1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.os; 18 19 import android.Manifest; 20 import android.accounts.AccountManager; 21 import android.annotation.ColorInt; 22 import android.annotation.DrawableRes; 23 import android.annotation.IntDef; 24 import android.annotation.NonNull; 25 import android.annotation.Nullable; 26 import android.annotation.RequiresPermission; 27 import android.annotation.StringDef; 28 import android.annotation.SystemApi; 29 import android.annotation.SystemService; 30 import android.annotation.TestApi; 31 import android.annotation.UserHandleAware; 32 import android.annotation.UserIdInt; 33 import android.annotation.WorkerThread; 34 import android.app.Activity; 35 import android.app.ActivityManager; 36 import android.app.PropertyInvalidatedCache; 37 import android.app.admin.DevicePolicyManager; 38 import android.compat.annotation.UnsupportedAppUsage; 39 import android.content.ComponentName; 40 import android.content.Context; 41 import android.content.Intent; 42 import android.content.IntentFilter; 43 import android.content.IntentSender; 44 import android.content.pm.UserInfo; 45 import android.content.pm.UserInfo.UserInfoFlag; 46 import android.content.res.Configuration; 47 import android.content.res.Resources; 48 import android.graphics.Bitmap; 49 import android.graphics.BitmapFactory; 50 import android.graphics.Rect; 51 import android.graphics.drawable.Drawable; 52 import android.location.LocationManager; 53 import android.provider.Settings; 54 import android.telephony.TelephonyManager; 55 import android.util.AndroidException; 56 import android.view.WindowManager.LayoutParams; 57 58 import com.android.internal.R; 59 import com.android.internal.os.RoSystemProperties; 60 import com.android.internal.util.FrameworkStatsLog; 61 62 import java.io.IOException; 63 import java.lang.annotation.Retention; 64 import java.lang.annotation.RetentionPolicy; 65 import java.util.ArrayList; 66 import java.util.List; 67 import java.util.Set; 68 69 /** 70 * Manages users and user details on a multi-user system. There are two major categories of 71 * users: fully customizable users with their own login, and managed profiles that share a workspace 72 * with a related user. 73 * <p> 74 * Users are different from accounts, which are managed by 75 * {@link AccountManager}. Each user can have their own set of accounts. 76 * <p> 77 * See {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} for more on managed profiles. 78 */ 79 @SystemService(Context.USER_SERVICE) 80 public class UserManager { 81 82 private static final String TAG = "UserManager"; 83 @UnsupportedAppUsage 84 private final IUserManager mService; 85 /** Holding the Application context (not constructor param context). */ 86 private final Context mContext; 87 88 /** The userId of the constructor param context. To be used instead of mContext.getUserId(). */ 89 private final @UserIdInt int mUserId; 90 91 private Boolean mIsManagedProfileCached; 92 private Boolean mIsProfileCached; 93 94 /** 95 * User type representing a {@link UserHandle#USER_SYSTEM system} user that is a human user. 96 * This type of user cannot be created; it can only pre-exist on first boot. 97 * @hide 98 */ 99 @SystemApi 100 public static final String USER_TYPE_FULL_SYSTEM = "android.os.usertype.full.SYSTEM"; 101 102 /** 103 * User type representing a regular non-profile non-{@link UserHandle#USER_SYSTEM system} human 104 * user. 105 * This is sometimes called an ordinary 'secondary user'. 106 * @hide 107 */ 108 @SystemApi 109 public static final String USER_TYPE_FULL_SECONDARY = "android.os.usertype.full.SECONDARY"; 110 111 /** 112 * User type representing a guest user that may be transient. 113 * @hide 114 */ 115 public static final String USER_TYPE_FULL_GUEST = "android.os.usertype.full.GUEST"; 116 117 /** 118 * User type representing a user for demo purposes only, which can be removed at any time. 119 * @hide 120 */ 121 public static final String USER_TYPE_FULL_DEMO = "android.os.usertype.full.DEMO"; 122 123 /** 124 * User type representing a "restricted profile" user, which is a full user that is subject to 125 * certain restrictions from a parent user. Note, however, that it is NOT technically a profile. 126 * @hide 127 */ 128 public static final String USER_TYPE_FULL_RESTRICTED = "android.os.usertype.full.RESTRICTED"; 129 130 /** 131 * User type representing a managed profile, which is a profile that is to be managed by a 132 * device policy controller (DPC). 133 * The intended purpose is for work profiles, which are managed by a corporate entity. 134 * @hide 135 */ 136 @SystemApi 137 public static final String USER_TYPE_PROFILE_MANAGED = "android.os.usertype.profile.MANAGED"; 138 139 /** 140 * User type representing a {@link UserHandle#USER_SYSTEM system} user that is <b>not</b> a 141 * human user. 142 * This type of user cannot be created; it can only pre-exist on first boot. 143 * @hide 144 */ 145 @SystemApi 146 public static final String USER_TYPE_SYSTEM_HEADLESS = "android.os.usertype.system.HEADLESS"; 147 148 /** 149 * Flag passed to {@link #requestQuietModeEnabled} to request disabling quiet mode only if 150 * there is no need to confirm the user credentials. If credentials are required to disable 151 * quiet mode, {@link #requestQuietModeEnabled} will do nothing and return {@code false}. 152 */ 153 public static final int QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED = 0x1; 154 155 /** 156 * Flag passed to {@link #requestQuietModeEnabled} to request disabling quiet mode without 157 * asking for credentials. This is used when managed profile password is forgotten. It starts 158 * the user in locked state so that a direct boot aware DPC could reset the password. 159 * Should not be used together with 160 * {@link #QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED} or an exception will be thrown. 161 * @hide 162 */ 163 public static final int QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL = 0x2; 164 165 /** 166 * List of flags available for the {@link #requestQuietModeEnabled} method. 167 * @hide 168 */ 169 @Retention(RetentionPolicy.SOURCE) 170 @IntDef(flag = true, prefix = { "QUIET_MODE_" }, value = { 171 QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED, 172 QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL}) 173 public @interface QuietModeFlag {} 174 175 /** 176 * @hide 177 * No user restriction. 178 */ 179 @SystemApi 180 public static final int RESTRICTION_NOT_SET = 0x0; 181 182 /** 183 * @hide 184 * User restriction set by system/user. 185 */ 186 @SystemApi 187 public static final int RESTRICTION_SOURCE_SYSTEM = 0x1; 188 189 /** 190 * @hide 191 * User restriction set by a device owner. 192 */ 193 @SystemApi 194 public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 0x2; 195 196 /** 197 * @hide 198 * User restriction set by a profile owner. 199 */ 200 @SystemApi 201 public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 0x4; 202 203 /** @hide */ 204 @Retention(RetentionPolicy.SOURCE) 205 @IntDef(flag = true, prefix = { "RESTRICTION_" }, value = { 206 RESTRICTION_NOT_SET, 207 RESTRICTION_SOURCE_SYSTEM, 208 RESTRICTION_SOURCE_DEVICE_OWNER, 209 RESTRICTION_SOURCE_PROFILE_OWNER 210 }) 211 @SystemApi 212 public @interface UserRestrictionSource {} 213 214 /** 215 * Specifies if a user is disallowed from adding and removing accounts, unless they are 216 * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by 217 * Authenticator. 218 * The default value is <code>false</code>. 219 * 220 * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still 221 * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account 222 * management is disallowed. 223 * 224 * <p>Key for user restrictions. 225 * <p>Type: Boolean 226 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 227 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 228 * @see #getUserRestrictions() 229 */ 230 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 231 232 /** 233 * Specifies if a user is disallowed from changing Wi-Fi access points via Settings. 234 * 235 * <p>A device owner and a profile owner can set this restriction, although the restriction has 236 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 237 * primary user or by a profile owner of an organization-owned managed profile on the parent 238 * profile, it disallows the primary user from changing Wi-Fi access points. 239 * 240 * <p>The default value is <code>false</code>. 241 * 242 * <p>Key for user restrictions. 243 * <p>Type: Boolean 244 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 245 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 246 * @see #getUserRestrictions() 247 */ 248 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 249 250 /** 251 * Specifies if a user is disallowed from changing the device 252 * language. The default value is <code>false</code>. 253 * 254 * <p>Key for user restrictions. 255 * <p>Type: Boolean 256 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 257 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 258 * @see #getUserRestrictions() 259 */ 260 public static final String DISALLOW_CONFIG_LOCALE = "no_config_locale"; 261 262 /** 263 * Specifies if a user is disallowed from installing applications. This user restriction also 264 * prevents device owners and profile owners installing apps. The default value is 265 * {@code false}. 266 * 267 * <p>Key for user restrictions. 268 * <p>Type: Boolean 269 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 270 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 271 * @see #getUserRestrictions() 272 */ 273 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 274 275 /** 276 * Specifies if a user is disallowed from uninstalling applications. 277 * The default value is <code>false</code>. 278 * 279 * <p>Key for user restrictions. 280 * <p>Type: Boolean 281 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 282 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 283 * @see #getUserRestrictions() 284 */ 285 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 286 287 /** 288 * Specifies if a user is disallowed from turning on location sharing. 289 * 290 * <p>In a managed profile, location sharing by default reflects the primary user's setting, but 291 * can be overridden and forced off by setting this restriction to true in the managed profile. 292 * 293 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 294 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 295 * managed profile on the parent profile, it prevents the primary user from turning on 296 * location sharing. 297 * 298 * <p>The default value is <code>false</code>. 299 * 300 * <p>Key for user restrictions. 301 * <p>Type: Boolean 302 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 303 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 304 * @see #getUserRestrictions() 305 */ 306 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 307 308 /** 309 * Specifies if airplane mode is disallowed on the device. 310 * 311 * <p>This restriction can only be set by a device owner, a profile owner on the primary 312 * user or a profile owner of an organization-owned managed profile on the parent profile. 313 * When it is set by any of these owners, it applies globally - i.e., it disables airplane mode 314 * on the entire device. 315 * 316 * <p>The default value is <code>false</code>. 317 * 318 * <p>Key for user restrictions. 319 * <p>Type: Boolean 320 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 321 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 322 * @see #getUserRestrictions() 323 */ 324 public static final String DISALLOW_AIRPLANE_MODE = "no_airplane_mode"; 325 326 /** 327 * Specifies if a user is disallowed from configuring brightness. When device owner sets it, 328 * it'll only be applied on the target(system) user. 329 * 330 * <p>The default value is <code>false</code>. 331 * 332 * <p>This user restriction has no effect on managed profiles. 333 * <p>Key for user restrictions. 