UserRestrictionsUtils.java revision 2ea46fe658c5a977a11372d7180e8ed9abf261e8
1a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki/* 2a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Copyright (C) 2015 The Android Open Source Project 3a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 4a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Licensed under the Apache License, Version 2.0 (the "License"); 5a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * you may not use this file except in compliance with the License. 6a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * You may obtain a copy of the License at 7a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 8a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * http://www.apache.org/licenses/LICENSE-2.0 9a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 10a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Unless required by applicable law or agreed to in writing, software 11a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * distributed under the License is distributed on an "AS IS" BASIS, 12a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * See the License for the specific language governing permissions and 14a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * limitations under the License. 15a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki */ 16a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 17a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukipackage com.android.server.pm; 18a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 19a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport com.google.android.collect.Sets; 20a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport com.android.internal.util.Preconditions; 221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 231a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.annotation.NonNull; 241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.annotation.Nullable; 259cbfc9e212151e84910a22387365644916dde446Fyodor Kupolovimport android.app.ActivityManager; 264f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.content.ContentResolver; 274f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.content.Context; 284f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.os.Binder; 29a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport android.os.Bundle; 309cbfc9e212151e84910a22387365644916dde446Fyodor Kupolovimport android.os.RemoteException; 314f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.os.UserHandle; 32a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport android.os.UserManager; 33830e32cdccdeeeadc5f07ba006b2b5779f8be65dMahaver Chopraimport android.service.persistentdata.PersistentDataBlockManager; 34dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopraimport android.telephony.SubscriptionInfo; 35dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopraimport android.telephony.SubscriptionManager; 361a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.util.Log; 371f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onukiimport android.util.Slog; 38a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 39a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport org.xmlpull.v1.XmlPullParser; 40a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport org.xmlpull.v1.XmlSerializer; 41a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 42a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.io.IOException; 43a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.io.PrintWriter; 44dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopraimport java.util.List; 45a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.util.Set; 46a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 47d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki/** 48dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra * Utility methods for user restrictions. 49d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 50d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * <p>See {@link UserManagerService} for the method suffixes. 51d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki */ 52a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukipublic class UserRestrictionsUtils { 534f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki private static final String TAG = "UserRestrictionsUtils"; 544f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 55a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki private UserRestrictionsUtils() { 56a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 57a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 581f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki private static Set<String> newSetWithUniqueCheck(String[] strings) { 591f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki final Set<String> ret = Sets.newArraySet(strings); 601f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki 611f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki // Make sure there's no overlap. 621f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki Preconditions.checkState(ret.size() == strings.length); 631f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki return ret; 641f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki } 651f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki 661f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki public static final Set<String> USER_RESTRICTIONS = newSetWithUniqueCheck(new String[] { 67a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_WIFI, 68a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_MODIFY_ACCOUNTS, 69a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_INSTALL_APPS, 70a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_UNINSTALL_APPS, 71a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SHARE_LOCATION, 72a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, 73a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_BLUETOOTH, 7463d5e4a7491b707235654cb081d2fc9074a5a65aLenka Trochtova UserManager.DISALLOW_BLUETOOTH, 75a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_USB_FILE_TRANSFER, 76a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_CREDENTIALS, 77a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_REMOVE_USER, 786c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 79a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_DEBUGGING_FEATURES, 80a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_VPN, 81a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_TETHERING, 82a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_NETWORK_RESET, 83a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_FACTORY_RESET, 84a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_ADD_USER, 856c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera UserManager.DISALLOW_ADD_MANAGED_PROFILE, 86a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.ENSURE_VERIFY_APPS, 87a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 88a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 89a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_APPS_CONTROL, 90a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 91a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_UNMUTE_MICROPHONE, 92a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_ADJUST_VOLUME, 93a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_OUTGOING_CALLS, 94a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SMS, 95a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_FUN, 96a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CREATE_WINDOWS, 97a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CROSS_PROFILE_COPY_PASTE, 98a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_OUTGOING_BEAM, 99a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_WALLPAPER, 100a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SAFE_BOOT, 101a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.ALLOW_PARENT_PROFILE_APP_LINKING, 102a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_RECORD_AUDIO, 1039cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov UserManager.DISALLOW_CAMERA, 104dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra UserManager.DISALLOW_RUN_IN_BACKGROUND, 1057f1f1dfc8713fbecbab60cfbe14ab4d97d27deeeOleksandr Peletskyi UserManager.DISALLOW_DATA_ROAMING, 106f2519814cc7136773a115b770d20cf4c92945952Oleksandr Peletskyi UserManager.DISALLOW_SET_USER_ICON, 1073d9805d50281882b4420ee2d4ede8a8bdd94d455Mahaver Chopra UserManager.DISALLOW_SET_WALLPAPER, 108c1205111a92b52283078f1a2e86c8d32c5928b92Tony Mak UserManager.DISALLOW_OEM_UNLOCK, 109c1205111a92b52283078f1a2e86c8d32c5928b92Tony Mak UserManager.DISALLLOW_UNMUTE_DEVICE, 1101f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki }); 111a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 112a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki /** 113a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Set of user restriction which we don't want to persist. 