UserManagerService.java revision 88220560a49b5f3504576f913ef66703b5855869
1/*
2 * Copyright (C) 2011 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm;
18
19import static android.content.Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS;
20import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK;
21
22import android.Manifest;
23import android.annotation.NonNull;
24import android.annotation.Nullable;
25import android.annotation.UserIdInt;
26import android.app.Activity;
27import android.app.ActivityManager;
28import android.app.ActivityManagerInternal;
29import android.app.ActivityManagerNative;
30import android.app.AppGlobals;
31import android.app.IActivityManager;
32import android.app.IStopUserCallback;
33import android.app.KeyguardManager;
34import android.app.PendingIntent;
35import android.content.BroadcastReceiver;
36import android.content.Context;
37import android.content.Intent;
38import android.content.IntentFilter;
39import android.content.IntentSender;
40import android.content.pm.PackageManager;
41import android.content.pm.PackageManager.NameNotFoundException;
42import android.content.pm.UserInfo;
43import android.content.res.Resources;
44import android.graphics.Bitmap;
45import android.os.Binder;
46import android.os.Build;
47import android.os.Bundle;
48import android.os.Debug;
49import android.os.Environment;
50import android.os.FileUtils;
51import android.os.Handler;
52import android.os.IBinder;
53import android.os.IUserManager;
54import android.os.Message;
55import android.os.ParcelFileDescriptor;
56import android.os.Parcelable;
57import android.os.PersistableBundle;
58import android.os.Process;
59import android.os.RemoteException;
60import android.os.ResultReceiver;
61import android.os.SELinux;
62import android.os.ServiceManager;
63import android.os.ShellCallback;
64import android.os.ShellCommand;
65import android.os.SystemProperties;
66import android.os.UserHandle;
67import android.os.UserManager;
68import android.os.UserManager.EnforcingUser;
69import android.os.UserManagerInternal;
70import android.os.UserManagerInternal.UserRestrictionsListener;
71import android.os.storage.StorageManager;
72import android.security.GateKeeper;
73import android.service.gatekeeper.IGateKeeperService;
74import android.system.ErrnoException;
75import android.system.Os;
76import android.system.OsConstants;
77import android.text.TextUtils;
78import android.util.AtomicFile;
79import android.util.IntArray;
80import android.util.Log;
81import android.util.Slog;
82import android.util.SparseArray;
83import android.util.SparseBooleanArray;
84import android.util.SparseIntArray;
85import android.util.TimeUtils;
86import android.util.Xml;
87
88import com.android.internal.annotations.GuardedBy;
89import com.android.internal.annotations.VisibleForTesting;
90import com.android.internal.app.IAppOpsService;
91import com.android.internal.logging.MetricsLogger;
92import com.android.internal.util.DumpUtils;
93import com.android.internal.util.FastXmlSerializer;
94import com.android.internal.util.Preconditions;
95import com.android.internal.util.XmlUtils;
96import com.android.internal.widget.LockPatternUtils;
97import com.android.server.LocalServices;
98import com.android.server.LockGuard;
99import com.android.server.SystemService;
100import com.android.server.am.UserState;
101import com.android.server.storage.DeviceStorageMonitorInternal;
102
103import libcore.io.IoUtils;
104import libcore.util.Objects;
105
106import org.xmlpull.v1.XmlPullParser;
107import org.xmlpull.v1.XmlPullParserException;
108import org.xmlpull.v1.XmlSerializer;
109
110import java.io.BufferedOutputStream;
111import java.io.File;
112import java.io.FileDescriptor;
113import java.io.FileInputStream;
114import java.io.FileNotFoundException;
115import java.io.FileOutputStream;
116import java.io.InputStream;
117import java.io.OutputStream;
118import java.io.IOException;
119import java.io.PrintWriter;
120import java.nio.charset.StandardCharsets;
121import java.util.ArrayList;
122import java.util.Collections;
123import java.util.LinkedList;
124import java.util.List;
125
126/**
127 * Service for {@link UserManager}.
128 *
129 * Method naming convention:
130 * <ul>
131 * <li> Methods suffixed with "LP" should be called within the {@link #mPackagesLock} lock.
132 * <li> Methods suffixed with "LR" should be called within the {@link #mRestrictionsLock} lock.
133 * <li> Methods suffixed with "LU" should be called within the {@link #mUsersLock} lock.
134 * </ul>
135 */
136public class UserManagerService extends IUserManager.Stub {
137
138    private static final String LOG_TAG = "UserManagerService";
139    static final boolean DBG = false; // DO NOT SUBMIT WITH TRUE
140    private static final boolean DBG_WITH_STACKTRACE = false; // DO NOT SUBMIT WITH TRUE
141    // Can be used for manual testing of id recycling
142    private static final boolean RELEASE_DELETED_USER_ID = false; // DO NOT SUBMIT WITH TRUE
143
144    private static final String TAG_NAME = "name";
145    private static final String TAG_ACCOUNT = "account";
146    private static final String ATTR_FLAGS = "flags";
147    private static final String ATTR_ICON_PATH = "icon";
148    private static final String ATTR_ID = "id";
149    private static final String ATTR_CREATION_TIME = "created";
150    private static final String ATTR_LAST_LOGGED_IN_TIME = "lastLoggedIn";
151    private static final String ATTR_LAST_LOGGED_IN_FINGERPRINT = "lastLoggedInFingerprint";
152    private static final String ATTR_SERIAL_NO = "serialNumber";
153    private static final String ATTR_NEXT_SERIAL_NO = "nextSerialNumber";
154    private static final String ATTR_PARTIAL = "partial";
155    private static final String ATTR_GUEST_TO_REMOVE = "guestToRemove";
156    private static final String ATTR_USER_VERSION = "version";
157    private static final String ATTR_PROFILE_GROUP_ID = "profileGroupId";
158    private static final String ATTR_PROFILE_BADGE = "profileBadge";
159    private static final String ATTR_RESTRICTED_PROFILE_PARENT_ID = "restrictedProfileParentId";
160    private static final String ATTR_SEED_ACCOUNT_NAME = "seedAccountName";
161    private static final String ATTR_SEED_ACCOUNT_TYPE = "seedAccountType";
162    private static final String TAG_GUEST_RESTRICTIONS = "guestRestrictions";
163    private static final String TAG_USERS = "users";
164    private static final String TAG_USER = "user";
165    private static final String TAG_RESTRICTIONS = "restrictions";
166    private static final String TAG_DEVICE_POLICY_RESTRICTIONS = "device_policy_restrictions";
167    private static final String TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS =
168            "device_policy_global_restrictions";
169    /** Legacy name for device owner id tag. */
170    private static final String TAG_GLOBAL_RESTRICTION_OWNER_ID = "globalRestrictionOwnerUserId";
171    private static final String TAG_DEVICE_OWNER_USER_ID = "deviceOwnerUserId";
172    private static final String TAG_ENTRY = "entry";
173    private static final String TAG_VALUE = "value";
174    private static final String TAG_SEED_ACCOUNT_OPTIONS = "seedAccountOptions";
175    private static final String ATTR_KEY = "key";
176    private static final String ATTR_VALUE_TYPE = "type";
177    private static final String ATTR_MULTIPLE = "m";
178
179    private static final String ATTR_TYPE_STRING_ARRAY = "sa";
180    private static final String ATTR_TYPE_STRING = "s";
181    private static final String ATTR_TYPE_BOOLEAN = "b";
182    private static final String ATTR_TYPE_INTEGER = "i";
183    private static final String ATTR_TYPE_BUNDLE = "B";
184    private static final String ATTR_TYPE_BUNDLE_ARRAY = "BA";
185
186    private static final String USER_INFO_DIR = "system" + File.separator + "users";
187    private static final String USER_LIST_FILENAME = "userlist.xml";
188    private static final String USER_PHOTO_FILENAME = "photo.png";
189    private static final String USER_PHOTO_FILENAME_TMP = USER_PHOTO_FILENAME + ".tmp";
190
191    private static final String RESTRICTIONS_FILE_PREFIX = "res_";
192    private static final String XML_SUFFIX = ".xml";
193
194    private static final int ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION =
195            UserInfo.FLAG_MANAGED_PROFILE
196            | UserInfo.FLAG_EPHEMERAL
197            | UserInfo.FLAG_RESTRICTED
198            | UserInfo.FLAG_GUEST
199            | UserInfo.FLAG_DEMO;
200
201    @VisibleForTesting
202    static final int MIN_USER_ID = 10;
203    // We need to keep process uid within Integer.MAX_VALUE.
204    @VisibleForTesting
205    static final int MAX_USER_ID = Integer.MAX_VALUE / UserHandle.PER_USER_RANGE;
206
207    // Max size of the queue of recently removed users
208    @VisibleForTesting
209    static final int MAX_RECENTLY_REMOVED_IDS_SIZE = 100;
210
211    private static final int USER_VERSION = 7;
212
213    private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
214
215    // Maximum number of managed profiles permitted per user is 1. This cannot be increased
216    // without first making sure that the rest of the framework is prepared for it.
217    @VisibleForTesting
218    static final int MAX_MANAGED_PROFILES = 1;
219
220    static final int WRITE_USER_MSG = 1;
221    static final int WRITE_USER_DELAY = 2*1000;  // 2 seconds
222
223    // Tron counters
224    private static final String TRON_GUEST_CREATED = "users_guest_created";
225    private static final String TRON_USER_CREATED = "users_user_created";
226    private static final String TRON_DEMO_CREATED = "users_demo_created";
227
228    private final Context mContext;
229    private final PackageManagerService mPm;
230    private final Object mPackagesLock;
231    private final UserDataPreparer mUserDataPreparer;
232    // Short-term lock for internal state, when interaction/sync with PM is not required
233    private final Object mUsersLock = LockGuard.installNewLock(LockGuard.INDEX_USER);
234    private final Object mRestrictionsLock = new Object();
235
236    private final Handler mHandler;
237
238    private final File mUsersDir;
239    private final File mUserListFile;
240
241    private static final IBinder mUserRestriconToken = new Binder();
242
243    /**
244     * User-related information that is used for persisting to flash. Only UserInfo is
245     * directly exposed to other system apps.
246     */
247    @VisibleForTesting
248    static class UserData {
249        // Basic user information and properties
250        UserInfo info;
251        // Account name used when there is a strong association between a user and an account
252        String account;
253        // Account information for seeding into a newly created user. This could also be
254        // used for login validation for an existing user, for updating their credentials.
255        // In the latter case, data may not need to be persisted as it is only valid for the
256        // current login session.
257        String seedAccountName;
258        String seedAccountType;
259        PersistableBundle seedAccountOptions;
260        // Whether to perist the seed account information to be available after a boot
261        boolean persistSeedData;
262
263        void clearSeedAccountData() {
264            seedAccountName = null;
265            seedAccountType = null;
266            seedAccountOptions = null;
267            persistSeedData = false;
268        }
269    }
270
271    @GuardedBy("mUsersLock")
272    private final SparseArray<UserData> mUsers = new SparseArray<>();
273
274    /**
275     * User restrictions set via UserManager.  This doesn't include restrictions set by
276     * device owner / profile owners. Only non-empty restriction bundles are stored.
277     *
278     * DO NOT Change existing {@link Bundle} in it.  When changing a restriction for a user,
279     * a new {@link Bundle} should always be created and set.  This is because a {@link Bundle}
280     * maybe shared between {@link #mBaseUserRestrictions} and
281     * {@link #mCachedEffectiveUserRestrictions}, but they should always updated separately.
282     * (Otherwise we won't be able to detect what restrictions have changed in
283     * {@link #updateUserRestrictionsInternalLR}.
284     */
285    @GuardedBy("mRestrictionsLock")
286    private final SparseArray<Bundle> mBaseUserRestrictions = new SparseArray<>();
287
288    /**
289     * Cached user restrictions that are in effect -- i.e. {@link #mBaseUserRestrictions} combined
290     * with device / profile owner restrictions.  We'll initialize it lazily; use
291     * {@link #getEffectiveUserRestrictions} to access it.
292     *
293     * DO NOT Change existing {@link Bundle} in it.  When changing a restriction for a user,
294     * a new {@link Bundle} should always be created and set.  This is because a {@link Bundle}
295     * maybe shared between {@link #mBaseUserRestrictions} and
296     * {@link #mCachedEffectiveUserRestrictions}, but they should always updated separately.
297     * (Otherwise we won't be able to detect what restrictions have changed in
298     * {@link #updateUserRestrictionsInternalLR}.
299     */
300    @GuardedBy("mRestrictionsLock")
301    private final SparseArray<Bundle> mCachedEffectiveUserRestrictions = new SparseArray<>();
302
303    /**
304     * User restrictions that have already been applied in
305     * {@link #updateUserRestrictionsInternalLR(Bundle, int)}.  We use it to detect restrictions
306     * that have changed since the last
307     * {@link #updateUserRestrictionsInternalLR(Bundle, int)} call.
308     */
309    @GuardedBy("mRestrictionsLock")
310    private final SparseArray<Bundle> mAppliedUserRestrictions = new SparseArray<>();
311
312    /**
313     * User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService}
314     * that should be applied to all users, including guests. Only non-empty restriction bundles are
315     * stored.
316     */
317    @GuardedBy("mRestrictionsLock")
318    private final SparseArray<Bundle> mDevicePolicyGlobalUserRestrictions = new SparseArray<>();
319
320    /**
321     * Id of the user that set global restrictions.
322     */
323    @GuardedBy("mRestrictionsLock")
324    private int mDeviceOwnerUserId = UserHandle.USER_NULL;
325
326    /**
327     * User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService}
328     * for each user. Only non-empty restriction bundles are stored.
329     */
330    @GuardedBy("mRestrictionsLock")
331    private final SparseArray<Bundle> mDevicePolicyLocalUserRestrictions = new SparseArray<>();
332
333    @GuardedBy("mGuestRestrictions")
334    private final Bundle mGuestRestrictions = new Bundle();
335
336    /**
337     * Set of user IDs being actively removed. Removed IDs linger in this set
338     * for several seconds to work around a VFS caching issue.
339     * Use {@link #addRemovingUserIdLocked(int)} to add elements to this array
340     */
341    @GuardedBy("mUsersLock")
342    private final SparseBooleanArray mRemovingUserIds = new SparseBooleanArray();
343
344    /**
345     * Queue of recently removed userIds. Used for recycling of userIds
346     */
347    @GuardedBy("mUsersLock")
348    private final LinkedList<Integer> mRecentlyRemovedIds = new LinkedList<>();
349
350    @GuardedBy("mUsersLock")
351    private int[] mUserIds;
352    @GuardedBy("mPackagesLock")
353    private int mNextSerialNumber;
354    private int mUserVersion = 0;
355
356    private IAppOpsService mAppOpsService;
357
358    private final LocalService mLocalService;
359
360    @GuardedBy("mUsersLock")
361    private boolean mIsDeviceManaged;
362
363    @GuardedBy("mUsersLock")
364    private final SparseBooleanArray mIsUserManaged = new SparseBooleanArray();
365
366    @GuardedBy("mUserRestrictionsListeners")
367    private final ArrayList<UserRestrictionsListener> mUserRestrictionsListeners =
368            new ArrayList<>();
369
370    private final LockPatternUtils mLockPatternUtils;
371
372    private final String ACTION_DISABLE_QUIET_MODE_AFTER_UNLOCK =
373            "com.android.server.pm.DISABLE_QUIET_MODE_AFTER_UNLOCK";
374
375    private final BroadcastReceiver mDisableQuietModeCallback = new BroadcastReceiver() {
376        @Override
377        public void onReceive(Context context, Intent intent) {
378            if (ACTION_DISABLE_QUIET_MODE_AFTER_UNLOCK.equals(intent.getAction())) {
379                final IntentSender target = intent.getParcelableExtra(Intent.EXTRA_INTENT);
380                final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_ID, 0);
381                setQuietModeEnabled(userHandle, false);
382                if (target != null) {
383                    try {
384                        mContext.startIntentSender(target, null, 0, 0, 0);
385                    } catch (IntentSender.SendIntentException e) {
386                        /* ignore */
387                    }
388                }
389            }
390        }
391    };
392
393    /**
394     * Whether all users should be created ephemeral.
395     */
396    @GuardedBy("mUsersLock")
397    private boolean mForceEphemeralUsers;
398
399    @GuardedBy("mUserStates")
400    private final SparseIntArray mUserStates = new SparseIntArray();
401
402    private static UserManagerService sInstance;
403
404    public static UserManagerService getInstance() {
405        synchronized (UserManagerService.class) {
406            return sInstance;
407        }
408    }
409
410    public static class LifeCycle extends SystemService {
411
412        private UserManagerService mUms;
413
414        /**
415         * @param context
416         */
417        public LifeCycle(Context context) {
418            super(context);
419        }
420
421        @Override
422        public void onStart() {
423            mUms = UserManagerService.getInstance();
424            publishBinderService(Context.USER_SERVICE, mUms);
425        }
426
427        @Override
428        public void onBootPhase(int phase) {
429            if (phase == SystemService.PHASE_ACTIVITY_MANAGER_READY) {
430                mUms.cleanupPartialUsers();
431            }
432        }
433    }
434
435    // TODO b/28848102 Add support for test dependencies injection
436    @VisibleForTesting
437    UserManagerService(Context context) {
438        this(context, null, null, new Object(), context.getCacheDir());
439    }
440
441    /**
442     * Called by package manager to create the service.  This is closely
443     * associated with the package manager, and the given lock is the
444     * package manager's own lock.
445     */
446    UserManagerService(Context context, PackageManagerService pm, UserDataPreparer userDataPreparer,
447            Object packagesLock) {
448        this(context, pm, userDataPreparer, packagesLock, Environment.getDataDirectory());
449    }
450
451    private UserManagerService(Context context, PackageManagerService pm,
452            UserDataPreparer userDataPreparer, Object packagesLock, File dataDir) {
453        mContext = context;
454        mPm = pm;
455        mPackagesLock = packagesLock;
456        mHandler = new MainHandler();
457        mUserDataPreparer = userDataPreparer;
458        synchronized (mPackagesLock) {
459            mUsersDir = new File(dataDir, USER_INFO_DIR);
460            mUsersDir.mkdirs();
461            // Make zeroth user directory, for services to migrate their files to that location
462            File userZeroDir = new File(mUsersDir, String.valueOf(UserHandle.USER_SYSTEM));
463            userZeroDir.mkdirs();
464            FileUtils.setPermissions(mUsersDir.toString(),
465                    FileUtils.S_IRWXU | FileUtils.S_IRWXG | FileUtils.S_IROTH | FileUtils.S_IXOTH,
466                    -1, -1);
467            mUserListFile = new File(mUsersDir, USER_LIST_FILENAME);
468            initDefaultGuestRestrictions();
469            readUserListLP();
470            sInstance = this;
471        }
472        mLocalService = new LocalService();
473        LocalServices.addService(UserManagerInternal.class, mLocalService);
474        mLockPatternUtils = new LockPatternUtils(mContext);
475        mUserStates.put(UserHandle.USER_SYSTEM, UserState.STATE_BOOTING);
476    }
477
478    void systemReady() {
479        mAppOpsService = IAppOpsService.Stub.asInterface(
480                ServiceManager.getService(Context.APP_OPS_SERVICE));
481
482        synchronized (mRestrictionsLock) {
483            applyUserRestrictionsLR(UserHandle.USER_SYSTEM);
484        }
485
486        UserInfo currentGuestUser = findCurrentGuestUser();
487        if (currentGuestUser != null && !hasUserRestriction(
488                UserManager.DISALLOW_CONFIG_WIFI, currentGuestUser.id)) {
489            // If a guest user currently exists, apply the DISALLOW_CONFIG_WIFI option
490            // to it, in case this guest was created in a previous version where this
491            // user restriction was not a default guest restriction.
