1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.os; 17 18 import android.annotation.IntDef; 19 import android.annotation.NonNull; 20 import android.annotation.Nullable; 21 import android.annotation.UserIdInt; 22 import android.content.Context; 23 import android.content.pm.UserInfo; 24 import android.graphics.Bitmap; 25 26 import com.android.server.pm.RestrictionsSet; 27 28 import java.lang.annotation.Retention; 29 import java.lang.annotation.RetentionPolicy; 30 import java.util.List; 31 32 /** 33 * @hide Only for use within the system server. 34 */ 35 public abstract class UserManagerInternal { 36 37 public static final int OWNER_TYPE_DEVICE_OWNER = 0; 38 public static final int OWNER_TYPE_PROFILE_OWNER = 1; 39 public static final int OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE = 2; 40 public static final int OWNER_TYPE_NO_OWNER = 3; 41 42 @Retention(RetentionPolicy.SOURCE) 43 @IntDef(value = {OWNER_TYPE_DEVICE_OWNER, OWNER_TYPE_PROFILE_OWNER, 44 OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE, OWNER_TYPE_NO_OWNER}) 45 public @interface OwnerType { 46 } 47 48 public interface UserRestrictionsListener { 49 /** 50 * Called when a user restriction changes. 51 * 52 * @param userId target user id 53 * @param newRestrictions new user restrictions 54 * @param prevRestrictions user restrictions that were previously set 55 */ onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions)56 void onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions); 57 } 58 59 /** 60 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to set 61 * restrictions enforced by the user. 62 * 63 * @param originatingUserId user id of the user where the restrictions originated. 64 * @param global a bundle of global user restrictions. Global restrictions are 65 * restrictions that apply device-wide: to the managed profile, 66 * primary profile and secondary users and any profile created in 67 * any secondary user. 68 * @param local a restriction set of local user restrictions. The key is the user 69 * id of the user whom the restrictions are targeting. 70 * @param isDeviceOwner whether {@code originatingUserId} corresponds to device owner 71 * user id. 72 */ setDevicePolicyUserRestrictions(int originatingUserId, @Nullable Bundle global, @Nullable RestrictionsSet local, boolean isDeviceOwner)73 public abstract void setDevicePolicyUserRestrictions(int originatingUserId, 74 @Nullable Bundle global, @Nullable RestrictionsSet local, boolean isDeviceOwner); 75 76 /** 77 * Returns the "base" user restrictions. 78 * 79 * Used by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading 80 * from MNC. 81 */ getBaseUserRestrictions(int userId)82 public abstract Bundle getBaseUserRestrictions(int userId); 83 84 /** 85 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading 86 * from MNC. 87 */ setBaseUserRestrictionsByDpmsForMigration(int userId, Bundle baseRestrictions)88 public abstract void setBaseUserRestrictionsByDpmsForMigration(int userId, 89 Bundle baseRestrictions); 90 91 /** Return a user restriction. */ getUserRestriction(int userId, String key)92 public abstract boolean getUserRestriction(int userId, String key); 93 94 /** Adds a listener to user restriction changes. */ addUserRestrictionsListener(UserRestrictionsListener listener)95 public abstract void addUserRestrictionsListener(UserRestrictionsListener listener); 96 97 /** Remove a {@link UserRestrictionsListener}. */ removeUserRestrictionsListener(UserRestrictionsListener listener)98 public abstract void removeUserRestrictionsListener(UserRestrictionsListener listener); 99 100 /** 101 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update 102 * whether the device is managed by device owner. 103 */ setDeviceManaged(boolean isManaged)104 public abstract void setDeviceManaged(boolean isManaged); 105 106 /** 107 * Returns whether the device is managed by device owner. 108 */ isDeviceManaged()109 public abstract boolean isDeviceManaged(); 110 111 /** 112 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update 113 * whether the user is managed by profile owner. 114 */ setUserManaged(int userId, boolean isManaged)115 public abstract void setUserManaged(int userId, boolean isManaged); 116 117 /** 118 * whether a profile owner manages this user. 119 */ isUserManaged(int userId)120 public abstract boolean isUserManaged(int userId); 121 122 /** 123 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to omit 124 * restriction check, because DevicePolicyManager must always be able to set user icon 125 * regardless of any restriction. 126 * Also called by {@link com.android.server.pm.UserManagerService} because the logic of setting 127 * the icon is in this method. 128 */ setUserIcon(int userId, Bitmap bitmap)129 public abstract void setUserIcon(int userId, Bitmap bitmap); 130 131 /** 132 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to inform the 133 * user manager whether all users should be created ephemeral. 134 */ setForceEphemeralUsers(boolean forceEphemeralUsers)135 public abstract void setForceEphemeralUsers(boolean forceEphemeralUsers); 136 137 /** 138 * Switches to the system user and deletes all other users. 139 * 140 * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when 141 * the force-ephemeral-users policy is toggled on to make sure there are no pre-existing 142 * non-ephemeral users left. 143 */ removeAllUsers()144 public abstract void removeAllUsers(); 145 146 /** 147 * Called by the activity manager when the ephemeral user goes to background and its removal 148 * starts as a result. 