334 * <p>Type: Boolean 335 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 336 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 337 * @see #getUserRestrictions() 338 */ 339 public static final String DISALLOW_CONFIG_BRIGHTNESS = "no_config_brightness"; 340 341 /** 342 * Specifies if ambient display is disallowed for the user. 343 * 344 * <p>The default value is <code>false</code>. 345 * 346 * <p>This user restriction has no effect on managed profiles. 347 * <p>Key for user restrictions. 348 * <p>Type: Boolean 349 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 350 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 351 * @see #getUserRestrictions() 352 */ 353 public static final String DISALLOW_AMBIENT_DISPLAY = "no_ambient_display"; 354 355 /** 356 * Specifies if a user is disallowed from changing screen off timeout. 357 * 358 * <p>The default value is <code>false</code>. 359 * 360 * <p>This user restriction has no effect on managed profiles. 361 * <p>Key for user restrictions. 362 * <p>Type: Boolean 363 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 364 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 365 * @see #getUserRestrictions() 366 */ 367 public static final String DISALLOW_CONFIG_SCREEN_TIMEOUT = "no_config_screen_timeout"; 368 369 /** 370 * Specifies if a user is disallowed from enabling the 371 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 372 * Unknown sources exclude adb and special apps such as trusted app stores. 373 * The default value is <code>false</code>. 374 * 375 * <p>Key for user restrictions. 376 * <p>Type: Boolean 377 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 378 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 379 * @see #getUserRestrictions() 380 */ 381 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 382 383 /** 384 * This restriction is a device-wide version of {@link #DISALLOW_INSTALL_UNKNOWN_SOURCES}. 385 * 386 * Specifies if all users on the device are disallowed from enabling the 387 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 388 * 389 * This restriction can be enabled by the profile owner, in which case all accounts and 390 * profiles will be affected. 391 * 392 * The default value is <code>false</code>. 393 * 394 * <p>Key for user restrictions. 395 * <p>Type: Boolean 396 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 397 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 398 * @see #getUserRestrictions() 399 */ 400 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY = 401 "no_install_unknown_sources_globally"; 402 403 /** 404 * Specifies if a user is disallowed from configuring bluetooth via Settings. This does 405 * <em>not</em> restrict the user from turning bluetooth on or off. 406 * 407 * <p>This restriction doesn't prevent the user from using bluetooth. For disallowing usage of 408 * bluetooth completely on the device, use {@link #DISALLOW_BLUETOOTH}. 409 * 410 * <p>A device owner and a profile owner can set this restriction, although the restriction has 411 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 412 * primary user or by a profile owner of an organization-owned managed profile on the parent 413 * profile, it disallows the primary user from configuring bluetooth. 414 * 415 * <p>The default value is <code>false</code>. 416 * 417 * <p>Key for user restrictions. 418 * <p>Type: Boolean 419 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 420 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 421 * @see #getUserRestrictions() 422 */ 423 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 424 425 /** 426 * Specifies if bluetooth is disallowed on the device. If bluetooth is disallowed on the device, 427 * bluetooth cannot be turned on or configured via Settings. 428 * 429 * <p>This restriction can only be set by a device owner, a profile owner on the primary 430 * user or a profile owner of an organization-owned managed profile on the parent profile. 431 * When it is set by a device owner, it applies globally - i.e., it disables bluetooth on 432 * the entire device and all users will be affected. When it is set by a profile owner on the 433 * primary user or by a profile owner of an organization-owned managed profile on the parent 434 * profile, it disables the primary user from using bluetooth and configuring bluetooth 435 * in Settings. 436 * 437 * <p>The default value is <code>false</code>. 438 * 439 * <p>Key for user restrictions. 440 * <p>Type: Boolean 441 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 442 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 443 * @see #getUserRestrictions() 444 */ 445 public static final String DISALLOW_BLUETOOTH = "no_bluetooth"; 446 447 /** 448 * Specifies if outgoing bluetooth sharing is disallowed. 449 * 450 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 451 * owner, it applies globally. When it is set by a profile owner on the primary user or by a 452 * profile owner of an organization-owned managed profile on the parent profile, it disables 453 * the primary user from any outgoing bluetooth sharing. 454 * 455 * <p>Default is <code>true</code> for managed profiles and false otherwise. 456 * 457 * <p>When a device upgrades to {@link android.os.Build.VERSION_CODES#O}, the system sets it 458 * for all existing managed profiles. 459 * 460 * <p>Key for user restrictions. 461 * <p>Type: Boolean 462 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 463 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 464 * @see #getUserRestrictions() 465 */ 466 public static final String DISALLOW_BLUETOOTH_SHARING = "no_bluetooth_sharing"; 467 468 /** 469 * Specifies if a user is disallowed from transferring files over USB. 470 * 471 * <p>This restriction can only be set by a device owner, a profile owner on the primary 472 * user or a profile owner of an organization-owned managed profile on the parent profile. 473 * When it is set by a device owner, it applies globally. When it is set by a profile owner 474 * on the primary user or by a profile owner of an organization-owned managed profile on 475 * the parent profile, it disables the primary user from transferring files over USB. No other 476 * user on the device is able to use file transfer over USB because the UI for file transfer 477 * is always associated with the primary user. 478 * 479 * <p>The default value is <code>false</code>. 480 * 481 * <p>Key for user restrictions. 482 * <p>Type: Boolean 483 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 484 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 485 * @see #getUserRestrictions() 486 */ 487 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 488 489 /** 490 * Specifies if a user is disallowed from configuring user 491 * credentials. The default value is <code>false</code>. 492 * 493 * <p>Key for user restrictions. 494 * <p>Type: Boolean 495 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 496 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 497 * @see #getUserRestrictions() 498 */ 499 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 500 501 /** 502 * When set on the admin user this specifies if the user can remove users. 503 * When set on a non-admin secondary user, this specifies if the user can remove itself. 504 * This restriction has no effect on managed profiles. 505 * The default value is <code>false</code>. 506 * 507 * <p>Key for user restrictions. 508 * <p>Type: Boolean 509 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 510 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 511 * @see #getUserRestrictions() 512 */ 513 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 514 515 /** 516 * Specifies if managed profiles of this user can be removed, other than by its profile owner. 517 * The default value is <code>false</code>. 518 * <p> 519 * This restriction has no effect on managed profiles. 520 * 521 * <p>Key for user restrictions. 522 * <p>Type: Boolean 523 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 524 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 525 * @see #getUserRestrictions() 526 * @deprecated As the ability to have a managed profile on a fully-managed device has been 527 * removed from the platform, this restriction will be silently ignored when applied by the 528 * device owner. 529 * When the device is provisioned with a managed profile on an organization-owned device, 530 * the managed profile could not be removed anyway. 531 */ 532 @Deprecated 533 public static final String DISALLOW_REMOVE_MANAGED_PROFILE = "no_remove_managed_profile"; 534 535 /** 536 * Specifies if a user is disallowed from enabling or accessing debugging features. 537 * 538 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 539 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 540 * managed profile on the parent profile, it disables debugging features altogether, including 541 * USB debugging. When set on a managed profile or a secondary user, it blocks debugging for 542 * that user only, including starting activities, making service calls, accessing content 543 * providers, sending broadcasts, installing/uninstalling packages, clearing user data, etc. 544 * 545 * <p>The default value is <code>false</code>. 546 * 547 * <p>Key for user restrictions. 548 * <p>Type: Boolean 549 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 550 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 551 * @see #getUserRestrictions() 552 */ 553 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features"; 554 555 /** 556 * Specifies if a user is disallowed from configuring a VPN. The default value is 557 * <code>false</code>. This restriction has an effect when set by device owners and, in Android 558 * 6.0 ({@linkplain android.os.Build.VERSION_CODES#M API level 23}) or higher, profile owners. 559 * <p>This restriction also prevents VPNs from starting. However, in Android 7.0 560 * ({@linkplain android.os.Build.VERSION_CODES#N API level 24}) or higher, the system does 561 * start always-on VPNs created by the device or profile owner. 562 * 563 * <p>Key for user restrictions. 564 * <p>Type: Boolean 565 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 566 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 567 * @see #getUserRestrictions() 568 */ 569 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn"; 570 571 /** 572 * Specifies if a user is disallowed from enabling or disabling location providers. As a 573 * result, user is disallowed from turning on or off location via Settings. 574 * 575 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 576 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 577 * managed profile on the parent profile, it disallows the primary user from turning location 578 * on or off. 579 * 580 * <p>The default value is <code>false</code>. 581 * 582 * <p>This user restriction is different from {@link #DISALLOW_SHARE_LOCATION}, 583 * as a device owner or a profile owner can still enable or disable location mode via 584 * {@link DevicePolicyManager#setLocationEnabled} when this restriction is on. 585 * 586 * <p>Key for user restrictions. 587 * <p>Type: Boolean 588 * @see LocationManager#isLocationEnabled() 589 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 590 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 591 * @see #getUserRestrictions() 592 */ 593 public static final String DISALLOW_CONFIG_LOCATION = "no_config_location"; 594 595 /** 596 * Specifies configuring date, time and timezone is disallowed via Settings. 597 * 598 * <p>A device owner and a profile owner can set this restriction, although the restriction has 599 * no effect in a managed profile. When it is set by a device owner or by a profile owner of an 600 * organization-owned managed profile on the parent profile, it applies globally - i.e., 601 * it disables date, time and timezone setting on the entire device and all users are affected. 602 * When it is set by a profile owner on the primary user, it disables the primary user 603 * from configuring date, time and timezone and disables all configuring of date, time and 604 * timezone in Settings. 605 * 606 * <p>The default value is <code>false</code>. 607 * 608 * <p>Key for user restrictions. 