492            setUserRestriction(UserManager.DISALLOW_CONFIG_WIFI, true, currentGuestUser.id);
493        }
494
495        mContext.registerReceiver(mDisableQuietModeCallback,
496                new IntentFilter(ACTION_DISABLE_QUIET_MODE_AFTER_UNLOCK),
497                null, mHandler);
498    }
499
500    void cleanupPartialUsers() {
501        // Prune out any partially created, partially removed and ephemeral users.
502        ArrayList<UserInfo> partials = new ArrayList<>();
503        synchronized (mUsersLock) {
504            final int userSize = mUsers.size();
505            for (int i = 0; i < userSize; i++) {
506                UserInfo ui = mUsers.valueAt(i).info;
507                if ((ui.partial || ui.guestToRemove || ui.isEphemeral()) && i != 0) {
508                    partials.add(ui);
509                    addRemovingUserIdLocked(ui.id);
510                    ui.partial = true;
511                }
512            }
513        }
514        final int partialsSize = partials.size();
515        for (int i = 0; i < partialsSize; i++) {
516            UserInfo ui = partials.get(i);
517            Slog.w(LOG_TAG, "Removing partially created user " + ui.id
518                    + " (name=" + ui.name + ")");
519            removeUserState(ui.id);
520        }
521    }
522
523    @Override
524    public String getUserAccount(int userId) {
525        checkManageUserAndAcrossUsersFullPermission("get user account");
526        synchronized (mUsersLock) {
527            return mUsers.get(userId).account;
528        }
529    }
530
531    @Override
532    public void setUserAccount(int userId, String accountName) {
533        checkManageUserAndAcrossUsersFullPermission("set user account");
534        UserData userToUpdate = null;
535        synchronized (mPackagesLock) {
536            synchronized (mUsersLock) {
537                final UserData userData = mUsers.get(userId);
538                if (userData == null) {
539                    Slog.e(LOG_TAG, "User not found for setting user account: u" + userId);
540                    return;
541                }
542                String currentAccount = userData.account;
543                if (!Objects.equal(currentAccount, accountName)) {
544                    userData.account = accountName;
545                    userToUpdate = userData;
546                }
547            }
548
549            if (userToUpdate != null) {
550                writeUserLP(userToUpdate);
551            }
552        }
553    }
554
555    @Override
556    public UserInfo getPrimaryUser() {
557        checkManageUsersPermission("query users");
558        synchronized (mUsersLock) {
559            final int userSize = mUsers.size();
560            for (int i = 0; i < userSize; i++) {
561                UserInfo ui = mUsers.valueAt(i).info;
562                if (ui.isPrimary() && !mRemovingUserIds.get(ui.id)) {
563                    return ui;
564                }
565            }
566        }
567        return null;
568    }
569
570    @Override
571    public @NonNull List<UserInfo> getUsers(boolean excludeDying) {
572        checkManageOrCreateUsersPermission("query users");
573        synchronized (mUsersLock) {
574            ArrayList<UserInfo> users = new ArrayList<UserInfo>(mUsers.size());
575            final int userSize = mUsers.size();
576            for (int i = 0; i < userSize; i++) {
577                UserInfo ui = mUsers.valueAt(i).info;
578                if (ui.partial) {
579                    continue;
580                }
581                if (!excludeDying || !mRemovingUserIds.get(ui.id)) {
582                    users.add(userWithName(ui));
583                }
584            }
585            return users;
586        }
587    }
588
589    @Override
590    public List<UserInfo> getProfiles(int userId, boolean enabledOnly) {
591        boolean returnFullInfo = true;
592        if (userId != UserHandle.getCallingUserId()) {
593            checkManageOrCreateUsersPermission("getting profiles related to user " + userId);
594        } else {
595            returnFullInfo = hasManageUsersPermission();
596        }
597        final long ident = Binder.clearCallingIdentity();
598        try {
599            synchronized (mUsersLock) {
600                return getProfilesLU(userId, enabledOnly, returnFullInfo);
601            }
602        } finally {
603            Binder.restoreCallingIdentity(ident);
604        }
605    }
606
607    @Override
608    public int[] getProfileIds(int userId, boolean enabledOnly) {
609        if (userId != UserHandle.getCallingUserId()) {
610            checkManageOrCreateUsersPermission("getting profiles related to user " + userId);
611        }
612        final long ident = Binder.clearCallingIdentity();
613        try {
614            synchronized (mUsersLock) {
615                return getProfileIdsLU(userId, enabledOnly).toArray();
616            }
617        } finally {
618            Binder.restoreCallingIdentity(ident);
619        }
620    }
621
622    /** Assume permissions already checked and caller's identity cleared */
623    private List<UserInfo> getProfilesLU(int userId, boolean enabledOnly, boolean fullInfo) {
624        IntArray profileIds = getProfileIdsLU(userId, enabledOnly);
625        ArrayList<UserInfo> users = new ArrayList<>(profileIds.size());
626        for (int i = 0; i < profileIds.size(); i++) {
627            int profileId = profileIds.get(i);
628            UserInfo userInfo = mUsers.get(profileId).info;
629            // If full info is not required - clear PII data to prevent 3P apps from reading it
630            if (!fullInfo) {
631                userInfo = new UserInfo(userInfo);
632                userInfo.name = null;
633                userInfo.iconPath = null;
634            } else {
635                userInfo = userWithName(userInfo);
636            }
637            users.add(userInfo);
638        }
639        return users;
640    }
641
642    /**
643     *  Assume permissions already checked and caller's identity cleared
644     */
645    private IntArray getProfileIdsLU(int userId, boolean enabledOnly) {
646        UserInfo user = getUserInfoLU(userId);
647        IntArray result = new IntArray(mUsers.size());
648        if (user == null) {
649            // Probably a dying user
650            return result;
651        }
652        final int userSize = mUsers.size();
653        for (int i = 0; i < userSize; i++) {
654            UserInfo profile = mUsers.valueAt(i).info;
655            if (!isProfileOf(user, profile)) {
656                continue;
657            }
658            if (enabledOnly && !profile.isEnabled()) {
659                continue;
660            }
661            if (mRemovingUserIds.get(profile.id)) {
662                continue;
663            }
664            if (profile.partial) {
665                continue;
666            }
667            result.add(profile.id);
668        }
669        return result;
670    }
671
672    @Override
673    public int getCredentialOwnerProfile(int userHandle) {
674        checkManageUsersPermission("get the credential owner");
675        if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle)) {
676            synchronized (mUsersLock) {
677                UserInfo profileParent = getProfileParentLU(userHandle);
678                if (profileParent != null) {
679                    return profileParent.id;
680                }
681            }
682        }
683
684        return userHandle;
685    }
686
687    @Override
688    public boolean isSameProfileGroup(int userId, int otherUserId) {
689        if (userId == otherUserId) return true;
690        checkManageUsersPermission("check if in the same profile group");
691        return isSameProfileGroupNoChecks(userId, otherUserId);
692    }
693
694    private boolean isSameProfileGroupNoChecks(int userId, int otherUserId) {
695        synchronized (mUsersLock) {
696            UserInfo userInfo = getUserInfoLU(userId);
697            if (userInfo == null || userInfo.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID) {
698                return false;
699            }
700            UserInfo otherUserInfo = getUserInfoLU(otherUserId);
701            if (otherUserInfo == null
702                    || otherUserInfo.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID) {
703                return false;
704            }
705            return userInfo.profileGroupId == otherUserInfo.profileGroupId;
706        }
707    }
708
709    @Override
710    public UserInfo getProfileParent(int userHandle) {
711        checkManageUsersPermission("get the profile parent");
712        synchronized (mUsersLock) {
713            return getProfileParentLU(userHandle);
714        }
715    }
716
717    private UserInfo getProfileParentLU(int userHandle) {
718        UserInfo profile = getUserInfoLU(userHandle);
719        if (profile == null) {
720            return null;
721        }
722        int parentUserId = profile.profileGroupId;
723        if (parentUserId == userHandle || parentUserId == UserInfo.NO_PROFILE_GROUP_ID) {
724            return null;
725        } else {
726            return getUserInfoLU(parentUserId);
727        }
728    }
729
730    private static boolean isProfileOf(UserInfo user, UserInfo profile) {
731        return user.id == profile.id ||
732                (user.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID
733                && user.profileGroupId == profile.profileGroupId);
734    }
735
736    private void broadcastProfileAvailabilityChanges(UserHandle profileHandle,
737            UserHandle parentHandle, boolean inQuietMode) {
738        Intent intent = new Intent();
739        if (inQuietMode) {
740            intent.setAction(Intent.ACTION_MANAGED_PROFILE_UNAVAILABLE);
741        } else {
742            intent.setAction(Intent.ACTION_MANAGED_PROFILE_AVAILABLE);
743        }
744        intent.putExtra(Intent.EXTRA_QUIET_MODE, inQuietMode);
745        intent.putExtra(Intent.EXTRA_USER, profileHandle);
746        intent.putExtra(Intent.EXTRA_USER_HANDLE, profileHandle.getIdentifier());
747        intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
748        mContext.sendBroadcastAsUser(intent, parentHandle);
749    }
750
751    @Override
752    public void setQuietModeEnabled(int userHandle, boolean enableQuietMode) {
753        checkManageUsersPermission("silence profile");
754        boolean changed = false;
755        UserInfo profile, parent;
756        synchronized (mPackagesLock) {
757            synchronized (mUsersLock) {
758                profile = getUserInfoLU(userHandle);
759                parent = getProfileParentLU(userHandle);
760
761            }
762            if (profile == null || !profile.isManagedProfile()) {
763                throw new IllegalArgumentException("User " + userHandle + " is not a profile");
764            }
765            if (profile.isQuietModeEnabled() != enableQuietMode) {
766                profile.flags ^= UserInfo.FLAG_QUIET_MODE;
767                writeUserLP(getUserDataLU(profile.id));
768                changed = true;
769            }
770        }
771        if (changed) {
772            long identity = Binder.clearCallingIdentity();
773            try {
774                if (enableQuietMode) {
775                    ActivityManager.getService().stopUser(userHandle, /* force */true, null);
776                    LocalServices.getService(ActivityManagerInternal.class)
777                            .killForegroundAppsForUser(userHandle);
778                } else {
779                    ActivityManager.getService().startUserInBackground(userHandle);
780                }
781            } catch (RemoteException e) {
782                Slog.e(LOG_TAG, "fail to start/stop user for quiet mode", e);
783            } finally {
784                Binder.restoreCallingIdentity(identity);
785            }
786
787            broadcastProfileAvailabilityChanges(profile.getUserHandle(), parent.getUserHandle(),
788                    enableQuietMode);
789        }
790    }
791
792    @Override
793    public boolean isQuietModeEnabled(int userHandle) {
794        synchronized (mPackagesLock) {
795            UserInfo info;
796            synchronized (mUsersLock) {
797                info = getUserInfoLU(userHandle);
798            }
799            if (info == null || !info.isManagedProfile()) {
800                return false;
801            }
802            return info.isQuietModeEnabled();
803        }
804    }
805
806    @Override
807    public boolean trySetQuietModeDisabled(int userHandle, IntentSender target) {
808        checkManageUsersPermission("silence profile");
809        if (StorageManager.isUserKeyUnlocked(userHandle)
810                || !mLockPatternUtils.isSecure(userHandle)) {
811            // if the user is already unlocked, no need to show a profile challenge
812            setQuietModeEnabled(userHandle, false);
813            return true;
814        }
815
816        long identity = Binder.clearCallingIdentity();
817        try {
818            // otherwise, we show a profile challenge to trigger decryption of the user
819            final KeyguardManager km = (KeyguardManager) mContext.getSystemService(
820                    Context.KEYGUARD_SERVICE);
821            // We should use userHandle not credentialOwnerUserId here, as even if it is unified
822            // lock, confirm screenlock page will know and show personal challenge, and unlock
823            // work profile when personal challenge is correct
824            final Intent unlockIntent = km.createConfirmDeviceCredentialIntent(null, null,
825                    userHandle);
826            if (unlockIntent == null) {
827                return false;
828            }
829            final Intent callBackIntent = new Intent(
830                    ACTION_DISABLE_QUIET_MODE_AFTER_UNLOCK);
831            if (target != null) {
832                callBackIntent.putExtra(Intent.EXTRA_INTENT, target);
833            }
834            callBackIntent.putExtra(Intent.EXTRA_USER_ID, userHandle);
835            callBackIntent.setPackage(mContext.getPackageName());
836            callBackIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
837            final PendingIntent pendingIntent = PendingIntent.getBroadcast(
838                    mContext,
839                    0,
840                    callBackIntent,
841                    PendingIntent.FLAG_CANCEL_CURRENT |
842                            PendingIntent.FLAG_ONE_SHOT |
843                            PendingIntent.FLAG_IMMUTABLE);
844            // After unlocking the challenge, it will disable quiet mode and run the original
845            // intentSender
846            unlockIntent.putExtra(Intent.EXTRA_INTENT, pendingIntent.getIntentSender());
847            unlockIntent.setFlags(FLAG_ACTIVITY_NEW_TASK | FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS);
848            mContext.startActivity(unlockIntent);
849        } finally {
850            Binder.restoreCallingIdentity(identity);
851        }
852        return false;
853    }
854
855    @Override
856    public void setUserEnabled(int userId) {
857        checkManageUsersPermission("enable user");
858        synchronized (mPackagesLock) {
859            UserInfo info;
860            synchronized (mUsersLock) {
861                info = getUserInfoLU(userId);
862            }
863            if (info != null && !info.isEnabled()) {
864                info.flags ^= UserInfo.FLAG_DISABLED;
865                writeUserLP(getUserDataLU(info.id));
866            }
867        }
868    }
869
870    /**
871     * Evicts a user's CE key by stopping and restarting the user.
872     *
873     * The key is evicted automatically by the user controller when the user has stopped.
874     */
875    @Override
876    public void evictCredentialEncryptionKey(@UserIdInt int userId) {
877        checkManageUsersPermission("evict CE key");
878        final IActivityManager am = ActivityManagerNative.getDefault();
879        final long identity = Binder.clearCallingIdentity();
880        try {
881            am.restartUserInBackground(userId);
882        } catch (RemoteException re) {
883            throw re.rethrowAsRuntimeException();
884        } finally {
885            Binder.restoreCallingIdentity(identity);
886        }
887    }
888
889    @Override
890    public UserInfo getUserInfo(int userId) {
891        checkManageOrCreateUsersPermission("query user");
892        synchronized (mUsersLock) {
893            return userWithName(getUserInfoLU(userId));
894        }
895    }
896
897    /**
898     * Returns a UserInfo object with the name filled in, for Owner, or the original
899     * if the name is already set.
900     */
901    private UserInfo userWithName(UserInfo orig) {
902        if (orig != null && orig.name == null && orig.id == UserHandle.USER_SYSTEM) {
903            UserInfo withName = new UserInfo(orig);
904            withName.name = getOwnerName();
905            return withName;
906        } else {
907            return orig;
908        }
909    }
910
911    @Override
912    public int getManagedProfileBadge(@UserIdInt int userId) {
913        int callingUserId = UserHandle.getCallingUserId();
914        if (callingUserId != userId && !hasManageUsersPermission()) {
915            if (!isSameProfileGroupNoChecks(callingUserId, userId)) {
916                throw new SecurityException(
917                        "You need MANAGE_USERS permission to: check if specified user a " +
918                        "managed profile outside your profile group");
919            }
920        }
921        synchronized (mUsersLock) {
922            UserInfo userInfo = getUserInfoLU(userId);
923            return userInfo != null ? userInfo.profileBadge : 0;
924        }
925    }
926
927    @Override
928    public boolean isManagedProfile(int userId) {
929        int callingUserId = UserHandle.getCallingUserId();
930        if (callingUserId != userId && !hasManageUsersPermission()) {
931            if (!isSameProfileGroupNoChecks(callingUserId, userId)) {
932                throw new SecurityException(
933                        "You need MANAGE_USERS permission to: check if specified user a " +
934                        "managed profile outside your profile group");
935            }
936        }
937        synchronized (mUsersLock) {
938            UserInfo userInfo = getUserInfoLU(userId);
939            return userInfo != null && userInfo.isManagedProfile();
940        }
941    }
942
943    @Override
944    public boolean isUserUnlockingOrUnlocked(int userId) {
945        checkManageOrInteractPermIfCallerInOtherProfileGroup(userId, "isUserUnlockingOrUnlocked");
946        return mLocalService.isUserUnlockingOrUnlocked(userId);
947    }
948
949    @Override
950    public boolean isUserUnlocked(int userId) {
951        checkManageOrInteractPermIfCallerInOtherProfileGroup(userId, "isUserUnlocked");
952        return mLocalService.isUserUnlockingOrUnlocked(userId);
953    }
954
955    @Override
956    public boolean isUserRunning(int userId) {
957        checkManageOrInteractPermIfCallerInOtherProfileGroup(userId, "isUserRunning");
958        return mLocalService.isUserRunning(userId);
959    }
960
961    private void checkManageOrInteractPermIfCallerInOtherProfileGroup(int userId, String name) {
962        int callingUserId = UserHandle.getCallingUserId();
963        if (callingUserId == userId || isSameProfileGroupNoChecks(callingUserId, userId) ||
964                hasManageUsersPermission()) {
965            return;
966        }
967        if (ActivityManager.checkComponentPermission(Manifest.permission.INTERACT_ACROSS_USERS,
968                Binder.getCallingUid(), -1, true) != PackageManager.PERMISSION_GRANTED) {
969            throw new SecurityException("You need INTERACT_ACROSS_USERS or MANAGE_USERS permission "
970                    + "to: check " + name);
971        }
972    }
973
974    @Override
975    public boolean isDemoUser(int userId) {
976        int callingUserId = UserHandle.getCallingUserId();
977        if (callingUserId != userId && !hasManageUsersPermission()) {
978            throw new SecurityException("You need MANAGE_USERS permission to query if u=" + userId
979                    + " is a demo user");
980        }
981        synchronized (mUsersLock) {
982            UserInfo userInfo = getUserInfoLU(userId);
983            return userInfo != null && userInfo.isDemo();
984        }
985    }
986
987    @Override
988    public boolean isRestricted() {
989        synchronized (mUsersLock) {
990            return getUserInfoLU(UserHandle.getCallingUserId()).isRestricted();
991        }
992    }
993
994    @Override
995    public boolean canHaveRestrictedProfile(int userId) {
996        checkManageUsersPermission("canHaveRestrictedProfile");
997        synchronized (mUsersLock) {
998            final UserInfo userInfo = getUserInfoLU(userId);
999            if (userInfo == null || !userInfo.canHaveProfile()) {
1000                return false;
1001            }
1002            if (!userInfo.isAdmin()) {
1003                return false;
1004            }
1005            // restricted profile can be created if there is no DO set and the admin user has no PO;
1006            return !mIsDeviceManaged && !mIsUserManaged.get(userId);
1007        }
1008    }
1009
1010    /*
1011     * Should be locked on mUsers before calling this.