114a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki */ 1151a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> NON_PERSIST_USER_RESTRICTIONS = Sets.newArraySet( 1161a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_RECORD_AUDIO 1171a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1181a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1191a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1201a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * User restrictions that can not be set by profile owners. 1211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> DEVICE_OWNER_ONLY_RESTRICTIONS = Sets.newArraySet( 12363d5e4a7491b707235654cb081d2fc9074a5a65aLenka Trochtova UserManager.DISALLOW_BLUETOOTH, 1241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_USB_FILE_TRANSFER, 1251a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_TETHERING, 1261a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_NETWORK_RESET, 1271a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_FACTORY_RESET, 1281a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_ADD_USER, 1291a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 1301a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 1311a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 1321a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_SMS, 1331a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_FUN, 1341a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_SAFE_BOOT, 135dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra UserManager.DISALLOW_CREATE_WINDOWS, 136dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra UserManager.DISALLOW_DATA_ROAMING 1371a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1381a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1391a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1401a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * User restrictions that can't be changed by device owner or profile owner. 1411a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1421a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> IMMUTABLE_BY_OWNERS = Sets.newArraySet( 1431a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_RECORD_AUDIO, 1443d9805d50281882b4420ee2d4ede8a8bdd94d455Mahaver Chopra UserManager.DISALLOW_WALLPAPER, 1453d9805d50281882b4420ee2d4ede8a8bdd94d455Mahaver Chopra UserManager.DISALLOW_OEM_UNLOCK 1461a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1471a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1481a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1491a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Special user restrictions that can be applied to a user as well as to all users globally, 1501a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * depending on callers. When device owner sets them, they'll be applied to all users. 1511a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1521a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> GLOBAL_RESTRICTIONS = Sets.newArraySet( 1531a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_ADJUST_VOLUME, 1549cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov UserManager.DISALLOW_RUN_IN_BACKGROUND, 155c1205111a92b52283078f1a2e86c8d32c5928b92Tony Mak UserManager.DISALLOW_UNMUTE_MICROPHONE, 156c1205111a92b52283078f1a2e86c8d32c5928b92Tony Mak UserManager.DISALLLOW_UNMUTE_DEVICE 1571a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1581a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1591f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki /** 1606c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera * User restrictions that default to {@code true} for device owners. 1616c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera */ 1626c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera private static final Set<String> DEFAULT_ENABLED_FOR_DEVICE_OWNERS = Sets.newArraySet( 1636c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera UserManager.DISALLOW_ADD_MANAGED_PROFILE 1646c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera ); 1656c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera 1666c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera /** 1671f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki * Throws {@link IllegalArgumentException} if the given restriction name is invalid. 1681f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki */ 1691f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki public static boolean isValidRestriction(@NonNull String restriction) { 1701f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki if (!USER_RESTRICTIONS.contains(restriction)) { 171ad5619d44701ef488e8d4bd41cb7a98f362097c7Makoto Onuki Slog.e(TAG, "Unknown restriction: " + restriction); 1721f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki return false; 1731f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki } 1741f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki return true; 1751f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki } 1761f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4Makoto Onuki 1771a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void writeRestrictions(@NonNull XmlSerializer serializer, 1781a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki @Nullable Bundle restrictions, @NonNull String tag) throws IOException { 1791a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (restrictions == null) { 1801a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return; 1811a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 182a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 183a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki serializer.startTag(null, tag); 184ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki for (String key : restrictions.keySet()) { 185ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (NON_PERSIST_USER_RESTRICTIONS.contains(key)) { 186ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki continue; // Don't persist. 187a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 188ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (USER_RESTRICTIONS.contains(key)) { 189ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (restrictions.getBoolean(key)) { 190ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki serializer.attribute(null, key, "true"); 191ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki } 192ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki continue; 193ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki } 194ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki Log.w(TAG, "Unknown user restriction detected: " + key); 195a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 196a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki serializer.endTag(null, tag); 197a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 198a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 199c48b20f8f1d3e07e8a931b195669b0ab8895006cEsteban Talavera public static void readRestrictions(XmlPullParser parser, Bundle restrictions) { 200a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki for (String key : USER_RESTRICTIONS) { 201a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki final String value = parser.getAttributeValue(null, key); 202a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (value != null) { 203a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki restrictions.putBoolean(key, Boolean.parseBoolean(value)); 204a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 205a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 206a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 207a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 2081a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2091a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return {@code in} itself when it's not null, or an empty bundle (which can writable). 