609 * <p>Type: Boolean 610 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 611 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 612 * @see #getUserRestrictions() 613 */ 614 public static final String DISALLOW_CONFIG_DATE_TIME = "no_config_date_time"; 615 616 /** 617 * Specifies if a user is disallowed from configuring Tethering and portable hotspots 618 * via Settings. 619 * 620 * <p>This restriction can only be set by a device owner, a profile owner on the primary 621 * user or a profile owner of an organization-owned managed profile on the parent profile. 622 * When it is set by a device owner, it applies globally. When it is set by a profile owner 623 * on the primary user or by a profile owner of an organization-owned managed profile on 624 * the parent profile, it disables the primary user from using Tethering and hotspots and 625 * disables all configuring of Tethering and hotspots in Settings. 626 * 627 * <p>The default value is <code>false</code>. 628 * 629 * <p>In Android 9.0 or higher, if tethering is enabled when this restriction is set, 630 * tethering will be automatically turned off. 631 * 632 * <p>Key for user restrictions. 633 * <p>Type: Boolean 634 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 635 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 636 * @see #getUserRestrictions() 637 */ 638 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering"; 639 640 /** 641 * Specifies if a user is disallowed from resetting network settings 642 * from Settings. This can only be set by device owners and profile owners on the primary user. 643 * The default value is <code>false</code>. 644 * <p>This restriction has no effect on secondary users and managed profiles since only the 645 * primary user can reset the network settings of the device. 646 * 647 * <p>Key for user restrictions. 648 * <p>Type: Boolean 649 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 650 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 651 * @see #getUserRestrictions() 652 */ 653 public static final String DISALLOW_NETWORK_RESET = "no_network_reset"; 654 655 /** 656 * Specifies if a user is disallowed from factory resetting from Settings. 657 * This can only be set by device owners and profile owners on an admin user. 658 * The default value is <code>false</code>. 659 * <p>This restriction has no effect on non-admin users since they cannot factory reset the 660 * device. 661 * 662 * <p>Key for user restrictions. 663 * <p>Type: Boolean 664 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 665 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 666 * @see #getUserRestrictions() 667 */ 668 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset"; 669 670 /** 671 * Specifies if a user is disallowed from adding new users. This can only be set by device 672 * owners or profile owners on the primary user. The default value is <code>false</code>. 673 * <p>This restriction has no effect on secondary users and managed profiles since only the 674 * primary user can add other users. 675 * <p> When the device is an organization-owned device provisioned with a managed profile, 676 * this restriction will be set as a base restriction which cannot be removed by any admin. 677 * 678 * <p>Key for user restrictions. 679 * <p>Type: Boolean 680 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 681 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 682 * @see #getUserRestrictions() 683 */ 684 public static final String DISALLOW_ADD_USER = "no_add_user"; 685 686 /** 687 * Specifies if a user is disallowed from adding managed profiles. 688 * <p>The default value for an unmanaged user is <code>false</code>. 689 * For users with a device owner set, the default is <code>true</code>. 690 * <p>This restriction has no effect on managed profiles. 691 * 692 * <p>Key for user restrictions. 693 * <p>Type: Boolean 694 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 695 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 696 * @see #getUserRestrictions() 697 * @deprecated As the ability to have a managed profile on a fully-managed device has been 698 * removed from the platform, this restriction will be silently ignored when applied by the 699 * device owner. 700 */ 701 @Deprecated 702 public static final String DISALLOW_ADD_MANAGED_PROFILE = "no_add_managed_profile"; 703 704 /** 705 * Specifies if a user is disallowed from disabling application verification. The default 706 * value is <code>false</code>. 707 * 708 * <p>In Android 8.0 ({@linkplain android.os.Build.VERSION_CODES#O API level 26}) and higher, 709 * this is a global user restriction. If a device owner or profile owner sets this restriction, 710 * the system enforces app verification across all users on the device. Running in earlier 711 * Android versions, this restriction affects only the profile that sets it. 712 * 713 * <p>Key for user restrictions. 714 * <p>Type: Boolean 715 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 716 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 717 * @see #getUserRestrictions() 718 */ 719 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps"; 720 721 /** 722 * Specifies if a user is disallowed from configuring cell broadcasts. 723 * 724 * <p>This restriction can only be set by a device owner, a profile owner on the primary 725 * user or a profile owner of an organization-owned managed profile on the parent profile. 726 * When it is set by a device owner, it applies globally. When it is set by a profile owner 727 * on the primary user or by a profile owner of an organization-owned managed profile on 728 * the parent profile, it disables the primary user from configuring cell broadcasts. 729 * 730 * <p>The default value is <code>false</code>. 731 * 732 * <p>This restriction has no effect on secondary users and managed profiles since only the 733 * primary user can configure cell broadcasts. 734 * 735 * <p>Key for user restrictions. 736 * <p>Type: Boolean 737 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 738 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 739 * @see #getUserRestrictions() 740 */ 741 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts"; 742 743 /** 744 * Specifies if a user is disallowed from configuring mobile networks. 745 * 746 * <p>This restriction can only be set by a device owner, a profile owner on the primary 747 * user or a profile owner of an organization-owned managed profile on the parent profile. 748 * When it is set by a device owner, it applies globally. When it is set by a profile owner 749 * on the primary user or by a profile owner of an organization-owned managed profile on 750 * the parent profile, it disables the primary user from configuring mobile networks. 751 * 752 * <p>The default value is <code>false</code>. 753 * 754 * <p>This restriction has no effect on secondary users and managed profiles since only the 755 * primary user can configure mobile networks. 756 * 757 * <p>Key for user restrictions. 758 * <p>Type: Boolean 759 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 760 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 761 * @see #getUserRestrictions() 762 */ 763 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks"; 764 765 /** 766 * Specifies if a user is disallowed from modifying 767 * applications in Settings or launchers. The following actions will not be allowed when this 768 * restriction is enabled: 769 * <li>uninstalling apps</li> 770 * <li>disabling apps</li> 771 * <li>clearing app caches</li> 772 * <li>clearing app data</li> 773 * <li>force stopping apps</li> 774 * <li>clearing app defaults</li> 775 * <p> 776 * The default value is <code>false</code>. 777 * 778 * <p><strong>Note:</strong> The user will still be able to perform those actions via other 779 * means (such as adb). Third party apps will also be able to uninstall apps via the 780 * {@link android.content.pm.PackageInstaller}. {@link #DISALLOW_UNINSTALL_APPS} or 781 * {@link DevicePolicyManager#setUninstallBlocked(ComponentName, String, boolean)} should be 782 * used to prevent the user from uninstalling apps completely, and 783 * {@link DevicePolicyManager#addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName)} 784 * to add a default intent handler for a given intent filter. 785 * 786 * <p>Key for user restrictions. 787 * <p>Type: Boolean 788 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 789 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 790 * @see #getUserRestrictions() 791 */ 792 public static final String DISALLOW_APPS_CONTROL = "no_control_apps"; 793 794 /** 795 * Specifies if a user is disallowed from mounting physical external media. 796 * 797 * <p>This restriction can only be set by a device owner, a profile owner on the primary 798 * user or a profile owner of an organization-owned managed profile on the parent profile. 799 * When it is set by a device owner, it applies globally. When it is set by a profile owner 800 * on the primary user or by a profile owner of an organization-owned managed profile on 801 * the parent profile, it disables the primary user from mounting physical external media. 802 * 803 * <p>The default value is <code>false</code>. 804 * 805 * <p>Key for user restrictions. 806 * <p>Type: Boolean 807 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 808 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 809 * @see #getUserRestrictions() 810 */ 811 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media"; 812 813 /** 814 * Specifies if a user is disallowed from adjusting microphone volume. If set, the microphone 815 * will be muted. 816 * 817 * <p>A device owner and a profile owner can set this restriction, although the restriction has 818 * no effect in a managed profile. When it is set by a device owner, it applies globally. When 819 * it is set by a profile owner on the primary user or by a profile owner of an 820 * organization-owned managed profile on the parent profile, it will disallow the primary user 821 * from adjusting the microphone volume. 822 * 823 * <p>The default value is <code>false</code>. 824 * 825 * <p>Key for user restrictions. 826 * <p>Type: Boolean 827 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 828 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 829 * @see #getUserRestrictions() 830 */ 831 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone"; 832 833 /** 834 * Specifies if a user is disallowed from adjusting the master volume. If set, the master volume 835 * will be muted. This can be set by device owners from API 21 and profile owners from API 24. 836 * The default value is <code>false</code>. 837 * 838 * <p>When the restriction is set by profile owners, then it only applies to relevant 839 * profiles. 840 * 841 * <p>This restriction has no effect on managed profiles. 842 * <p>Key for user restrictions. 843 * <p>Type: Boolean 844 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 845 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 846 * @see #getUserRestrictions() 847 */ 848 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume"; 849 850 /** 851 * Specifies that the user is not allowed to make outgoing phone calls. Emergency calls are 852 * still permitted. 853 * 854 * <p>A device owner and a profile owner can set this restriction, although the restriction has 855 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 856 * primary user or by a profile owner of an organization-owned managed profile on the parent 857 * profile, it disallows the primary user from making outgoing phone calls. 858 * 859 * <p>The default value is <code>false</code>. 860 * 861 * <p>Key for user restrictions. 862 * <p>Type: Boolean 863 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 864 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 865 * @see #getUserRestrictions() 866 */ 867 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls"; 868 869 /** 870 * Specifies that the user is not allowed to send or receive SMS messages. 871 * 872 * <p>This restriction can only be set by a device owner, a profile owner on the primary 873 * user or a profile owner of an organization-owned managed profile on the parent profile. 