UserRestrictionsUtils.java revision 28da2e3490cff619157578c85d32a73ff979d554
1a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki/* 2a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Copyright (C) 2015 The Android Open Source Project 3a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 4a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Licensed under the Apache License, Version 2.0 (the "License"); 5a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * you may not use this file except in compliance with the License. 6a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * You may obtain a copy of the License at 7a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 8a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * http://www.apache.org/licenses/LICENSE-2.0 9a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 10a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Unless required by applicable law or agreed to in writing, software 11a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * distributed under the License is distributed on an "AS IS" BASIS, 12a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * See the License for the specific language governing permissions and 14a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * limitations under the License. 15a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki */ 16a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 17a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukipackage com.android.server.pm; 18a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 19a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport com.google.android.collect.Sets; 20a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport com.android.internal.util.Preconditions; 221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 231a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.annotation.NonNull; 241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.annotation.Nullable; 254f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.content.ContentResolver; 264f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.content.Context; 274f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.net.Uri; 284f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.os.Binder; 29a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport android.os.Bundle; 304f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.os.SystemProperties; 314f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.os.UserHandle; 32a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport android.os.UserManager; 331a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.util.Log; 34a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 35a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport org.xmlpull.v1.XmlPullParser; 36a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport org.xmlpull.v1.XmlSerializer; 37a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 38a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.io.IOException; 39a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.io.PrintWriter; 40a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.util.Set; 41a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 42d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki/** 43d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * Utility methods for uesr restrictions. 44d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 45d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * <p>See {@link UserManagerService} for the method suffixes. 46d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki */ 47a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukipublic class UserRestrictionsUtils { 484f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki private static final String TAG = "UserRestrictionsUtils"; 494f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 50a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki private UserRestrictionsUtils() { 51a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 52a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 53ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki public static final Set<String> USER_RESTRICTIONS = Sets.newArraySet( 54a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_WIFI, 55a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_MODIFY_ACCOUNTS, 56a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_INSTALL_APPS, 57a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_UNINSTALL_APPS, 58a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SHARE_LOCATION, 59a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, 60a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_BLUETOOTH, 61a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_USB_FILE_TRANSFER, 62a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_CREDENTIALS, 63a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_REMOVE_USER, 64a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_DEBUGGING_FEATURES, 65a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_VPN, 66a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_TETHERING, 67a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_NETWORK_RESET, 68a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_FACTORY_RESET, 69a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_ADD_USER, 70a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.ENSURE_VERIFY_APPS, 71a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 72a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 73a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_APPS_CONTROL, 74a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 75a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_UNMUTE_MICROPHONE, 76a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_ADJUST_VOLUME, 77a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_OUTGOING_CALLS, 78a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SMS, 79a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_FUN, 80a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CREATE_WINDOWS, 81a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CROSS_PROFILE_COPY_PASTE, 82a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_OUTGOING_BEAM, 83a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_WALLPAPER, 84a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SAFE_BOOT, 85a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.ALLOW_PARENT_PROFILE_APP_LINKING, 86a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_RECORD_AUDIO, 87ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki UserManager.DISALLOW_CAMERA 881a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 89a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 90a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki /** 91a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Set of user restriction which we don't want to persist. 92a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki */ 931a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> NON_PERSIST_USER_RESTRICTIONS = Sets.newArraySet( 941a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_RECORD_AUDIO 951a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 961a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 971a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 981a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * User restrictions that can not be set by profile owners. 991a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1001a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> DEVICE_OWNER_ONLY_RESTRICTIONS = Sets.newArraySet( 1011a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_USB_FILE_TRANSFER, 1021a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_TETHERING, 1031a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_NETWORK_RESET, 1041a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_FACTORY_RESET, 1051a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_ADD_USER, 1061a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 1071a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 1081a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 1091a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_SMS, 1101a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_FUN, 1111a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_SAFE_BOOT, 1121a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CREATE_WINDOWS 1131a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1141a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1151a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1161a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * User restrictions that can't be changed by device owner or profile owner. 1171a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1181a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> IMMUTABLE_BY_OWNERS = Sets.newArraySet( 1191a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_RECORD_AUDIO, 1201a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_WALLPAPER 1211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1231a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Special user restrictions that can be applied to a user as well as to all users globally, 1251a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * depending on callers. When device owner sets them, they'll be applied to all users. 1261a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1271a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> GLOBAL_RESTRICTIONS = Sets.newArraySet( 1281a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_ADJUST_VOLUME, 1291a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_UNMUTE_MICROPHONE 1301a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1311a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1321a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void writeRestrictions(@NonNull XmlSerializer serializer, 1331a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki @Nullable Bundle restrictions, @NonNull String tag) throws IOException { 1341a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (restrictions == null) { 1351a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return; 1361a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 137a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 138a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki serializer.startTag(null, tag); 139ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki for (String key : restrictions.keySet()) { 140ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (NON_PERSIST_USER_RESTRICTIONS.contains(key)) { 141ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki continue; // Don't persist. 