UserRestrictionsUtils.java revision 9cbfc9e212151e84910a22387365644916dde446
1a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki/* 2a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Copyright (C) 2015 The Android Open Source Project 3a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 4a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Licensed under the Apache License, Version 2.0 (the "License"); 5a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * you may not use this file except in compliance with the License. 6a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * You may obtain a copy of the License at 7a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 8a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * http://www.apache.org/licenses/LICENSE-2.0 9a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * 10a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Unless required by applicable law or agreed to in writing, software 11a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * distributed under the License is distributed on an "AS IS" BASIS, 12a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * See the License for the specific language governing permissions and 14a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * limitations under the License. 15a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki */ 16a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 17a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukipackage com.android.server.pm; 18a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 19a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport com.google.android.collect.Sets; 20a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport com.android.internal.util.Preconditions; 221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 231a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.annotation.NonNull; 241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.annotation.Nullable; 259cbfc9e212151e84910a22387365644916dde446Fyodor Kupolovimport android.app.ActivityManager; 269cbfc9e212151e84910a22387365644916dde446Fyodor Kupolovimport android.app.ActivityManagerNative; 274f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.content.ContentResolver; 284f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.content.Context; 294f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.net.Uri; 304f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.os.Binder; 31a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport android.os.Bundle; 329cbfc9e212151e84910a22387365644916dde446Fyodor Kupolovimport android.os.RemoteException; 334f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.os.SystemProperties; 344f16073556f7978708fb71c87628cfe1692412d5Makoto Onukiimport android.os.UserHandle; 35a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport android.os.UserManager; 361a2cd74526113b45d9108b6997609122c4311fb1Makoto Onukiimport android.util.Log; 37a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 38a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport org.xmlpull.v1.XmlPullParser; 39a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport org.xmlpull.v1.XmlSerializer; 40a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 41a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.io.IOException; 42a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.io.PrintWriter; 43a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukiimport java.util.Set; 44a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 45d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki/** 46d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * Utility methods for uesr restrictions. 47d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 48d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * <p>See {@link UserManagerService} for the method suffixes. 49d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki */ 50a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onukipublic class UserRestrictionsUtils { 514f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki private static final String TAG = "UserRestrictionsUtils"; 524f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 53a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki private UserRestrictionsUtils() { 54a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 55a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 56ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki public static final Set<String> USER_RESTRICTIONS = Sets.newArraySet( 57a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_WIFI, 58a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_MODIFY_ACCOUNTS, 59a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_INSTALL_APPS, 60a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_UNINSTALL_APPS, 61a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SHARE_LOCATION, 62a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, 63a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_BLUETOOTH, 64a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_USB_FILE_TRANSFER, 65a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_CREDENTIALS, 66a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_REMOVE_USER, 67a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_DEBUGGING_FEATURES, 68a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_VPN, 69a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_TETHERING, 70a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_NETWORK_RESET, 71a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_FACTORY_RESET, 72a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_ADD_USER, 73a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.ENSURE_VERIFY_APPS, 74a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 75a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 76a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_APPS_CONTROL, 77a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 78a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_UNMUTE_MICROPHONE, 79a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_ADJUST_VOLUME, 80a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_OUTGOING_CALLS, 81a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SMS, 82a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_FUN, 83a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CREATE_WINDOWS, 84a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_CROSS_PROFILE_COPY_PASTE, 85a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_OUTGOING_BEAM, 86a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_WALLPAPER, 87a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_SAFE_BOOT, 88a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.ALLOW_PARENT_PROFILE_APP_LINKING, 89a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki UserManager.DISALLOW_RECORD_AUDIO, 909cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov UserManager.DISALLOW_CAMERA, 919cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov UserManager.DISALLOW_RUN_IN_BACKGROUND 921a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 93a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 94a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki /** 95a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki * Set of user restriction which we don't want to persist. 96a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki */ 971a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> NON_PERSIST_USER_RESTRICTIONS = Sets.newArraySet( 981a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_RECORD_AUDIO 991a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1001a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1011a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1021a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * User restrictions that can not be set by profile owners. 