link #DISALLOW_USER_SWITCH} is set. 1171 * @hide 1172 */ 1173 public boolean canSwitchUsers() { 1174 boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt( 1175 mContext.getContentResolver(), 1176 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0; 1177 boolean isSystemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM); 1178 boolean inCall = TelephonyManager.getDefault().getCallState() 1179 != TelephonyManager.CALL_STATE_IDLE; 1180 boolean isUserSwitchDisallowed = hasUserRestriction(DISALLOW_USER_SWITCH); 1181 return (allowUserSwitchingWhenSystemUserLocked || isSystemUserUnlocked) && !inCall 1182 && !isUserSwitchDisallowed; 1183 } 1184 1185 /** 1186 * Returns the user handle for the user that this process is running under. 1187 * 1188 * @return the user handle of this process. 1189 * @hide 1190 */ 1191 public @UserIdInt int getUserHandle() { 1192 return UserHandle.myUserId(); 1193 } 1194 1195 /** 1196 * Returns the user name of the user making this call. This call is only 1197 * available to applications on the system image; it requires the 1198 * MANAGE_USERS permission. 1199 * @return the user name 1200 */ 1201 public String getUserName() { 1202 UserInfo user = getUserInfo(getUserHandle()); 1203 return user == null ? "" : user.name; 1204 } 1205 1206 /** 1207 * Returns whether user name has been set. 1208 * <p>This method can be used to check that the value returned by {@link #getUserName()} was 1209 * set by the user and is not a placeholder string provided by the system. 1210 * @hide 1211 */ 1212 public boolean isUserNameSet() { 1213 try { 1214 return mService.isUserNameSet(getUserHandle()); 1215 } catch (RemoteException re) { 1216 throw re.rethrowFromSystemServer(); 1217 } 1218 } 1219 1220 /** 1221 * Used to determine whether the user making this call is subject to 1222 * teleportations. 1223 * 1224 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can 1225 * now automatically identify goats using advanced goat recognition technology.</p> 1226 * 1227 * @return Returns true if the user making this call is a goat. 1228 */ 1229 public boolean isUserAGoat() { 1230 return mContext.getPackageManager() 1231 .isPackageAvailable("com.coffeestainstudios.goatsimulator"); 1232 } 1233 1234 /** 1235 * Used to check if this process is running under the primary user. The primary user 1236 * is the first human user on a device. 1237 * 1238 * @return whether this process is running under the primary user. 1239 * @hide 1240 */ 1241 public boolean isPrimaryUser() { 1242 UserInfo user = getUserInfo(UserHandle.myUserId()); 1243 return user != null && user.isPrimary(); 1244 } 1245 1246 /** 1247 * Used to check if this process is running under the system user. The system user 1248 * is the initial user that is implicitly created on first boot and hosts most of the 1249 * system services. 1250 * 1251 * @return whether this process is running under the system user. 1252 */ 1253 public boolean isSystemUser() { 1254 return UserHandle.myUserId() == UserHandle.USER_SYSTEM; 1255 } 1256 1257 /** 1258 * @hide 1259 * Returns whether the caller is running as an admin user. There can be more than one admin 1260 * user. 1261 */ 1262 public boolean isAdminUser() { 1263 return isUserAdmin(UserHandle.myUserId()); 1264 } 1265 1266 /** 1267 * @hide 1268 * Returns whether the provided user is an admin user. There can be more than one admin 1269 * user. 1270 */ 1271 public boolean isUserAdmin(@UserIdInt int userId) { 1272 UserInfo user = getUserInfo(userId); 1273 return user != null && user.isAdmin(); 1274 } 1275 1276 /** 1277 * @hide 1278 * @deprecated Use {@link #isRestrictedProfile()} 1279 */ 1280 @Deprecated 1281 public boolean isLinkedUser() { 1282 return isRestrictedProfile(); 1283 } 1284 1285 /** 1286 * Returns whether the caller is running as restricted profile. Restricted profile may have 1287 * a reduced number of available apps, app restrictions and account restrictions. 1288 * @return whether the user making this call is a linked user 1289 * @hide 1290 */ 1291 @SystemApi 1292 public boolean isRestrictedProfile() { 1293 try { 1294 return mService.isRestricted(); 1295 } catch (RemoteException re) { 1296 throw re.rethrowFromSystemServer(); 1297 } 1298 } 1299 1300 /** 1301 * Checks if specified user can have restricted profile. 1302 * @hide 1303 */ 1304 public boolean canHaveRestrictedProfile(@UserIdInt int userId) { 1305 try { 1306 return mService.canHaveRestrictedProfile(userId); 1307 } catch (RemoteException re) { 1308 throw re.rethrowFromSystemServer(); 1309 } 1310 } 1311 1312 /** 1313 * Returns whether the calling user has at least one restricted profile associated with it. 1314 * @return 1315 * @hide 1316 */ 1317 @SystemApi 1318 public boolean hasRestrictedProfiles() { 1319 try { 1320 return mService.hasRestrictedProfiles(); 1321 } catch (RemoteException re) { 1322 throw re.rethrowFromSystemServer(); 1323 } 1324 } 1325 1326 /** 1327 * Checks if a user is a guest user. 1328 * @return whether user is a guest user. 1329 * @hide 1330 */ 1331 public boolean isGuestUser(int id) { 1332 UserInfo user = getUserInfo(id); 1333 return user != null && user.isGuest(); 1334 } 1335 1336 /** 1337 * Checks if the calling app is running as a guest user. 1338 * @return whether the caller is a guest user. 1339 * @hide 1340 */ 1341 public boolean isGuestUser() { 1342 UserInfo user = getUserInfo(UserHandle.myUserId()); 1343 return user != null && user.isGuest(); 1344 } 1345 1346 1347 /** 1348 * Checks if the calling app is running in a demo user. When running in a demo user, 1349 * apps can be more helpful to the user, or explain their features in more detail. 1350 * 1351 * @return whether the caller is a demo user. 1352 */ 1353 public boolean isDemoUser() { 1354 try { 1355 return mService.isDemoUser(UserHandle.myUserId()); 1356 } catch (RemoteException re) { 1357 throw re.rethrowFromSystemServer(); 1358 } 1359 } 1360 1361 /** 1362 * Checks if the calling app is running in a managed profile. 1363 * 1364 * @return whether the caller is in a managed profile. 1365 * @hide 1366 */ 1367 @SystemApi 1368 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1369 public boolean isManagedProfile() { 1370 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 1371 // Worst case we might end up calling the AIDL method multiple times but that's fine. 1372 if (mIsManagedProfileCached != null) { 1373 return mIsManagedProfileCached; 1374 } 1375 try { 1376 mIsManagedProfileCached = mService.isManagedProfile(UserHandle.myUserId()); 1377 return mIsManagedProfileCached; 1378 } catch (RemoteException re) { 1379 throw re.rethrowFromSystemServer(); 1380 } 1381 } 1382 1383 /** 1384 * Checks if the specified user is a managed profile. 1385 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission, otherwise the caller 1386 * must be in the same profile group of specified user. 1387 * 1388 * @return whether the specified user is a managed profile. 1389 * @hide 1390 */ 1391 @SystemApi 1392 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1393 public boolean isManagedProfile(@UserIdInt int userId) { 1394 if (userId == UserHandle.myUserId()) { 1395 return isManagedProfile(); 1396 } 1397 try { 1398 return mService.isManagedProfile(userId); 1399 } catch (RemoteException re) { 1400 throw re.rethrowFromSystemServer(); 1401 } 1402 } 1403 1404 /** 1405 * Gets badge for a managed profile. 