142a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 143ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (USER_RESTRICTIONS.contains(key)) { 144ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (restrictions.getBoolean(key)) { 145ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki serializer.attribute(null, key, "true"); 146ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki } 147ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki continue; 148ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki } 149ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki Log.w(TAG, "Unknown user restriction detected: " + key); 150a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 151a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki serializer.endTag(null, tag); 152a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 153a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 154a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki public static void readRestrictions(XmlPullParser parser, Bundle restrictions) 155a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki throws IOException { 156a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki for (String key : USER_RESTRICTIONS) { 157a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki final String value = parser.getAttributeValue(null, key); 158a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (value != null) { 159a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki restrictions.putBoolean(key, Boolean.parseBoolean(value)); 160a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 161a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 162a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 163a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 1641a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1651a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return {@code in} itself when it's not null, or an empty bundle (which can writable). 1661a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1671a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static Bundle nonNull(@Nullable Bundle in) { 1681a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return in != null ? in : new Bundle(); 1691a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 1701a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1711a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean isEmpty(@Nullable Bundle in) { 1721a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return (in == null) || (in.size() == 0); 1731a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 1741a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1751a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1761a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Creates a copy of the {@code in} Bundle. If {@code in} is null, it'll return an empty 1771a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * bundle. 1781a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * 1791a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * <p>The resulting {@link Bundle} is always writable. (i.e. it won't return 1801a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * {@link Bundle#EMPTY}) 1811a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1821a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static @NonNull Bundle clone(@Nullable Bundle in) { 1831a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return (in != null) ? new Bundle(in) : new Bundle(); 1841a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 1851a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1861a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void merge(@NonNull Bundle dest, @Nullable Bundle in) { 1871a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Preconditions.checkNotNull(dest); 1881a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Preconditions.checkArgument(dest != in); 189068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (in == null) { 190068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki return; 191068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 192068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki for (String key : in.keySet()) { 193068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (in.getBoolean(key, false)) { 194068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki dest.putBoolean(key, true); 195068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 196068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 197068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 198068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki 1994f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki /** 2001a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return true if a restriction is settable by device owner. 2011a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2021a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean canDeviceOwnerChange(String restriction) { 2031a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return !IMMUTABLE_BY_OWNERS.contains(restriction); 2041a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2051a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2061a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2071a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return true if a restriction is settable by profile owner. 2081a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2091a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean canProfileOwnerChange(String restriction) { 2101a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return !(IMMUTABLE_BY_OWNERS.contains(restriction) 2111a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki || DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction)); 2121a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2131a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2141a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2151a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Takes restrictions that can be set by device owner, and sort them into what should be applied 2161a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * globally and what should be applied only on the current user. 2171a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2181a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void sortToGlobalAndLocal(@Nullable Bundle in, @NonNull Bundle global, 2191a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki @NonNull Bundle local) { 2201a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (in == null || in.size() == 0) { 2211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return; 2221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2231a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : in.keySet()) { 2241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (!in.getBoolean(key)) { 2251a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki continue; 2261a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2271a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (DEVICE_OWNER_ONLY_RESTRICTIONS.contains(key) || GLOBAL_RESTRICTIONS.contains(key)) { 2281a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki global.putBoolean(key, true); 2291a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } else { 2301a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki local.putBoolean(key, true); 2311a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2321a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2331a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2341a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2351a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2361a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return true if two Bundles contain the same user restriction. 2371a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * A null bundle and an empty bundle are considered to be equal. 2381a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2391a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean areEqual(@Nullable Bundle a, @Nullable Bundle b) { 2401a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a == b) { 2411a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return true; 2421a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2431a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (isEmpty(a)) { 2441a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return isEmpty(b); 2451a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2461a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (isEmpty(b)) { 2471a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 2481a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2491a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : a.keySet()) { 2501a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a.getBoolean(key) != b.getBoolean(key)) { 2511a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 2521a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2531a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2541a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : b.keySet()) { 2551a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a.getBoolean(key) != b.getBoolean(key)) { 2561a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 2571a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2581a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2591a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return true; 2601a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2611a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2621a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2634f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki * Takes a new use restriction set and the previous set, and apply the restrictions that have 2644f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki * changed. 