874 * When it is set by a device owner, it applies globally. When it is set by a profile owner 875 * on the primary user or by a profile owner of an organization-owned managed profile on 876 * the parent profile, it disables the primary user from sending or receiving SMS messages. 877 * 878 * <p>The default value is <code>false</code>. 879 * 880 * <p>Key for user restrictions. 881 * <p>Type: Boolean 882 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 883 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 884 * @see #getUserRestrictions() 885 */ 886 public static final String DISALLOW_SMS = "no_sms"; 887 888 /** 889 * Specifies if the user is not allowed to have fun. In some cases, the 890 * device owner may wish to prevent the user from experiencing amusement or 891 * joy while using the device. The default value is <code>false</code>. 892 * 893 * <p>Key for user restrictions. 894 * <p>Type: Boolean 895 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 896 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 897 * @see #getUserRestrictions() 898 */ 899 public static final String DISALLOW_FUN = "no_fun"; 900 901 /** 902 * Specifies that windows besides app windows should not be 903 * created. This will block the creation of the following types of windows. 904 * <li>{@link LayoutParams#TYPE_TOAST}</li> 905 * <li>{@link LayoutParams#TYPE_PHONE}</li> 906 * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li> 907 * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li> 908 * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li> 909 * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li> 910 * <li>{@link LayoutParams#TYPE_APPLICATION_OVERLAY}</li> 911 * 912 * <p>This can only be set by device owners and profile owners on the primary user. 913 * The default value is <code>false</code>. 914 * 915 * <p>Key for user restrictions. 916 * <p>Type: Boolean 917 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 918 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 919 * @see #getUserRestrictions() 920 */ 921 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows"; 922 923 /** 924 * Specifies that system error dialogs for crashed or unresponsive apps should not be shown. 925 * In this case, the system will force-stop the app as if the user chooses the "close app" 926 * option on the UI. A feedback report isn't collected as there is no way for the user to 927 * provide explicit consent. The default value is <code>false</code>. 928 * 929 * <p>When this user restriction is set by device owners, it's applied to all users. When set by 930 * the profile owner of the primary user or a secondary user, the restriction affects only the 931 * calling user. This user restriction has no effect on managed profiles. 932 * 933 * <p>Key for user restrictions. 934 * <p>Type: Boolean 935 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 936 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 937 * @see #getUserRestrictions() 938 */ 939 public static final String DISALLOW_SYSTEM_ERROR_DIALOGS = "no_system_error_dialogs"; 940 941 /** 942 * Specifies if the clipboard contents can be exported by pasting the data into other users or 943 * profiles. This restriction doesn't prevent import, such as someone pasting clipboard data 944 * from other profiles or users. The default value is {@code false}. 945 * 946 * <p><strong>Note</strong>: Because it's possible to extract data from screenshots using 947 * optical character recognition (OCR), we strongly recommend combining this user restriction 948 * with {@link DevicePolicyManager#setScreenCaptureDisabled(ComponentName, boolean)}. 949 * 950 * <p>Key for user restrictions. 951 * <p>Type: Boolean 952 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 953 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 954 * @see #getUserRestrictions() 955 */ 956 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste"; 957 958 /** 959 * Specifies if the user is not allowed to use NFC to beam out data from apps. 960 * The default value is <code>false</code>. 961 * 962 * <p>Key for user restrictions. 963 * <p>Type: Boolean 964 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 965 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 966 * @see #getUserRestrictions() 967 */ 968 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam"; 969 970 /** 971 * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction 972 * generally means that wallpapers are not supported for the particular user. This user 973 * restriction is always set for managed profiles, because such profiles don't have wallpapers. 974 * @hide 975 * @see #DISALLOW_SET_WALLPAPER 976 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 977 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 978 * @see #getUserRestrictions() 979 */ 980 public static final String DISALLOW_WALLPAPER = "no_wallpaper"; 981 982 /** 983 * User restriction to disallow setting a wallpaper. Profile owner and device owner 984 * are able to set wallpaper regardless of this restriction. 985 * The default value is <code>false</code>. 986 * 987 * <p>Key for user restrictions. 988 * <p>Type: Boolean 989 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 990 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 991 * @see #getUserRestrictions() 992 */ 993 public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper"; 994 995 /** 996 * Specifies if the user is not allowed to reboot the device into safe boot mode. 997 * 998 * <p>This restriction can only be set by a device owner, a profile owner on the primary 999 * user or a profile owner of an organization-owned managed profile on the parent profile. 1000 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1001 * on the primary user or by a profile owner of an organization-owned managed profile on 1002 * the parent profile, it disables the primary user from rebooting the device into safe 1003 * boot mode. 1004 * 1005 * <p>The default value is <code>false</code>. 1006 * 1007 * <p>Key for user restrictions. 1008 * <p>Type: Boolean 1009 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1010 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1011 * @see #getUserRestrictions() 1012 */ 1013 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot"; 1014 1015 /** 1016 * Specifies if a user is not allowed to record audio. This restriction is always enabled for 1017 * background users. The default value is <code>false</code>. 1018 * 1019 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1020 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1021 * @see #getUserRestrictions() 1022 * @hide 1023 */ 1024 @UnsupportedAppUsage 1025 public static final String DISALLOW_RECORD_AUDIO = "no_record_audio"; 1026 1027 /** 1028 * Specifies if a user is not allowed to run in the background and should be stopped during 1029 * user switch. The default value is <code>false</code>. 1030 * 1031 * <p>This restriction can be set by device owners and profile owners. 1032 * 1033 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1034 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1035 * @see #getUserRestrictions() 1036 * @hide 1037 */ 1038 @SystemApi 1039 public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background"; 1040 1041 /** 1042 * Specifies if a user is not allowed to use the camera. 1043 * 1044 * <p>A device owner and a profile owner can set this restriction. When it is set by a 1045 * device owner, it applies globally - i.e., it disables the use of camera on the entire device 1046 * and all users are affected. When it is set by a profile owner on the primary user or by a 1047 * profile owner of an organization-owned managed profile on the parent profile, it disables 1048 * the primary user from using camera. 1049 * 1050 * <p>The default value is <code>false</code>. 1051 * 1052 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1053 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1054 * @see #getUserRestrictions() 1055 * @hide 1056 */ 1057 public static final String DISALLOW_CAMERA = "no_camera"; 1058 1059 /** 1060 * Specifies if a user is not allowed to unmute the device's master volume. 1061 * 1062 * @see DevicePolicyManager#setMasterVolumeMuted(ComponentName, boolean) 1063 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1064 * @see #getUserRestrictions() 1065 * @hide 1066 */ 1067 public static final String DISALLOW_UNMUTE_DEVICE = "disallow_unmute_device"; 1068 1069 /** 1070 * Specifies if a user is not allowed to use cellular data when roaming. 1071 * 1072 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1073 * user or a profile owner of an organization-owned managed profile on the parent profile. 1074 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1075 * on the primary user or by a profile owner of an organization-owned managed profile on 1076 * the parent profile, it disables the primary user from using cellular data when roaming. 1077 * 1078 * <p>The default value is <code>false</code>. 1079 * 1080 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1081 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1082 * @see #getUserRestrictions() 1083 */ 1084 public static final String DISALLOW_DATA_ROAMING = "no_data_roaming"; 1085 1086 /** 1087 * Specifies if a user is not allowed to change their icon. Device owner and profile owner 1088 * can set this restriction. When it is set by device owner, only the target user will be 1089 * affected. The default value is <code>false</code>. 1090 * 1091 * <p>Key for user restrictions. 1092 * <p>Type: Boolean 1093 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1094 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1095 * @see #getUserRestrictions() 1096 */ 1097 public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon"; 1098 1099 /** 1100 * Specifies if a user is not allowed to enable the oem unlock setting. The default value is 1101 * <code>false</code>. Setting this restriction has no effect if the bootloader is already 1102 * unlocked. 1103 * 1104 * <p>Not for use by third-party applications. 1105 * 1106 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1107 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1108 * @see #getUserRestrictions() 1109 * @deprecated use {@link OemLockManager#setOemUnlockAllowedByCarrier(boolean, byte[])} instead. 1110 * @hide 1111 */ 1112 @Deprecated 1113 @SystemApi 1114 public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock"; 1115 1116 /** 1117 * Specifies that the managed profile is not allowed to have unified lock screen challenge with 1118 * the primary user. 1119 * 1120 * <p><strong>Note:</strong> Setting this restriction alone doesn't automatically set a 1121 * separate challenge. Profile owner can ask the user to set a new password using 1122 * {@link DevicePolicyManager#ACTION_SET_NEW_PASSWORD} and verify it using 1123 * {@link DevicePolicyManager#isUsingUnifiedPassword(ComponentName)}. 1124 * 1125 * <p>Can be set by profile owners. It only has effect on managed profiles when set by managed 1126 * profile owner. Has no effect on non-managed profiles or users. 1127 * <p>Key for user restrictions. 1128 * <p>Type: Boolean 1129 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1130 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1131 * @see #getUserRestrictions() 1132 */ 1133 public static final String DISALLOW_UNIFIED_PASSWORD = "no_unified_password"; 1134 1135 /** 1136 * Allows apps in the parent profile to handle web links from the managed profile. 1137 * 1138 * This user restriction has an effect only in a managed profile. 1139 * If set: 1140 * Intent filters of activities in the parent profile with action 1141 * {@link android.content.Intent#ACTION_VIEW}, 1142 * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which 1143 * define a host can handle intents from the managed profile. 1144 * The default value is <code>false</code>. 1145 * 1146 * <p>Key for user restrictions. 