1406 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission, otherwise the caller 1407 * must be in the same profile group of specified user. 1408 * 1409 * @return which badge to use for the managed profile badge id will be less than 1410 * UserManagerService.getMaxManagedProfiles() 1411 * @hide 1412 */ 1413 public int getManagedProfileBadge(@UserIdInt int userId) { 1414 try { 1415 return mService.getManagedProfileBadge(userId); 1416 } catch (RemoteException re) { 1417 throw re.rethrowFromSystemServer(); 1418 } 1419 } 1420 1421 /** 1422 * Checks if the calling app is running as an ephemeral user. 1423 * 1424 * @return whether the caller is an ephemeral user. 1425 * @hide 1426 */ 1427 public boolean isEphemeralUser() { 1428 return isUserEphemeral(UserHandle.myUserId()); 1429 } 1430 1431 /** 1432 * Returns whether the specified user is ephemeral. 1433 * @hide 1434 */ 1435 public boolean isUserEphemeral(@UserIdInt int userId) { 1436 final UserInfo user = getUserInfo(userId); 1437 return user != null && user.isEphemeral(); 1438 } 1439 1440 /** 1441 * Return whether the given user is actively running. This means that 1442 * the user is in the "started" state, not "stopped" -- it is currently 1443 * allowed to run code through scheduled alarms, receiving broadcasts, 1444 * etc. A started user may be either the current foreground user or a 1445 * background user; the result here does not distinguish between the two. 1446 * 1447 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 1448 * {@link android.os.Build.VERSION_CODES#N), this API required a system permission 1449 * in order to check other profile's status. 1450 * Since Android Nougat MR1 (SDK version >= 25; 1451 * {@link android.os.Build.VERSION_CODES#N_MR1)), the restriction has been relaxed, and now 1452 * it'll accept any {@link UserHandle} within the same profile group as the caller. 1453 * 1454 * @param user The user to retrieve the running state for. 1455 */ 1456 // Note this requires either INTERACT_ACROSS_USERS or MANAGE_USERS. 1457 public boolean isUserRunning(UserHandle user) { 1458 return isUserRunning(user.getIdentifier()); 1459 } 1460 1461 /** {@hide} */ 1462 public boolean isUserRunning(@UserIdInt int userId) { 1463 try { 1464 return mService.isUserRunning(userId); 1465 } catch (RemoteException re) { 1466 throw re.rethrowFromSystemServer(); 1467 } 1468 } 1469 1470 /** 1471 * Return whether the given user is actively running <em>or</em> stopping. 1472 * This is like {@link #isUserRunning(UserHandle)}, but will also return 1473 * true if the user had been running but is in the process of being stopped 1474 * (but is not yet fully stopped, and still running some code). 1475 * 1476 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 1477 * {@link android.os.Build.VERSION_CODES#N), this API required a system permission 1478 * in order to check other profile's status. 1479 * Since Android Nougat MR1 (SDK version >= 25; 1480 * {@link android.os.Build.VERSION_CODES#N_MR1)), the restriction has been relaxed, and now 1481 * it'll accept any {@link UserHandle} within the same profile group as the caller. 1482 * 1483 * @param user The user to retrieve the running state for. 1484 */ 1485 // Note this requires either INTERACT_ACROSS_USERS or MANAGE_USERS. 1486 public boolean isUserRunningOrStopping(UserHandle user) { 1487 try { 1488 // TODO: reconcile stopped vs stopping? 1489 return ActivityManager.getService().isUserRunning( 1490 user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED); 1491 } catch (RemoteException re) { 1492 throw re.rethrowFromSystemServer(); 1493 } 1494 } 1495 1496 /** 1497 * Return whether the calling user is running in an "unlocked" state. 1498 * <p> 1499 * On devices with direct boot, a user is unlocked only after they've 1500 * entered their credentials (such as a lock pattern or PIN). On devices 1501 * without direct boot, a user is unlocked as soon as it starts. 1502 * <p> 1503 * When a user is locked, only device-protected data storage is available. 1504 * When a user is unlocked, both device-protected and credential-protected 1505 * private app data storage is available. 1506 * 1507 * @see Intent#ACTION_USER_UNLOCKED 1508 * @see Context#createDeviceProtectedStorageContext() 1509 */ 1510 public boolean isUserUnlocked() { 1511 return isUserUnlocked(Process.myUserHandle()); 1512 } 1513 1514 /** 1515 * Return whether the given user is running in an "unlocked" state. 1516 * <p> 1517 * On devices with direct boot, a user is unlocked only after they've 1518 * entered their credentials (such as a lock pattern or PIN). On devices 1519 * without direct boot, a user is unlocked as soon as it starts. 1520 * <p> 1521 * When a user is locked, only device-protected data storage is available. 1522 * When a user is unlocked, both device-protected and credential-protected 1523 * private app data storage is available. 1524 * <p>Requires {@code android.permission.MANAGE_USERS} or 1525 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 1526 * must be the calling user or a managed profile associated with it. 1527 * 1528 * @param user to retrieve the unlocked state for. 1529 * @see Intent#ACTION_USER_UNLOCKED 1530 * @see Context#createDeviceProtectedStorageContext() 1531 */ 1532 public boolean isUserUnlocked(UserHandle user) { 1533 return isUserUnlocked(user.getIdentifier()); 1534 } 1535 1536 /** {@hide} */ 1537 public boolean isUserUnlocked(@UserIdInt int userId) { 1538 try { 1539 return mService.isUserUnlocked(userId); 1540 } catch (RemoteException re) { 1541 throw re.rethrowFromSystemServer(); 1542 } 1543 } 1544 1545 /** {@hide} */ 1546 public boolean isUserUnlockingOrUnlocked(UserHandle user) { 1547 return isUserUnlockingOrUnlocked(user.getIdentifier()); 1548 } 1549 1550 /** {@hide} */ 1551 public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) { 1552 try { 1553 return mService.isUserUnlockingOrUnlocked(userId); 1554 } catch (RemoteException re) { 1555 throw re.rethrowFromSystemServer(); 1556 } 1557 } 1558 1559 /** 1560 * Return the time when the calling user started in elapsed milliseconds since boot, 1561 * or 0 if not started. 1562 * 1563 * @hide 1564 */ 1565 public long getUserStartRealtime() { 1566 try { 1567 return mService.getUserStartRealtime(); 1568 } catch (RemoteException re) { 1569 throw re.rethrowFromSystemServer(); 1570 } 1571 } 1572 1573 /** 1574 * Return the time when the calling user was unlocked elapsed milliseconds since boot, 1575 * or 0 if not unlocked. 1576 * 1577 * @hide 1578 */ 1579 public long getUserUnlockRealtime() { 1580 try { 1581 return mService.getUserUnlockRealtime(); 1582 } catch (RemoteException re) { 1583 throw re.rethrowFromSystemServer(); 1584 } 1585 } 1586 1587 /** 1588 * Returns the UserInfo object describing a specific user. 1589 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1590 * @param userHandle the user handle of the user whose information is being requested. 1591 * @return the UserInfo object for a specific user. 1592 * @hide 1593 */ 1594 public UserInfo getUserInfo(@UserIdInt int userHandle) { 1595 try { 1596 return mService.getUserInfo(userHandle); 1597 } catch (RemoteException re) { 1598 throw re.rethrowFromSystemServer(); 1599 } 1600 } 1601 1602 /** 1603 * @hide 1604 * 1605 * Returns who set a user restriction on a user. 1606 * @param restrictionKey the string key representing the restriction 1607 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1608 * @return The source of user restriction. Any combination of {@link #RESTRICTION_NOT_SET}, 1609 * {@link #RESTRICTION_SOURCE_SYSTEM}, {@link #RESTRICTION_SOURCE_DEVICE_OWNER} 1610 * and {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 1611 * @deprecated use {@link #getUserRestrictionSources(String, int)} instead. 