2101a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2111a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static Bundle nonNull(@Nullable Bundle in) { 2121a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return in != null ? in : new Bundle(); 2131a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2141a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2151a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean isEmpty(@Nullable Bundle in) { 2161a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return (in == null) || (in.size() == 0); 2171a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2181a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2191a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2201a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Creates a copy of the {@code in} Bundle. If {@code in} is null, it'll return an empty 2211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * bundle. 2221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * 2231a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * <p>The resulting {@link Bundle} is always writable. (i.e. it won't return 2241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * {@link Bundle#EMPTY}) 2251a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2261a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static @NonNull Bundle clone(@Nullable Bundle in) { 2271a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return (in != null) ? new Bundle(in) : new Bundle(); 2281a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2291a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2301a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void merge(@NonNull Bundle dest, @Nullable Bundle in) { 2311a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Preconditions.checkNotNull(dest); 2321a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Preconditions.checkArgument(dest != in); 233068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (in == null) { 234068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki return; 235068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 236068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki for (String key : in.keySet()) { 237068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (in.getBoolean(key, false)) { 238068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki dest.putBoolean(key, true); 239068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 240068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 241068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 242068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki 2434f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki /** 2441a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return true if a restriction is settable by device owner. 2451a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2461a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean canDeviceOwnerChange(String restriction) { 2471a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return !IMMUTABLE_BY_OWNERS.contains(restriction); 2481a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2491a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2501a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2515485ed46ff337769589c6e06b3469246e60b9e3bMakoto Onuki * @return true if a restriction is settable by profile owner. Note it takes a user ID because 2525485ed46ff337769589c6e06b3469246e60b9e3bMakoto Onuki * some restrictions can be changed by PO only when it's running on the system user. 2531a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2545485ed46ff337769589c6e06b3469246e60b9e3bMakoto Onuki public static boolean canProfileOwnerChange(String restriction, int userId) { 2555485ed46ff337769589c6e06b3469246e60b9e3bMakoto Onuki return !IMMUTABLE_BY_OWNERS.contains(restriction) 2565485ed46ff337769589c6e06b3469246e60b9e3bMakoto Onuki && !(userId != UserHandle.USER_SYSTEM 2575485ed46ff337769589c6e06b3469246e60b9e3bMakoto Onuki && DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction)); 2581a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2591a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2601a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2616c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera * Returns the user restrictions that default to {@code true} for device owners. 2622ea46fe658c5a977a11372d7180e8ed9abf261e8Nicolas Prevot * These user restrictions are local, though. ie only for the device owner's user id. 2636c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera */ 2646c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera public static @NonNull Set<String> getDefaultEnabledForDeviceOwner() { 2656c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera return DEFAULT_ENABLED_FOR_DEVICE_OWNERS; 2666c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera } 2676c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera 2686c9116a6430ca5cd55b1b926213a5e8de77e4fc6Esteban Talavera /** 2691a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Takes restrictions that can be set by device owner, and sort them into what should be applied 2701a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * globally and what should be applied only on the current user. 2711a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2721a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void sortToGlobalAndLocal(@Nullable Bundle in, @NonNull Bundle global, 2731a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki @NonNull Bundle local) { 2741a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (in == null || in.size() == 0) { 2751a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return; 2761a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2771a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : in.keySet()) { 2781a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (!in.getBoolean(key)) { 2791a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki continue; 2801a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2811a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (DEVICE_OWNER_ONLY_RESTRICTIONS.contains(key) || GLOBAL_RESTRICTIONS.contains(key)) { 2821a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki global.putBoolean(key, true); 2831a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } else { 2841a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki local.putBoolean(key, true); 2851a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2861a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2871a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2881a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2891a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2901a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return true if two Bundles contain the same user restriction. 2911a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * A null bundle and an empty bundle are considered to be equal. 