1147 * <p>Type: Boolean 1148 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1149 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1150 * @see #getUserRestrictions() 1151 */ 1152 public static final String ALLOW_PARENT_PROFILE_APP_LINKING 1153 = "allow_parent_profile_app_linking"; 1154 1155 /** 1156 * Specifies if a user is not allowed to use Autofill Services. 1157 * 1158 * <p>Device owner and profile owner can set this restriction. When it is set by device owner, 1159 * only the target user will be affected. 1160 * 1161 * <p>The default value is <code>false</code>. 1162 * 1163 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1164 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1165 * @see #getUserRestrictions() 1166 */ 1167 public static final String DISALLOW_AUTOFILL = "no_autofill"; 1168 1169 /** 1170 * Specifies if the contents of a user's screen is not allowed to be captured for artificial 1171 * intelligence purposes. 1172 * 1173 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 1174 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 1175 * managed profile on the parent profile, it disables the primary user's screen from being 1176 * captured for artificial intelligence purposes. 1177 * 1178 * <p>The default value is <code>false</code>. 1179 * 1180 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1181 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1182 * @see #getUserRestrictions() 1183 */ 1184 public static final String DISALLOW_CONTENT_CAPTURE = "no_content_capture"; 1185 1186 /** 1187 * Specifies if the current user is able to receive content suggestions for selections based on 1188 * the contents of their screen. 1189 * 1190 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 1191 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 1192 * managed profile on the parent profile, it disables the primary user from receiving content 1193 * suggestions for selections based on the contents of their screen. 1194 * 1195 * <p>The default value is <code>false</code>. 1196 * 1197 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1198 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1199 * @see #getUserRestrictions() 1200 */ 1201 public static final String DISALLOW_CONTENT_SUGGESTIONS = "no_content_suggestions"; 1202 1203 /** 1204 * Specifies if user switching is blocked on the current user. 1205 * 1206 * <p> This restriction can only be set by the device owner, it will be applied to all users. 1207 * Device owner can still switch user via 1208 * {@link DevicePolicyManager#switchUser(ComponentName, UserHandle)} when this restriction is 1209 * set. 1210 * 1211 * <p>The default value is <code>false</code>. 1212 * 1213 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1214 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1215 * @see #getUserRestrictions() 1216 */ 1217 public static final String DISALLOW_USER_SWITCH = "no_user_switch"; 1218 1219 /** 1220 * Specifies whether the user can share file / picture / data from the primary user into the 1221 * managed profile, either by sending them from the primary side, or by picking up data within 1222 * an app in the managed profile. 1223 * <p> 1224 * When a managed profile is created, the system allows the user to send data from the primary 1225 * side to the profile by setting up certain default cross profile intent filters. If 1226 * this is undesired, this restriction can be set to disallow it. Note that this restriction 1227 * will not block any sharing allowed by explicit 1228 * {@link DevicePolicyManager#addCrossProfileIntentFilter} calls by the profile owner. 1229 * <p> 1230 * This restriction is only meaningful when set by profile owner. When it is set by device 1231 * owner, it does not have any effect. 1232 * <p> 1233 * The default value is <code>false</code>. 1234 * 1235 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1236 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1237 * @see #getUserRestrictions() 1238 */ 1239 public static final String DISALLOW_SHARE_INTO_MANAGED_PROFILE = "no_sharing_into_profile"; 1240 1241 /** 1242 * Specifies whether the user is allowed to print. 1243 * 1244 * This restriction can be set by device or profile owner. 1245 * 1246 * The default value is {@code false}. 1247 * 1248 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1249 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1250 * @see #getUserRestrictions() 1251 */ 1252 public static final String DISALLOW_PRINTING = "no_printing"; 1253 1254 /** 1255 * Specifies whether the user is allowed to modify private DNS settings. 1256 * 1257 * <p>This restriction can only be set by a device owner or a profile owner of an 1258 * organization-owned managed profile on the parent profile. When it is set by either of these 1259 * owners, it applies globally. 1260 * 1261 * <p>The default value is <code>false</code>. 1262 * 1263 * <p>Key for user restrictions. 1264 * <p>Type: Boolean 1265 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1266 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1267 * @see #getUserRestrictions() 1268 */ 1269 public static final String DISALLOW_CONFIG_PRIVATE_DNS = 1270 "disallow_config_private_dns"; 1271 1272 /** 1273 * Application restriction key that is used to indicate the pending arrival 1274 * of real restrictions for the app. 1275 * 1276 * <p> 1277 * Applications that support restrictions should check for the presence of this key. 1278 * A <code>true</code> value indicates that restrictions may be applied in the near 1279 * future but are not available yet. It is the responsibility of any 1280 * management application that sets this flag to update it when the final 1281 * restrictions are enforced. 1282 * 1283 * <p>Key for application restrictions. 1284 * <p>Type: Boolean 1285 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions( 1286 * android.content.ComponentName, String, Bundle) 1287 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions( 1288 * android.content.ComponentName, String) 1289 */ 1290 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending"; 1291 1292 /** 1293 * List of key values that can be passed into the various user restriction related methods 1294 * in {@link UserManager} & {@link DevicePolicyManager}. 1295 * Note: This is slightly different from the real set of user restrictions listed in {@link 1296 * com.android.server.pm.UserRestrictionsUtils#USER_RESTRICTIONS}. For example 1297 * {@link #KEY_RESTRICTIONS_PENDING} is not a real user restriction, but is a a legitimate 1298 * value that can be passed into {@link #hasUserRestriction(String)}. 1299 * @hide 1300 */ 1301 @StringDef(value = { 1302 DISALLOW_MODIFY_ACCOUNTS, 1303 DISALLOW_CONFIG_WIFI, 1304 DISALLOW_CONFIG_LOCALE, 1305 DISALLOW_INSTALL_APPS, 1306 DISALLOW_UNINSTALL_APPS, 1307 DISALLOW_SHARE_LOCATION, 1308 DISALLOW_AIRPLANE_MODE, 1309 DISALLOW_CONFIG_BRIGHTNESS, 1310 DISALLOW_AMBIENT_DISPLAY, 1311 DISALLOW_CONFIG_SCREEN_TIMEOUT, 1312 DISALLOW_INSTALL_UNKNOWN_SOURCES, 1313 DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, 1314 DISALLOW_CONFIG_BLUETOOTH, 1315 DISALLOW_BLUETOOTH, 1316 DISALLOW_BLUETOOTH_SHARING, 1317 DISALLOW_USB_FILE_TRANSFER, 1318 DISALLOW_CONFIG_CREDENTIALS, 1319 DISALLOW_REMOVE_USER, 1320 DISALLOW_REMOVE_MANAGED_PROFILE, 1321 DISALLOW_DEBUGGING_FEATURES, 1322 DISALLOW_CONFIG_VPN, 1323 DISALLOW_CONFIG_LOCATION, 1324 DISALLOW_CONFIG_DATE_TIME, 1325 DISALLOW_CONFIG_TETHERING, 1326 DISALLOW_NETWORK_RESET, 1327 DISALLOW_FACTORY_RESET, 1328 DISALLOW_ADD_USER, 1329 DISALLOW_ADD_MANAGED_PROFILE, 1330 ENSURE_VERIFY_APPS, 1331 DISALLOW_CONFIG_CELL_BROADCASTS, 1332 DISALLOW_CONFIG_MOBILE_NETWORKS, 1333 DISALLOW_APPS_CONTROL, 1334 DISALLOW_MOUNT_PHYSICAL_MEDIA, 1335 DISALLOW_UNMUTE_MICROPHONE, 1336 DISALLOW_ADJUST_VOLUME, 1337 DISALLOW_OUTGOING_CALLS, 1338 DISALLOW_SMS, 1339 DISALLOW_FUN, 1340 DISALLOW_CREATE_WINDOWS, 1341 DISALLOW_SYSTEM_ERROR_DIALOGS, 1342 DISALLOW_CROSS_PROFILE_COPY_PASTE, 1343 DISALLOW_OUTGOING_BEAM, 1344 DISALLOW_WALLPAPER, 1345 DISALLOW_SET_WALLPAPER, 1346 DISALLOW_SAFE_BOOT, 1347 DISALLOW_RECORD_AUDIO, 1348 DISALLOW_RUN_IN_BACKGROUND, 1349 DISALLOW_CAMERA, 1350 DISALLOW_UNMUTE_DEVICE, 1351 DISALLOW_DATA_ROAMING, 1352 DISALLOW_SET_USER_ICON, 1353 DISALLOW_OEM_UNLOCK, 1354 DISALLOW_UNIFIED_PASSWORD, 1355 ALLOW_PARENT_PROFILE_APP_LINKING, 1356 DISALLOW_AUTOFILL, 1357 DISALLOW_CONTENT_CAPTURE, 1358 DISALLOW_CONTENT_SUGGESTIONS, 1359 DISALLOW_USER_SWITCH, 1360 DISALLOW_SHARE_INTO_MANAGED_PROFILE, 1361 DISALLOW_PRINTING, 1362 DISALLOW_CONFIG_PRIVATE_DNS, 1363 KEY_RESTRICTIONS_PENDING, 1364 }) 1365 @Retention(RetentionPolicy.SOURCE) 1366 public @interface UserRestrictionKey {} 1367 1368 private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER"; 1369 1370 /** 1371 * Extra containing a name for the user being created. Optional parameter passed to 1372 * ACTION_CREATE_USER activity. 1373 * @hide 1374 */ 1375 public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME"; 1376 1377 /** 1378 * Extra containing account name for the user being created. Optional parameter passed to 1379 * ACTION_CREATE_USER activity. 1380 * @hide 1381 */ 1382 public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME"; 1383 1384 /** 1385 * Extra containing account type for the user being created. Optional parameter passed to 1386 * ACTION_CREATE_USER activity. 1387 * @hide 1388 */ 1389 public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE"; 1390 1391 /** 1392 * Extra containing account-specific data for the user being created. Optional parameter passed 1393 * to ACTION_CREATE_USER activity. 1394 * @hide 1395 */ 1396 public static final String EXTRA_USER_ACCOUNT_OPTIONS 1397 = "android.os.extra.USER_ACCOUNT_OPTIONS"; 1398 1399 /** @hide */ 1400 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 1401 /** @hide */ 1402 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 1403 /** @hide */ 1404 public static final int PIN_VERIFICATION_SUCCESS = -1; 1405 1406 /** 1407 * Sent when user restrictions have changed. 1408 * 1409 * @hide 1410 */ 1411 @SystemApi 1412 @TestApi // To allow seeing it from CTS. 1413 public static final String ACTION_USER_RESTRICTIONS_CHANGED = 1414 "android.os.action.USER_RESTRICTIONS_CHANGED"; 1415 1416 /** 1417 * Error result indicating that this user is not allowed to add other users on this device. 1418 * This is a result code returned from the activity created by the intent 1419 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 1420 */ 1421 public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER; 1422 1423 /** 1424 * Error result indicating that no more users can be created on this device. 1425 * This is a result code returned from the activity created by the intent 1426 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 1427 */ 1428 public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1; 1429 1430 /** 1431 * Indicates that users are switchable. 1432 * @hide 1433 */ 1434 @SystemApi 1435 public static final int SWITCHABILITY_STATUS_OK = 0; 1436 1437 /** 1438 * Indicated that the user is in a phone call. 1439 * @hide 1440 */ 1441 @SystemApi 1442 public static final int SWITCHABILITY_STATUS_USER_IN_CALL = 1 << 0; 1443 1444 /** 1445 * Indicates that user switching is disallowed ({@link #DISALLOW_USER_SWITCH} is set). 1446 * @hide 1447 */ 1448 @SystemApi 1449 public static final int SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED = 1 << 1; 1450 1451 /** 1452 * Indicates that the system user is locked and user switching is not allowed. 1453 * @hide 1454 */ 1455 @SystemApi 1456 public static final int SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED = 1 << 2; 1457 1458 /** 1459 * Result returned in {@link #getUserSwitchability()} indicating user swichability. 1460 * @hide 1461 */ 1462 @Retention(RetentionPolicy.SOURCE) 1463 @IntDef(flag = true, prefix = { "SWITCHABILITY_STATUS_" }, value = { 1464 SWITCHABILITY_STATUS_OK, 1465 SWITCHABILITY_STATUS_USER_IN_CALL, 1466 SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED, 1467 SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED 1468 }) 1469 public @interface UserSwitchabilityResult {} 1470 1471 /** 1472 * Indicates user operation is successful. 