1612 */ 1613 @Deprecated 1614 @SystemApi 1615 @UserRestrictionSource 1616 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1617 public int getUserRestrictionSource(String restrictionKey, UserHandle userHandle) { 1618 try { 1619 return mService.getUserRestrictionSource(restrictionKey, userHandle.getIdentifier()); 1620 } catch (RemoteException re) { 1621 throw re.rethrowFromSystemServer(); 1622 } 1623 } 1624 1625 /** 1626 * @hide 1627 * 1628 * Returns a list of users who set a user restriction on a given user. 1629 * @param restrictionKey the string key representing the restriction 1630 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1631 * @return a list of user ids enforcing this restriction. 1632 */ 1633 @SystemApi 1634 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1635 public List<EnforcingUser> getUserRestrictionSources( 1636 String restrictionKey, UserHandle userHandle) { 1637 try { 1638 return mService.getUserRestrictionSources(restrictionKey, userHandle.getIdentifier()); 1639 } catch (RemoteException re) { 1640 throw re.rethrowFromSystemServer(); 1641 } 1642 } 1643 1644 /** 1645 * Returns the user-wide restrictions imposed on this user. 1646 * @return a Bundle containing all the restrictions. 1647 */ 1648 public Bundle getUserRestrictions() { 1649 return getUserRestrictions(Process.myUserHandle()); 1650 } 1651 1652 /** 1653 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 1654 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1655 * @return a Bundle containing all the restrictions. 1656 */ 1657 public Bundle getUserRestrictions(UserHandle userHandle) { 1658 try { 1659 return mService.getUserRestrictions(userHandle.getIdentifier()); 1660 } catch (RemoteException re) { 1661 throw re.rethrowFromSystemServer(); 1662 } 1663 } 1664 1665 /** 1666 * @hide 1667 * Returns whether the given user has been disallowed from performing certain actions 1668 * or setting certain settings through UserManager. This method disregards restrictions 1669 * set by device policy. 1670 * @param restrictionKey the string key representing the restriction 1671 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1672 */ 1673 public boolean hasBaseUserRestriction(String restrictionKey, UserHandle userHandle) { 1674 try { 1675 return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier()); 1676 } catch (RemoteException re) { 1677 throw re.rethrowFromSystemServer(); 1678 } 1679 } 1680 1681 /** 1682 * This will no longer work. Device owners and profile owners should use 1683 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 1684 */ 1685 // System apps should use UserManager.setUserRestriction() instead. 1686 @Deprecated 1687 public void setUserRestrictions(Bundle restrictions) { 1688 throw new UnsupportedOperationException("This method is no longer supported"); 1689 } 1690 1691 /** 1692 * This will no longer work. Device owners and profile owners should use 1693 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 1694 */ 1695 // System apps should use UserManager.setUserRestriction() instead. 1696 @Deprecated 1697 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 1698 throw new UnsupportedOperationException("This method is no longer supported"); 1699 } 1700 1701 /** 1702 * Sets the value of a specific restriction. 1703 * Requires the MANAGE_USERS permission. 1704 * @param key the key of the restriction 1705 * @param value the value for the restriction 1706 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 1707 * android.content.ComponentName, String)} or 1708 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 1709 * android.content.ComponentName, String)} instead. 1710 */ 1711 @Deprecated 1712 public void setUserRestriction(String key, boolean value) { 1713 setUserRestriction(key, value, Process.myUserHandle()); 1714 } 1715 1716 /** 1717 * @hide 1718 * Sets the value of a specific restriction on a specific user. 1719 * Requires the MANAGE_USERS permission. 1720 * @param key the key of the restriction 1721 * @param value the value for the restriction 1722 * @param userHandle the user whose restriction is to be changed. 1723 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 1724 * android.content.ComponentName, String)} or 1725 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 1726 * android.content.ComponentName, String)} instead. 1727 */ 1728 @Deprecated 1729 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 1730 try { 1731 mService.setUserRestriction(key, value, userHandle.getIdentifier()); 1732 } catch (RemoteException re) { 1733 throw re.rethrowFromSystemServer(); 1734 } 1735 } 1736 1737 /** 1738 * Returns whether the current user has been disallowed from performing certain actions 1739 * or setting certain settings. 1740 * 1741 * @param restrictionKey The string key representing the restriction. 1742 * @return {@code true} if the current user has the given restriction, {@code false} otherwise. 1743 */ 1744 public boolean hasUserRestriction(String restrictionKey) { 1745 return hasUserRestriction(restrictionKey, Process.myUserHandle()); 1746 } 1747 1748 /** 1749 * @hide 1750 * Returns whether the given user has been disallowed from performing certain actions 1751 * or setting certain settings. 1752 * @param restrictionKey the string key representing the restriction 1753 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1754 */ 1755 public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) { 1756 try { 1757 return mService.hasUserRestriction(restrictionKey, 1758 userHandle.getIdentifier()); 1759 } catch (RemoteException re) { 1760 throw re.rethrowFromSystemServer(); 1761 } 1762 } 1763 1764 /** 1765 * @hide 1766 * Returns whether any user on the device has the given user restriction set. 1767 */ 1768 public boolean hasUserRestrictionOnAnyUser(String restrictionKey) { 1769 try { 1770 return mService.hasUserRestrictionOnAnyUser(restrictionKey); 1771 } catch (RemoteException re) { 1772 throw re.rethrowFromSystemServer(); 1773 } 1774 } 1775 1776 /** 1777 * Return the serial number for a user. This is a device-unique 1778 * number assigned to that user; if the user is deleted and then a new 1779 * user created, the new users will not be given the same serial number. 1780 * @param user The user whose serial number is to be retrieved. 1781 * @return The serial number of the given user; returns -1 if the 1782 * given UserHandle does not exist. 1783 * @see #getUserForSerialNumber(long) 1784 */ 1785 public long getSerialNumberForUser(UserHandle user) { 1786 return getUserSerialNumber(user.getIdentifier()); 1787 } 1788 1789 /** 1790 * Return the user associated with a serial number previously 1791 * returned by {@link #getSerialNumberForUser(UserHandle)}. 1792 * @param serialNumber The serial number of the user that is being 1793 * retrieved. 1794 * @return Return the user associated with the serial number, or null 1795 * if there is not one. 1796 * @see #getSerialNumberForUser(UserHandle) 1797 */ 1798 public UserHandle getUserForSerialNumber(long serialNumber) { 1799 int ident = getUserHandle((int) serialNumber); 1800 return ident >= 0 ? new UserHandle(ident) : null; 1801 } 1802 1803 /** 1804 * Creates a user with the specified name and options. For non-admin users, default user 1805 * restrictions are going to be applied. 1806 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1807 * 1808 * @param name the user's name 1809 * @param flags flags that identify the type of user and other properties. 