2921a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2931a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean areEqual(@Nullable Bundle a, @Nullable Bundle b) { 2941a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a == b) { 2951a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return true; 2961a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2971a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (isEmpty(a)) { 2981a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return isEmpty(b); 2991a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 3001a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (isEmpty(b)) { 3011a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 3021a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 3031a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : a.keySet()) { 3041a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a.getBoolean(key) != b.getBoolean(key)) { 3051a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 3061a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 3071a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 3081a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : b.keySet()) { 3091a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a.getBoolean(key) != b.getBoolean(key)) { 3101a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 3111a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 3121a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 3131a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return true; 3141a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 3151a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 3161a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 3174f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki * Takes a new use restriction set and the previous set, and apply the restrictions that have 3184f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki * changed. 319d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 3209cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov * <p>Note this method is called by {@link UserManagerService} without holding any locks. 3214f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki */ 3229cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov public static void applyUserRestrictions(Context context, int userId, 323d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki Bundle newRestrictions, Bundle prevRestrictions) { 3244f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki for (String key : USER_RESTRICTIONS) { 3254f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final boolean newValue = newRestrictions.getBoolean(key); 3264f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final boolean prevValue = prevRestrictions.getBoolean(key); 3274f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 3284f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue != prevValue) { 3299cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov applyUserRestriction(context, userId, key, newValue); 3304f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3314f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3324f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3339cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov 334d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki /** 335d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * Apply each user restriction. 336d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 33728da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * <p>See also {@link 33828da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * com.android.providers.settings.SettingsProvider#isGlobalOrSecureSettingRestrictedForUser}, 33928da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * which should be in sync with this method. 340d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki */ 3419cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov private static void applyUserRestriction(Context context, int userId, String key, 3424f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki boolean newValue) { 3431a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (UserManagerService.DBG) { 3441a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Log.d(TAG, "Applying user restriction: userId=" + userId 3451a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki + " key=" + key + " value=" + newValue); 3461a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 3474f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // When certain restrictions are cleared, we don't update the system settings, 3484f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // because these settings are changeable on the Settings UI and we don't know the original 3494f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // value -- for example LOCATION_MODE might have been off already when the restriction was 3504f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // set, and in that case even if the restriction is lifted, changing it to ON would be 3514f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // wrong. So just don't do anything in such a case. If the user hopes to enable location 3524f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // later, they can do it on the Settings UI. 3530ff13fce6fa4caa0cc61dae555881c4568020327Benjamin Franz // WARNING: Remember that Settings.Global and Settings.Secure are changeable via adb. 3540ff13fce6fa4caa0cc61dae555881c4568020327Benjamin Franz // To prevent this from happening for a given user restriction, you have to add a check to 3550ff13fce6fa4caa0cc61dae555881c4568020327Benjamin Franz // SettingsProvider.isGlobalOrSecureSettingRestrictedForUser. 3564f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 3574f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final ContentResolver cr = context.getContentResolver(); 3584f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final long id = Binder.clearCallingIdentity(); 3594f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki try { 3604f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki switch (key) { 3614f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_CONFIG_WIFI: 3624f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3634f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 36428da2e3490cff619157578c85d32a73ff979d554Makoto Onuki android.provider.Settings.Global 3654f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki .WIFI_NETWORKS_AVAILABLE_NOTIFICATION_ON, 0, userId); 3664f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3674f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 368dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra case UserManager.DISALLOW_DATA_ROAMING: 369dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra if (newValue) { 370dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra // DISALLOW_DATA_ROAMING user restriction is set. 371dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra 372dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra // Multi sim device. 373dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra SubscriptionManager subscriptionManager = new SubscriptionManager(context); 374dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra final List<SubscriptionInfo> subscriptionInfoList = 375dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra subscriptionManager.getActiveSubscriptionInfoList(); 376dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra if (subscriptionInfoList != null) { 377dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra for (SubscriptionInfo subInfo : subscriptionInfoList) { 378dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra android.provider.Settings.Global.putStringForUser(cr, 379dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra android.provider.Settings.Global.DATA_ROAMING 380dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra + subInfo.getSubscriptionId(), "0", userId); 381dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra } 382dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra } 383dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra 384dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra // Single sim device. 385dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra android.provider.Settings.Global.putStringForUser(cr, 386dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra android.provider.Settings.Global.DATA_ROAMING, "0", userId); 387dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra } 388dea471ef548f09e04e178c5ec2d71a4b79bdb8f8Mahaver Chopra break; 3894f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_SHARE_LOCATION: 3904f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3914f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 3924f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.LOCATION_MODE, 3934f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.LOCATION_MODE_OFF, 3944f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3954f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3964f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3974f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_DEBUGGING_FEATURES: 3984f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3994f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // Only disable adb if changing for system user, since it is global 4004f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // TODO: should this be admin user? 4014f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (userId == UserHandle.USER_SYSTEM) { 4024f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser(cr, 4034f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.ADB_ENABLED, "0", 4044f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 4054f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 4064f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 4074f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 4084f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.ENSURE_VERIFY_APPS: 4094f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 4104f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser( 4114f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki context.getContentResolver(), 4124f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.PACKAGE_VERIFIER_ENABLE, "1", 4134f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 4144f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser( 4154f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki context.getContentResolver(), 4164f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, "1", 4174f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 4184f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 4194f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 4204f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES: 4214f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 4224f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 4234f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.INSTALL_NON_MARKET_APPS, 0, 4244f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 4254f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 4264f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 4279cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov case UserManager.DISALLOW_RUN_IN_BACKGROUND: 4289cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov if (newValue) { 4299cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov int currentUser = ActivityManager.getCurrentUser(); 4309cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov if (currentUser != userId && userId != UserHandle.USER_SYSTEM) { 4319cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov try { 432dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0Sudheer Shanka ActivityManager.getService().stopUser(userId, false, null); 4339cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov } catch (RemoteException e) { 4349cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov throw e.rethrowAsRuntimeException(); 4359cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov } 4369cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov } 4379cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov } 4386474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova break; 4396474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova case UserManager.DISALLOW_SAFE_BOOT: 4406474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova // Unlike with the other restrictions, we want to propagate the new value to 4416474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova // the system settings even if it is false. The other restrictions modify 4426474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova // settings which could be manually changed by the user from the Settings app 4436474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova // after the policies enforcing these restrictions have been revoked, so we 4446474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova // leave re-setting of those settings to the user. 4456474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova android.provider.Settings.Global.putInt( 4466474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova context.getContentResolver(), 4476474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova android.provider.Settings.Global.SAFE_BOOT_DISALLOWED, 4486474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova newValue ? 1 : 0); 4496474f0e02b9a00c1f69f985c0d73cf7f8c0fb073Lenka Trochtova break; 450830e32cdccdeeeadc5f07ba006b2b5779f8be65dMahaver Chopra case UserManager.DISALLOW_FACTORY_RESET: 4513d9805d50281882b4420ee2d4ede8a8bdd94d455Mahaver Chopra case UserManager.DISALLOW_OEM_UNLOCK: 452830e32cdccdeeeadc5f07ba006b2b5779f8be65dMahaver Chopra if (newValue) { 453830e32cdccdeeeadc5f07ba006b2b5779f8be65dMahaver Chopra PersistentDataBlockManager manager = (PersistentDataBlockManager) context 454830e32cdccdeeeadc5f07ba006b2b5779f8be65dMahaver Chopra .getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 455c48b20f8f1d3e07e8a931b195669b0ab8895006cEsteban Talavera if (manager != null 456c48b20f8f1d3e07e8a931b195669b0ab8895006cEsteban Talavera && manager.getOemUnlockEnabled() 457c48b20f8f1d3e07e8a931b195669b0ab8895006cEsteban Talavera && manager.getFlashLockState() 458c48b20f8f1d3e07e8a931b195669b0ab8895006cEsteban Talavera != PersistentDataBlockManager.FLASH_LOCK_UNLOCKED) { 459c48b20f8f1d3e07e8a931b195669b0ab8895006cEsteban Talavera // Only disable OEM unlock if the bootloader is locked. If it's already 460c48b20f8f1d3e07e8a931b195669b0ab8895006cEsteban Talavera // unlocked, setting the OEM unlock enabled flag to false has no effect 461c48b20f8f1d3e07e8a931b195669b0ab8895006cEsteban Talavera // (the bootloader would remain unlocked). 462830e32cdccdeeeadc5f07ba006b2b5779f8be65dMahaver Chopra manager.setOemUnlockEnabled(false); 463830e32cdccdeeeadc5f07ba006b2b5779f8be65dMahaver Chopra } 464830e32cdccdeeeadc5f07ba006b2b5779f8be65dMahaver Chopra } 465c1205111a92b52283078f1a2e86c8d32c5928b92Tony Mak break; 4664f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 4674f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } finally { 4684f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki Binder.restoreCallingIdentity(id); 4694f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 4704f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 4714f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 472a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki public static void dumpRestrictions(PrintWriter pw, String prefix, Bundle restrictions) { 473a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki boolean noneSet = true; 474a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (restrictions != null) { 475a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki for (String key : restrictions.keySet()) { 476a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (restrictions.getBoolean(key, false)) { 477a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki pw.println(prefix + key); 478a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki noneSet = false; 479a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 480a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 481068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (noneSet) { 482068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki pw.println(prefix + "none"); 483068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 484068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } else { 485068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki pw.println(prefix + "null"); 486a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 487a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 488a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki} 489