1031a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1041a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> DEVICE_OWNER_ONLY_RESTRICTIONS = Sets.newArraySet( 1051a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_USB_FILE_TRANSFER, 1061a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_TETHERING, 1071a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_NETWORK_RESET, 1081a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_FACTORY_RESET, 1091a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_ADD_USER, 1101a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 1111a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 1121a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 1131a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_SMS, 1141a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_FUN, 1151a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_SAFE_BOOT, 1161a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_CREATE_WINDOWS 1171a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1181a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1191a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1201a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * User restrictions that can't be changed by device owner or profile owner. 1211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> IMMUTABLE_BY_OWNERS = Sets.newArraySet( 1231a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_RECORD_AUDIO, 1241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_WALLPAPER 1251a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1261a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1271a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1281a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Special user restrictions that can be applied to a user as well as to all users globally, 1291a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * depending on callers. When device owner sets them, they'll be applied to all users. 1301a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1311a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki private static final Set<String> GLOBAL_RESTRICTIONS = Sets.newArraySet( 1321a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_ADJUST_VOLUME, 1339cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov UserManager.DISALLOW_RUN_IN_BACKGROUND, 1341a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki UserManager.DISALLOW_UNMUTE_MICROPHONE 1351a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki ); 1361a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1371a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void writeRestrictions(@NonNull XmlSerializer serializer, 1381a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki @Nullable Bundle restrictions, @NonNull String tag) throws IOException { 1391a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (restrictions == null) { 1401a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return; 1411a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 142a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 143a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki serializer.startTag(null, tag); 144ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki for (String key : restrictions.keySet()) { 145ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (NON_PERSIST_USER_RESTRICTIONS.contains(key)) { 146ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki continue; // Don't persist. 147a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 148ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (USER_RESTRICTIONS.contains(key)) { 149ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki if (restrictions.getBoolean(key)) { 150ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki serializer.attribute(null, key, "true"); 151ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki } 152ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki continue; 153ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki } 154ac65e1e1dba1cf0ea237a389220ec818ade07a16Makoto Onuki Log.w(TAG, "Unknown user restriction detected: " + key); 155a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 156a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki serializer.endTag(null, tag); 157a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 158a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 159a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki public static void readRestrictions(XmlPullParser parser, Bundle restrictions) 160a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki throws IOException { 161a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki for (String key : USER_RESTRICTIONS) { 162a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki final String value = parser.getAttributeValue(null, key); 163a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (value != null) { 164a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki restrictions.putBoolean(key, Boolean.parseBoolean(value)); 165a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 166a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 167a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 168a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki 1691a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1701a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return {@code in} itself when it's not null, or an empty bundle (which can writable). 1711a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1721a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static Bundle nonNull(@Nullable Bundle in) { 1731a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return in != null ? in : new Bundle(); 1741a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 1751a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1761a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean isEmpty(@Nullable Bundle in) { 1771a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return (in == null) || (in.size() == 0); 1781a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 1791a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1801a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 1811a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Creates a copy of the {@code in} Bundle. If {@code in} is null, it'll return an empty 1821a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * bundle. 1831a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * 1841a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * <p>The resulting {@link Bundle} is always writable. (i.e. it won't return 1851a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * {@link Bundle#EMPTY}) 1861a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 1871a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static @NonNull Bundle clone(@Nullable Bundle in) { 1881a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return (in != null) ? new Bundle(in) : new Bundle(); 1891a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 1901a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 1911a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void merge(@NonNull Bundle dest, @Nullable Bundle in) { 1921a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Preconditions.checkNotNull(dest); 1931a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Preconditions.checkArgument(dest != in); 194068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (in == null) { 195068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki return; 196068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 197068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki for (String key : in.keySet()) { 198068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (in.getBoolean(key, false)) { 199068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki dest.putBoolean(key, true); 200068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 201068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 202068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 203068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki 2044f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki /** 2051a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return true if a restriction is settable by device owner. 