1012     */
1013    private UserInfo getUserInfoLU(int userId) {
1014        final UserData userData = mUsers.get(userId);
1015        // If it is partial and not in the process of being removed, return as unknown user.
1016        if (userData != null && userData.info.partial && !mRemovingUserIds.get(userId)) {
1017            Slog.w(LOG_TAG, "getUserInfo: unknown user #" + userId);
1018            return null;
1019        }
1020        return userData != null ? userData.info : null;
1021    }
1022
1023    private UserData getUserDataLU(int userId) {
1024        final UserData userData = mUsers.get(userId);
1025        // If it is partial and not in the process of being removed, return as unknown user.
1026        if (userData != null && userData.info.partial && !mRemovingUserIds.get(userId)) {
1027            return null;
1028        }
1029        return userData;
1030    }
1031
1032    /**
1033     * Obtains {@link #mUsersLock} and return UserInfo from mUsers.
1034     * <p>No permissions checking or any addition checks are made</p>
1035     */
1036    private UserInfo getUserInfoNoChecks(int userId) {
1037        synchronized (mUsersLock) {
1038            final UserData userData = mUsers.get(userId);
1039            return userData != null ? userData.info : null;
1040        }
1041    }
1042
1043    /**
1044     * Obtains {@link #mUsersLock} and return UserData from mUsers.
1045     * <p>No permissions checking or any addition checks are made</p>
1046     */
1047    private UserData getUserDataNoChecks(int userId) {
1048        synchronized (mUsersLock) {
1049            return mUsers.get(userId);
1050        }
1051    }
1052
1053    /** Called by PackageManagerService */
1054    public boolean exists(int userId) {
1055        return getUserInfoNoChecks(userId) != null;
1056    }
1057
1058    @Override
1059    public void setUserName(int userId, String name) {
1060        checkManageUsersPermission("rename users");
1061        boolean changed = false;
1062        synchronized (mPackagesLock) {
1063            UserData userData = getUserDataNoChecks(userId);
1064            if (userData == null || userData.info.partial) {
1065                Slog.w(LOG_TAG, "setUserName: unknown user #" + userId);
1066                return;
1067            }
1068            if (name != null && !name.equals(userData.info.name)) {
1069                userData.info.name = name;
1070                writeUserLP(userData);
1071                changed = true;
1072            }
1073        }
1074        if (changed) {
1075            sendUserInfoChangedBroadcast(userId);
1076        }
1077    }
1078
1079    @Override
1080    public void setUserIcon(int userId, Bitmap bitmap) {
1081        checkManageUsersPermission("update users");
1082        if (hasUserRestriction(UserManager.DISALLOW_SET_USER_ICON, userId)) {
1083            Log.w(LOG_TAG, "Cannot set user icon. DISALLOW_SET_USER_ICON is enabled.");
1084            return;
1085        }
1086        mLocalService.setUserIcon(userId, bitmap);
1087    }
1088
1089
1090
1091    private void sendUserInfoChangedBroadcast(int userId) {
1092        Intent changedIntent = new Intent(Intent.ACTION_USER_INFO_CHANGED);
1093        changedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
1094        changedIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
1095        mContext.sendBroadcastAsUser(changedIntent, UserHandle.ALL);
1096    }
1097
1098    @Override
1099    public ParcelFileDescriptor getUserIcon(int targetUserId) {
1100        String iconPath;
1101        synchronized (mPackagesLock) {
1102            UserInfo targetUserInfo = getUserInfoNoChecks(targetUserId);
1103            if (targetUserInfo == null || targetUserInfo.partial) {
1104                Slog.w(LOG_TAG, "getUserIcon: unknown user #" + targetUserId);
1105                return null;
1106            }
1107
1108            final int callingUserId = UserHandle.getCallingUserId();
1109            final int callingGroupId = getUserInfoNoChecks(callingUserId).profileGroupId;
1110            final int targetGroupId = targetUserInfo.profileGroupId;
1111            final boolean sameGroup = (callingGroupId != UserInfo.NO_PROFILE_GROUP_ID
1112                    && callingGroupId == targetGroupId);
1113            if ((callingUserId != targetUserId) && !sameGroup) {
1114                checkManageUsersPermission("get the icon of a user who is not related");
1115            }
1116
1117            if (targetUserInfo.iconPath == null) {
1118                return null;
1119            }
1120            iconPath = targetUserInfo.iconPath;
1121        }
1122
1123        try {
1124            return ParcelFileDescriptor.open(
1125                    new File(iconPath), ParcelFileDescriptor.MODE_READ_ONLY);
1126        } catch (FileNotFoundException e) {
1127            Log.e(LOG_TAG, "Couldn't find icon file", e);
1128        }
1129        return null;
1130    }
1131
1132    public void makeInitialized(int userId) {
1133        checkManageUsersPermission("makeInitialized");
1134        boolean scheduleWriteUser = false;
1135        UserData userData;
1136        synchronized (mUsersLock) {
1137            userData = mUsers.get(userId);
1138            if (userData == null || userData.info.partial) {
1139                Slog.w(LOG_TAG, "makeInitialized: unknown user #" + userId);
1140                return;
1141            }
1142            if ((userData.info.flags & UserInfo.FLAG_INITIALIZED) == 0) {
1143                userData.info.flags |= UserInfo.FLAG_INITIALIZED;
1144                scheduleWriteUser = true;
1145            }
1146        }
1147        if (scheduleWriteUser) {
1148            scheduleWriteUser(userData);
1149        }
1150    }
1151
1152    /**
1153     * If default guest restrictions haven't been initialized yet, add the basic
1154     * restrictions.
1155     */
1156    private void initDefaultGuestRestrictions() {
1157        synchronized (mGuestRestrictions) {
1158            if (mGuestRestrictions.isEmpty()) {
1159                mGuestRestrictions.putBoolean(UserManager.DISALLOW_CONFIG_WIFI, true);
1160                mGuestRestrictions.putBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true);
1161                mGuestRestrictions.putBoolean(UserManager.DISALLOW_OUTGOING_CALLS, true);
1162                mGuestRestrictions.putBoolean(UserManager.DISALLOW_SMS, true);
1163            }
1164        }
1165    }
1166
1167    @Override
1168    public Bundle getDefaultGuestRestrictions() {
1169        checkManageUsersPermission("getDefaultGuestRestrictions");
1170        synchronized (mGuestRestrictions) {
1171            return new Bundle(mGuestRestrictions);
1172        }
1173    }
1174
1175    @Override
1176    public void setDefaultGuestRestrictions(Bundle restrictions) {
1177        checkManageUsersPermission("setDefaultGuestRestrictions");
1178        synchronized (mGuestRestrictions) {
1179            mGuestRestrictions.clear();
1180            mGuestRestrictions.putAll(restrictions);
1181        }
1182        synchronized (mPackagesLock) {
1183            writeUserListLP();
1184        }
1185    }
1186
1187    /**
1188     * See {@link UserManagerInternal#setDevicePolicyUserRestrictions}
1189     */
1190    private void setDevicePolicyUserRestrictionsInner(int userId, @Nullable Bundle restrictions,
1191            boolean isDeviceOwner, int cameraRestrictionScope) {
1192        final Bundle global = new Bundle();
1193        final Bundle local = new Bundle();
1194
1195        // Sort restrictions into local and global ensuring they don't overlap.
1196        UserRestrictionsUtils.sortToGlobalAndLocal(restrictions, isDeviceOwner,
1197                cameraRestrictionScope, global, local);
1198
1199        boolean globalChanged, localChanged;
1200        synchronized (mRestrictionsLock) {
1201            // Update global and local restrictions if they were changed.
1202            globalChanged = updateRestrictionsIfNeededLR(
1203                    userId, global, mDevicePolicyGlobalUserRestrictions);
1204            localChanged = updateRestrictionsIfNeededLR(
1205                    userId, local, mDevicePolicyLocalUserRestrictions);
1206
1207            if (isDeviceOwner) {
1208                // Remember the global restriction owner userId to be able to make a distinction
1209                // in getUserRestrictionSource on who set local policies.
1210                mDeviceOwnerUserId = userId;
1211            } else {
1212                if (mDeviceOwnerUserId == userId) {
1213                    // When profile owner sets restrictions it passes null global bundle and we
1214                    // reset global restriction owner userId.
1215                    // This means this user used to have DO, but now the DO is gone and the user
1216                    // instead has PO.
1217                    mDeviceOwnerUserId = UserHandle.USER_NULL;
1218                }
1219            }
1220        }
1221        if (DBG) {
1222            Log.d(LOG_TAG, "setDevicePolicyUserRestrictions: userId=" + userId
1223                            + " global=" + global + (globalChanged ? " (changed)" : "")
1224                            + " local=" + local + (localChanged ? " (changed)" : "")
1225            );
1226        }
1227        // Don't call them within the mRestrictionsLock.
1228        synchronized (mPackagesLock) {
1229            if (localChanged || globalChanged) {
1230                writeUserLP(getUserDataNoChecks(userId));
1231            }
1232        }
1233
1234        synchronized (mRestrictionsLock) {
1235            if (globalChanged) {
1236                applyUserRestrictionsForAllUsersLR();
1237            } else if (localChanged) {
1238                applyUserRestrictionsLR(userId);
1239            }
1240        }
1241    }
1242
1243    /**
1244     * Updates restriction bundle for a given user in a given restriction array. If new bundle is
1245     * empty, record is removed from the array.
1246     * @return whether restrictions bundle is different from the old one.
1247     */
1248    private boolean updateRestrictionsIfNeededLR(int userId, @Nullable Bundle restrictions,
1249            SparseArray<Bundle> restrictionsArray) {
1250        final boolean changed =
1251                !UserRestrictionsUtils.areEqual(restrictionsArray.get(userId), restrictions);
1252        if (changed) {
1253            if (!UserRestrictionsUtils.isEmpty(restrictions)) {
1254                restrictionsArray.put(userId, restrictions);
1255            } else {
1256                restrictionsArray.delete(userId);
1257            }
1258        }
1259        return changed;
1260    }
1261
1262    @GuardedBy("mRestrictionsLock")
1263    private Bundle computeEffectiveUserRestrictionsLR(int userId) {
1264        final Bundle baseRestrictions =
1265                UserRestrictionsUtils.nonNull(mBaseUserRestrictions.get(userId));
1266        final Bundle global = UserRestrictionsUtils.mergeAll(mDevicePolicyGlobalUserRestrictions);
1267        final Bundle local = mDevicePolicyLocalUserRestrictions.get(userId);
1268
1269        if (UserRestrictionsUtils.isEmpty(global) && UserRestrictionsUtils.isEmpty(local)) {
1270            // Common case first.
1271            return baseRestrictions;
1272        }
1273        final Bundle effective = UserRestrictionsUtils.clone(baseRestrictions);
1274        UserRestrictionsUtils.merge(effective, global);
1275        UserRestrictionsUtils.merge(effective, local);
1276
1277        return effective;
1278    }
1279
1280    @GuardedBy("mRestrictionsLock")
1281    private void invalidateEffectiveUserRestrictionsLR(int userId) {
1282        if (DBG) {
1283            Log.d(LOG_TAG, "invalidateEffectiveUserRestrictions userId=" + userId);
1284        }
1285        mCachedEffectiveUserRestrictions.remove(userId);
1286    }
1287
1288    private Bundle getEffectiveUserRestrictions(int userId) {
1289        synchronized (mRestrictionsLock) {
1290            Bundle restrictions = mCachedEffectiveUserRestrictions.get(userId);
1291            if (restrictions == null) {
1292                restrictions = computeEffectiveUserRestrictionsLR(userId);
1293                mCachedEffectiveUserRestrictions.put(userId, restrictions);
1294            }
1295            return restrictions;
1296        }
1297    }
1298
1299    /** @return a specific user restriction that's in effect currently. */
1300    @Override
1301    public boolean hasUserRestriction(String restrictionKey, int userId) {
1302        if (!UserRestrictionsUtils.isValidRestriction(restrictionKey)) {
1303            return false;
1304        }
1305        Bundle restrictions = getEffectiveUserRestrictions(userId);
1306        return restrictions != null && restrictions.getBoolean(restrictionKey);
1307    }
1308
1309    /**
1310     * @hide
1311     *
1312     * Returns who set a user restriction on a user.
1313     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1314     * @param restrictionKey the string key representing the restriction
1315     * @param userId the id of the user for whom to retrieve the restrictions.
1316     * @return The source of user restriction. Any combination of
1317     *         {@link UserManager#RESTRICTION_NOT_SET},
1318     *         {@link UserManager#RESTRICTION_SOURCE_SYSTEM},
1319     *         {@link UserManager#RESTRICTION_SOURCE_DEVICE_OWNER}
1320     *         and {@link UserManager#RESTRICTION_SOURCE_PROFILE_OWNER}
1321     */
1322    @Override
1323    public int getUserRestrictionSource(String restrictionKey, int userId) {
1324        List<EnforcingUser> enforcingUsers = getUserRestrictionSources(restrictionKey,  userId);
1325        // Get "bitwise or" of restriction sources for all enforcing users.
1326        int result = UserManager.RESTRICTION_NOT_SET;
1327        for (int i = enforcingUsers.size() - 1; i >= 0; i--) {
1328            result |= enforcingUsers.get(i).getUserRestrictionSource();
1329        }
1330        return result;
1331    }
1332
1333    @Override
1334    public List<EnforcingUser> getUserRestrictionSources(
1335            String restrictionKey, @UserIdInt int userId) {
1336        checkManageUsersPermission("getUserRestrictionSource");
1337
1338        // Shortcut for the most common case
1339        if (!hasUserRestriction(restrictionKey, userId)) {
1340            return Collections.emptyList();
1341        }
1342
1343        final List<EnforcingUser> result = new ArrayList<>();
1344
1345        // Check if it is base restriction.
1346        if (hasBaseUserRestriction(restrictionKey, userId)) {
1347            result.add(new EnforcingUser(
1348                    UserHandle.USER_NULL, UserManager.RESTRICTION_SOURCE_SYSTEM));
1349        }
1350
1351        synchronized (mRestrictionsLock) {
1352            // Check if it is set by profile owner.
1353            Bundle profileOwnerRestrictions = mDevicePolicyLocalUserRestrictions.get(userId);
1354            if (UserRestrictionsUtils.contains(profileOwnerRestrictions, restrictionKey)) {
1355                result.add(getEnforcingUserLocked(userId));
1356            }
1357
1358            // Iterate over all users who enforce global restrictions.
1359            for (int i = mDevicePolicyGlobalUserRestrictions.size() - 1; i >= 0; i--) {
1360                Bundle globalRestrictions = mDevicePolicyGlobalUserRestrictions.valueAt(i);
1361                int profileUserId = mDevicePolicyGlobalUserRestrictions.keyAt(i);
1362                if (UserRestrictionsUtils.contains(globalRestrictions, restrictionKey)) {
1363                    result.add(getEnforcingUserLocked(profileUserId));
1364                }
1365            }
1366        }
1367        return result;
1368    }
1369
1370    private EnforcingUser getEnforcingUserLocked(@UserIdInt int userId) {
1371        int source = mDeviceOwnerUserId == userId ? UserManager.RESTRICTION_SOURCE_DEVICE_OWNER
1372                : UserManager.RESTRICTION_SOURCE_PROFILE_OWNER;
1373        return new EnforcingUser(userId, source);
1374    }
1375
1376    /**
1377     * @return UserRestrictions that are in effect currently.  This always returns a new
1378     * {@link Bundle}.
1379     */
1380    @Override
1381    public Bundle getUserRestrictions(int userId) {
1382        return UserRestrictionsUtils.clone(getEffectiveUserRestrictions(userId));
1383    }
1384
1385    @Override
1386    public boolean hasBaseUserRestriction(String restrictionKey, int userId) {
1387        checkManageUsersPermission("hasBaseUserRestriction");
1388        if (!UserRestrictionsUtils.isValidRestriction(restrictionKey)) {
1389            return false;
1390        }
1391        synchronized (mRestrictionsLock) {
1392            Bundle bundle = mBaseUserRestrictions.get(userId);
1393            return (bundle != null && bundle.getBoolean(restrictionKey, false));
1394        }
1395    }
1396
1397    @Override
1398    public void setUserRestriction(String key, boolean value, int userId) {
1399        checkManageUsersPermission("setUserRestriction");
1400        if (!UserRestrictionsUtils.isValidRestriction(key)) {
1401            return;
1402        }
1403        synchronized (mRestrictionsLock) {
1404            // Note we can't modify Bundles stored in mBaseUserRestrictions directly, so create
1405            // a copy.
1406            final Bundle newRestrictions = UserRestrictionsUtils.clone(
1407                    mBaseUserRestrictions.get(userId));
1408            newRestrictions.putBoolean(key, value);
1409
1410            updateUserRestrictionsInternalLR(newRestrictions, userId);
1411        }
1412    }
1413
1414    /**
1415     * Optionally updating user restrictions, calculate the effective user restrictions and also
1416     * propagate to other services and system settings.
1417     *
1418     * @param newBaseRestrictions User restrictions to set.
1419     *      If null, will not update user restrictions and only does the propagation.
1420     * @param userId target user ID.
1421     */
1422    @GuardedBy("mRestrictionsLock")
1423    private void updateUserRestrictionsInternalLR(
1424            @Nullable Bundle newBaseRestrictions, int userId) {
1425        final Bundle prevAppliedRestrictions = UserRestrictionsUtils.nonNull(
1426                mAppliedUserRestrictions.get(userId));
1427
1428        // Update base restrictions.
1429        if (newBaseRestrictions != null) {
1430            // If newBaseRestrictions == the current one, it's probably a bug.
1431            final Bundle prevBaseRestrictions = mBaseUserRestrictions.get(userId);
1432
1433            Preconditions.checkState(prevBaseRestrictions != newBaseRestrictions);
1434            Preconditions.checkState(mCachedEffectiveUserRestrictions.get(userId)
1435                    != newBaseRestrictions);
1436
1437            if (updateRestrictionsIfNeededLR(userId, newBaseRestrictions, mBaseUserRestrictions)) {
1438                scheduleWriteUser(getUserDataNoChecks(userId));
1439            }
1440        }
1441
1442        final Bundle effective = computeEffectiveUserRestrictionsLR(userId);
1443
1444        mCachedEffectiveUserRestrictions.put(userId, effective);
1445
1446        // Apply the new restrictions.
1447        if (DBG) {
1448            debug("Applying user restrictions: userId=" + userId
1449                    + " new=" + effective + " prev=" + prevAppliedRestrictions);
1450        }
1451
1452        if (mAppOpsService != null) { // We skip it until system-ready.