1810 * @see UserInfo 1811 * 1812 * @return the UserInfo object for the created user, or null if the user could not be created. 1813 * @hide 1814 */ 1815 public UserInfo createUser(String name, int flags) { 1816 UserInfo user = null; 1817 try { 1818 user = mService.createUser(name, flags); 1819 // TODO: Keep this in sync with 1820 // UserManagerService.LocalService.createUserEvenWhenDisallowed 1821 if (user != null && !user.isAdmin() && !user.isDemo()) { 1822 mService.setUserRestriction(DISALLOW_SMS, true, user.id); 1823 mService.setUserRestriction(DISALLOW_OUTGOING_CALLS, true, user.id); 1824 } 1825 } catch (RemoteException re) { 1826 throw re.rethrowFromSystemServer(); 1827 } 1828 return user; 1829 } 1830 1831 /** 1832 * Creates a guest user and configures it. 1833 * @param context an application context 1834 * @param name the name to set for the user 1835 * @hide 1836 */ 1837 public UserInfo createGuest(Context context, String name) { 1838 UserInfo guest = null; 1839 try { 1840 guest = mService.createUser(name, UserInfo.FLAG_GUEST); 1841 if (guest != null) { 1842 Settings.Secure.putStringForUser(context.getContentResolver(), 1843 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id); 1844 } 1845 } catch (RemoteException re) { 1846 throw re.rethrowFromSystemServer(); 1847 } 1848 return guest; 1849 } 1850 1851 /** 1852 * Creates a user with the specified name and options as a profile of another user. 1853 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1854 * 1855 * @param name the user's name 1856 * @param flags flags that identify the type of user and other properties. 1857 * @param userHandle new user will be a profile of this user. 1858 * 1859 * @return the {@link UserInfo} object for the created user, or null if the user 1860 * could not be created. 1861 * @hide 1862 */ 1863 public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle) { 1864 return createProfileForUser(name, flags, userHandle, null); 1865 } 1866 1867 /** 1868 * Version of {@link #createProfileForUser(String, int, int)} that allows you to specify 1869 * any packages that should not be installed in the new profile by default, these packages can 1870 * still be installed later by the user if needed. 1871 * 1872 * @param name the user's name 1873 * @param flags flags that identify the type of user and other properties. 1874 * @param userHandle new user will be a profile of this user. 1875 * @param disallowedPackages packages that will not be installed in the profile being created. 1876 * 1877 * @return the {@link UserInfo} object for the created user, or null if the user 1878 * could not be created. 1879 * @hide 1880 */ 1881 public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle, 1882 String[] disallowedPackages) { 1883 try { 1884 return mService.createProfileForUser(name, flags, userHandle, disallowedPackages); 1885 } catch (RemoteException re) { 1886 throw re.rethrowFromSystemServer(); 1887 } 1888 } 1889 1890 /** 1891 * Similar to {@link #createProfileForUser(String, int, int, String[])} 1892 * except bypassing the checking of {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}. 1893 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1894 * 1895 * @see #createProfileForUser(String, int, int, String[]) 1896 * @hide 1897 */ 1898 public UserInfo createProfileForUserEvenWhenDisallowed(String name, int flags, 1899 @UserIdInt int userHandle, String[] disallowedPackages) { 1900 try { 1901 return mService.createProfileForUserEvenWhenDisallowed(name, flags, userHandle, 1902 disallowedPackages); 1903 } catch (RemoteException re) { 1904 throw re.rethrowFromSystemServer(); 1905 } 1906 } 1907 1908 /** 1909 * Creates a restricted profile with the specified name. This method also sets necessary 1910 * restrictions and adds shared accounts. 1911 * 1912 * @param name profile's name 1913 * @return UserInfo object for the created user, or null if the user could not be created. 1914 * @hide 1915 */ 1916 public UserInfo createRestrictedProfile(String name) { 1917 try { 1918 UserHandle parentUserHandle = Process.myUserHandle(); 1919 UserInfo user = mService.createRestrictedProfile(name, 1920 parentUserHandle.getIdentifier()); 1921 if (user != null) { 1922 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle, 1923 UserHandle.of(user.id)); 1924 } 1925 return user; 1926 } catch (RemoteException re) { 1927 throw re.rethrowFromSystemServer(); 1928 } 1929 } 1930 1931 /** 1932 * Returns an intent to create a user for the provided name and account name. The name 1933 * and account name will be used when the setup process for the new user is started. 1934 * <p> 1935 * The intent should be launched using startActivityForResult and the return result will 1936 * indicate if the user consented to adding a new user and if the operation succeeded. Any 1937 * errors in creating the user will be returned in the result code. If the user cancels the 1938 * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the 1939 * result code will be {@link Activity#RESULT_OK}. 1940 * <p> 1941 * Use {@link #supportsMultipleUsers()} to first check if the device supports this operation 1942 * at all. 1943 * <p> 1944 * The new user is created but not initialized. After switching into the user for the first 1945 * time, the preferred user name and account information are used by the setup process for that 1946 * user. 1947 * 1948 * @param userName Optional name to assign to the user. 1949 * @param accountName Optional account name that will be used by the setup wizard to initialize 1950 * the user. 1951 * @param accountType Optional account type for the account to be created. This is required 1952 * if the account name is specified. 1953 * @param accountOptions Optional bundle of data to be passed in during account creation in the 1954 * new user via {@link AccountManager#addAccount(String, String, String[], 1955 * Bundle, android.app.Activity, android.accounts.AccountManagerCallback, 1956 * Handler)}. 1957 * @return An Intent that can be launched from an Activity. 1958 * @see #USER_CREATION_FAILED_NOT_PERMITTED 1959 * @see #USER_CREATION_FAILED_NO_MORE_USERS 1960 * @see #supportsMultipleUsers 1961 */ 1962 public static Intent createUserCreationIntent(@Nullable String userName, 1963 @Nullable String accountName, 1964 @Nullable String accountType, @Nullable PersistableBundle accountOptions) { 1965 Intent intent = new Intent(ACTION_CREATE_USER); 1966 if (userName != null) { 1967 intent.putExtra(EXTRA_USER_NAME, userName); 1968 } 1969 if (accountName != null && accountType == null) { 1970 throw new IllegalArgumentException("accountType must be specified if accountName is " 1971 + "specified"); 1972 } 1973 if (accountName != null) { 1974 intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName); 1975 } 1976 if (accountType != null) { 1977 intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType); 1978 } 1979 if (accountOptions != null) { 1980 intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions); 1981 } 1982 return intent; 1983 } 1984 1985 /** 1986 * @hide 1987 * 1988 * Returns the preferred account name for user creation. 1989 */ 1990 @SystemApi 1991 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1992 public String getSeedAccountName() { 1993 try { 1994 return mService.getSeedAccountName(); 1995 } catch (RemoteException re) { 1996 throw re.rethrowFromSystemServer(); 1997 } 1998 } 1999 2000 /** 2001 * @hide 2002 * 2003 * Returns the preferred account type for user creation. 