2061a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2071a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean canDeviceOwnerChange(String restriction) { 2081a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return !IMMUTABLE_BY_OWNERS.contains(restriction); 2091a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2101a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2111a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2121a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return true if a restriction is settable by profile owner. 2131a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2141a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean canProfileOwnerChange(String restriction) { 2151a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return !(IMMUTABLE_BY_OWNERS.contains(restriction) 2161a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki || DEVICE_OWNER_ONLY_RESTRICTIONS.contains(restriction)); 2171a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2181a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2191a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2201a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * Takes restrictions that can be set by device owner, and sort them into what should be applied 2211a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * globally and what should be applied only on the current user. 2221a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2231a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static void sortToGlobalAndLocal(@Nullable Bundle in, @NonNull Bundle global, 2241a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki @NonNull Bundle local) { 2251a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (in == null || in.size() == 0) { 2261a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return; 2271a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2281a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : in.keySet()) { 2291a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (!in.getBoolean(key)) { 2301a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki continue; 2311a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2321a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (DEVICE_OWNER_ONLY_RESTRICTIONS.contains(key) || GLOBAL_RESTRICTIONS.contains(key)) { 2331a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki global.putBoolean(key, true); 2341a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } else { 2351a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki local.putBoolean(key, true); 2361a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2371a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2381a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2391a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2401a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2411a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * @return true if two Bundles contain the same user restriction. 2421a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki * A null bundle and an empty bundle are considered to be equal. 2431a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki */ 2441a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki public static boolean areEqual(@Nullable Bundle a, @Nullable Bundle b) { 2451a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a == b) { 2461a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return true; 2471a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2481a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (isEmpty(a)) { 2491a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return isEmpty(b); 2501a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2511a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (isEmpty(b)) { 2521a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 2531a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2541a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : a.keySet()) { 2551a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a.getBoolean(key) != b.getBoolean(key)) { 2561a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 2571a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2581a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2591a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki for (String key : b.keySet()) { 2601a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (a.getBoolean(key) != b.getBoolean(key)) { 2611a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return false; 2621a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2631a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2641a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki return true; 2651a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2661a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki 2671a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki /** 2684f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki * Takes a new use restriction set and the previous set, and apply the restrictions that have 2694f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki * changed. 270d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 2719cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov * <p>Note this method is called by {@link UserManagerService} without holding any locks. 2724f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki */ 2739cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov public static void applyUserRestrictions(Context context, int userId, 274d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki Bundle newRestrictions, Bundle prevRestrictions) { 2754f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki for (String key : USER_RESTRICTIONS) { 2764f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final boolean newValue = newRestrictions.getBoolean(key); 2774f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final boolean prevValue = prevRestrictions.getBoolean(key); 2784f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 2794f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue != prevValue) { 2809cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov applyUserRestriction(context, userId, key, newValue); 2814f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 2824f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 2834f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 2849cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov 285d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki /** 286d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * Apply each user restriction. 287d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki * 28828da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * <p>See also {@link 28928da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * com.android.providers.settings.SettingsProvider#isGlobalOrSecureSettingRestrictedForUser}, 29028da2e3490cff619157578c85d32a73ff979d554Makoto Onuki * which should be in sync with this method. 