1453            mHandler.post(new Runnable() {
1454                @Override
1455                public void run() {
1456                    try {
1457                        mAppOpsService.setUserRestrictions(effective, mUserRestriconToken, userId);
1458                    } catch (RemoteException e) {
1459                        Log.w(LOG_TAG, "Unable to notify AppOpsService of UserRestrictions");
1460                    }
1461                }
1462            });
1463        }
1464
1465        propagateUserRestrictionsLR(userId, effective, prevAppliedRestrictions);
1466
1467        mAppliedUserRestrictions.put(userId, new Bundle(effective));
1468    }
1469
1470    private void propagateUserRestrictionsLR(final int userId,
1471            Bundle newRestrictions, Bundle prevRestrictions) {
1472        // Note this method doesn't touch any state, meaning it doesn't require mRestrictionsLock
1473        // actually, but we still need some kind of synchronization otherwise we might end up
1474        // calling listeners out-of-order, thus "LR".
1475
1476        if (UserRestrictionsUtils.areEqual(newRestrictions, prevRestrictions)) {
1477            return;
1478        }
1479
1480        final Bundle newRestrictionsFinal = new Bundle(newRestrictions);
1481        final Bundle prevRestrictionsFinal = new Bundle(prevRestrictions);
1482
1483        mHandler.post(new Runnable() {
1484            @Override
1485            public void run() {
1486                UserRestrictionsUtils.applyUserRestrictions(
1487                        mContext, userId, newRestrictionsFinal, prevRestrictionsFinal);
1488
1489                final UserRestrictionsListener[] listeners;
1490                synchronized (mUserRestrictionsListeners) {
1491                    listeners = new UserRestrictionsListener[mUserRestrictionsListeners.size()];
1492                    mUserRestrictionsListeners.toArray(listeners);
1493                }
1494                for (int i = 0; i < listeners.length; i++) {
1495                    listeners[i].onUserRestrictionsChanged(userId,
1496                            newRestrictionsFinal, prevRestrictionsFinal);
1497                }
1498
1499                final Intent broadcast = new Intent(UserManager.ACTION_USER_RESTRICTIONS_CHANGED)
1500                        .setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
1501                mContext.sendBroadcastAsUser(broadcast, UserHandle.of(userId));
1502            }
1503        });
1504    }
1505
1506    // Package private for the inner class.
1507    void applyUserRestrictionsLR(int userId) {
1508        updateUserRestrictionsInternalLR(null, userId);
1509    }
1510
1511    @GuardedBy("mRestrictionsLock")
1512    // Package private for the inner class.
1513    void applyUserRestrictionsForAllUsersLR() {
1514        if (DBG) {
1515            debug("applyUserRestrictionsForAllUsersLR");
1516        }
1517        // First, invalidate all cached values.
1518        mCachedEffectiveUserRestrictions.clear();
1519
1520        // We don't want to call into ActivityManagerService while taking a lock, so we'll call
1521        // it on a handler.
1522        final Runnable r = new Runnable() {
1523            @Override
1524            public void run() {
1525                // Then get the list of running users.
1526                final int[] runningUsers;
1527                try {
1528                    runningUsers = ActivityManager.getService().getRunningUserIds();
1529                } catch (RemoteException e) {
1530                    Log.w(LOG_TAG, "Unable to access ActivityManagerService");
1531                    return;
1532                }
1533                // Then re-calculate the effective restrictions and apply, only for running users.
1534                // It's okay if a new user has started after the getRunningUserIds() call,
1535                // because we'll do the same thing (re-calculate the restrictions and apply)
1536                // when we start a user.
1537                synchronized (mRestrictionsLock) {
1538                    for (int i = 0; i < runningUsers.length; i++) {
1539                        applyUserRestrictionsLR(runningUsers[i]);
1540                    }
1541                }
1542            }
1543        };
1544        mHandler.post(r);
1545    }
1546
1547    /**
1548     * Check if we've hit the limit of how many users can be created.
1549     */
1550    private boolean isUserLimitReached() {
1551        int count;
1552        synchronized (mUsersLock) {
1553            count = getAliveUsersExcludingGuestsCountLU();
1554        }
1555        return count >= UserManager.getMaxSupportedUsers();
1556    }
1557
1558    @Override
1559    public boolean canAddMoreManagedProfiles(int userId, boolean allowedToRemoveOne) {
1560        checkManageUsersPermission("check if more managed profiles can be added.");
1561        if (ActivityManager.isLowRamDeviceStatic()) {
1562            return false;
1563        }
1564        if (!mContext.getPackageManager().hasSystemFeature(
1565                PackageManager.FEATURE_MANAGED_USERS)) {
1566            return false;
1567        }
1568        // Limit number of managed profiles that can be created
1569        final int managedProfilesCount = getProfiles(userId, false).size() - 1;
1570        final int profilesRemovedCount = managedProfilesCount > 0 && allowedToRemoveOne ? 1 : 0;
1571        if (managedProfilesCount - profilesRemovedCount >= getMaxManagedProfiles()) {
1572            return false;
1573        }
1574        synchronized(mUsersLock) {
1575            UserInfo userInfo = getUserInfoLU(userId);
1576            if (userInfo == null || !userInfo.canHaveProfile()) {
1577                return false;
1578            }
1579            int usersCountAfterRemoving = getAliveUsersExcludingGuestsCountLU()
1580                    - profilesRemovedCount;
1581            // We allow creating a managed profile in the special case where there is only one user.
1582            return usersCountAfterRemoving  == 1
1583                    || usersCountAfterRemoving < UserManager.getMaxSupportedUsers();
1584        }
1585    }
1586
1587    private int getAliveUsersExcludingGuestsCountLU() {
1588        int aliveUserCount = 0;
1589        final int totalUserCount = mUsers.size();
1590        // Skip over users being removed
1591        for (int i = 0; i < totalUserCount; i++) {
1592            UserInfo user = mUsers.valueAt(i).info;
1593            if (!mRemovingUserIds.get(user.id) && !user.isGuest()) {
1594                aliveUserCount++;
1595            }
1596        }
1597        return aliveUserCount;
1598    }
1599
1600    /**
1601     * Enforces that only the system UID or root's UID or apps that have the
1602     * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} and
1603     * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL INTERACT_ACROSS_USERS_FULL}
1604     * permissions can make certain calls to the UserManager.
1605     *
1606     * @param message used as message if SecurityException is thrown
1607     * @throws SecurityException if the caller does not have enough privilege.
1608     */
1609    private static final void checkManageUserAndAcrossUsersFullPermission(String message) {
1610        final int uid = Binder.getCallingUid();
1611        if (uid != Process.SYSTEM_UID && uid != 0
1612                && ActivityManager.checkComponentPermission(
1613                Manifest.permission.MANAGE_USERS,
1614                uid, -1, true) != PackageManager.PERMISSION_GRANTED
1615                && ActivityManager.checkComponentPermission(
1616                Manifest.permission.INTERACT_ACROSS_USERS_FULL,
1617                uid, -1, true) != PackageManager.PERMISSION_GRANTED) {
1618            throw new SecurityException(
1619                    "You need MANAGE_USERS and INTERACT_ACROSS_USERS_FULL permission to: "
1620                            + message);
1621        }
1622    }
1623
1624    /**
1625     * Enforces that only the system UID or root's UID or apps that have the
1626     * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS}
1627     * permission can make certain calls to the UserManager.
1628     *
1629     * @param message used as message if SecurityException is thrown
1630     * @throws SecurityException if the caller is not system or root
1631     * @see #hasManageUsersPermission()
1632     */
1633    private static final void checkManageUsersPermission(String message) {
1634        if (!hasManageUsersPermission()) {
1635            throw new SecurityException("You need MANAGE_USERS permission to: " + message);
1636        }
1637    }
1638
1639    /**
1640     * Enforces that only the system UID or root's UID or apps that have the
1641     * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
1642     * {@link android.Manifest.permission#CREATE_USERS CREATE_USERS}
1643     * can make certain calls to the UserManager.
1644     *
1645     * @param message used as message if SecurityException is thrown
1646     * @throws SecurityException if the caller is not system or root
1647     * @see #hasManageOrCreateUsersPermission()
1648     */
1649    private static final void checkManageOrCreateUsersPermission(String message) {
1650        if (!hasManageOrCreateUsersPermission()) {
1651            throw new SecurityException(
1652                    "You either need MANAGE_USERS or CREATE_USERS permission to: " + message);
1653        }
1654    }
1655
1656    /**
1657     * Similar to {@link #checkManageOrCreateUsersPermission(String)} but when the caller is tries
1658     * to create user/profiles other than what is allowed for
1659     * {@link android.Manifest.permission#CREATE_USERS CREATE_USERS} permission, then it will only
1660     * allow callers with {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} permission.
1661     */
1662    private static final void checkManageOrCreateUsersPermission(int creationFlags) {
1663        if ((creationFlags & ~ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION) == 0) {
1664            if (!hasManageOrCreateUsersPermission()) {
1665                throw new SecurityException("You either need MANAGE_USERS or CREATE_USERS "
1666                        + "permission to create an user with flags: " + creationFlags);
1667            }
1668        } else if (!hasManageUsersPermission()) {
1669            throw new SecurityException("You need MANAGE_USERS permission to create an user "
1670                    + " with flags: " + creationFlags);
1671        }
1672    }
1673
1674    /**
1675     * @return whether the calling UID is system UID or root's UID or the calling app has the
1676     * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS}.
1677     */
1678    private static final boolean hasManageUsersPermission() {
1679        final int callingUid = Binder.getCallingUid();
1680        return UserHandle.isSameApp(callingUid, Process.SYSTEM_UID)
1681                || callingUid == Process.ROOT_UID
1682                || ActivityManager.checkComponentPermission(
1683                        android.Manifest.permission.MANAGE_USERS,
1684                        callingUid, -1, true) == PackageManager.PERMISSION_GRANTED;
1685    }
1686
1687    /**
1688     * @return whether the calling UID is system UID or root's UID or the calling app has the
1689     * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
1690     * {@link android.Manifest.permission#CREATE_USERS CREATE_USERS}.
1691     */
1692    private static final boolean hasManageOrCreateUsersPermission() {
1693        final int callingUid = Binder.getCallingUid();
1694        return UserHandle.isSameApp(callingUid, Process.SYSTEM_UID)
1695                || callingUid == Process.ROOT_UID
1696                || ActivityManager.checkComponentPermission(
1697                        android.Manifest.permission.MANAGE_USERS,
1698                        callingUid, -1, true) == PackageManager.PERMISSION_GRANTED
1699                || ActivityManager.checkComponentPermission(
1700                        android.Manifest.permission.CREATE_USERS,
1701                        callingUid, -1, true) == PackageManager.PERMISSION_GRANTED;
1702    }
1703
1704    /**
1705     * Enforces that only the system UID or root's UID (on any user) can make certain calls to the
1706     * UserManager.
1707     *
1708     * @param message used as message if SecurityException is thrown
1709     * @throws SecurityException if the caller is not system or root
1710     */
1711    private static void checkSystemOrRoot(String message) {
1712        final int uid = Binder.getCallingUid();
1713        if (!UserHandle.isSameApp(uid, Process.SYSTEM_UID) && uid != Process.ROOT_UID) {
1714            throw new SecurityException("Only system may: " + message);
1715        }
1716    }
1717
1718    private void writeBitmapLP(UserInfo info, Bitmap bitmap) {
1719        try {
1720            File dir = new File(mUsersDir, Integer.toString(info.id));
1721            File file = new File(dir, USER_PHOTO_FILENAME);
1722            File tmp = new File(dir, USER_PHOTO_FILENAME_TMP);
1723            if (!dir.exists()) {
1724                dir.mkdir();
1725                FileUtils.setPermissions(
1726                        dir.getPath(),
1727                        FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IXOTH,
1728                        -1, -1);
1729            }
1730            FileOutputStream os;
1731            if (bitmap.compress(Bitmap.CompressFormat.PNG, 100, os = new FileOutputStream(tmp))
1732                    && tmp.renameTo(file) && SELinux.restorecon(file)) {
1733                info.iconPath = file.getAbsolutePath();
1734            }
1735            try {
1736                os.close();
1737            } catch (IOException ioe) {
1738                // What the ... !
1739            }
1740            tmp.delete();
1741        } catch (FileNotFoundException e) {
1742            Slog.w(LOG_TAG, "Error setting photo for user ", e);
1743        }
1744    }
1745
1746    /**
1747     * Returns an array of user ids. This array is cached here for quick access, so do not modify or
1748     * cache it elsewhere.
1749     * @return the array of user ids.
1750     */
1751    public int[] getUserIds() {
1752        synchronized (mUsersLock) {
1753            return mUserIds;
1754        }
1755    }
1756
1757    private void readUserListLP() {
1758        if (!mUserListFile.exists()) {
1759            fallbackToSingleUserLP();
1760            return;
1761        }
1762        FileInputStream fis = null;
1763        AtomicFile userListFile = new AtomicFile(mUserListFile);
1764        try {
1765            fis = userListFile.openRead();
1766            XmlPullParser parser = Xml.newPullParser();
1767            parser.setInput(fis, StandardCharsets.UTF_8.name());
1768            int type;
1769            while ((type = parser.next()) != XmlPullParser.START_TAG
1770                    && type != XmlPullParser.END_DOCUMENT) {
1771                // Skip
1772            }
1773
1774            if (type != XmlPullParser.START_TAG) {
1775                Slog.e(LOG_TAG, "Unable to read user list");
1776                fallbackToSingleUserLP();
1777                return;
1778            }
1779
1780            mNextSerialNumber = -1;
1781            if (parser.getName().equals(TAG_USERS)) {
1782                String lastSerialNumber = parser.getAttributeValue(null, ATTR_NEXT_SERIAL_NO);
1783                if (lastSerialNumber != null) {
1784                    mNextSerialNumber = Integer.parseInt(lastSerialNumber);
1785                }
1786                String versionNumber = parser.getAttributeValue(null, ATTR_USER_VERSION);
1787                if (versionNumber != null) {
1788                    mUserVersion = Integer.parseInt(versionNumber);
1789                }
1790            }
1791
1792            // Pre-O global user restriction were stored as a single bundle (as opposed to per-user
1793            // currently), take care of it in case of upgrade.
1794            Bundle oldDevicePolicyGlobalUserRestrictions = null;
1795
1796            while ((type = parser.next()) != XmlPullParser.END_DOCUMENT) {
1797                if (type == XmlPullParser.START_TAG) {
1798                    final String name = parser.getName();
1799                    if (name.equals(TAG_USER)) {
1800                        String id = parser.getAttributeValue(null, ATTR_ID);
1801
1802                        UserData userData = readUserLP(Integer.parseInt(id));
1803
1804                        if (userData != null) {
1805                            synchronized (mUsersLock) {
1806                                mUsers.put(userData.info.id, userData);
1807                                if (mNextSerialNumber < 0
1808                                        || mNextSerialNumber <= userData.info.id) {
1809                                    mNextSerialNumber = userData.info.id + 1;
1810                                }
1811                            }
1812                        }
1813                    } else if (name.equals(TAG_GUEST_RESTRICTIONS)) {
1814                        while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1815                                && type != XmlPullParser.END_TAG) {
1816                            if (type == XmlPullParser.START_TAG) {
1817                                if (parser.getName().equals(TAG_RESTRICTIONS)) {
1818                                    synchronized (mGuestRestrictions) {
1819                                        UserRestrictionsUtils
1820                                                .readRestrictions(parser, mGuestRestrictions);
1821                                    }
1822                                }
1823                                break;
1824                            }
1825                        }
1826                    } else if (name.equals(TAG_DEVICE_OWNER_USER_ID)
1827                            // Legacy name, should only be encountered when upgrading from pre-O.
1828                            || name.equals(TAG_GLOBAL_RESTRICTION_OWNER_ID)) {
1829                        String ownerUserId = parser.getAttributeValue(null, ATTR_ID);
1830                        if (ownerUserId != null) {
1831                            mDeviceOwnerUserId = Integer.parseInt(ownerUserId);
1832                        }
1833                    } else if (name.equals(TAG_DEVICE_POLICY_RESTRICTIONS)) {
1834                        // Should only happen when upgrading from pre-O (version < 7).
1835                        oldDevicePolicyGlobalUserRestrictions =
1836                                UserRestrictionsUtils.readRestrictions(parser);
1837                    }
1838                }
1839            }
1840
1841            updateUserIds();
1842            upgradeIfNecessaryLP(oldDevicePolicyGlobalUserRestrictions);
1843        } catch (IOException | XmlPullParserException e) {
1844            fallbackToSingleUserLP();
1845        } finally {
1846            IoUtils.closeQuietly(fis);
1847        }
1848    }
1849
1850    /**
1851     * Upgrade steps between versions, either for fixing bugs or changing the data format.
1852     * @param oldGlobalUserRestrictions Pre-O global device policy restrictions.
1853     */
1854    private void upgradeIfNecessaryLP(Bundle oldGlobalUserRestrictions) {
1855        final int originalVersion = mUserVersion;
1856        int userVersion = mUserVersion;
1857        if (userVersion < 1) {
1858            // Assign a proper name for the owner, if not initialized correctly before
1859            UserData userData = getUserDataNoChecks(UserHandle.USER_SYSTEM);
1860            if ("Primary".equals(userData.info.name)) {
1861                userData.info.name =
1862                        mContext.getResources().getString(com.android.internal.R.string.owner_name);
1863                scheduleWriteUser(userData);
1864            }
1865            userVersion = 1;
1866        }
1867
1868        if (userVersion < 2) {
1869            // Owner should be marked as initialized
1870            UserData userData = getUserDataNoChecks(UserHandle.USER_SYSTEM);
1871            if ((userData.info.flags & UserInfo.FLAG_INITIALIZED) == 0) {
1872                userData.info.flags |= UserInfo.FLAG_INITIALIZED;
1873                scheduleWriteUser(userData);
1874            }
1875            userVersion = 2;
1876        }
1877
1878
1879        if (userVersion < 4) {
1880            userVersion = 4;
1881        }
1882
1883        if (userVersion < 5) {
1884            initDefaultGuestRestrictions();
1885            userVersion = 5;
1886        }
1887
1888        if (userVersion < 6) {
1889            final boolean splitSystemUser = UserManager.isSplitSystemUser();
1890            synchronized (mUsersLock) {
1891                for (int i = 0; i < mUsers.size(); i++) {
1892                    UserData userData = mUsers.valueAt(i);
1893                    // In non-split mode, only user 0 can have restricted profiles
1894                    if (!splitSystemUser && userData.info.isRestricted()
1895                            && (userData.info.restrictedProfileParentId
1896                                    == UserInfo.NO_PROFILE_GROUP_ID)) {
1897                        userData.info.restrictedProfileParentId = UserHandle.USER_SYSTEM;
1898                        scheduleWriteUser(userData);
1899                    }
1900                }
1901            }
1902            userVersion = 6;
1903        }
1904
1905        if (userVersion < 7) {
1906            // Previously only one user could enforce global restrictions, now it is per-user.
1907            synchronized (mRestrictionsLock) {
1908                if (!UserRestrictionsUtils.isEmpty(oldGlobalUserRestrictions)
1909                        && mDeviceOwnerUserId != UserHandle.USER_NULL) {
1910                    mDevicePolicyGlobalUserRestrictions.put(
1911                            mDeviceOwnerUserId, oldGlobalUserRestrictions);
1912                }
1913                // ENSURE_VERIFY_APPS is now enforced globally even if put by profile owner, so move
1914                // it from local to global bundle for all users who set it.