265d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 266d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * <p>Note this method is called by {@link UserManagerService} while holding 267d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * {@code mRestrictionLock}. Be aware when calling into other services, which could cause 268d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * a deadlock. 2694f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki */ 270d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki public static void applyUserRestrictionsLR(Context context, int userId, 271d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki Bundle newRestrictions, Bundle prevRestrictions) { 2724f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki for (String key : USER_RESTRICTIONS) { 2734f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final boolean newValue = newRestrictions.getBoolean(key); 2744f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final boolean prevValue = prevRestrictions.getBoolean(key); 2754f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 2764f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue != prevValue) { 277d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki applyUserRestrictionLR(context, userId, key, newValue); 2784f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 2794f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 2804f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 2811a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 282d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki /** 283d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * Apply each user restriction. 284d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 285d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * <p>Note this method is called by {@link UserManagerService} while holding 286d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * {@code mRestrictionLock}. Be aware when calling into other services, which could cause 287d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * a deadlock. 28828da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * 28928da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * <p>See also {@link 29028da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * com.android.providers.settings.SettingsProvider#isGlobalOrSecureSettingRestrictedForUser}, 29128da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * which should be in sync with this method. 292d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki */ 293d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki private static void applyUserRestrictionLR(Context context, int userId, String key, 2944f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki boolean newValue) { 2951a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (UserManagerService.DBG) { 2961a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Log.d(TAG, "Applying user restriction: userId=" + userId 2971a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki + " key=" + key + " value=" + newValue); 2981a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2994f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // When certain restrictions are cleared, we don't update the system settings, 3004f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // because these settings are changeable on the Settings UI and we don't know the original 3014f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // value -- for example LOCATION_MODE might have been off already when the restriction was 3024f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // set, and in that case even if the restriction is lifted, changing it to ON would be 3034f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // wrong. So just don't do anything in such a case. If the user hopes to enable location 3044f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // later, they can do it on the Settings UI. 3054f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 3064f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final ContentResolver cr = context.getContentResolver(); 3074f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final long id = Binder.clearCallingIdentity(); 3084f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki try { 3094f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki switch (key) { 3104f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_CONFIG_WIFI: 3114f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3124f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 31328da2e3490cff619157578c85d32a73ff979d554Makoto Onuki android.provider.Settings.Global 3144f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki .WIFI_NETWORKS_AVAILABLE_NOTIFICATION_ON, 0, userId); 3154f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3164f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3174f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_SHARE_LOCATION: 3184f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3194f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 3204f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.LOCATION_MODE, 3214f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.LOCATION_MODE_OFF, 3224f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3234f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3244f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // Send out notifications as some clients may want to reread the 3254f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // value which actually changed due to a restriction having been 3264f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // applied. 3274f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final String property = 3284f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.SYS_PROP_SETTING_VERSION; 3294f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki long version = SystemProperties.getLong(property, 0) + 1; 3304f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki SystemProperties.set(property, Long.toString(version)); 3314f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 3324f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final String name = android.provider.Settings.Secure.LOCATION_PROVIDERS_ALLOWED; 3334f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final Uri url = Uri.withAppendedPath( 3344f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.CONTENT_URI, name); 3354f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki context.getContentResolver().notifyChange(url, null, true, userId); 3364f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 3374f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3384f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_DEBUGGING_FEATURES: 3394f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3404f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // Only disable adb if changing for system user, since it is global 3414f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // TODO: should this be admin user? 3424f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (userId == UserHandle.USER_SYSTEM) { 3434f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser(cr, 3444f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.ADB_ENABLED, "0", 3454f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3464f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3474f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3484f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3494f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.ENSURE_VERIFY_APPS: 3504f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3514f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser( 3524f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki context.getContentResolver(), 3534f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.PACKAGE_VERIFIER_ENABLE, "1", 3544f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3554f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser( 3564f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki context.getContentResolver(), 3574f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, "1", 3584f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3594f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3604f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3614f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES: 3624f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3634f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 3644f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.INSTALL_NON_MARKET_APPS, 0, 3654f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3664f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3674f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3684f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3694f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } finally { 3704f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki Binder.restoreCallingIdentity(id); 3714f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3724f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3734f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 374a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki public static void dumpRestrictions(PrintWriter pw, String prefix, Bundle restrictions) { 375a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki boolean noneSet = true; 376a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (restrictions != null) { 377a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki for (String key : restrictions.keySet()) { 378a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (restrictions.getBoolean(key, false)) { 379a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki pw.println(prefix + key); 380a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki noneSet = false; 381a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 382a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 383068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (noneSet) { 384068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki pw.println(prefix + "none"); 385068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 386068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } else { 387068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki pw.println(prefix + "null"); 388a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 389a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 390a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki} 391