2004 */ 2005 @SystemApi 2006 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2007 public String getSeedAccountType() { 2008 try { 2009 return mService.getSeedAccountType(); 2010 } catch (RemoteException re) { 2011 throw re.rethrowFromSystemServer(); 2012 } 2013 } 2014 2015 /** 2016 * @hide 2017 * 2018 * Returns the preferred account's options bundle for user creation. 2019 * @return Any options set by the requestor that created the user. 2020 */ 2021 @SystemApi 2022 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2023 public PersistableBundle getSeedAccountOptions() { 2024 try { 2025 return mService.getSeedAccountOptions(); 2026 } catch (RemoteException re) { 2027 throw re.rethrowFromSystemServer(); 2028 } 2029 } 2030 2031 /** 2032 * @hide 2033 * 2034 * Called by a system activity to set the seed account information of a user created 2035 * through the user creation intent. 2036 * @param userId 2037 * @param accountName 2038 * @param accountType 2039 * @param accountOptions 2040 * @see #createUserCreationIntent(String, String, String, PersistableBundle) 2041 */ 2042 public void setSeedAccountData(int userId, String accountName, String accountType, 2043 PersistableBundle accountOptions) { 2044 try { 2045 mService.setSeedAccountData(userId, accountName, accountType, accountOptions, 2046 /* persist= */ true); 2047 } catch (RemoteException re) { 2048 throw re.rethrowFromSystemServer(); 2049 } 2050 } 2051 2052 /** 2053 * @hide 2054 * Clears the seed information used to create this user. 2055 */ 2056 @SystemApi 2057 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2058 public void clearSeedAccountData() { 2059 try { 2060 mService.clearSeedAccountData(); 2061 } catch (RemoteException re) { 2062 throw re.rethrowFromSystemServer(); 2063 } 2064 } 2065 2066 /** 2067 * @hide 2068 * Marks the guest user for deletion to allow a new guest to be created before deleting 2069 * the current user who is a guest. 2070 * @param userHandle 2071 * @return 2072 */ 2073 public boolean markGuestForDeletion(@UserIdInt int userHandle) { 2074 try { 2075 return mService.markGuestForDeletion(userHandle); 2076 } catch (RemoteException re) { 2077 throw re.rethrowFromSystemServer(); 2078 } 2079 } 2080 2081 /** 2082 * Sets the user as enabled, if such an user exists. 2083 * 2084 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2085 * 2086 * <p>Note that the default is true, it's only that managed profiles might not be enabled. 2087 * Also ephemeral users can be disabled to indicate that their removal is in progress and they 2088 * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled. 2089 * 2090 * @param userId the id of the profile to enable 2091 * @hide 2092 */ 2093 public void setUserEnabled(@UserIdInt int userId) { 2094 try { 2095 mService.setUserEnabled(userId); 2096 } catch (RemoteException re) { 2097 throw re.rethrowFromSystemServer(); 2098 } 2099 } 2100 2101 /** 2102 * Assigns admin privileges to the user, if such a user exists. 2103 * 2104 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} and 2105 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} permissions. 2106 * 2107 * @param userHandle the id of the user to become admin 2108 * @hide 2109 */ 2110 @RequiresPermission(allOf = { 2111 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 2112 Manifest.permission.MANAGE_USERS 2113 }) 2114 public void setUserAdmin(@UserIdInt int userHandle) { 2115 try { 2116 mService.setUserAdmin(userHandle); 2117 } catch (RemoteException re) { 2118 throw re.rethrowFromSystemServer(); 2119 } 2120 } 2121 2122 /** 2123 * Evicts the user's credential encryption key from memory by stopping and restarting the user. 2124 * 2125 * @hide 2126 */ 2127 public void evictCredentialEncryptionKey(@UserIdInt int userHandle) { 2128 try { 2129 mService.evictCredentialEncryptionKey(userHandle); 2130 } catch (RemoteException re) { 2131 throw re.rethrowFromSystemServer(); 2132 } 2133 } 2134 2135 /** 2136 * Return the number of users currently created on the device. 2137 */ 2138 public int getUserCount() { 2139 List<UserInfo> users = getUsers(); 2140 return users != null ? users.size() : 1; 2141 } 2142 2143 /** 2144 * Returns information for all users on this device, including ones marked for deletion. 2145 * To retrieve only users that are alive, use {@link #getUsers(boolean)}. 2146 * <p> 2147 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2148 * @return the list of users that exist on the device. 2149 * @hide 2150 */ 2151 public List<UserInfo> getUsers() { 2152 try { 2153 return mService.getUsers(false); 2154 } catch (RemoteException re) { 2155 throw re.rethrowFromSystemServer(); 2156 } 2157 } 2158 2159 /** 2160 * Returns serial numbers of all users on this device. 2161 * 2162 * @param excludeDying specify if the list should exclude users being removed. 2163 * @return the list of serial numbers of users that exist on the device. 2164 * @hide 2165 */ 2166 @SystemApi 2167 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2168 public long[] getSerialNumbersOfUsers(boolean excludeDying) { 2169 try { 2170 List<UserInfo> users = mService.getUsers(excludeDying); 2171 long[] result = new long[users.size()]; 2172 for (int i = 0; i < result.length; i++) { 2173 result[i] = users.get(i).serialNumber; 2174 } 2175 return result; 2176 } catch (RemoteException re) { 2177 throw re.rethrowFromSystemServer(); 2178 } 2179 } 2180 2181 /** 2182 * @return the user's account name, null if not found. 2183 * @hide 2184 */ 2185 @RequiresPermission( allOf = { 2186 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 2187 Manifest.permission.MANAGE_USERS 2188 }) 2189 public @Nullable String getUserAccount(@UserIdInt int userHandle) { 2190 try { 2191 return mService.getUserAccount(userHandle); 2192 } catch (RemoteException re) { 2193 throw re.rethrowFromSystemServer(); 2194 } 2195 } 2196 2197 /** 2198 * Set account name for the given user. 2199 * @hide 2200 */ 2201 @RequiresPermission( allOf = { 2202 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 2203 Manifest.permission.MANAGE_USERS 2204 }) 2205 public void setUserAccount(@UserIdInt int userHandle, @Nullable String accountName) { 2206 try { 2207 mService.setUserAccount(userHandle, accountName); 2208 } catch (RemoteException re) { 2209 throw re.rethrowFromSystemServer(); 2210 } 2211 } 2212 2213 /** 2214 * Returns information for Primary user. 2215 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2216 * 2217 * @return the Primary user, null if not found. 2218 * @hide 2219 */ 2220 public @Nullable UserInfo getPrimaryUser() { 2221 try { 2222 return mService.getPrimaryUser(); 2223 } catch (RemoteException re) { 2224 throw re.rethrowFromSystemServer(); 2225 } 2226 } 2227 2228 /** 2229 * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS 2230 * permission. 2231 * 2232 * @return true if more users can be added, false if limit has been reached. 2233 * @hide 2234 */ 2235 public boolean canAddMoreUsers() { 2236 final List<UserInfo> users = getUsers(true); 2237 final int totalUserCount = users.size(); 2238 int aliveUserCount = 0; 2239 for (int i = 0; i < totalUserCount; i++) { 2240 UserInfo user = users.get(i); 2241 if (!user.isGuest()) { 2242 aliveUserCount++; 2243 } 2244 } 2245 return aliveUserCount < getMaxSupportedUsers(); 2246 } 2247 2248 /** 2249 * Checks whether it's possible to add more managed profiles. Caller must hold the MANAGE_USERS 2250 * permission. 2251 * if allowedToRemoveOne is true and if the user already has a managed profile, then return if 2252 * we could add a new managed profile to this user after removing the existing one. 2253 * 2254 * @return true if more managed profiles can be added, false if limit has been reached. 