1915                UserRestrictionsUtils.moveRestriction(UserManager.ENSURE_VERIFY_APPS,
1916                        mDevicePolicyLocalUserRestrictions, mDevicePolicyGlobalUserRestrictions
1917                );
1918            }
1919            userVersion = 7;
1920        }
1921
1922        if (userVersion < USER_VERSION) {
1923            Slog.w(LOG_TAG, "User version " + mUserVersion + " didn't upgrade as expected to "
1924                    + USER_VERSION);
1925        } else {
1926            mUserVersion = userVersion;
1927
1928            if (originalVersion < mUserVersion) {
1929                writeUserListLP();
1930            }
1931        }
1932    }
1933
1934    private void fallbackToSingleUserLP() {
1935        int flags = UserInfo.FLAG_INITIALIZED;
1936        // In split system user mode, the admin and primary flags are assigned to the first human
1937        // user.
1938        if (!UserManager.isSplitSystemUser()) {
1939            flags |= UserInfo.FLAG_ADMIN | UserInfo.FLAG_PRIMARY;
1940        }
1941        // Create the system user
1942        UserInfo system = new UserInfo(UserHandle.USER_SYSTEM, null, null, flags);
1943        UserData userData = putUserInfo(system);
1944        mNextSerialNumber = MIN_USER_ID;
1945        mUserVersion = USER_VERSION;
1946
1947        Bundle restrictions = new Bundle();
1948        try {
1949            final String[] defaultFirstUserRestrictions = mContext.getResources().getStringArray(
1950                    com.android.internal.R.array.config_defaultFirstUserRestrictions);
1951            for (String userRestriction : defaultFirstUserRestrictions) {
1952                if (UserRestrictionsUtils.isValidRestriction(userRestriction)) {
1953                    restrictions.putBoolean(userRestriction, true);
1954                }
1955            }
1956        } catch (Resources.NotFoundException e) {
1957            Log.e(LOG_TAG, "Couldn't find resource: config_defaultFirstUserRestrictions", e);
1958        }
1959
1960        if (!restrictions.isEmpty()) {
1961            synchronized (mRestrictionsLock) {
1962                mBaseUserRestrictions.append(UserHandle.USER_SYSTEM, restrictions);
1963            }
1964        }
1965
1966        updateUserIds();
1967        initDefaultGuestRestrictions();
1968
1969        writeUserLP(userData);
1970        writeUserListLP();
1971    }
1972
1973    private String getOwnerName() {
1974        return mContext.getResources().getString(com.android.internal.R.string.owner_name);
1975    }
1976
1977    private void scheduleWriteUser(UserData UserData) {
1978        if (DBG) {
1979            debug("scheduleWriteUser");
1980        }
1981        // No need to wrap it within a lock -- worst case, we'll just post the same message
1982        // twice.
1983        if (!mHandler.hasMessages(WRITE_USER_MSG, UserData)) {
1984            Message msg = mHandler.obtainMessage(WRITE_USER_MSG, UserData);
1985            mHandler.sendMessageDelayed(msg, WRITE_USER_DELAY);
1986        }
1987    }
1988
1989    private void writeUserLP(UserData userData) {
1990        if (DBG) {
1991            debug("writeUserLP " + userData);
1992        }
1993        FileOutputStream fos = null;
1994        AtomicFile userFile = new AtomicFile(new File(mUsersDir, userData.info.id + XML_SUFFIX));
1995        try {
1996            fos = userFile.startWrite();
1997            final BufferedOutputStream bos = new BufferedOutputStream(fos);
1998            writeUserLP(userData, bos);
1999            userFile.finishWrite(fos);
2000        } catch (Exception ioe) {
2001            Slog.e(LOG_TAG, "Error writing user info " + userData.info.id, ioe);
2002            userFile.failWrite(fos);
2003        }
2004    }
2005
2006    /*
2007     * Writes the user file in this format:
2008     *
2009     * <user flags="20039023" id="0">
2010     *   <name>Primary</name>
2011     * </user>
2012     */
2013    @VisibleForTesting
2014    void writeUserLP(UserData userData, OutputStream os)
2015            throws IOException, XmlPullParserException {
2016        // XmlSerializer serializer = XmlUtils.serializerInstance();
2017        final XmlSerializer serializer = new FastXmlSerializer();
2018        serializer.setOutput(os, StandardCharsets.UTF_8.name());
2019        serializer.startDocument(null, true);
2020        serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true);
2021
2022        final UserInfo userInfo = userData.info;
2023        serializer.startTag(null, TAG_USER);
2024        serializer.attribute(null, ATTR_ID, Integer.toString(userInfo.id));
2025        serializer.attribute(null, ATTR_SERIAL_NO, Integer.toString(userInfo.serialNumber));
2026        serializer.attribute(null, ATTR_FLAGS, Integer.toString(userInfo.flags));
2027        serializer.attribute(null, ATTR_CREATION_TIME, Long.toString(userInfo.creationTime));
2028        serializer.attribute(null, ATTR_LAST_LOGGED_IN_TIME,
2029                Long.toString(userInfo.lastLoggedInTime));
2030        if (userInfo.lastLoggedInFingerprint != null) {
2031            serializer.attribute(null, ATTR_LAST_LOGGED_IN_FINGERPRINT,
2032                    userInfo.lastLoggedInFingerprint);
2033        }
2034        if (userInfo.iconPath != null) {
2035            serializer.attribute(null,  ATTR_ICON_PATH, userInfo.iconPath);
2036        }
2037        if (userInfo.partial) {
2038            serializer.attribute(null, ATTR_PARTIAL, "true");
2039        }
2040        if (userInfo.guestToRemove) {
2041            serializer.attribute(null, ATTR_GUEST_TO_REMOVE, "true");
2042        }
2043        if (userInfo.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID) {
2044            serializer.attribute(null, ATTR_PROFILE_GROUP_ID,
2045                    Integer.toString(userInfo.profileGroupId));
2046        }
2047        serializer.attribute(null, ATTR_PROFILE_BADGE,
2048                Integer.toString(userInfo.profileBadge));
2049        if (userInfo.restrictedProfileParentId != UserInfo.NO_PROFILE_GROUP_ID) {
2050            serializer.attribute(null, ATTR_RESTRICTED_PROFILE_PARENT_ID,
2051                    Integer.toString(userInfo.restrictedProfileParentId));
2052        }
2053        // Write seed data
2054        if (userData.persistSeedData) {
2055            if (userData.seedAccountName != null) {
2056                serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME, userData.seedAccountName);
2057            }
2058            if (userData.seedAccountType != null) {
2059                serializer.attribute(null, ATTR_SEED_ACCOUNT_TYPE, userData.seedAccountType);
2060            }
2061        }
2062        if (userInfo.name != null) {
2063            serializer.startTag(null, TAG_NAME);
2064            serializer.text(userInfo.name);
2065            serializer.endTag(null, TAG_NAME);
2066        }
2067        synchronized (mRestrictionsLock) {
2068            UserRestrictionsUtils.writeRestrictions(serializer,
2069                    mBaseUserRestrictions.get(userInfo.id), TAG_RESTRICTIONS);
2070            UserRestrictionsUtils.writeRestrictions(serializer,
2071                    mDevicePolicyLocalUserRestrictions.get(userInfo.id),
2072                    TAG_DEVICE_POLICY_RESTRICTIONS);
2073            UserRestrictionsUtils.writeRestrictions(serializer,
2074                    mDevicePolicyGlobalUserRestrictions.get(userInfo.id),
2075                    TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS);
2076        }
2077
2078        if (userData.account != null) {
2079            serializer.startTag(null, TAG_ACCOUNT);
2080            serializer.text(userData.account);
2081            serializer.endTag(null, TAG_ACCOUNT);
2082        }
2083
2084        if (userData.persistSeedData && userData.seedAccountOptions != null) {
2085            serializer.startTag(null, TAG_SEED_ACCOUNT_OPTIONS);
2086            userData.seedAccountOptions.saveToXml(serializer);
2087            serializer.endTag(null, TAG_SEED_ACCOUNT_OPTIONS);
2088        }
2089
2090        serializer.endTag(null, TAG_USER);
2091
2092        serializer.endDocument();
2093    }
2094
2095    /*
2096     * Writes the user list file in this format:
2097     *
2098     * <users nextSerialNumber="3">
2099     *   <user id="0"></user>
2100     *   <user id="2"></user>
2101     * </users>
2102     */
2103    private void writeUserListLP() {
2104        if (DBG) {
2105            debug("writeUserList");
2106        }
2107        FileOutputStream fos = null;
2108        AtomicFile userListFile = new AtomicFile(mUserListFile);
2109        try {
2110            fos = userListFile.startWrite();
2111            final BufferedOutputStream bos = new BufferedOutputStream(fos);
2112
2113            // XmlSerializer serializer = XmlUtils.serializerInstance();
2114            final XmlSerializer serializer = new FastXmlSerializer();
2115            serializer.setOutput(bos, StandardCharsets.UTF_8.name());
2116            serializer.startDocument(null, true);
2117            serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true);
2118
2119            serializer.startTag(null, TAG_USERS);
2120            serializer.attribute(null, ATTR_NEXT_SERIAL_NO, Integer.toString(mNextSerialNumber));
2121            serializer.attribute(null, ATTR_USER_VERSION, Integer.toString(mUserVersion));
2122
2123            serializer.startTag(null, TAG_GUEST_RESTRICTIONS);
2124            synchronized (mGuestRestrictions) {
2125                UserRestrictionsUtils
2126                        .writeRestrictions(serializer, mGuestRestrictions, TAG_RESTRICTIONS);
2127            }
2128            serializer.endTag(null, TAG_GUEST_RESTRICTIONS);
2129            serializer.startTag(null, TAG_DEVICE_OWNER_USER_ID);
2130            serializer.attribute(null, ATTR_ID, Integer.toString(mDeviceOwnerUserId));
2131            serializer.endTag(null, TAG_DEVICE_OWNER_USER_ID);
2132            int[] userIdsToWrite;
2133            synchronized (mUsersLock) {
2134                userIdsToWrite = new int[mUsers.size()];
2135                for (int i = 0; i < userIdsToWrite.length; i++) {
2136                    UserInfo user = mUsers.valueAt(i).info;
2137                    userIdsToWrite[i] = user.id;
2138                }
2139            }
2140            for (int id : userIdsToWrite) {
2141                serializer.startTag(null, TAG_USER);
2142                serializer.attribute(null, ATTR_ID, Integer.toString(id));
2143                serializer.endTag(null, TAG_USER);
2144            }
2145
2146            serializer.endTag(null, TAG_USERS);
2147
2148            serializer.endDocument();
2149            userListFile.finishWrite(fos);
2150        } catch (Exception e) {
2151            userListFile.failWrite(fos);
2152            Slog.e(LOG_TAG, "Error writing user list");
2153        }
2154    }
2155
2156    private UserData readUserLP(int id) {
2157        FileInputStream fis = null;
2158        try {
2159            AtomicFile userFile =
2160                    new AtomicFile(new File(mUsersDir, Integer.toString(id) + XML_SUFFIX));
2161            fis = userFile.openRead();
2162            return readUserLP(id, fis);
2163        } catch (IOException ioe) {
2164            Slog.e(LOG_TAG, "Error reading user list");
2165        } catch (XmlPullParserException pe) {
2166            Slog.e(LOG_TAG, "Error reading user list");
2167        } finally {
2168            IoUtils.closeQuietly(fis);
2169        }
2170        return null;
2171    }
2172
2173    @VisibleForTesting
2174    UserData readUserLP(int id, InputStream is) throws IOException,
2175            XmlPullParserException {
2176        int flags = 0;
2177        int serialNumber = id;
2178        String name = null;
2179        String account = null;
2180        String iconPath = null;
2181        long creationTime = 0L;
2182        long lastLoggedInTime = 0L;
2183        String lastLoggedInFingerprint = null;
2184        int profileGroupId = UserInfo.NO_PROFILE_GROUP_ID;
2185        int profileBadge = 0;
2186        int restrictedProfileParentId = UserInfo.NO_PROFILE_GROUP_ID;
2187        boolean partial = false;
2188        boolean guestToRemove = false;
2189        boolean persistSeedData = false;
2190        String seedAccountName = null;
2191        String seedAccountType = null;
2192        PersistableBundle seedAccountOptions = null;
2193        Bundle baseRestrictions = null;
2194        Bundle localRestrictions = null;
2195        Bundle globalRestrictions = null;
2196
2197        XmlPullParser parser = Xml.newPullParser();
2198        parser.setInput(is, StandardCharsets.UTF_8.name());
2199        int type;
2200        while ((type = parser.next()) != XmlPullParser.START_TAG
2201                && type != XmlPullParser.END_DOCUMENT) {
2202            // Skip
2203        }
2204
2205        if (type != XmlPullParser.START_TAG) {
2206            Slog.e(LOG_TAG, "Unable to read user " + id);
2207            return null;
2208        }
2209
2210        if (type == XmlPullParser.START_TAG && parser.getName().equals(TAG_USER)) {
2211            int storedId = readIntAttribute(parser, ATTR_ID, -1);
2212            if (storedId != id) {
2213                Slog.e(LOG_TAG, "User id does not match the file name");
2214                return null;
2215            }
2216            serialNumber = readIntAttribute(parser, ATTR_SERIAL_NO, id);
2217            flags = readIntAttribute(parser, ATTR_FLAGS, 0);
2218            iconPath = parser.getAttributeValue(null, ATTR_ICON_PATH);
2219            creationTime = readLongAttribute(parser, ATTR_CREATION_TIME, 0);
2220            lastLoggedInTime = readLongAttribute(parser, ATTR_LAST_LOGGED_IN_TIME, 0);
2221            lastLoggedInFingerprint = parser.getAttributeValue(null,
2222                    ATTR_LAST_LOGGED_IN_FINGERPRINT);
2223            profileGroupId = readIntAttribute(parser, ATTR_PROFILE_GROUP_ID,
2224                    UserInfo.NO_PROFILE_GROUP_ID);
2225            profileBadge = readIntAttribute(parser, ATTR_PROFILE_BADGE, 0);
2226            restrictedProfileParentId = readIntAttribute(parser,
2227                    ATTR_RESTRICTED_PROFILE_PARENT_ID, UserInfo.NO_PROFILE_GROUP_ID);
2228            String valueString = parser.getAttributeValue(null, ATTR_PARTIAL);
2229            if ("true".equals(valueString)) {
2230                partial = true;
2231            }
2232            valueString = parser.getAttributeValue(null, ATTR_GUEST_TO_REMOVE);
2233            if ("true".equals(valueString)) {
2234                guestToRemove = true;
2235            }
2236
2237            seedAccountName = parser.getAttributeValue(null, ATTR_SEED_ACCOUNT_NAME);
2238            seedAccountType = parser.getAttributeValue(null, ATTR_SEED_ACCOUNT_TYPE);
2239            if (seedAccountName != null || seedAccountType != null) {
2240                persistSeedData = true;
2241            }
2242
2243            int outerDepth = parser.getDepth();
2244            while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
2245                    && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
2246                if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
2247                    continue;
2248                }
2249                String tag = parser.getName();
2250                if (TAG_NAME.equals(tag)) {
2251                    type = parser.next();
2252                    if (type == XmlPullParser.TEXT) {
2253                        name = parser.getText();
2254                    }
2255                } else if (TAG_RESTRICTIONS.equals(tag)) {
2256                    baseRestrictions = UserRestrictionsUtils.readRestrictions(parser);
2257                } else if (TAG_DEVICE_POLICY_RESTRICTIONS.equals(tag)) {
2258                    localRestrictions = UserRestrictionsUtils.readRestrictions(parser);
2259                } else if (TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS.equals(tag)) {
2260                    globalRestrictions = UserRestrictionsUtils.readRestrictions(parser);
2261                } else if (TAG_ACCOUNT.equals(tag)) {
2262                    type = parser.next();
2263                    if (type == XmlPullParser.TEXT) {
2264                        account = parser.getText();
2265                    }
2266                } else if (TAG_SEED_ACCOUNT_OPTIONS.equals(tag)) {
2267                    seedAccountOptions = PersistableBundle.restoreFromXml(parser);
2268                    persistSeedData = true;
2269                }
2270            }
2271        }
2272
2273        // Create the UserInfo object that gets passed around
2274        UserInfo userInfo = new UserInfo(id, name, iconPath, flags);
2275        userInfo.serialNumber = serialNumber;
2276        userInfo.creationTime = creationTime;
2277        userInfo.lastLoggedInTime = lastLoggedInTime;
2278        userInfo.lastLoggedInFingerprint = lastLoggedInFingerprint;
2279        userInfo.partial = partial;
2280        userInfo.guestToRemove = guestToRemove;
2281        userInfo.profileGroupId = profileGroupId;
2282        userInfo.profileBadge = profileBadge;
2283        userInfo.restrictedProfileParentId = restrictedProfileParentId;
2284
2285        // Create the UserData object that's internal to this class
2286        UserData userData = new UserData();
2287        userData.info = userInfo;
2288        userData.account = account;
2289        userData.seedAccountName = seedAccountName;
2290        userData.seedAccountType = seedAccountType;
2291        userData.persistSeedData = persistSeedData;
2292        userData.seedAccountOptions = seedAccountOptions;
2293
2294        synchronized (mRestrictionsLock) {
2295            if (baseRestrictions != null) {
2296                mBaseUserRestrictions.put(id, baseRestrictions);
2297            }
2298            if (localRestrictions != null) {
2299                mDevicePolicyLocalUserRestrictions.put(id, localRestrictions);
2300            }
2301            if (globalRestrictions != null) {
2302                mDevicePolicyGlobalUserRestrictions.put(id, globalRestrictions);
2303            }
2304        }
2305        return userData;
2306    }
2307
2308    private int readIntAttribute(XmlPullParser parser, String attr, int defaultValue) {
2309        String valueString = parser.getAttributeValue(null, attr);
2310        if (valueString == null) return defaultValue;
2311        try {
2312            return Integer.parseInt(valueString);
2313        } catch (NumberFormatException nfe) {
2314            return defaultValue;
2315        }
2316    }
2317
2318    private long readLongAttribute(XmlPullParser parser, String attr, long defaultValue) {
2319        String valueString = parser.getAttributeValue(null, attr);
2320        if (valueString == null) return defaultValue;
2321        try {
2322            return Long.parseLong(valueString);
2323        } catch (NumberFormatException nfe) {
2324            return defaultValue;
2325        }
2326    }
2327
2328    /**
2329     * Removes the app restrictions file for a specific package and user id, if it exists.