1473 */ 1474 public static final int USER_OPERATION_SUCCESS = 0; 1475 1476 /** 1477 * Indicates user operation failed for unknown reason. 1478 */ 1479 public static final int USER_OPERATION_ERROR_UNKNOWN = 1; 1480 1481 /** 1482 * Indicates user operation failed because target user is a managed profile. 1483 */ 1484 public static final int USER_OPERATION_ERROR_MANAGED_PROFILE = 2; 1485 1486 /** 1487 * Indicates user operation failed because maximum running user limit has been reached. 1488 */ 1489 public static final int USER_OPERATION_ERROR_MAX_RUNNING_USERS = 3; 1490 1491 /** 1492 * Indicates user operation failed because the target user is in the foreground. 1493 */ 1494 public static final int USER_OPERATION_ERROR_CURRENT_USER = 4; 1495 1496 /** 1497 * Indicates user operation failed because device has low data storage. 1498 */ 1499 public static final int USER_OPERATION_ERROR_LOW_STORAGE = 5; 1500 1501 /** 1502 * Indicates user operation failed because maximum user limit has been reached. 1503 */ 1504 public static final int USER_OPERATION_ERROR_MAX_USERS = 6; 1505 1506 /** 1507 * Result returned from various user operations. 1508 * 1509 * @hide 1510 */ 1511 @Retention(RetentionPolicy.SOURCE) 1512 @IntDef(prefix = { "USER_OPERATION_" }, value = { 1513 USER_OPERATION_SUCCESS, 1514 USER_OPERATION_ERROR_UNKNOWN, 1515 USER_OPERATION_ERROR_MANAGED_PROFILE, 1516 USER_OPERATION_ERROR_MAX_RUNNING_USERS, 1517 USER_OPERATION_ERROR_CURRENT_USER, 1518 USER_OPERATION_ERROR_LOW_STORAGE, 1519 USER_OPERATION_ERROR_MAX_USERS 1520 }) 1521 public @interface UserOperationResult {} 1522 1523 /** 1524 * Thrown to indicate user operation failed. 1525 */ 1526 public static class UserOperationException extends RuntimeException { 1527 private final @UserOperationResult int mUserOperationResult; 1528 1529 /** 1530 * Constructs a UserOperationException with specific result code. 1531 * 1532 * @param message the detail message 1533 * @param userOperationResult the result code 1534 * @hide 1535 */ UserOperationException(String message, @UserOperationResult int userOperationResult)1536 public UserOperationException(String message, 1537 @UserOperationResult int userOperationResult) { 1538 super(message); 1539 mUserOperationResult = userOperationResult; 1540 } 1541 1542 /** 1543 * Returns the operation result code. 1544 */ getUserOperationResult()1545 public @UserOperationResult int getUserOperationResult() { 1546 return mUserOperationResult; 1547 } 1548 1549 /** 1550 * Returns a UserOperationException containing the same message and error code. 1551 * @hide 1552 */ from(ServiceSpecificException exception)1553 public static UserOperationException from(ServiceSpecificException exception) { 1554 return new UserOperationException(exception.getMessage(), exception.errorCode); 1555 } 1556 } 1557 1558 /** 1559 * Converts the ServiceSpecificException into a UserOperationException or throws null; 1560 * 1561 * @param exception exception to convert. 1562 * @param throwInsteadOfNull if an exception should be thrown or null returned. 1563 * @return null if chosen not to throw exception. 1564 * @throws UserOperationException 1565 */ returnNullOrThrowUserOperationException(ServiceSpecificException exception, boolean throwInsteadOfNull)1566 private <T> T returnNullOrThrowUserOperationException(ServiceSpecificException exception, 1567 boolean throwInsteadOfNull) throws UserOperationException { 1568 if (throwInsteadOfNull) { 1569 throw UserOperationException.from(exception); 1570 } else { 1571 return null; 1572 } 1573 } 1574 1575 /** 1576 * Thrown to indicate user operation failed. (Checked exception) 1577 * @hide 1578 */ 1579 public static class CheckedUserOperationException extends AndroidException { 1580 private final @UserOperationResult int mUserOperationResult; 1581 1582 /** 1583 * Constructs a CheckedUserOperationException with specific result code. 1584 * 1585 * @param message the detail message 1586 * @param userOperationResult the result code 1587 * @hide 1588 */ CheckedUserOperationException(String message, @UserOperationResult int userOperationResult)1589 public CheckedUserOperationException(String message, 1590 @UserOperationResult int userOperationResult) { 1591 super(message); 1592 mUserOperationResult = userOperationResult; 1593 } 1594 1595 /** Returns the operation result code. */ getUserOperationResult()1596 public @UserOperationResult int getUserOperationResult() { 1597 return mUserOperationResult; 1598 } 1599 1600 /** Return a ServiceSpecificException containing the same message and error code. */ toServiceSpecificException()1601 public ServiceSpecificException toServiceSpecificException() { 1602 return new ServiceSpecificException(mUserOperationResult, getMessage()); 1603 } 1604 } 1605 1606 /** @hide */ 1607 @UnsupportedAppUsage get(Context context)1608 public static UserManager get(Context context) { 1609 return (UserManager) context.getSystemService(Context.USER_SERVICE); 1610 } 1611 1612 /** @hide */ UserManager(Context context, IUserManager service)1613 public UserManager(Context context, IUserManager service) { 1614 mService = service; 1615 mContext = context.getApplicationContext(); 1616 mUserId = context.getUserId(); 1617 } 1618 1619 /** 1620 * Returns whether this device supports multiple users with their own login and customizable 1621 * space. 1622 * @return whether the device supports multiple users. 1623 */ supportsMultipleUsers()1624 public static boolean supportsMultipleUsers() { 1625 return getMaxSupportedUsers() > 1 1626 && SystemProperties.getBoolean("fw.show_multiuserui", 1627 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI)); 1628 } 1629 1630 /** 1631 * @hide 1632 * @return Whether the device is running with split system user. It means the system user and 1633 * primary user are two separate users. Previously system user and primary user are combined as 1634 * a single owner user. see @link {android.os.UserHandle#USER_OWNER} 1635 */ 1636 @TestApi isSplitSystemUser()1637 public static boolean isSplitSystemUser() { 1638 return RoSystemProperties.FW_SYSTEM_USER_SPLIT; 1639 } 1640 1641 /** 1642 * @return Whether guest user is always ephemeral 1643 * @hide 1644 */ isGuestUserEphemeral()1645 public static boolean isGuestUserEphemeral() { 1646 return Resources.getSystem() 1647 .getBoolean(com.android.internal.R.bool.config_guestUserEphemeral); 1648 } 1649 1650 /** 1651 * @hide 1652 * @return Whether the device is running in a headless system user mode. It means the headless 1653 * user (system user) runs system services and system UI, but is not associated with any real 1654 * person. Secondary users can be created to be associated with real person. 1655 */ isHeadlessSystemUserMode()1656 public static boolean isHeadlessSystemUserMode() { 1657 return RoSystemProperties.MULTIUSER_HEADLESS_SYSTEM_USER; 1658 } 1659 1660 /** 1661 * @deprecated use {@link #getUserSwitchability()} instead. 1662 * 1663 * @removed 1664 * @hide 1665 */ 1666 @Deprecated 1667 @UnsupportedAppUsage canSwitchUsers()1668 public boolean canSwitchUsers() { 1669 boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt( 1670 mContext.getContentResolver(), 1671 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0; 1672 boolean isSystemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM); 1673 boolean inCall = false; 1674 TelephonyManager telephonyManager = mContext.getSystemService(TelephonyManager.class); 1675 if (telephonyManager != null) { 1676 inCall = telephonyManager.getCallState() != TelephonyManager.CALL_STATE_IDLE; 1677 } 1678 boolean isUserSwitchDisallowed = hasUserRestriction(DISALLOW_USER_SWITCH); 1679 return (allowUserSwitchingWhenSystemUserLocked || isSystemUserUnlocked) && !inCall 1680 && !isUserSwitchDisallowed; 1681 } 1682 1683 /** 1684 * Returns whether switching users is currently allowed for the user this process is running 1685 * under. 1686 * <p> 1687 * Switching users is not allowed in the following cases: 1688 * <li>the user is in a phone call</li> 1689 * <li>{@link #DISALLOW_USER_SWITCH} is set</li> 1690 * <li>system user hasn't been unlocked yet</li> 1691 * 1692 * @return A {@link UserSwitchabilityResult} flag indicating if the user is switchable. 1693 * @hide 1694 */ 1695 @SystemApi 1696 @RequiresPermission(allOf = {Manifest.permission.READ_PHONE_STATE, 1697 android.Manifest.permission.MANAGE_USERS, 1698 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) getUserSwitchability()1699 public @UserSwitchabilityResult int getUserSwitchability() { 1700 return getUserSwitchability(Process.myUserHandle()); 1701 } 1702 1703 /** 1704 * Returns whether switching users is currently allowed for the provided user. 1705 * <p> 1706 * Switching users is not allowed in the following cases: 1707 * <li>the user is in a phone call</li> 1708 * <li>{@link #DISALLOW_USER_SWITCH} is set</li> 1709 * <li>system user hasn't been unlocked yet</li> 1710 * 1711 * @return A {@link UserSwitchabilityResult} flag indicating if the user is switchable. 1712 * @hide 1713 */ 1714 @RequiresPermission(allOf = {Manifest.permission.READ_PHONE_STATE, 1715 android.Manifest.permission.MANAGE_USERS, 1716 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) getUserSwitchability(UserHandle userHandle)1717 public @UserSwitchabilityResult int getUserSwitchability(UserHandle userHandle) { 1718 final TelephonyManager tm = 1719 (TelephonyManager) mContext.getSystemService(Context.TELEPHONY_SERVICE); 1720 1721 int flags = SWITCHABILITY_STATUS_OK; 1722 if (tm.getCallState() != TelephonyManager.CALL_STATE_IDLE) { 1723 flags |= SWITCHABILITY_STATUS_USER_IN_CALL; 1724 } 1725 if (hasUserRestriction(DISALLOW_USER_SWITCH, userHandle)) { 1726 flags |= SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED; 1727 } 1728 1729 // System User is always unlocked in Headless System User Mode, so ignore this flag 1730 if (!isHeadlessSystemUserMode()) { 1731 final boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt( 1732 mContext.getContentResolver(), 1733 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0; 1734 final boolean systemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM); 1735 1736 if (!allowUserSwitchingWhenSystemUserLocked && !systemUserUnlocked) { 1737 flags |= SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED; 1738 } 1739 } 1740 1741 return flags; 1742 } 1743 1744 /** 1745 * Returns the user handle for the user that this process is running under. 1746 * 1747 * @return the user handle of this process. 1748 * @hide 1749 */ 1750 @UnsupportedAppUsage getUserHandle()1751 public @UserIdInt int getUserHandle() { 1752 return UserHandle.myUserId(); 1753 } 1754 1755 /** 1756 * Returns the user name of the context user. This call is only available to applications on 1757 * the system image; it requires the {@code android.permission.MANAGE_USERS} or {@code 1758 * android.permission.GET_ACCOUNTS_PRIVILEGED} permissions. 1759 * 1760 * @return the user name 1761 */ 1762 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 1763 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}, conditional = true) 1764 @UserHandleAware getUserName()1765 public @NonNull String getUserName() { 1766 if (UserHandle.myUserId() == mUserId) { 1767 try { 1768 return mService.getUserName(); 1769 } catch (RemoteException re) { 1770 throw re.rethrowFromSystemServer(); 1771 } 1772 } else { 1773 UserInfo userInfo = getUserInfo(mUserId); 1774 return userInfo == null ? "" : userInfo.name; 1775 } 1776 } 1777 1778 /** 1779 * Returns whether user name has been set. 1780 * <p>This method can be used to check that the value returned by {@link #getUserName()} was 1781 * set by the user and is not a placeholder string provided by the system. 1782 * @hide 1783 */ 1784 @SystemApi 1785 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 1786 Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) isUserNameSet()1787 public boolean isUserNameSet() { 1788 try { 1789 return mService.isUserNameSet(getUserHandle()); 1790 } catch (RemoteException re) { 1791 throw re.rethrowFromSystemServer(); 1792 } 1793 } 1794 1795 /** 1796 * Used to determine whether the user making this call is subject to 1797 * teleportations. 