2255 * @hide 2256 */ 2257 public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) { 2258 try { 2259 return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne); 2260 } catch (RemoteException re) { 2261 throw re.rethrowFromSystemServer(); 2262 } 2263 } 2264 2265 /** 2266 * Returns list of the profiles of userHandle including 2267 * userHandle itself. 2268 * Note that this returns both enabled and not enabled profiles. See 2269 * {@link #getEnabledProfiles(int)} if you need only the enabled ones. 2270 * 2271 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2272 * @param userHandle profiles of this user will be returned. 2273 * @return the list of profiles. 2274 * @hide 2275 */ 2276 public List<UserInfo> getProfiles(@UserIdInt int userHandle) { 2277 try { 2278 return mService.getProfiles(userHandle, false /* enabledOnly */); 2279 } catch (RemoteException re) { 2280 throw re.rethrowFromSystemServer(); 2281 } 2282 } 2283 2284 /** 2285 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2286 * @param userId one of the two user ids to check. 2287 * @param otherUserId one of the two user ids to check. 2288 * @return true if the two user ids are in the same profile group. 2289 * @hide 2290 */ 2291 public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) { 2292 try { 2293 return mService.isSameProfileGroup(userId, otherUserId); 2294 } catch (RemoteException re) { 2295 throw re.rethrowFromSystemServer(); 2296 } 2297 } 2298 2299 /** 2300 * Returns list of the profiles of userHandle including 2301 * userHandle itself. 2302 * Note that this returns only enabled. 2303 * 2304 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2305 * @param userHandle profiles of this user will be returned. 2306 * @return the list of profiles. 2307 * @hide 2308 */ 2309 public List<UserInfo> getEnabledProfiles(@UserIdInt int userHandle) { 2310 try { 2311 return mService.getProfiles(userHandle, true /* enabledOnly */); 2312 } catch (RemoteException re) { 2313 throw re.rethrowFromSystemServer(); 2314 } 2315 } 2316 2317 /** 2318 * Returns a list of UserHandles for profiles associated with the user that the calling process 2319 * is running on, including the user itself. 2320 * 2321 * @return A non-empty list of UserHandles associated with the calling user. 2322 */ 2323 public List<UserHandle> getUserProfiles() { 2324 int[] userIds = getProfileIds(UserHandle.myUserId(), true /* enabledOnly */); 2325 List<UserHandle> result = new ArrayList<>(userIds.length); 2326 for (int userId : userIds) { 2327 result.add(UserHandle.of(userId)); 2328 } 2329 return result; 2330 } 2331 2332 /** 2333 * Returns a list of ids for profiles associated with the specified user including the user 2334 * itself. 2335 * 2336 * @param userId id of the user to return profiles for 2337 * @param enabledOnly whether return only {@link UserInfo#isEnabled() enabled} profiles 2338 * @return A non-empty list of ids of profiles associated with the specified user. 2339 * 2340 * @hide 2341 */ 2342 public int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) { 2343 try { 2344 return mService.getProfileIds(userId, enabledOnly); 2345 } catch (RemoteException re) { 2346 throw re.rethrowFromSystemServer(); 2347 } 2348 } 2349 2350 /** 2351 * @see #getProfileIds(int, boolean) 2352 * @hide 2353 */ 2354 public int[] getProfileIdsWithDisabled(@UserIdInt int userId) { 2355 return getProfileIds(userId, false /* enabledOnly */); 2356 } 2357 2358 /** 2359 * @see #getProfileIds(int, boolean) 2360 * @hide 2361 */ 2362 public int[] getEnabledProfileIds(@UserIdInt int userId) { 2363 return getProfileIds(userId, true /* enabledOnly */); 2364 } 2365 2366 /** 2367 * Returns the device credential owner id of the profile from 2368 * which this method is called, or userHandle if called from a user that 2369 * is not a profile. 2370 * 2371 * @hide 2372 */ 2373 public int getCredentialOwnerProfile(@UserIdInt int userHandle) { 2374 try { 2375 return mService.getCredentialOwnerProfile(userHandle); 2376 } catch (RemoteException re) { 2377 throw re.rethrowFromSystemServer(); 2378 } 2379 } 2380 2381 /** 2382 * Returns the parent of the profile which this method is called from 2383 * or null if called from a user that is not a profile. 2384 * 2385 * @hide 2386 */ 2387 public UserInfo getProfileParent(@UserIdInt int userHandle) { 2388 try { 2389 return mService.getProfileParent(userHandle); 2390 } catch (RemoteException re) { 2391 throw re.rethrowFromSystemServer(); 2392 } 2393 } 2394 2395 /** 2396 * Enables or disables quiet mode for a managed profile. If quiet mode is enabled, apps in a 2397 * managed profile don't run, generate notifications, or consume data or battery. 2398 * <p> 2399 * If a user's credential is needed to turn off quiet mode, a confirm credential screen will be 2400 * shown to the user. 2401 * <p> 2402 * The change may not happen instantly, however apps can listen for 2403 * {@link Intent#ACTION_MANAGED_PROFILE_AVAILABLE} and 2404 * {@link Intent#ACTION_MANAGED_PROFILE_UNAVAILABLE} broadcasts in order to be notified of 2405 * the change of the quiet mode. Apps can also check the current state of quiet mode by 2406 * calling {@link #isQuietModeEnabled(UserHandle)}. 2407 * <p> 2408 * The caller must either be the foreground default launcher or have one of these permissions: 2409 * {@code MANAGE_USERS} or {@code MODIFY_QUIET_MODE}. 2410 * 2411 * @param enableQuietMode whether quiet mode should be enabled or disabled 2412 * @param userHandle user handle of the profile 2413 * @return {@code false} if user's credential is needed in order to turn off quiet mode, 2414 * {@code true} otherwise 2415 * @throws SecurityException if the caller is invalid 2416 * @throws IllegalArgumentException if {@code userHandle} is not a managed profile 2417 * 2418 * @see #isQuietModeEnabled(UserHandle) 2419 */ 2420 public boolean requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle) { 2421 return requestQuietModeEnabled(enableQuietMode, userHandle, null); 2422 } 2423 2424 /** 2425 * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify 2426 * a target to start when user is unlocked. If {@code target} is specified, caller must have 2427 * the {@link android.Manifest.permission#MANAGE_USERS} permission. 2428 * 2429 * @see {@link #requestQuietModeEnabled(boolean, UserHandle)} 2430 * @hide 2431 */ 2432 public boolean requestQuietModeEnabled( 2433 boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target) { 2434 try { 2435 return mService.requestQuietModeEnabled( 2436 mContext.getPackageName(), enableQuietMode, userHandle.getIdentifier(), target); 2437 } catch (RemoteException re) { 2438 throw re.rethrowFromSystemServer(); 2439 } 2440 } 2441 2442 /** 2443 * Returns whether the given profile is in quiet mode or not. 2444 * Notes: Quiet mode is only supported for managed profiles. 2445 * 2446 * @param userHandle The user handle of the profile to be queried. 2447 * @return true if the profile is in quiet mode, false otherwise. 2448 */ 2449 public boolean isQuietModeEnabled(UserHandle userHandle) { 2450 try { 2451 return mService.isQuietModeEnabled(userHandle.getIdentifier()); 2452 } catch (RemoteException re) { 2453 throw re.rethrowFromSystemServer(); 2454 } 2455 } 2456 2457 /** 2458 * If the target user is a managed profile of the calling user or the caller 2459 * is itself a managed profile, then this returns a badged copy of the given 2460 * icon to be able to distinguish it from the original icon. For badging an 2461 * arbitrary drawable use {@link #getBadgedDrawableForUser( 2462 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}. 