2330     */
2331    private void cleanAppRestrictionsForPackage(String pkg, int userId) {
2332        synchronized (mPackagesLock) {
2333            File dir = Environment.getUserSystemDirectory(userId);
2334            File resFile = new File(dir, packageToRestrictionsFileName(pkg));
2335            if (resFile.exists()) {
2336                resFile.delete();
2337            }
2338        }
2339    }
2340
2341    @Override
2342    public UserInfo createProfileForUser(String name, int flags, int userId,
2343            String[] disallowedPackages) {
2344        checkManageOrCreateUsersPermission(flags);
2345        return createUserInternal(name, flags, userId, disallowedPackages);
2346    }
2347
2348    @Override
2349    public UserInfo createProfileForUserEvenWhenDisallowed(String name, int flags, int userId,
2350            String[] disallowedPackages) {
2351        checkManageOrCreateUsersPermission(flags);
2352        return createUserInternalUnchecked(name, flags, userId, disallowedPackages);
2353    }
2354
2355    @Override
2356    public boolean removeUserEvenWhenDisallowed(@UserIdInt int userHandle) {
2357        checkManageOrCreateUsersPermission("Only the system can remove users");
2358        return removeUserUnchecked(userHandle);
2359    }
2360
2361    @Override
2362    public UserInfo createUser(String name, int flags) {
2363        checkManageOrCreateUsersPermission(flags);
2364        return createUserInternal(name, flags, UserHandle.USER_NULL);
2365    }
2366
2367    private UserInfo createUserInternal(String name, int flags, int parentId) {
2368        return createUserInternal(name, flags, parentId, null);
2369    }
2370
2371    private UserInfo createUserInternal(String name, int flags, int parentId,
2372            String[] disallowedPackages) {
2373        String restriction = ((flags & UserInfo.FLAG_MANAGED_PROFILE) != 0)
2374                ? UserManager.DISALLOW_ADD_MANAGED_PROFILE
2375                : UserManager.DISALLOW_ADD_USER;
2376        if (hasUserRestriction(restriction, UserHandle.getCallingUserId())) {
2377            Log.w(LOG_TAG, "Cannot add user. " + restriction + " is enabled.");
2378            return null;
2379        }
2380        return createUserInternalUnchecked(name, flags, parentId, disallowedPackages);
2381    }
2382
2383    private UserInfo createUserInternalUnchecked(String name, int flags, int parentId,
2384            String[] disallowedPackages) {
2385        DeviceStorageMonitorInternal dsm = LocalServices
2386                .getService(DeviceStorageMonitorInternal.class);
2387        if (dsm.isMemoryLow()) {
2388            Log.w(LOG_TAG, "Cannot add user. Not enough space on disk.");
2389            return null;
2390        }
2391        if (ActivityManager.isLowRamDeviceStatic()) {
2392            return null;
2393        }
2394        final boolean isGuest = (flags & UserInfo.FLAG_GUEST) != 0;
2395        final boolean isManagedProfile = (flags & UserInfo.FLAG_MANAGED_PROFILE) != 0;
2396        final boolean isRestricted = (flags & UserInfo.FLAG_RESTRICTED) != 0;
2397        final boolean isDemo = (flags & UserInfo.FLAG_DEMO) != 0;
2398        final long ident = Binder.clearCallingIdentity();
2399        UserInfo userInfo;
2400        UserData userData;
2401        final int userId;
2402        try {
2403            synchronized (mPackagesLock) {
2404                UserData parent = null;
2405                if (parentId != UserHandle.USER_NULL) {
2406                    synchronized (mUsersLock) {
2407                        parent = getUserDataLU(parentId);
2408                    }
2409                    if (parent == null) return null;
2410                }
2411                if (isManagedProfile && !canAddMoreManagedProfiles(parentId, false)) {
2412                    Log.e(LOG_TAG, "Cannot add more managed profiles for user " + parentId);
2413                    return null;
2414                }
2415                if (!isGuest && !isManagedProfile && !isDemo && isUserLimitReached()) {
2416                    // If we're not adding a guest/demo user or a managed profile and the limit has
2417                    // been reached, cannot add a user.
2418                    return null;
2419                }
2420                // If we're adding a guest and there already exists one, bail.
2421                if (isGuest && findCurrentGuestUser() != null) {
2422                    return null;
2423                }
2424                // In legacy mode, restricted profile's parent can only be the owner user
2425                if (isRestricted && !UserManager.isSplitSystemUser()
2426                        && (parentId != UserHandle.USER_SYSTEM)) {
2427                    Log.w(LOG_TAG, "Cannot add restricted profile - parent user must be owner");
2428                    return null;
2429                }
2430                if (isRestricted && UserManager.isSplitSystemUser()) {
2431                    if (parent == null) {
2432                        Log.w(LOG_TAG, "Cannot add restricted profile - parent user must be "
2433                                + "specified");
2434                        return null;
2435                    }
2436                    if (!parent.info.canHaveProfile()) {
2437                        Log.w(LOG_TAG, "Cannot add restricted profile - profiles cannot be "
2438                                + "created for the specified parent user id " + parentId);
2439                        return null;
2440                    }
2441                }
2442                if (!UserManager.isSplitSystemUser() && (flags & UserInfo.FLAG_EPHEMERAL) != 0
2443                        && (flags & UserInfo.FLAG_DEMO) == 0) {
2444                    Log.e(LOG_TAG,
2445                            "Ephemeral users are supported on split-system-user systems only.");
2446                    return null;
2447                }
2448                // In split system user mode, we assign the first human user the primary flag.
2449                // And if there is no device owner, we also assign the admin flag to primary user.
2450                if (UserManager.isSplitSystemUser()
2451                        && !isGuest && !isManagedProfile && getPrimaryUser() == null) {
2452                    flags |= UserInfo.FLAG_PRIMARY;
2453                    synchronized (mUsersLock) {
2454                        if (!mIsDeviceManaged) {
2455                            flags |= UserInfo.FLAG_ADMIN;
2456                        }
2457                    }
2458                }
2459
2460                userId = getNextAvailableId();
2461                Environment.getUserSystemDirectory(userId).mkdirs();
2462                boolean ephemeralGuests = Resources.getSystem()
2463                        .getBoolean(com.android.internal.R.bool.config_guestUserEphemeral);
2464
2465                synchronized (mUsersLock) {
2466                    // Add ephemeral flag to guests/users if required. Also inherit it from parent.
2467                    if ((isGuest && ephemeralGuests) || mForceEphemeralUsers
2468                            || (parent != null && parent.info.isEphemeral())) {
2469                        flags |= UserInfo.FLAG_EPHEMERAL;
2470                    }
2471
2472                    userInfo = new UserInfo(userId, name, null, flags);
2473                    userInfo.serialNumber = mNextSerialNumber++;
2474                    long now = System.currentTimeMillis();
2475                    userInfo.creationTime = (now > EPOCH_PLUS_30_YEARS) ? now : 0;
2476                    userInfo.partial = true;
2477                    userInfo.lastLoggedInFingerprint = Build.FINGERPRINT;
2478                    if (isManagedProfile && parentId != UserHandle.USER_NULL) {
2479                        userInfo.profileBadge = getFreeProfileBadgeLU(parentId);
2480                    }
2481                    userData = new UserData();
2482                    userData.info = userInfo;
2483                    mUsers.put(userId, userData);
2484                }
2485                writeUserLP(userData);
2486                writeUserListLP();
2487                if (parent != null) {
2488                    if (isManagedProfile) {
2489                        if (parent.info.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID) {
2490                            parent.info.profileGroupId = parent.info.id;
2491                            writeUserLP(parent);
2492                        }
2493                        userInfo.profileGroupId = parent.info.profileGroupId;
2494                    } else if (isRestricted) {
2495                        if (parent.info.restrictedProfileParentId == UserInfo.NO_PROFILE_GROUP_ID) {
2496                            parent.info.restrictedProfileParentId = parent.info.id;
2497                            writeUserLP(parent);
2498                        }
2499                        userInfo.restrictedProfileParentId = parent.info.restrictedProfileParentId;
2500                    }
2501                }
2502            }
2503            final StorageManager storage = mContext.getSystemService(StorageManager.class);
2504            storage.createUserKey(userId, userInfo.serialNumber, userInfo.isEphemeral());
2505            mUserDataPreparer.prepareUserData(userId, userInfo.serialNumber,
2506                    StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE);
2507            mPm.createNewUser(userId, disallowedPackages);
2508            userInfo.partial = false;
2509            synchronized (mPackagesLock) {
2510                writeUserLP(userData);
2511            }
2512            updateUserIds();
2513            Bundle restrictions = new Bundle();
2514            if (isGuest) {
2515                synchronized (mGuestRestrictions) {
2516                    restrictions.putAll(mGuestRestrictions);
2517                }
2518            }
2519            synchronized (mRestrictionsLock) {
2520                mBaseUserRestrictions.append(userId, restrictions);
2521            }
2522            mPm.onNewUserCreated(userId);
2523            Intent addedIntent = new Intent(Intent.ACTION_USER_ADDED);
2524            addedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
2525            mContext.sendBroadcastAsUser(addedIntent, UserHandle.ALL,
2526                    android.Manifest.permission.MANAGE_USERS);
2527            MetricsLogger.count(mContext, isGuest ? TRON_GUEST_CREATED
2528                    : (isDemo ? TRON_DEMO_CREATED : TRON_USER_CREATED), 1);
2529        } finally {
2530            Binder.restoreCallingIdentity(ident);
2531        }
2532        return userInfo;
2533    }
2534
2535    @VisibleForTesting
2536    UserData putUserInfo(UserInfo userInfo) {
2537        final UserData userData = new UserData();
2538        userData.info = userInfo;
2539        synchronized (mUsers) {
2540            mUsers.put(userInfo.id, userData);
2541        }
2542        return userData;
2543    }
2544
2545    @VisibleForTesting
2546    void removeUserInfo(int userId) {
2547        synchronized (mUsers) {
2548            mUsers.remove(userId);
2549        }
2550    }
2551
2552    /**
2553     * @hide
2554     */
2555    @Override
2556    public UserInfo createRestrictedProfile(String name, int parentUserId) {
2557        checkManageOrCreateUsersPermission("setupRestrictedProfile");
2558        final UserInfo user = createProfileForUser(
2559                name, UserInfo.FLAG_RESTRICTED, parentUserId, null);
2560        if (user == null) {
2561            return null;
2562        }
2563        long identity = Binder.clearCallingIdentity();
2564        try {
2565            setUserRestriction(UserManager.DISALLOW_MODIFY_ACCOUNTS, true, user.id);
2566            // Change the setting before applying the DISALLOW_SHARE_LOCATION restriction, otherwise
2567            // the putIntForUser() will fail.
2568            android.provider.Settings.Secure.putIntForUser(mContext.getContentResolver(),
2569                    android.provider.Settings.Secure.LOCATION_MODE,
2570                    android.provider.Settings.Secure.LOCATION_MODE_OFF, user.id);
2571            setUserRestriction(UserManager.DISALLOW_SHARE_LOCATION, true, user.id);
2572        } finally {
2573            Binder.restoreCallingIdentity(identity);
2574        }
2575        return user;
2576    }
2577
2578    /**
2579     * Find the current guest user. If the Guest user is partial,
2580     * then do not include it in the results as it is about to die.
2581     */
2582    private UserInfo findCurrentGuestUser() {
2583        synchronized (mUsersLock) {
2584            final int size = mUsers.size();
2585            for (int i = 0; i < size; i++) {
2586                final UserInfo user = mUsers.valueAt(i).info;
2587                if (user.isGuest() && !user.guestToRemove && !mRemovingUserIds.get(user.id)) {
2588                    return user;
2589                }
2590            }
2591        }
2592        return null;
2593    }
2594
2595    /**
2596     * Mark this guest user for deletion to allow us to create another guest
2597     * and switch to that user before actually removing this guest.
2598     * @param userHandle the userid of the current guest
2599     * @return whether the user could be marked for deletion
2600     */
2601    @Override
2602    public boolean markGuestForDeletion(int userHandle) {
2603        checkManageUsersPermission("Only the system can remove users");
2604        if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(
2605                UserManager.DISALLOW_REMOVE_USER, false)) {
2606            Log.w(LOG_TAG, "Cannot remove user. DISALLOW_REMOVE_USER is enabled.");
2607            return false;
2608        }
2609
2610        long ident = Binder.clearCallingIdentity();
2611        try {
2612            final UserData userData;
2613            synchronized (mPackagesLock) {
2614                synchronized (mUsersLock) {
2615                    userData = mUsers.get(userHandle);
2616                    if (userHandle == 0 || userData == null || mRemovingUserIds.get(userHandle)) {
2617                        return false;
2618                    }
2619                }
2620                if (!userData.info.isGuest()) {
2621                    return false;
2622                }
2623                // We set this to a guest user that is to be removed. This is a temporary state
2624                // where we are allowed to add new Guest users, even if this one is still not
2625                // removed. This user will still show up in getUserInfo() calls.
2626                // If we don't get around to removing this Guest user, it will be purged on next
2627                // startup.
2628                userData.info.guestToRemove = true;
2629                // Mark it as disabled, so that it isn't returned any more when
2630                // profiles are queried.
2631                userData.info.flags |= UserInfo.FLAG_DISABLED;
2632                writeUserLP(userData);
2633            }
2634        } finally {
2635            Binder.restoreCallingIdentity(ident);
2636        }
2637        return true;
2638    }
2639
2640    /**
2641     * Removes a user and all data directories created for that user. This method should be called
2642     * after the user's processes have been terminated.
2643     * @param userHandle the user's id
2644     */
2645    @Override
2646    public boolean removeUser(int userHandle) {
2647        Slog.i(LOG_TAG, "removeUser u" + userHandle);
2648        checkManageOrCreateUsersPermission("Only the system can remove users");
2649
2650        final boolean isManagedProfile;
2651        synchronized (mUsersLock) {
2652            UserInfo userInfo = getUserInfoLU(userHandle);
2653            isManagedProfile = userInfo != null && userInfo.isManagedProfile();
2654        }
2655        String restriction = isManagedProfile
2656                ? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE : UserManager.DISALLOW_REMOVE_USER;
2657        if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(restriction, false)) {
2658            Log.w(LOG_TAG, "Cannot remove user. " + restriction + " is enabled.");
2659            return false;
2660        }
2661        return removeUserUnchecked(userHandle);
2662    }
2663
2664    private boolean removeUserUnchecked(int userHandle) {
2665        long ident = Binder.clearCallingIdentity();
2666        try {
2667            final UserData userData;
2668            int currentUser = ActivityManager.getCurrentUser();
2669            if (currentUser == userHandle) {
2670                Log.w(LOG_TAG, "Current user cannot be removed");
2671                return false;
2672            }
2673            synchronized (mPackagesLock) {
2674                synchronized (mUsersLock) {
2675                    userData = mUsers.get(userHandle);
2676                    if (userHandle == 0 || userData == null || mRemovingUserIds.get(userHandle)) {
2677                        return false;
2678                    }
2679
2680                    addRemovingUserIdLocked(userHandle);
2681                }
2682
2683                try {
2684                    mAppOpsService.removeUser(userHandle);
2685                } catch (RemoteException e) {
2686                    Log.w(LOG_TAG, "Unable to notify AppOpsService of removing user", e);
2687                }
2688                // Set this to a partially created user, so that the user will be purged
2689                // on next startup, in case the runtime stops now before stopping and
2690                // removing the user completely.
2691                userData.info.partial = true;
2692                // Mark it as disabled, so that it isn't returned any more when
2693                // profiles are queried.
2694                userData.info.flags |= UserInfo.FLAG_DISABLED;
2695                writeUserLP(userData);
2696            }
2697
2698            if (userData.info.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID
2699                    && userData.info.isManagedProfile()) {
2700                // Send broadcast to notify system that the user removed was a
2701                // managed user.
2702                sendProfileRemovedBroadcast(userData.info.profileGroupId, userData.info.id);
2703            }
2704
2705            if (DBG) Slog.i(LOG_TAG, "Stopping user " + userHandle);
2706            int res;
2707            try {
2708                res = ActivityManager.getService().stopUser(userHandle, /* force= */ true,
2709                new IStopUserCallback.Stub() {
2710                            @Override
2711                            public void userStopped(int userId) {
2712                                finishRemoveUser(userId);
2713                            }
2714                            @Override
2715                            public void userStopAborted(int userId) {
2716                            }
2717                        });
2718            } catch (RemoteException e) {
2719                return false;
2720            }
2721            return res == ActivityManager.USER_OP_SUCCESS;
2722        } finally {
2723            Binder.restoreCallingIdentity(ident);
2724        }
2725    }
2726
2727    @VisibleForTesting
2728    void addRemovingUserIdLocked(int userId) {
2729        // We remember deleted user IDs to prevent them from being
2730        // reused during the current boot; they can still be reused
2731        // after a reboot or recycling of userIds.
2732        mRemovingUserIds.put(userId, true);
2733        mRecentlyRemovedIds.add(userId);
2734        // Keep LRU queue of recently removed IDs for recycling
2735        if (mRecentlyRemovedIds.size() > MAX_RECENTLY_REMOVED_IDS_SIZE) {
2736            mRecentlyRemovedIds.removeFirst();
2737        }
2738    }
2739
2740    void finishRemoveUser(final int userHandle) {
2741        if (DBG) Slog.i(LOG_TAG, "finishRemoveUser " + userHandle);
2742        // Let other services shutdown any activity and clean up their state before completely
2743        // wiping the user's system directory and removing from the user list
2744        long ident = Binder.clearCallingIdentity();
2745        try {
2746            Intent addedIntent = new Intent(Intent.ACTION_USER_REMOVED);
2747            addedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userHandle);
2748            mContext.sendOrderedBroadcastAsUser(addedIntent, UserHandle.ALL,
2749                    android.Manifest.permission.MANAGE_USERS,
2750
2751                    new BroadcastReceiver() {
2752                        @Override
2753                        public void onReceive(Context context, Intent intent) {
2754                            if (DBG) {
2755                                Slog.i(LOG_TAG,
2756                                        "USER_REMOVED broadcast sent, cleaning up user data "
2757                                        + userHandle);
2758                            }
2759                            new Thread() {
2760                                @Override
2761                                public void run() {
2762                                    // Clean up any ActivityManager state
2763                                    LocalServices.getService(ActivityManagerInternal.class)
2764                                            .onUserRemoved(userHandle);
2765                                    removeUserState(userHandle);
2766                                }
2767                            }.start();
2768                        }
2769                    },
2770
2771                    null, Activity.RESULT_OK, null, null);
2772        } finally {
2773            Binder.restoreCallingIdentity(ident);
2774        }
2775    }
2776
2777    private void removeUserState(final int userHandle) {
2778        try {
2779            mContext.getSystemService(StorageManager.class).destroyUserKey(userHandle);
2780        } catch (IllegalStateException e) {
2781            // This may be simply because the user was partially created.