1798 * 1799 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can 1800 * now automatically identify goats using advanced goat recognition technology.</p> 1801 * 1802 * <p>As of {@link android.os.Build.VERSION_CODES#R}, this method always returns 1803 * {@code false} in order to protect goat privacy.</p> 1804 * 1805 * @return Returns whether the user making this call is a goat. 1806 */ isUserAGoat()1807 public boolean isUserAGoat() { 1808 if (mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.R) { 1809 return false; 1810 } 1811 return mContext.getPackageManager() 1812 .isPackageAvailable("com.coffeestainstudios.goatsimulator"); 1813 } 1814 1815 /** 1816 * Used to check if this process is running under the primary user. The primary user 1817 * is the first human user on a device. This is not supported in headless system user mode. 1818 * 1819 * @return whether this process is running under the primary user. 1820 * @hide 1821 */ 1822 @SystemApi 1823 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 1824 Manifest.permission.CREATE_USERS}) isPrimaryUser()1825 public boolean isPrimaryUser() { 1826 UserInfo user = getUserInfo(UserHandle.myUserId()); 1827 return user != null && user.isPrimary(); 1828 } 1829 1830 /** 1831 * Used to check if this process is running under the system user. The system user 1832 * is the initial user that is implicitly created on first boot and hosts most of the 1833 * system services. 1834 * 1835 * @return whether this process is running under the system user. 1836 */ isSystemUser()1837 public boolean isSystemUser() { 1838 return UserHandle.myUserId() == UserHandle.USER_SYSTEM; 1839 } 1840 1841 /** 1842 * Used to check if this process is running as an admin user. An admin user is allowed to 1843 * modify or configure certain settings that aren't available to non-admin users, 1844 * create and delete additional users, etc. There can be more than one admin users. 1845 * 1846 * @return whether this process is running under an admin user. 1847 * @hide 1848 */ 1849 @SystemApi 1850 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isAdminUser()1851 public boolean isAdminUser() { 1852 return isUserAdmin(UserHandle.myUserId()); 1853 } 1854 1855 /** 1856 * @hide 1857 * Returns whether the provided user is an admin user. There can be more than one admin 1858 * user. 1859 */ 1860 @UnsupportedAppUsage 1861 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 1862 Manifest.permission.CREATE_USERS}) isUserAdmin(@serIdInt int userId)1863 public boolean isUserAdmin(@UserIdInt int userId) { 1864 UserInfo user = getUserInfo(userId); 1865 return user != null && user.isAdmin(); 1866 } 1867 1868 /** 1869 * Returns whether the context user is of the given user type. 1870 * 1871 * @param userType the name of the user's user type, e.g. 1872 * {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 1873 * @return true if the user is of the given user type. 1874 * @hide 1875 */ 1876 @SystemApi 1877 @UserHandleAware 1878 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isUserOfType(@onNull String userType)1879 public boolean isUserOfType(@NonNull String userType) { 1880 try { 1881 return mService.isUserOfType(mUserId, userType); 1882 } catch (RemoteException re) { 1883 throw re.rethrowFromSystemServer(); 1884 } 1885 } 1886 1887 /** 1888 * Returns whether the user type is a 1889 * {@link UserManager#USER_TYPE_PROFILE_MANAGED managed profile}. 1890 * @hide 1891 */ isUserTypeManagedProfile(String userType)1892 public static boolean isUserTypeManagedProfile(String userType) { 1893 return USER_TYPE_PROFILE_MANAGED.equals(userType); 1894 } 1895 1896 /** 1897 * Returns whether the user type is a {@link UserManager#USER_TYPE_FULL_GUEST guest user}. 1898 * @hide 1899 */ isUserTypeGuest(String userType)1900 public static boolean isUserTypeGuest(String userType) { 1901 return USER_TYPE_FULL_GUEST.equals(userType); 1902 } 1903 1904 /** 1905 * Returns whether the user type is a 1906 * {@link UserManager#USER_TYPE_FULL_RESTRICTED restricted user}. 1907 * @hide 1908 */ isUserTypeRestricted(String userType)1909 public static boolean isUserTypeRestricted(String userType) { 1910 return USER_TYPE_FULL_RESTRICTED.equals(userType); 1911 } 1912 1913 /** 1914 * Returns whether the user type is a {@link UserManager#USER_TYPE_FULL_DEMO demo user}. 1915 * @hide 1916 */ isUserTypeDemo(String userType)1917 public static boolean isUserTypeDemo(String userType) { 1918 return USER_TYPE_FULL_DEMO.equals(userType); 1919 } 1920 1921 /** 1922 * Returns the enum defined in the statsd UserLifecycleJourneyReported atom corresponding to the 1923 * user type. 1924 * @hide 1925 */ getUserTypeForStatsd(@onNull String userType)1926 public static int getUserTypeForStatsd(@NonNull String userType) { 1927 switch (userType) { 1928 case USER_TYPE_FULL_SYSTEM: 1929 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_SYSTEM; 1930 case USER_TYPE_FULL_SECONDARY: 1931 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_SECONDARY; 1932 case USER_TYPE_FULL_GUEST: 1933 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_GUEST; 1934 case USER_TYPE_FULL_DEMO: 1935 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_DEMO; 1936 case USER_TYPE_FULL_RESTRICTED: 1937 return FrameworkStatsLog 1938 .USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_RESTRICTED; 1939 case USER_TYPE_PROFILE_MANAGED: 1940 return FrameworkStatsLog 1941 .USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__PROFILE_MANAGED; 1942 case USER_TYPE_SYSTEM_HEADLESS: 1943 return FrameworkStatsLog 1944 .USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__SYSTEM_HEADLESS; 1945 default: 1946 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__TYPE_UNKNOWN; 1947 } 1948 } 1949 1950 /** 1951 * @hide 1952 * @deprecated Use {@link #isRestrictedProfile()} 1953 */ 1954 @UnsupportedAppUsage 1955 @Deprecated isLinkedUser()1956 public boolean isLinkedUser() { 1957 return isRestrictedProfile(); 1958 } 1959 1960 /** 1961 * Used to check if this process is running under a restricted profile. Restricted profiles 1962 * may have a reduced number of available apps, app restrictions, and account restrictions. 1963 * 1964 * @return whether this process is running under a restricted profile. 1965 * @hide 1966 */ 1967 @SystemApi 1968 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isRestrictedProfile()1969 public boolean isRestrictedProfile() { 1970 try { 1971 return mService.isRestricted(); 1972 } catch (RemoteException re) { 1973 throw re.rethrowFromSystemServer(); 1974 } 1975 } 1976 1977 /** 1978 * Check if a user is a restricted profile. Restricted profiles may have a reduced number of 1979 * available apps, app restrictions, and account restrictions. 1980 * 1981 * @param user the user to check 1982 * @return whether the user is a restricted profile. 1983 * @hide 1984 */ 1985 @SystemApi 1986 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 1987 Manifest.permission.CREATE_USERS}) isRestrictedProfile(@onNull UserHandle user)1988 public boolean isRestrictedProfile(@NonNull UserHandle user) { 1989 try { 1990 return mService.getUserInfo(user.getIdentifier()).isRestricted(); 1991 } catch (RemoteException re) { 1992 throw re.rethrowFromSystemServer(); 1993 } 1994 } 1995 1996 /** 1997 * Checks if specified user can have restricted profile. 1998 * @hide 1999 */ 2000 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) canHaveRestrictedProfile(@serIdInt int userId)2001 public boolean canHaveRestrictedProfile(@UserIdInt int userId) { 2002 try { 2003 return mService.canHaveRestrictedProfile(userId); 2004 } catch (RemoteException re) { 2005 throw re.rethrowFromSystemServer(); 2006 } 2007 } 2008 2009 /** 2010 * Returns whether the calling user has at least one restricted profile associated with it. 2011 * @return 2012 * @hide 2013 */ 2014 @SystemApi 2015 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) hasRestrictedProfiles()2016 public boolean hasRestrictedProfiles() { 2017 try { 2018 return mService.hasRestrictedProfiles(); 2019 } catch (RemoteException re) { 2020 throw re.rethrowFromSystemServer(); 2021 } 2022 } 2023 2024 /** 2025 * Checks if a user is a guest user. 2026 * @return whether user is a guest user. 2027 * @hide 2028 */ 2029 @UnsupportedAppUsage 2030 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2031 Manifest.permission.CREATE_USERS}) isGuestUser(@serIdInt int userId)2032 public boolean isGuestUser(@UserIdInt int userId) { 2033 UserInfo user = getUserInfo(userId); 2034 return user != null && user.isGuest(); 2035 } 2036 2037 /** 2038 * Used to check if this process is running under a guest user. A guest user may be transient. 2039 * 2040 * @return whether this process is running under a guest user. 2041 * @hide 2042 */ 2043 @SystemApi 2044 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2045 Manifest.permission.CREATE_USERS}) isGuestUser()2046 public boolean isGuestUser() { 2047 UserInfo user = getUserInfo(UserHandle.myUserId()); 2048 return user != null && user.isGuest(); 2049 } 2050 2051 2052 /** 2053 * Checks if the calling app is running in a demo user. When running in a demo user, 2054 * apps can be more helpful to the user, or explain their features in more detail. 2055 * 2056 * @return whether the caller is a demo user. 2057 */ isDemoUser()2058 public boolean isDemoUser() { 2059 try { 2060 return mService.isDemoUser(UserHandle.myUserId()); 2061 } catch (RemoteException re) { 2062 throw re.rethrowFromSystemServer(); 2063 } 2064 } 2065 2066 /** 2067 * Checks if the calling context user is running in a profile. 2068 * 2069 * Requires {@link android.Manifest.permission#MANAGE_USERS} or 2070 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the 2071 * caller must be in the same profile group of specified user. 2072 * 2073 * @return whether the caller is in a profile. 2074 * @hide 2075 */ 2076 @SystemApi 2077 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2078 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) 2079 @UserHandleAware isProfile()2080 public boolean isProfile() { 2081 return isProfile(mUserId); 2082 } 2083 isProfile(@serIdInt int userId)2084 private boolean isProfile(@UserIdInt int userId) { 2085 if (userId == UserHandle.myUserId()) { 2086 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 2087 // Worst case we might end up calling the AIDL method multiple times but that's fine. 2088 if (mIsProfileCached != null) { 2089 return mIsProfileCached; 2090 } 2091 try { 2092 mIsProfileCached = mService.isProfile(userId); 2093 return mIsProfileCached; 2094 } catch (RemoteException re) { 2095 throw re.rethrowFromSystemServer(); 2096 } 2097 } else { 2098 try { 2099 return mService.isProfile(userId); 2100 } catch (RemoteException re) { 2101 throw re.rethrowFromSystemServer(); 2102 } 2103 } 2104 } 2105 2106 /** 2107 * Checks if the calling app is running in a managed profile. 2108 * 2109 * @return whether the caller is in a managed profile. 2110 */ isManagedProfile()2111 public boolean isManagedProfile() { 2112 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 2113 // Worst case we might end up calling the AIDL method multiple times but that's fine. 2114 if (mIsManagedProfileCached != null) { 2115 return mIsManagedProfileCached; 2116 } 2117 try { 2118 mIsManagedProfileCached = mService.isManagedProfile(UserHandle.myUserId()); 2119 return mIsManagedProfileCached; 2120 } catch (RemoteException re) { 2121 throw re.rethrowFromSystemServer(); 2122 } 2123 } 2124 2125 /** 2126 * Checks if the specified user is a managed profile. 2127 * Requires {@link android.Manifest.permission#MANAGE_USERS} or 2128 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the caller 2129 * must be in the same profile group of specified user. 2130 * 2131 * @return whether the specified user is a managed profile. 