2463 * <p> 2464 * If the original drawable is a BitmapDrawable and the backing bitmap is 2465 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 2466 * is performed in place and the original drawable is returned. 2467 * </p> 2468 * 2469 * @param icon The icon to badge. 2470 * @param user The target user. 2471 * @return A drawable that combines the original icon and a badge as 2472 * determined by the system. 2473 * @removed 2474 */ 2475 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) { 2476 return mContext.getPackageManager().getUserBadgedIcon(icon, user); 2477 } 2478 2479 /** 2480 * If the target user is a managed profile of the calling user or the caller 2481 * is itself a managed profile, then this returns a badged copy of the given 2482 * drawable allowing the user to distinguish it from the original drawable. 2483 * The caller can specify the location in the bounds of the drawable to be 2484 * badged where the badge should be applied as well as the density of the 2485 * badge to be used. 2486 * <p> 2487 * If the original drawable is a BitmapDrawable and the backing bitmap is 2488 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 2489 * is performed in place and the original drawable is returned. 2490 * </p> 2491 * 2492 * @param badgedDrawable The drawable to badge. 2493 * @param user The target user. 2494 * @param badgeLocation Where in the bounds of the badged drawable to place 2495 * the badge. If it's {@code null}, the badge is applied on top of the entire 2496 * drawable being badged. 2497 * @param badgeDensity The optional desired density for the badge as per 2498 * {@link android.util.DisplayMetrics#densityDpi}. If it's not positive, 2499 * the density of the display is used. 2500 * @return A drawable that combines the original drawable and a badge as 2501 * determined by the system. 2502 * @removed 2503 */ 2504 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, 2505 Rect badgeLocation, int badgeDensity) { 2506 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user, 2507 badgeLocation, badgeDensity); 2508 } 2509 2510 /** 2511 * If the target user is a managed profile of the calling user or the caller 2512 * is itself a managed profile, then this returns a copy of the label with 2513 * badging for accessibility services like talkback. E.g. passing in "Email" 2514 * and it might return "Work Email" for Email in the work profile. 2515 * 2516 * @param label The label to change. 2517 * @param user The target user. 2518 * @return A label that combines the original label and a badge as 2519 * determined by the system. 2520 * @removed 2521 */ 2522 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) { 2523 return mContext.getPackageManager().getUserBadgedLabel(label, user); 2524 } 2525 2526 /** 2527 * Returns information for all users on this device. Requires 2528 * {@link android.Manifest.permission#MANAGE_USERS} permission. 2529 * 2530 * @param excludeDying specify if the list should exclude users being 2531 * removed. 2532 * @return the list of users that were created. 2533 * @hide 2534 */ 2535 public @NonNull List<UserInfo> getUsers(boolean excludeDying) { 2536 try { 2537 return mService.getUsers(excludeDying); 2538 } catch (RemoteException re) { 2539 throw re.rethrowFromSystemServer(); 2540 } 2541 } 2542 2543 /** 2544 * Removes a user and all associated data. 2545 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2546 * @param userHandle the integer handle of the user, where 0 is the primary user. 2547 * @hide 2548 */ 2549 public boolean removeUser(@UserIdInt int userHandle) { 2550 try { 2551 return mService.removeUser(userHandle); 2552 } catch (RemoteException re) { 2553 throw re.rethrowFromSystemServer(); 2554 } 2555 } 2556 2557 /** 2558 * Similar to {@link #removeUser(int)} except bypassing the checking of 2559 * {@link UserManager#DISALLOW_REMOVE_USER} 2560 * or {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE}. 2561 * 2562 * @see {@link #removeUser(int)} 2563 * @hide 2564 */ 2565 public boolean removeUserEvenWhenDisallowed(@UserIdInt int userHandle) { 2566 try { 2567 return mService.removeUserEvenWhenDisallowed(userHandle); 2568 } catch (RemoteException re) { 2569 throw re.rethrowFromSystemServer(); 2570 } 2571 } 2572 2573 /** 2574 * Updates the user's name. 2575 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2576 * 2577 * @param userHandle the user's integer handle 2578 * @param name the new name for the user 2579 * @hide 2580 */ 2581 public void setUserName(@UserIdInt int userHandle, String name) { 2582 try { 2583 mService.setUserName(userHandle, name); 2584 } catch (RemoteException re) { 2585 throw re.rethrowFromSystemServer(); 2586 } 2587 } 2588 2589 /** 2590 * Sets the user's photo. 2591 * @param userHandle the user for whom to change the photo. 2592 * @param icon the bitmap to set as the photo. 2593 * @hide 2594 */ 2595 public void setUserIcon(@UserIdInt int userHandle, Bitmap icon) { 2596 try { 2597 mService.setUserIcon(userHandle, icon); 2598 } catch (RemoteException re) { 2599 throw re.rethrowFromSystemServer(); 2600 } 2601 } 2602 2603 /** 2604 * Returns a file descriptor for the user's photo. PNG data can be read from this file. 2605 * @param userHandle the user whose photo we want to read. 2606 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 2607 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 2608 * @hide 2609 */ 2610 public Bitmap getUserIcon(@UserIdInt int userHandle) { 2611 try { 2612 ParcelFileDescriptor fd = mService.getUserIcon(userHandle); 2613 if (fd != null) { 2614 try { 2615 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor()); 2616 } finally { 2617 try { 2618 fd.close(); 2619 } catch (IOException e) { 2620 } 2621 } 2622 } 2623 } catch (RemoteException re) { 2624 throw re.rethrowFromSystemServer(); 2625 } 2626 return null; 2627 } 2628 2629 /** 2630 * Returns the maximum number of users that can be created on this device. A return value 2631 * of 1 means that it is a single user device. 2632 * @hide 2633 * @return a value greater than or equal to 1 2634 */ 2635 public static int getMaxSupportedUsers() { 2636 // Don't allow multiple users on certain builds 2637 if (android.os.Build.ID.startsWith("JVP")) return 1; 2638 if (ActivityManager.isLowRamDeviceStatic()) { 2639 // Low-ram devices are Svelte. Most of the time they don't get multi-user. 2640 if ((Resources.getSystem().getConfiguration().uiMode & Configuration.UI_MODE_TYPE_MASK) 2641 != Configuration.UI_MODE_TYPE_TELEVISION) { 2642 return 1; 2643 } 2644 } 2645 return SystemProperties.getInt("fw.max_users", 2646 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 2647 } 2648 2649 /** 2650 * Returns true if the user switcher should be shown, this will be if device supports multi-user 2651 * and there are at least 2 users available that are not managed profiles. 2652 * @hide 2653 * @return true if user switcher should be shown. 