2782            Slog.i(LOG_TAG,
2783                "Destroying key for user " + userHandle + " failed, continuing anyway", e);
2784        }
2785
2786        // Cleanup gatekeeper secure user id
2787        try {
2788            final IGateKeeperService gk = GateKeeper.getService();
2789            if (gk != null) {
2790                gk.clearSecureUserId(userHandle);
2791            }
2792        } catch (Exception ex) {
2793            Slog.w(LOG_TAG, "unable to clear GK secure user id");
2794        }
2795
2796        // Cleanup package manager settings
2797        mPm.cleanUpUser(this, userHandle);
2798
2799        // Clean up all data before removing metadata
2800        mUserDataPreparer.destroyUserData(userHandle,
2801                StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE);
2802
2803        // Remove this user from the list
2804        synchronized (mUsersLock) {
2805            mUsers.remove(userHandle);
2806            mIsUserManaged.delete(userHandle);
2807        }
2808        synchronized (mUserStates) {
2809            mUserStates.delete(userHandle);
2810        }
2811        synchronized (mRestrictionsLock) {
2812            mBaseUserRestrictions.remove(userHandle);
2813            mAppliedUserRestrictions.remove(userHandle);
2814            mCachedEffectiveUserRestrictions.remove(userHandle);
2815            mDevicePolicyLocalUserRestrictions.remove(userHandle);
2816            if (mDevicePolicyGlobalUserRestrictions.get(userHandle) != null) {
2817                mDevicePolicyGlobalUserRestrictions.remove(userHandle);
2818                applyUserRestrictionsForAllUsersLR();
2819            }
2820        }
2821        // Update the user list
2822        synchronized (mPackagesLock) {
2823            writeUserListLP();
2824        }
2825        // Remove user file
2826        AtomicFile userFile = new AtomicFile(new File(mUsersDir, userHandle + XML_SUFFIX));
2827        userFile.delete();
2828        updateUserIds();
2829        if (RELEASE_DELETED_USER_ID) {
2830            synchronized (mUsers) {
2831                mRemovingUserIds.delete(userHandle);
2832            }
2833        }
2834    }
2835
2836    private void sendProfileRemovedBroadcast(int parentUserId, int removedUserId) {
2837        Intent managedProfileIntent = new Intent(Intent.ACTION_MANAGED_PROFILE_REMOVED);
2838        managedProfileIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY |
2839                Intent.FLAG_RECEIVER_FOREGROUND);
2840        managedProfileIntent.putExtra(Intent.EXTRA_USER, new UserHandle(removedUserId));
2841        managedProfileIntent.putExtra(Intent.EXTRA_USER_HANDLE, removedUserId);
2842        mContext.sendBroadcastAsUser(managedProfileIntent, new UserHandle(parentUserId), null);
2843    }
2844
2845    @Override
2846    public Bundle getApplicationRestrictions(String packageName) {
2847        return getApplicationRestrictionsForUser(packageName, UserHandle.getCallingUserId());
2848    }
2849
2850    @Override
2851    public Bundle getApplicationRestrictionsForUser(String packageName, int userId) {
2852        if (UserHandle.getCallingUserId() != userId
2853                || !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) {
2854            checkSystemOrRoot("get application restrictions for other user/app " + packageName);
2855        }
2856        synchronized (mPackagesLock) {
2857            // Read the restrictions from XML
2858            return readApplicationRestrictionsLP(packageName, userId);
2859        }
2860    }
2861
2862    @Override
2863    public void setApplicationRestrictions(String packageName, Bundle restrictions,
2864            int userId) {
2865        checkSystemOrRoot("set application restrictions");
2866        if (restrictions != null) {
2867            restrictions.setDefusable(true);
2868        }
2869        synchronized (mPackagesLock) {
2870            if (restrictions == null || restrictions.isEmpty()) {
2871                cleanAppRestrictionsForPackage(packageName, userId);
2872            } else {
2873                // Write the restrictions to XML
2874                writeApplicationRestrictionsLP(packageName, restrictions, userId);
2875            }
2876        }
2877
2878        // Notify package of changes via an intent - only sent to explicitly registered receivers.
2879        Intent changeIntent = new Intent(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED);
2880        changeIntent.setPackage(packageName);
2881        changeIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
2882        mContext.sendBroadcastAsUser(changeIntent, UserHandle.of(userId));
2883    }
2884
2885    private int getUidForPackage(String packageName) {
2886        long ident = Binder.clearCallingIdentity();
2887        try {
2888            return mContext.getPackageManager().getApplicationInfo(packageName,
2889                    PackageManager.MATCH_ANY_USER).uid;
2890        } catch (NameNotFoundException nnfe) {
2891            return -1;
2892        } finally {
2893            Binder.restoreCallingIdentity(ident);
2894        }
2895    }
2896
2897    private Bundle readApplicationRestrictionsLP(String packageName, int userId) {
2898        AtomicFile restrictionsFile =
2899                new AtomicFile(new File(Environment.getUserSystemDirectory(userId),
2900                        packageToRestrictionsFileName(packageName)));
2901        return readApplicationRestrictionsLP(restrictionsFile);
2902    }
2903
2904    @VisibleForTesting
2905    static Bundle readApplicationRestrictionsLP(AtomicFile restrictionsFile) {
2906        final Bundle restrictions = new Bundle();
2907        final ArrayList<String> values = new ArrayList<>();
2908        if (!restrictionsFile.getBaseFile().exists()) {
2909            return restrictions;
2910        }
2911
2912        FileInputStream fis = null;
2913        try {
2914            fis = restrictionsFile.openRead();
2915            XmlPullParser parser = Xml.newPullParser();
2916            parser.setInput(fis, StandardCharsets.UTF_8.name());
2917            XmlUtils.nextElement(parser);
2918            if (parser.getEventType() != XmlPullParser.START_TAG) {
2919                Slog.e(LOG_TAG, "Unable to read restrictions file "
2920                        + restrictionsFile.getBaseFile());
2921                return restrictions;
2922            }
2923            while (parser.next() != XmlPullParser.END_DOCUMENT) {
2924                readEntry(restrictions, values, parser);
2925            }
2926        } catch (IOException|XmlPullParserException e) {
2927            Log.w(LOG_TAG, "Error parsing " + restrictionsFile.getBaseFile(), e);
2928        } finally {
2929            IoUtils.closeQuietly(fis);
2930        }
2931        return restrictions;
2932    }
2933
2934    private static void readEntry(Bundle restrictions, ArrayList<String> values,
2935            XmlPullParser parser) throws XmlPullParserException, IOException {
2936        int type = parser.getEventType();
2937        if (type == XmlPullParser.START_TAG && parser.getName().equals(TAG_ENTRY)) {
2938            String key = parser.getAttributeValue(null, ATTR_KEY);
2939            String valType = parser.getAttributeValue(null, ATTR_VALUE_TYPE);
2940            String multiple = parser.getAttributeValue(null, ATTR_MULTIPLE);
2941            if (multiple != null) {
2942                values.clear();
2943                int count = Integer.parseInt(multiple);
2944                while (count > 0 && (type = parser.next()) != XmlPullParser.END_DOCUMENT) {
2945                    if (type == XmlPullParser.START_TAG
2946                            && parser.getName().equals(TAG_VALUE)) {
2947                        values.add(parser.nextText().trim());
2948                        count--;
2949                    }
2950                }
2951                String [] valueStrings = new String[values.size()];
2952                values.toArray(valueStrings);
2953                restrictions.putStringArray(key, valueStrings);
2954            } else if (ATTR_TYPE_BUNDLE.equals(valType)) {
2955                restrictions.putBundle(key, readBundleEntry(parser, values));
2956            } else if (ATTR_TYPE_BUNDLE_ARRAY.equals(valType)) {
2957                final int outerDepth = parser.getDepth();
2958                ArrayList<Bundle> bundleList = new ArrayList<>();
2959                while (XmlUtils.nextElementWithin(parser, outerDepth)) {
2960                    Bundle childBundle = readBundleEntry(parser, values);
2961                    bundleList.add(childBundle);
2962                }
2963                restrictions.putParcelableArray(key,
2964                        bundleList.toArray(new Bundle[bundleList.size()]));
2965            } else {
2966                String value = parser.nextText().trim();
2967                if (ATTR_TYPE_BOOLEAN.equals(valType)) {
2968                    restrictions.putBoolean(key, Boolean.parseBoolean(value));
2969                } else if (ATTR_TYPE_INTEGER.equals(valType)) {
2970                    restrictions.putInt(key, Integer.parseInt(value));
2971                } else {
2972                    restrictions.putString(key, value);
2973                }
2974            }
2975        }
2976    }
2977
2978    private static Bundle readBundleEntry(XmlPullParser parser, ArrayList<String> values)
2979            throws IOException, XmlPullParserException {
2980        Bundle childBundle = new Bundle();
2981        final int outerDepth = parser.getDepth();
2982        while (XmlUtils.nextElementWithin(parser, outerDepth)) {
2983            readEntry(childBundle, values, parser);
2984        }
2985        return childBundle;
2986    }
2987
2988    private void writeApplicationRestrictionsLP(String packageName,
2989            Bundle restrictions, int userId) {
2990        AtomicFile restrictionsFile = new AtomicFile(
2991                new File(Environment.getUserSystemDirectory(userId),
2992                        packageToRestrictionsFileName(packageName)));
2993        writeApplicationRestrictionsLP(restrictions, restrictionsFile);
2994    }
2995
2996    @VisibleForTesting
2997    static void writeApplicationRestrictionsLP(Bundle restrictions, AtomicFile restrictionsFile) {
2998        FileOutputStream fos = null;
2999        try {
3000            fos = restrictionsFile.startWrite();
3001            final BufferedOutputStream bos = new BufferedOutputStream(fos);
3002
3003            final XmlSerializer serializer = new FastXmlSerializer();
3004            serializer.setOutput(bos, StandardCharsets.UTF_8.name());
3005            serializer.startDocument(null, true);
3006            serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true);
3007
3008            serializer.startTag(null, TAG_RESTRICTIONS);
3009            writeBundle(restrictions, serializer);
3010            serializer.endTag(null, TAG_RESTRICTIONS);
3011
3012            serializer.endDocument();
3013            restrictionsFile.finishWrite(fos);
3014        } catch (Exception e) {
3015            restrictionsFile.failWrite(fos);
3016            Slog.e(LOG_TAG, "Error writing application restrictions list", e);
3017        }
3018    }
3019
3020    private static void writeBundle(Bundle restrictions, XmlSerializer serializer)
3021            throws IOException {
3022        for (String key : restrictions.keySet()) {
3023            Object value = restrictions.get(key);
3024            serializer.startTag(null, TAG_ENTRY);
3025            serializer.attribute(null, ATTR_KEY, key);
3026
3027            if (value instanceof Boolean) {
3028                serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BOOLEAN);
3029                serializer.text(value.toString());
3030            } else if (value instanceof Integer) {
3031                serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_INTEGER);
3032                serializer.text(value.toString());
3033            } else if (value == null || value instanceof String) {
3034                serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_STRING);
3035                serializer.text(value != null ? (String) value : "");
3036            } else if (value instanceof Bundle) {
3037                serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BUNDLE);
3038                writeBundle((Bundle) value, serializer);
3039            } else if (value instanceof Parcelable[]) {
3040                serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BUNDLE_ARRAY);
3041                Parcelable[] array = (Parcelable[]) value;
3042                for (Parcelable parcelable : array) {
3043                    if (!(parcelable instanceof Bundle)) {
3044                        throw new IllegalArgumentException("bundle-array can only hold Bundles");
3045                    }
3046                    serializer.startTag(null, TAG_ENTRY);
3047                    serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BUNDLE);
3048                    writeBundle((Bundle) parcelable, serializer);
3049                    serializer.endTag(null, TAG_ENTRY);
3050                }
3051            } else {
3052                serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_STRING_ARRAY);
3053                String[] values = (String[]) value;
3054                serializer.attribute(null, ATTR_MULTIPLE, Integer.toString(values.length));
3055                for (String choice : values) {
3056                    serializer.startTag(null, TAG_VALUE);
3057                    serializer.text(choice != null ? choice : "");
3058                    serializer.endTag(null, TAG_VALUE);
3059                }
3060            }
3061            serializer.endTag(null, TAG_ENTRY);
3062        }
3063    }
3064
3065    @Override
3066    public int getUserSerialNumber(int userHandle) {
3067        synchronized (mUsersLock) {
3068            if (!exists(userHandle)) return -1;
3069            return getUserInfoLU(userHandle).serialNumber;
3070        }
3071    }
3072
3073    @Override
3074    public boolean isUserNameSet(int userHandle) {
3075        synchronized (mUsersLock) {
3076            UserInfo userInfo = getUserInfoLU(userHandle);
3077            return userInfo != null && userInfo.name != null;
3078        }
3079    }
3080
3081    @Override
3082    public int getUserHandle(int userSerialNumber) {
3083        synchronized (mUsersLock) {
3084            for (int userId : mUserIds) {
3085                UserInfo info = getUserInfoLU(userId);
3086                if (info != null && info.serialNumber == userSerialNumber) return userId;
3087            }
3088            // Not found
3089            return -1;
3090        }
3091    }
3092
3093    @Override
3094    public long getUserCreationTime(int userHandle) {
3095        int callingUserId = UserHandle.getCallingUserId();
3096        UserInfo userInfo = null;
3097        synchronized (mUsersLock) {
3098            if (callingUserId == userHandle) {
3099                userInfo = getUserInfoLU(userHandle);
3100            } else {
3101                UserInfo parent = getProfileParentLU(userHandle);
3102                if (parent != null && parent.id == callingUserId) {
3103                    userInfo = getUserInfoLU(userHandle);
3104                }
3105            }
3106        }
3107        if (userInfo == null) {
3108            throw new SecurityException("userHandle can only be the calling user or a managed "
3109                    + "profile associated with this user");
3110        }
3111        return userInfo.creationTime;
3112    }
3113
3114    /**
3115     * Caches the list of user ids in an array, adjusting the array size when necessary.
3116     */
3117    private void updateUserIds() {
3118        int num = 0;
3119        synchronized (mUsersLock) {
3120            final int userSize = mUsers.size();
3121            for (int i = 0; i < userSize; i++) {
3122                if (!mUsers.valueAt(i).info.partial) {
3123                    num++;
3124                }
3125            }
3126            final int[] newUsers = new int[num];
3127            int n = 0;
3128            for (int i = 0; i < userSize; i++) {
3129                if (!mUsers.valueAt(i).info.partial) {
3130                    newUsers[n++] = mUsers.keyAt(i);
3131                }
3132            }
3133            mUserIds = newUsers;
3134        }
3135    }
3136
3137    /**
3138     * Called right before a user is started. This gives us a chance to prepare
3139     * app storage and apply any user restrictions.
3140     */
3141    public void onBeforeStartUser(int userId) {
3142        UserInfo userInfo = getUserInfo(userId);
3143        if (userInfo == null) {
3144            return;
3145        }
3146        final int userSerial = userInfo.serialNumber;
3147        // Migrate only if build fingerprints mismatch
3148        boolean migrateAppsData = !Build.FINGERPRINT.equals(userInfo.lastLoggedInFingerprint);
3149        mUserDataPreparer.prepareUserData(userId, userSerial, StorageManager.FLAG_STORAGE_DE);
3150        mPm.reconcileAppsData(userId, StorageManager.FLAG_STORAGE_DE, migrateAppsData);
3151
3152        if (userId != UserHandle.USER_SYSTEM) {
3153            synchronized (mRestrictionsLock) {
3154                applyUserRestrictionsLR(userId);
3155            }
3156        }
3157    }
3158
3159    /**
3160     * Called right before a user is unlocked. This gives us a chance to prepare
3161     * app storage.
3162     */
3163    public void onBeforeUnlockUser(@UserIdInt int userId) {
3164        UserInfo userInfo = getUserInfo(userId);
3165        if (userInfo == null) {
3166            return;
3167        }
3168        final int userSerial = userInfo.serialNumber;
3169        // Migrate only if build fingerprints mismatch
3170        boolean migrateAppsData = !Build.FINGERPRINT.equals(userInfo.lastLoggedInFingerprint);
3171        mUserDataPreparer.prepareUserData(userId, userSerial, StorageManager.FLAG_STORAGE_CE);
3172        mPm.reconcileAppsData(userId, StorageManager.FLAG_STORAGE_CE, migrateAppsData);
3173    }
3174
3175    /**
3176     * Examine all users present on given mounted volume, and destroy data
3177     * belonging to users that are no longer valid, or whose user ID has been
3178     * recycled.
3179     */
3180    void reconcileUsers(String volumeUuid) {
3181        mUserDataPreparer.reconcileUsers(volumeUuid, getUsers(true /* excludeDying */));
3182    }
3183
3184    /**
3185     * Make a note of the last started time of a user and do some cleanup.
3186     * This is called with ActivityManagerService lock held.
3187     * @param userId the user that was just foregrounded
3188     */
3189    public void onUserLoggedIn(@UserIdInt int userId) {
3190        UserData userData = getUserDataNoChecks(userId);
3191        if (userData == null || userData.info.partial) {
3192            Slog.w(LOG_TAG, "userForeground: unknown user #" + userId);
3193            return;
3194        }
3195
3196        final long now = System.currentTimeMillis();
3197        if (now > EPOCH_PLUS_30_YEARS) {
3198            userData.info.lastLoggedInTime = now;
3199        }
3200        userData.info.lastLoggedInFingerprint = Build.FINGERPRINT;
3201        scheduleWriteUser(userData);
3202    }
3203
3204    /**
3205     * Returns the next available user id, filling in any holes in the ids.