291d45a4a2ecb18701b4cfadcb4a26663f2eab642feMakoto Onuki */ 2929cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov private static void applyUserRestriction(Context context, int userId, String key, 2934f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki boolean newValue) { 2941a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki if (UserManagerService.DBG) { 2951a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki Log.d(TAG, "Applying user restriction: userId=" + userId 2961a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki + " key=" + key + " value=" + newValue); 2971a2cd74526113b45d9108b6997609122c4311fb1Makoto Onuki } 2984f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // When certain restrictions are cleared, we don't update the system settings, 2994f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // because these settings are changeable on the Settings UI and we don't know the original 3004f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // value -- for example LOCATION_MODE might have been off already when the restriction was 3014f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // set, and in that case even if the restriction is lifted, changing it to ON would be 3024f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // wrong. So just don't do anything in such a case. If the user hopes to enable location 3034f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // later, they can do it on the Settings UI. 3044f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 3054f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final ContentResolver cr = context.getContentResolver(); 3064f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final long id = Binder.clearCallingIdentity(); 3074f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki try { 3084f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki switch (key) { 3094f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_CONFIG_WIFI: 3104f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3114f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 31228da2e3490cff619157578c85d32a73ff979d554Makoto Onuki android.provider.Settings.Global 3134f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki .WIFI_NETWORKS_AVAILABLE_NOTIFICATION_ON, 0, userId); 3144f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3154f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3164f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_SHARE_LOCATION: 3174f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3184f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 3194f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.LOCATION_MODE, 3204f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.LOCATION_MODE_OFF, 3214f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3224f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3234f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // Send out notifications as some clients may want to reread the 3244f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // value which actually changed due to a restriction having been 3254f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // applied. 3264f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final String property = 3274f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.SYS_PROP_SETTING_VERSION; 3284f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki long version = SystemProperties.getLong(property, 0) + 1; 3294f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki SystemProperties.set(property, Long.toString(version)); 3304f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 3314f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final String name = android.provider.Settings.Secure.LOCATION_PROVIDERS_ALLOWED; 3324f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki final Uri url = Uri.withAppendedPath( 3334f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.CONTENT_URI, name); 3344f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki context.getContentResolver().notifyChange(url, null, true, userId); 3354f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 3364f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3374f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_DEBUGGING_FEATURES: 3384f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3394f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // Only disable adb if changing for system user, since it is global 3404f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki // TODO: should this be admin user? 3414f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (userId == UserHandle.USER_SYSTEM) { 3424f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser(cr, 3434f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.ADB_ENABLED, "0", 3444f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3454f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3464f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3474f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3484f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.ENSURE_VERIFY_APPS: 3494f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3504f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser( 3514f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki context.getContentResolver(), 3524f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.PACKAGE_VERIFIER_ENABLE, "1", 3534f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3544f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.putStringForUser( 3554f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki context.getContentResolver(), 3564f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, "1", 3574f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3584f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3594f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3604f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki case UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES: 3614f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki if (newValue) { 3624f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.putIntForUser(cr, 3634f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki android.provider.Settings.Secure.INSTALL_NON_MARKET_APPS, 0, 3644f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki userId); 3654f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3664f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki break; 3679cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov case UserManager.DISALLOW_RUN_IN_BACKGROUND: 3689cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov if (newValue) { 3699cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov int currentUser = ActivityManager.getCurrentUser(); 3709cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov if (currentUser != userId && userId != UserHandle.USER_SYSTEM) { 3719cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov try { 3729cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov ActivityManagerNative.getDefault().stopUser(userId, false, null); 3739cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov } catch (RemoteException e) { 3749cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov throw e.rethrowAsRuntimeException(); 3759cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov } 3769cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov } 3779cbfc9e212151e84910a22387365644916dde446Fyodor Kupolov } 3784f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3794f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } finally { 3804f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki Binder.restoreCallingIdentity(id); 3814f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3824f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki } 3834f16073556f7978708fb71c87628cfe1692412d5Makoto Onuki 384a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki public static void dumpRestrictions(PrintWriter pw, String prefix, Bundle restrictions) { 385a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki boolean noneSet = true; 386a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (restrictions != null) { 387a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki for (String key : restrictions.keySet()) { 388a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki if (restrictions.getBoolean(key, false)) { 389a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki pw.println(prefix + key); 390a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki noneSet = false; 391a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 392a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 393068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki if (noneSet) { 394068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki pw.println(prefix + "none"); 395068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } 396068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki } else { 397068c54a5be697c3df4657dcda33cd17c4b547710Makoto Onuki pw.println(prefix + "null"); 398a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 399a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki } 400a4f119790e32fcce56586e7324d508e35cb30a2aMakoto Onuki} 401