2654 */ 2655 public boolean isUserSwitcherEnabled() { 2656 if (!supportsMultipleUsers()) { 2657 return false; 2658 } 2659 if (hasUserRestriction(DISALLOW_USER_SWITCH)) { 2660 return false; 2661 } 2662 // If Demo Mode is on, don't show user switcher 2663 if (isDeviceInDemoMode(mContext)) { 2664 return false; 2665 } 2666 List<UserInfo> users = getUsers(true); 2667 if (users == null) { 2668 return false; 2669 } 2670 int switchableUserCount = 0; 2671 for (UserInfo user : users) { 2672 if (user.supportsSwitchToByUser()) { 2673 ++switchableUserCount; 2674 } 2675 } 2676 final boolean guestEnabled = !mContext.getSystemService(DevicePolicyManager.class) 2677 .getGuestUserDisabled(null); 2678 return switchableUserCount > 1 || guestEnabled; 2679 } 2680 2681 /** 2682 * @hide 2683 */ 2684 public static boolean isDeviceInDemoMode(Context context) { 2685 return Settings.Global.getInt(context.getContentResolver(), 2686 Settings.Global.DEVICE_DEMO_MODE, 0) > 0; 2687 } 2688 2689 /** 2690 * Returns a serial number on this device for a given userHandle. User handles can be recycled 2691 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 2692 * @param userHandle 2693 * @return a serial number associated with that user, or -1 if the userHandle is not valid. 2694 * @hide 2695 */ 2696 public int getUserSerialNumber(@UserIdInt int userHandle) { 2697 try { 2698 return mService.getUserSerialNumber(userHandle); 2699 } catch (RemoteException re) { 2700 throw re.rethrowFromSystemServer(); 2701 } 2702 } 2703 2704 /** 2705 * Returns a userHandle on this device for a given user serial number. User handles can be 2706 * recycled when deleting and creating users, but serial numbers are not reused until the device 2707 * is wiped. 2708 * @param userSerialNumber 2709 * @return the userHandle associated with that user serial number, or -1 if the serial number 2710 * is not valid. 2711 * @hide 2712 */ 2713 public @UserIdInt int getUserHandle(int userSerialNumber) { 2714 try { 2715 return mService.getUserHandle(userSerialNumber); 2716 } catch (RemoteException re) { 2717 throw re.rethrowFromSystemServer(); 2718 } 2719 } 2720 2721 /** 2722 * Returns a {@link Bundle} containing any saved application restrictions for this user, for the 2723 * given package name. Only an application with this package name can call this method. 2724 * 2725 * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application, 2726 * where the types of values may be: 2727 * <ul> 2728 * <li>{@code boolean} 2729 * <li>{@code int} 2730 * <li>{@code String} or {@code String[]} 2731 * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]} 2732 * </ul> 2733 * 2734 * <p>NOTE: The method performs disk I/O and shouldn't be called on the main thread 2735 * 2736 * @param packageName the package name of the calling application 2737 * @return a {@link Bundle} with the restrictions for that package, or an empty {@link Bundle} 2738 * if there are no saved restrictions. 2739 * 2740 * @see #KEY_RESTRICTIONS_PENDING 2741 */ 2742 @WorkerThread 2743 public Bundle getApplicationRestrictions(String packageName) { 2744 try { 2745 return mService.getApplicationRestrictions(packageName); 2746 } catch (RemoteException re) { 2747 throw re.rethrowFromSystemServer(); 2748 } 2749 } 2750 2751 /** 2752 * @hide 2753 */ 2754 @WorkerThread 2755 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 2756 try { 2757 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 2758 } catch (RemoteException re) { 2759 throw re.rethrowFromSystemServer(); 2760 } 2761 } 2762 2763 /** 2764 * @hide 2765 */ 2766 @WorkerThread 2767 public void setApplicationRestrictions(String packageName, Bundle restrictions, 2768 UserHandle user) { 2769 try { 2770 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 2771 } catch (RemoteException re) { 2772 throw re.rethrowFromSystemServer(); 2773 } 2774 } 2775 2776 /** 2777 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed 2778 * apps and requires the MANAGE_USERS permission. 2779 * @param newPin the PIN to use for challenge dialogs. 2780 * @return Returns true if the challenge PIN was set successfully. 2781 * @deprecated The restrictions PIN functionality is no longer provided by the system. 2782 * This method is preserved for backwards compatibility reasons and always returns false. 2783 */ 2784 @Deprecated 2785 public boolean setRestrictionsChallenge(String newPin) { 2786 return false; 2787 } 2788 2789 /** 2790 * @hide 2791 * Set restrictions that should apply to any future guest user that's created. 2792 */ 2793 public void setDefaultGuestRestrictions(Bundle restrictions) { 2794 try { 2795 mService.setDefaultGuestRestrictions(restrictions); 2796 } catch (RemoteException re) { 2797 throw re.rethrowFromSystemServer(); 2798 } 2799 } 2800 2801 /** 2802 * @hide 2803 * Gets the default guest restrictions. 2804 */ 2805 public Bundle getDefaultGuestRestrictions() { 2806 try { 2807 return mService.getDefaultGuestRestrictions(); 2808 } catch (RemoteException re) { 2809 throw re.rethrowFromSystemServer(); 2810 } 2811 } 2812 2813 /** 2814 * Returns creation time of the user or of a managed profile associated with the calling user. 2815 * @param userHandle user handle of the user or a managed profile associated with the 2816 * calling user. 2817 * @return creation time in milliseconds since Epoch time. 2818 */ 2819 public long getUserCreationTime(UserHandle userHandle) { 2820 try { 2821 return mService.getUserCreationTime(userHandle.getIdentifier()); 2822 } catch (RemoteException re) { 2823 throw re.rethrowFromSystemServer(); 2824 } 2825 } 2826 2827 /** 2828 * @hide 2829 * Checks if any uninitialized user has the specific seed account name and type. 2830 * 2831 * @param accountName The account name to check for 2832 * @param accountType The account type of the account to check for 2833 * @return whether the seed account was found 2834 */ 2835 public boolean someUserHasSeedAccount(String accountName, String accountType) { 2836 try { 2837 return mService.someUserHasSeedAccount(accountName, accountType); 2838 } catch (RemoteException re) { 2839 throw re.rethrowFromSystemServer(); 2840 } 2841 } 2842 2843 /** 2844 * @hide 2845 * User that enforces a restriction. 2846 * 2847 * @see #getUserRestrictionSources(String, UserHandle) 2848 */ 2849 @SystemApi 2850 public static final class EnforcingUser implements Parcelable { 2851 private final @UserIdInt int userId; 2852 private final @UserRestrictionSource int userRestrictionSource; 2853 2854 /** 2855 * @hide 2856 */ 2857 public EnforcingUser( 2858 @UserIdInt int userId, @UserRestrictionSource int userRestrictionSource) { 2859 this.userId = userId; 2860 this.userRestrictionSource = userRestrictionSource; 2861 } 2862 2863 private EnforcingUser(Parcel in) { 2864 userId = in.readInt(); 2865 userRestrictionSource = in.readInt(); 2866 } 2867 2868 public static final Creator<EnforcingUser> CREATOR = new Creator<EnforcingUser>() { 2869 @Override 2870 public EnforcingUser createFromParcel(Parcel in) { 2871 return new EnforcingUser(in); 2872 } 2873 2874 @Override 2875 public EnforcingUser[] newArray(int size) { 2876 return new EnforcingUser[size]; 2877 } 2878 }; 2879 2880 @Override 2881 public int describeContents() { 2882 return 0; 2883 } 2884 2885 @Override 2886 public void writeToParcel(Parcel dest, int flags) { 2887 dest.writeInt(userId); 2888 dest.writeInt(userRestrictionSource); 2889 } 2890 2891 /** 2892 * Returns an id of the enforcing user. 2893 * 2894 * <p> Will be UserHandle.USER_NULL when restriction is set by the system. 2895 */ 2896 public UserHandle getUserHandle() { 2897 return UserHandle.of(userId); 2898 } 2899 2900 /** 2901 * Returns the status of the enforcing user. 2902 * 2903 * <p> One of {@link #RESTRICTION_SOURCE_SYSTEM}, 2904 * {@link #RESTRICTION_SOURCE_DEVICE_OWNER} and 2905 * {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 2906 */ 2907 public @UserRestrictionSource int getUserRestrictionSource() { 2908 return userRestrictionSource; 2909 } 2910 } 2911} 2912