149 * 150 * <p>It marks the ephemeral user as disabled in order to prevent it from being re-entered 151 * before its removal finishes. 152 * 153 * @param userId the ID of the ephemeral user. 154 */ onEphemeralUserStop(int userId)155 public abstract void onEphemeralUserStop(int userId); 156 157 /** 158 * Same as UserManager.createUser(), but bypasses the check for 159 * {@link UserManager#DISALLOW_ADD_USER} and {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE} 160 * 161 * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when 162 * createAndManageUser is called by the device owner. 163 */ createUserEvenWhenDisallowed(String name, String userType, int flags, String[] disallowedPackages)164 public abstract UserInfo createUserEvenWhenDisallowed(String name, String userType, 165 int flags, String[] disallowedPackages) 166 throws UserManager.CheckedUserOperationException; 167 168 /** 169 * Same as {@link UserManager#removeUser(int userId)}, but bypasses the check for 170 * {@link UserManager#DISALLOW_REMOVE_USER} and 171 * {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE} and does not require the 172 * {@link android.Manifest.permission#MANAGE_USERS} permission. 173 */ removeUserEvenWhenDisallowed(int userId)174 public abstract boolean removeUserEvenWhenDisallowed(int userId); 175 176 /** 177 * Return whether the given user is running in an 178 * {@code UserState.STATE_RUNNING_UNLOCKING} or 179 * {@code UserState.STATE_RUNNING_UNLOCKED} state. 180 */ isUserUnlockingOrUnlocked(int userId)181 public abstract boolean isUserUnlockingOrUnlocked(int userId); 182 183 /** 184 * Return whether the given user is running in an 185 * {@code UserState.STATE_RUNNING_UNLOCKED} state. 186 */ isUserUnlocked(int userId)187 public abstract boolean isUserUnlocked(int userId); 188 189 /** 190 * Returns whether the given user is running 191 */ isUserRunning(int userId)192 public abstract boolean isUserRunning(int userId); 193 194 /** 195 * Returns whether the given user is initialized 196 */ isUserInitialized(int userId)197 public abstract boolean isUserInitialized(int userId); 198 199 /** 200 * Returns whether the given user exists 201 */ exists(int userId)202 public abstract boolean exists(int userId); 203 204 /** 205 * Set user's running state 206 */ setUserState(int userId, int userState)207 public abstract void setUserState(int userId, int userState); 208 209 /** 210 * Remove user's running state 211 */ removeUserState(int userId)212 public abstract void removeUserState(int userId); 213 214 /** 215 * Returns an array of user ids. This array is cached in UserManagerService and passed as a 216 * reference, so do not modify the returned array. 217 * 218 * @return the array of user ids. 219 */ getUserIds()220 public abstract int[] getUserIds(); 221 222 /** 223 * Internal implementation of getUsers does not check permissions. 224 * This improves performance for calls from inside system server which already have permissions 225 * checked. 226 */ getUsers(boolean excludeDying)227 public abstract @NonNull List<UserInfo> getUsers(boolean excludeDying); 228 229 /** 230 * Checks if the {@code callingUserId} and {@code targetUserId} are same or in same group 231 * and that the {@code callingUserId} is not a profile and {@code targetUserId} is enabled. 232 * 233 * @return TRUE if the {@code callingUserId} can access {@code targetUserId}. FALSE 234 * otherwise 235 * 236 * @throws SecurityException if the calling user and {@code targetUser} are not in the same 237 * group and {@code throwSecurityException} is true, otherwise if will simply return false. 238 */ isProfileAccessible(int callingUserId, int targetUserId, String debugMsg, boolean throwSecurityException)239 public abstract boolean isProfileAccessible(int callingUserId, int targetUserId, 240 String debugMsg, boolean throwSecurityException); 241 242 /** 243 * If {@code userId} is of a profile, return the parent user ID. Otherwise return itself. 244 */ getProfileParentId(int userId)245 public abstract int getProfileParentId(int userId); 246 247 /** 248 * Checks whether changing a setting to a value is prohibited by the corresponding user 249 * restriction. 250 * 251 * <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction( 252 * Context, int, String, boolean)}, which should be in sync with this method. 253 * 254 * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. 255 * 256 * @hide 257 */ isSettingRestrictedForUser(String setting, int userId, String value, int callingUid)258 public abstract boolean isSettingRestrictedForUser(String setting, int userId, String value, 259 int callingUid); 260 261 /** @return a specific user restriction that's in effect currently. */ hasUserRestriction(String restriction, int userId)262 public abstract boolean hasUserRestriction(String restriction, int userId); 263 264 /** 265 * Gets an {@link UserInfo} for the given {@code userId}, or {@code null} if not 266 * found. 267 */ getUserInfo(@serIdInt int userId)268 public abstract @Nullable UserInfo getUserInfo(@UserIdInt int userId); 269 270 /** 271 * Gets all {@link UserInfo UserInfos}. 272 */ getUserInfos()273 public abstract @NonNull UserInfo[] getUserInfos(); 274 } 275