3206     */
3207    @VisibleForTesting
3208    int getNextAvailableId() {
3209        int nextId;
3210        synchronized (mUsersLock) {
3211            nextId = scanNextAvailableIdLocked();
3212            if (nextId >= 0) {
3213                return nextId;
3214            }
3215            // All ids up to MAX_USER_ID were used. Remove all mRemovingUserIds,
3216            // except most recently removed
3217            if (mRemovingUserIds.size() > 0) {
3218                Slog.i(LOG_TAG, "All available IDs are used. Recycling LRU ids.");
3219                mRemovingUserIds.clear();
3220                for (Integer recentlyRemovedId : mRecentlyRemovedIds) {
3221                    mRemovingUserIds.put(recentlyRemovedId, true);
3222                }
3223                nextId = scanNextAvailableIdLocked();
3224            }
3225        }
3226        if (nextId < 0) {
3227            throw new IllegalStateException("No user id available!");
3228        }
3229        return nextId;
3230    }
3231
3232    private int scanNextAvailableIdLocked() {
3233        for (int i = MIN_USER_ID; i < MAX_USER_ID; i++) {
3234            if (mUsers.indexOfKey(i) < 0 && !mRemovingUserIds.get(i)) {
3235                return i;
3236            }
3237        }
3238        return -1;
3239    }
3240
3241    private String packageToRestrictionsFileName(String packageName) {
3242        return RESTRICTIONS_FILE_PREFIX + packageName + XML_SUFFIX;
3243    }
3244
3245    @Override
3246    public void setSeedAccountData(int userId, String accountName, String accountType,
3247            PersistableBundle accountOptions, boolean persist) {
3248        checkManageUsersPermission("Require MANAGE_USERS permission to set user seed data");
3249        synchronized (mPackagesLock) {
3250            final UserData userData;
3251            synchronized (mUsersLock) {
3252                userData = getUserDataLU(userId);
3253                if (userData == null) {
3254                    Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId);
3255                    return;
3256                }
3257                userData.seedAccountName = accountName;
3258                userData.seedAccountType = accountType;
3259                userData.seedAccountOptions = accountOptions;
3260                userData.persistSeedData = persist;
3261            }
3262            if (persist) {
3263                writeUserLP(userData);
3264            }
3265        }
3266    }
3267
3268    @Override
3269    public String getSeedAccountName() throws RemoteException {
3270        checkManageUsersPermission("Cannot get seed account information");
3271        synchronized (mUsersLock) {
3272            UserData userData = getUserDataLU(UserHandle.getCallingUserId());
3273            return userData.seedAccountName;
3274        }
3275    }
3276
3277    @Override
3278    public String getSeedAccountType() throws RemoteException {
3279        checkManageUsersPermission("Cannot get seed account information");
3280        synchronized (mUsersLock) {
3281            UserData userData = getUserDataLU(UserHandle.getCallingUserId());
3282            return userData.seedAccountType;
3283        }
3284    }
3285
3286    @Override
3287    public PersistableBundle getSeedAccountOptions() throws RemoteException {
3288        checkManageUsersPermission("Cannot get seed account information");
3289        synchronized (mUsersLock) {
3290            UserData userData = getUserDataLU(UserHandle.getCallingUserId());
3291            return userData.seedAccountOptions;
3292        }
3293    }
3294
3295    @Override
3296    public void clearSeedAccountData() throws RemoteException {
3297        checkManageUsersPermission("Cannot clear seed account information");
3298        synchronized (mPackagesLock) {
3299            UserData userData;
3300            synchronized (mUsersLock) {
3301                userData = getUserDataLU(UserHandle.getCallingUserId());
3302                if (userData == null) return;
3303                userData.clearSeedAccountData();
3304            }
3305            writeUserLP(userData);
3306        }
3307    }
3308
3309    @Override
3310    public boolean someUserHasSeedAccount(String accountName, String accountType)
3311            throws RemoteException {
3312        checkManageUsersPermission("Cannot check seed account information");
3313        synchronized (mUsersLock) {
3314            final int userSize = mUsers.size();
3315            for (int i = 0; i < userSize; i++) {
3316                final UserData data = mUsers.valueAt(i);
3317                if (data.info.isInitialized()) continue;
3318                if (data.seedAccountName == null || !data.seedAccountName.equals(accountName)) {
3319                    continue;
3320                }
3321                if (data.seedAccountType == null || !data.seedAccountType.equals(accountType)) {
3322                    continue;
3323                }
3324                return true;
3325            }
3326        }
3327        return false;
3328    }
3329
3330    @Override
3331    public void onShellCommand(FileDescriptor in, FileDescriptor out,
3332            FileDescriptor err, String[] args, ShellCallback callback,
3333            ResultReceiver resultReceiver) {
3334        (new Shell()).exec(this, in, out, err, args, callback, resultReceiver);
3335    }
3336
3337    int onShellCommand(Shell shell, String cmd) {
3338        if (cmd == null) {
3339            return shell.handleDefaultCommands(cmd);
3340        }
3341
3342        final PrintWriter pw = shell.getOutPrintWriter();
3343        try {
3344            switch(cmd) {
3345                case "list":
3346                    return runList(pw);
3347            }
3348        } catch (RemoteException e) {
3349            pw.println("Remote exception: " + e);
3350        }
3351        return -1;
3352    }
3353
3354    private int runList(PrintWriter pw) throws RemoteException {
3355        final IActivityManager am = ActivityManager.getService();
3356        final List<UserInfo> users = getUsers(false);
3357        if (users == null) {
3358            pw.println("Error: couldn't get users");
3359            return 1;
3360        } else {
3361            pw.println("Users:");
3362            for (int i = 0; i < users.size(); i++) {
3363                String running = am.isUserRunning(users.get(i).id, 0) ? " running" : "";
3364                pw.println("\t" + users.get(i).toString() + running);
3365            }
3366            return 0;
3367        }
3368    }
3369
3370    @Override
3371    protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
3372        if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return;
3373
3374        long now = System.currentTimeMillis();
3375        StringBuilder sb = new StringBuilder();
3376        synchronized (mPackagesLock) {
3377            synchronized (mUsersLock) {
3378                pw.println("Users:");
3379                for (int i = 0; i < mUsers.size(); i++) {
3380                    UserData userData = mUsers.valueAt(i);
3381                    if (userData == null) {
3382                        continue;
3383                    }
3384                    UserInfo userInfo = userData.info;
3385                    final int userId = userInfo.id;
3386                    pw.print("  "); pw.print(userInfo);
3387                    pw.print(" serialNo="); pw.print(userInfo.serialNumber);
3388                    if (mRemovingUserIds.get(userId)) {
3389                        pw.print(" <removing> ");
3390                    }
3391                    if (userInfo.partial) {
3392                        pw.print(" <partial>");
3393                    }
3394                    pw.println();
3395                    pw.print("    State: ");
3396                    final int state;
3397                    synchronized (mUserStates) {
3398                        state = mUserStates.get(userId, -1);
3399                    }
3400                    pw.println(UserState.stateToString(state));
3401                    pw.print("    Created: ");
3402                    if (userInfo.creationTime == 0) {
3403                        pw.println("<unknown>");
3404                    } else {
3405                        sb.setLength(0);
3406                        TimeUtils.formatDuration(now - userInfo.creationTime, sb);
3407                        sb.append(" ago");
3408                        pw.println(sb);
3409                    }
3410                    pw.print("    Last logged in: ");
3411                    if (userInfo.lastLoggedInTime == 0) {
3412                        pw.println("<unknown>");
3413                    } else {
3414                        sb.setLength(0);
3415                        TimeUtils.formatDuration(now - userInfo.lastLoggedInTime, sb);
3416                        sb.append(" ago");
3417                        pw.println(sb);
3418                    }
3419                    pw.print("    Last logged in fingerprint: ");
3420                    pw.println(userInfo.lastLoggedInFingerprint);
3421                    pw.print("    Has profile owner: ");
3422                    pw.println(mIsUserManaged.get(userId));
3423                    pw.println("    Restrictions:");
3424                    synchronized (mRestrictionsLock) {
3425                        UserRestrictionsUtils.dumpRestrictions(
3426                                pw, "      ", mBaseUserRestrictions.get(userInfo.id));
3427                        pw.println("    Device policy global restrictions:");
3428                        UserRestrictionsUtils.dumpRestrictions(
3429                                pw, "      ", mDevicePolicyGlobalUserRestrictions.get(userInfo.id));
3430                        pw.println("    Device policy local restrictions:");
3431                        UserRestrictionsUtils.dumpRestrictions(
3432                                pw, "      ", mDevicePolicyLocalUserRestrictions.get(userInfo.id));
3433                        pw.println("    Effective restrictions:");
3434                        UserRestrictionsUtils.dumpRestrictions(
3435                                pw, "      ", mCachedEffectiveUserRestrictions.get(userInfo.id));
3436                    }
3437
3438                    if (userData.account != null) {
3439                        pw.print("    Account name: " + userData.account);
3440                        pw.println();
3441                    }
3442
3443                    if (userData.seedAccountName != null) {
3444                        pw.print("    Seed account name: " + userData.seedAccountName);
3445                        pw.println();
3446                        if (userData.seedAccountType != null) {
3447                            pw.print("         account type: " + userData.seedAccountType);
3448                            pw.println();
3449                        }
3450                        if (userData.seedAccountOptions != null) {
3451                            pw.print("         account options exist");
3452                            pw.println();
3453                        }
3454                    }
3455                }
3456            }
3457            pw.println();
3458            pw.println("  Device owner id:" + mDeviceOwnerUserId);
3459            pw.println();
3460            pw.println("  Guest restrictions:");
3461            synchronized (mGuestRestrictions) {
3462                UserRestrictionsUtils.dumpRestrictions(pw, "    ", mGuestRestrictions);
3463            }
3464            synchronized (mUsersLock) {
3465                pw.println();
3466                pw.println("  Device managed: " + mIsDeviceManaged);
3467                if (mRemovingUserIds.size() > 0) {
3468                    pw.println();
3469                    pw.println("  Recently removed userIds: " + mRecentlyRemovedIds);
3470                }
3471            }
3472            synchronized (mUserStates) {
3473                pw.println("  Started users state: " + mUserStates);
3474            }
3475            // Dump some capabilities
3476            pw.println();
3477            pw.println("  Max users: " + UserManager.getMaxSupportedUsers());
3478            pw.println("  Supports switchable users: " + UserManager.supportsMultipleUsers());
3479            pw.println("  All guests ephemeral: " + Resources.getSystem().getBoolean(
3480                    com.android.internal.R.bool.config_guestUserEphemeral));
3481        }
3482    }
3483
3484    final class MainHandler extends Handler {
3485
3486        @Override
3487        public void handleMessage(Message msg) {
3488            switch (msg.what) {
3489                case WRITE_USER_MSG:
3490                    removeMessages(WRITE_USER_MSG, msg.obj);
3491                    synchronized (mPackagesLock) {
3492                        int userId = ((UserData) msg.obj).info.id;
3493                        UserData userData = getUserDataNoChecks(userId);
3494                        if (userData != null) {
3495                            writeUserLP(userData);
3496                        }
3497                    }
3498            }
3499        }
3500    }
3501
3502    /**
3503     * @param userId
3504     * @return whether the user has been initialized yet
3505     */
3506    boolean isInitialized(int userId) {
3507        return (getUserInfo(userId).flags & UserInfo.FLAG_INITIALIZED) != 0;
3508    }
3509
3510    private class LocalService extends UserManagerInternal {
3511        @Override
3512        public void setDevicePolicyUserRestrictions(int userId, @Nullable Bundle restrictions,
3513                boolean isDeviceOwner, int cameraRestrictionScope) {
3514            UserManagerService.this.setDevicePolicyUserRestrictionsInner(userId, restrictions,
3515                isDeviceOwner, cameraRestrictionScope);
3516        }
3517
3518        @Override
3519        public Bundle getBaseUserRestrictions(int userId) {
3520            synchronized (mRestrictionsLock) {
3521                return mBaseUserRestrictions.get(userId);
3522            }
3523        }
3524
3525        @Override
3526        public void setBaseUserRestrictionsByDpmsForMigration(
3527                int userId, Bundle baseRestrictions) {
3528            synchronized (mRestrictionsLock) {
3529                if (updateRestrictionsIfNeededLR(
3530                        userId, new Bundle(baseRestrictions), mBaseUserRestrictions)) {
3531                    invalidateEffectiveUserRestrictionsLR(userId);
3532                }
3533            }
3534
3535            final UserData userData = getUserDataNoChecks(userId);
3536            synchronized (mPackagesLock) {
3537                if (userData != null) {
3538                    writeUserLP(userData);
3539                } else {
3540                    Slog.w(LOG_TAG, "UserInfo not found for " + userId);
3541                }
3542            }
3543        }
3544
3545        @Override
3546        public boolean getUserRestriction(int userId, String key) {
3547            return getUserRestrictions(userId).getBoolean(key);
3548        }
3549
3550        @Override
3551        public void addUserRestrictionsListener(UserRestrictionsListener listener) {
3552            synchronized (mUserRestrictionsListeners) {
3553                mUserRestrictionsListeners.add(listener);
3554            }
3555        }
3556
3557        @Override
3558        public void removeUserRestrictionsListener(UserRestrictionsListener listener) {
3559            synchronized (mUserRestrictionsListeners) {
3560                mUserRestrictionsListeners.remove(listener);
3561            }
3562        }
3563
3564        @Override
3565        public void setDeviceManaged(boolean isManaged) {
3566            synchronized (mUsersLock) {
3567                mIsDeviceManaged = isManaged;
3568            }
3569        }
3570
3571        @Override
3572        public void setUserManaged(int userId, boolean isManaged) {
3573            synchronized (mUsersLock) {
3574                mIsUserManaged.put(userId, isManaged);
3575            }
3576        }
3577
3578        @Override
3579        public void setUserIcon(int userId, Bitmap bitmap) {
3580            long ident = Binder.clearCallingIdentity();
3581            try {
3582                synchronized (mPackagesLock) {
3583                    UserData userData = getUserDataNoChecks(userId);
3584                    if (userData == null || userData.info.partial) {
3585                        Slog.w(LOG_TAG, "setUserIcon: unknown user #" + userId);
3586                        return;
3587                    }
3588                    writeBitmapLP(userData.info, bitmap);
3589                    writeUserLP(userData);
3590                }
3591                sendUserInfoChangedBroadcast(userId);
3592            } finally {
3593                Binder.restoreCallingIdentity(ident);
3594            }
3595        }
3596
3597        @Override
3598        public void setForceEphemeralUsers(boolean forceEphemeralUsers) {
3599            synchronized (mUsersLock) {
3600                mForceEphemeralUsers = forceEphemeralUsers;
3601            }
3602        }
3603
3604        @Override
3605        public void removeAllUsers() {
3606            if (UserHandle.USER_SYSTEM == ActivityManager.getCurrentUser()) {
3607                // Remove the non-system users straight away.
3608                removeNonSystemUsers();
3609            } else {
3610                // Switch to the system user first and then remove the other users.
3611                BroadcastReceiver userSwitchedReceiver = new BroadcastReceiver() {
3612                    @Override
3613                    public void onReceive(Context context, Intent intent) {
3614                        int userId =
3615                                intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);
3616                        if (userId != UserHandle.USER_SYSTEM) {
3617                            return;
3618                        }
3619                        mContext.unregisterReceiver(this);
3620                        removeNonSystemUsers();
3621                    }
3622                };
3623                IntentFilter userSwitchedFilter = new IntentFilter();
3624                userSwitchedFilter.addAction(Intent.ACTION_USER_SWITCHED);
3625                mContext.registerReceiver(
3626                        userSwitchedReceiver, userSwitchedFilter, null, mHandler);
3627
3628                // Switch to the system user.
3629                ActivityManager am =
3630                        (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
3631                am.switchUser(UserHandle.USER_SYSTEM);
3632            }
3633        }
3634
3635        @Override
3636        public void onEphemeralUserStop(int userId) {
3637            synchronized (mUsersLock) {
3638               UserInfo userInfo = getUserInfoLU(userId);
3639               if (userInfo != null && userInfo.isEphemeral()) {
3640                    // Do not allow switching back to the ephemeral user again as the user is going
3641                    // to be deleted.
3642                    userInfo.flags |= UserInfo.FLAG_DISABLED;
3643                    if (userInfo.isGuest()) {
3644                        // Indicate that the guest will be deleted after it stops.
3645                        userInfo.guestToRemove = true;
3646                    }
3647               }
3648            }
3649        }
3650
3651        @Override
3652        public UserInfo createUserEvenWhenDisallowed(String name, int flags) {
3653            UserInfo user = createUserInternalUnchecked(name, flags, UserHandle.USER_NULL, null);
3654            // Keep this in sync with UserManager.createUser
3655            if (user != null && !user.isAdmin()) {
3656                setUserRestriction(UserManager.DISALLOW_SMS, true, user.id);
3657                setUserRestriction(UserManager.DISALLOW_OUTGOING_CALLS, true, user.id);
3658            }
3659            return user;
3660        }
3661
3662        @Override
3663        public boolean removeUserEvenWhenDisallowed(int userId) {
3664            return removeUserUnchecked(userId);
3665        }
3666
3667        @Override
3668        public boolean isUserRunning(int userId) {
3669            synchronized (mUserStates) {
3670                return mUserStates.get(userId, -1) >= 0;
3671            }
3672        }
3673
3674        @Override
3675        public void setUserState(int userId, int userState) {
3676            synchronized (mUserStates) {
3677                mUserStates.put(userId, userState);
3678            }
3679        }
3680
3681        @Override
3682        public void removeUserState(int userId) {
3683            synchronized (mUserStates) {
3684                mUserStates.delete(userId);
3685            }
3686        }
3687
3688        @Override
3689        public int[] getUserIds() {
3690            return UserManagerService.this.getUserIds();
3691        }
3692
3693        @Override
3694        public boolean isUserUnlockingOrUnlocked(int userId) {
3695            synchronized (mUserStates) {
3696                int state = mUserStates.get(userId, -1);
3697                return (state == UserState.STATE_RUNNING_UNLOCKING)
3698                        || (state == UserState.STATE_RUNNING_UNLOCKED);
3699            }
3700        }
3701
3702        @Override
3703        public boolean isUserUnlocked(int userId) {
3704            synchronized (mUserStates) {
3705                int state = mUserStates.get(userId, -1);
3706                return state == UserState.STATE_RUNNING_UNLOCKED;
3707            }
3708        }
3709    }
3710
3711    /* Remove all the users except of the system one. */
3712    private void removeNonSystemUsers() {
3713        ArrayList<UserInfo> usersToRemove = new ArrayList<>();
3714        synchronized (mUsersLock) {
3715            final int userSize = mUsers.size();
3716            for (int i = 0; i < userSize; i++) {
3717                UserInfo ui = mUsers.valueAt(i).info;
3718                if (ui.id != UserHandle.USER_SYSTEM) {
3719                    usersToRemove.add(ui);
3720                }
3721            }
3722        }
3723        for (UserInfo ui: usersToRemove) {
3724            removeUser(ui.id);
3725        }
3726    }
3727
3728    private class Shell extends ShellCommand {
3729        @Override
3730        public int onCommand(String cmd) {
3731            return onShellCommand(this, cmd);
3732        }
3733
3734        @Override
3735        public void onHelp() {
3736            final PrintWriter pw = getOutPrintWriter();
3737            pw.println("User manager (user) commands:");
3738            pw.println("  help");
3739            pw.println("    Print this help text.");
3740            pw.println("");
3741            pw.println("  list");
3742            pw.println("    Prints all users on the system.");
3743        }
3744    }
3745
3746    private static void debug(String message) {
3747        Log.d(LOG_TAG, message +
3748                (DBG_WITH_STACKTRACE ? " called at\n" + Debug.getCallers(10, "  ") : ""));
3749    }
3750
3751    @VisibleForTesting
3752    static int getMaxManagedProfiles() {
3753        // Allow overriding max managed profiles on debuggable builds for testing
3754        // of multiple profiles.
3755        if (!Build.IS_DEBUGGABLE) {
3756            return MAX_MANAGED_PROFILES;
3757        } else {
3758            return SystemProperties.getInt("persist.sys.max_profiles",
3759                    MAX_MANAGED_PROFILES);
3760        }
3761    }
3762
3763    @VisibleForTesting
3764    int getFreeProfileBadgeLU(int parentUserId) {
3765        int maxManagedProfiles = getMaxManagedProfiles();
3766        boolean[] usedBadges = new boolean[maxManagedProfiles];
3767        final int userSize = mUsers.size();
3768        for (int i = 0; i < userSize; i++) {
3769            UserInfo ui = mUsers.valueAt(i).info;
3770            // Check which badge indexes are already used by this profile group.
3771            if (ui.isManagedProfile()
3772                    && ui.profileGroupId == parentUserId
3773                    && !mRemovingUserIds.get(ui.id)
3774                    && ui.profileBadge < maxManagedProfiles) {
3775                usedBadges[ui.profileBadge] = true;
3776            }
3777        }
3778        for (int i = 0; i < maxManagedProfiles; i++) {
3779            if (!usedBadges[i]) {
3780                return i;
3781            }
3782        }
3783        return 0;
3784    }
3785
3786    /**
3787     * Checks if the given user has a managed profile associated with it.
3788     * @param userId The parent user
3789     * @return
3790     */
3791    boolean hasManagedProfile(int userId) {
3792        synchronized (mUsersLock) {
3793            UserInfo userInfo = getUserInfoLU(userId);
3794            final int userSize = mUsers.size();
3795            for (int i = 0; i < userSize; i++) {
3796                UserInfo profile = mUsers.valueAt(i).info;
3797                if (userId != profile.id && isProfileOf(userInfo, profile)) {
3798                    return true;
3799                }
3800            }
3801            return false;
3802        }
3803    }
3804}
3805