2132 * @hide 2133 */ 2134 @SystemApi 2135 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2136 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isManagedProfile(@serIdInt int userId)2137 public boolean isManagedProfile(@UserIdInt int userId) { 2138 if (userId == UserHandle.myUserId()) { 2139 return isManagedProfile(); 2140 } 2141 try { 2142 return mService.isManagedProfile(userId); 2143 } catch (RemoteException re) { 2144 throw re.rethrowFromSystemServer(); 2145 } 2146 } 2147 2148 /** 2149 * Checks if the calling app is running as an ephemeral user. 2150 * 2151 * @return whether the caller is an ephemeral user. 2152 * @hide 2153 */ 2154 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2155 Manifest.permission.CREATE_USERS}) isEphemeralUser()2156 public boolean isEphemeralUser() { 2157 return isUserEphemeral(UserHandle.myUserId()); 2158 } 2159 2160 /** 2161 * Returns whether the specified user is ephemeral. 2162 * @hide 2163 */ 2164 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2165 Manifest.permission.CREATE_USERS}) isUserEphemeral(@serIdInt int userId)2166 public boolean isUserEphemeral(@UserIdInt int userId) { 2167 final UserInfo user = getUserInfo(userId); 2168 return user != null && user.isEphemeral(); 2169 } 2170 2171 /** 2172 * Return whether the given user is actively running. This means that 2173 * the user is in the "started" state, not "stopped" -- it is currently 2174 * allowed to run code through scheduled alarms, receiving broadcasts, 2175 * etc. A started user may be either the current foreground user or a 2176 * background user; the result here does not distinguish between the two. 2177 * 2178 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 2179 * {@link android.os.Build.VERSION_CODES#N}, this API required a system permission 2180 * in order to check other profile's status. 2181 * Since Android Nougat MR1 (SDK version >= 25; 2182 * {@link android.os.Build.VERSION_CODES#N_MR1}), the restriction has been relaxed, and now 2183 * it'll accept any {@link android.os.UserHandle} within the same profile group as the caller. 2184 * 2185 * @param user The user to retrieve the running state for. 2186 */ 2187 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2188 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunning(UserHandle user)2189 public boolean isUserRunning(UserHandle user) { 2190 return isUserRunning(user.getIdentifier()); 2191 } 2192 2193 /** {@hide} */ 2194 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2195 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunning(@serIdInt int userId)2196 public boolean isUserRunning(@UserIdInt int userId) { 2197 try { 2198 return mService.isUserRunning(userId); 2199 } catch (RemoteException re) { 2200 throw re.rethrowFromSystemServer(); 2201 } 2202 } 2203 2204 /** 2205 * Return whether the given user is actively running <em>or</em> stopping. 2206 * This is like {@link #isUserRunning(UserHandle)}, but will also return 2207 * true if the user had been running but is in the process of being stopped 2208 * (but is not yet fully stopped, and still running some code). 2209 * 2210 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 2211 * {@link android.os.Build.VERSION_CODES#N}, this API required a system permission 2212 * in order to check other profile's status. 2213 * Since Android Nougat MR1 (SDK version >= 25; 2214 * {@link android.os.Build.VERSION_CODES#N_MR1}), the restriction has been relaxed, and now 2215 * it'll accept any {@link android.os.UserHandle} within the same profile group as the caller. 2216 * 2217 * @param user The user to retrieve the running state for. 2218 */ 2219 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2220 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunningOrStopping(UserHandle user)2221 public boolean isUserRunningOrStopping(UserHandle user) { 2222 try { 2223 // TODO: reconcile stopped vs stopping? 2224 return ActivityManager.getService().isUserRunning( 2225 user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED); 2226 } catch (RemoteException re) { 2227 throw re.rethrowFromSystemServer(); 2228 } 2229 } 2230 2231 /** 2232 * Return whether the calling user is running in an "unlocked" state. 2233 * <p> 2234 * On devices with direct boot, a user is unlocked only after they've 2235 * entered their credentials (such as a lock pattern or PIN). On devices 2236 * without direct boot, a user is unlocked as soon as it starts. 2237 * <p> 2238 * When a user is locked, only device-protected data storage is available. 2239 * When a user is unlocked, both device-protected and credential-protected 2240 * private app data storage is available. 2241 * 2242 * @see Intent#ACTION_USER_UNLOCKED 2243 * @see Context#createDeviceProtectedStorageContext() 2244 */ isUserUnlocked()2245 public boolean isUserUnlocked() { 2246 return isUserUnlocked(Process.myUserHandle()); 2247 } 2248 2249 /** 2250 * Return whether the given user is running in an "unlocked" state. 2251 * <p> 2252 * On devices with direct boot, a user is unlocked only after they've 2253 * entered their credentials (such as a lock pattern or PIN). On devices 2254 * without direct boot, a user is unlocked as soon as it starts. 2255 * <p> 2256 * When a user is locked, only device-protected data storage is available. 2257 * When a user is unlocked, both device-protected and credential-protected 2258 * private app data storage is available. 2259 * <p>Requires {@code android.permission.MANAGE_USERS} or 2260 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 2261 * must be the calling user or a managed profile associated with it. 2262 * 2263 * @param user to retrieve the unlocked state for. 2264 * @see Intent#ACTION_USER_UNLOCKED 2265 * @see Context#createDeviceProtectedStorageContext() 2266 */ 2267 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2268 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlocked(UserHandle user)2269 public boolean isUserUnlocked(UserHandle user) { 2270 return isUserUnlocked(user.getIdentifier()); 2271 } 2272 2273 private static final String CACHE_KEY_IS_USER_UNLOCKED_PROPERTY = 2274 "cache_key.is_user_unlocked"; 2275 2276 private final PropertyInvalidatedCache<Integer, Boolean> mIsUserUnlockedCache = 2277 new PropertyInvalidatedCache<Integer, Boolean>( 2278 32, CACHE_KEY_IS_USER_UNLOCKED_PROPERTY) { 2279 @Override 2280 protected Boolean recompute(Integer query) { 2281 try { 2282 return mService.isUserUnlocked(query); 2283 } catch (RemoteException re) { 2284 throw re.rethrowFromSystemServer(); 2285 } 2286 } 2287 }; 2288 2289 // Uses IS_USER_UNLOCKED_PROPERTY for invalidation as the APIs have the same dependencies. 2290 private final PropertyInvalidatedCache<Integer, Boolean> mIsUserUnlockingOrUnlockedCache = 2291 new PropertyInvalidatedCache<Integer, Boolean>( 2292 32, CACHE_KEY_IS_USER_UNLOCKED_PROPERTY) { 2293 @Override 2294 protected Boolean recompute(Integer query) { 2295 try { 2296 return mService.isUserUnlockingOrUnlocked(query); 2297 } catch (RemoteException re) { 2298 throw re.rethrowFromSystemServer(); 2299 } 2300 } 2301 }; 2302 2303 /** {@hide} */ 2304 @UnsupportedAppUsage 2305 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2306 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlocked(@serIdInt int userId)2307 public boolean isUserUnlocked(@UserIdInt int userId) { 2308 return mIsUserUnlockedCache.query(userId); 2309 } 2310 2311 /** {@hide} */ disableIsUserUnlockedCache()2312 public void disableIsUserUnlockedCache() { 2313 mIsUserUnlockedCache.disableLocal(); 2314 mIsUserUnlockingOrUnlockedCache.disableLocal(); 2315 } 2316 2317 /** {@hide} */ invalidateIsUserUnlockedCache()2318 public static final void invalidateIsUserUnlockedCache() { 2319 PropertyInvalidatedCache.invalidateCache(CACHE_KEY_IS_USER_UNLOCKED_PROPERTY); 2320 } 2321 2322 /** 2323 * Return whether the provided user is already running in an 2324 * "unlocked" state or in the process of unlocking. 2325 * <p> 2326 * On devices with direct boot, a user is unlocked only after they've 2327 * entered their credentials (such as a lock pattern or PIN). On devices 2328 * without direct boot, a user is unlocked as soon as it starts. 2329 * <p> 2330 * When a user is locked, only device-protected data storage is available. 2331 * When a user is unlocked, both device-protected and credential-protected 2332 * private app data storage is available. 2333 * 2334 * <p>Requires {@code android.permission.MANAGE_USERS} or 2335 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 2336 * must be the calling user or a profile associated with it. 2337 * 2338 * @hide 2339 */ 2340 @SystemApi 2341 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2342 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlockingOrUnlocked(@onNull UserHandle user)2343 public boolean isUserUnlockingOrUnlocked(@NonNull UserHandle user) { 2344 return isUserUnlockingOrUnlocked(user.getIdentifier()); 2345 } 2346 2347 /** {@hide} */ 2348 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2349 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlockingOrUnlocked(@serIdInt int userId)2350 public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) { 2351 return mIsUserUnlockingOrUnlockedCache.query(userId); 2352 } 2353 2354 /** 2355 * Return the time when the calling user started in elapsed milliseconds since boot, 2356 * or 0 if not started. 2357 * 2358 * @hide 2359 */ 2360 @UnsupportedAppUsage getUserStartRealtime()2361 public long getUserStartRealtime() { 2362 try { 2363 return mService.getUserStartRealtime(); 2364 } catch (RemoteException re) { 2365 throw re.rethrowFromSystemServer(); 2366 } 2367 } 2368 2369 /** 2370 * Return the time when the calling user was unlocked elapsed milliseconds since boot, 2371 * or 0 if not unlocked. 2372 * 2373 * @hide 2374 */ 2375 @UnsupportedAppUsage getUserUnlockRealtime()2376 public long getUserUnlockRealtime() { 2377 try { 2378 return mService.getUserUnlockRealtime(); 2379 } catch (RemoteException re) { 2380 throw re.rethrowFromSystemServer(); 2381 } 2382 } 2383 2384 /** 2385 * Returns the UserInfo object describing a specific user. 2386 * @param userId the user handle of the user whose information is being requested. 2387 * @return the UserInfo object for a specific user. 2388 * @hide 2389 */ 2390 @UnsupportedAppUsage 2391 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2392 Manifest.permission.CREATE_USERS}) getUserInfo(@serIdInt int userId)2393 public UserInfo getUserInfo(@UserIdInt int userId) { 2394 try { 2395 return mService.getUserInfo(userId); 2396 } catch (RemoteException re) { 2397 throw re.rethrowFromSystemServer(); 2398 } 2399 } 2400 2401 /** 2402 * @hide 2403 * 2404 * Returns who set a user restriction on a user. 2405 * @param restrictionKey the string key representing the restriction 2406 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2407 * @return The source of user restriction. Any combination of {@link #RESTRICTION_NOT_SET}, 2408 * {@link #RESTRICTION_SOURCE_SYSTEM}, {@link #RESTRICTION_SOURCE_DEVICE_OWNER} 2409 * and {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 2410 * @deprecated use {@link #getUserRestrictionSources(String, int)} instead. 2411 */ 2412 @Deprecated 2413 @SystemApi 2414 @UserRestrictionSource 2415 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getUserRestrictionSource(@serRestrictionKey String restrictionKey, UserHandle userHandle)2416 public int getUserRestrictionSource(@UserRestrictionKey String restrictionKey, 2417 UserHandle userHandle) { 2418 try { 2419 return mService.getUserRestrictionSource(restrictionKey, userHandle.getIdentifier()); 2420 } catch (RemoteException re) { 2421 throw re.rethrowFromSystemServer(); 2422 } 2423 } 2424 2425 /** 2426 * @hide 2427 * 2428 * Returns a list of users who set a user restriction on a given user. 2429 * @param restrictionKey the string key representing the restriction 2430 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2431 * @return a list of user ids enforcing this restriction. 2432 */ 2433 @SystemApi 2434 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getUserRestrictionSources( @serRestrictionKey String restrictionKey, UserHandle userHandle)2435 public List<EnforcingUser> getUserRestrictionSources( 2436 @UserRestrictionKey String restrictionKey, UserHandle userHandle) { 2437 try { 2438 return mService.getUserRestrictionSources(restrictionKey, userHandle.getIdentifier()); 2439 } catch (RemoteException re) { 2440 throw re.rethrowFromSystemServer(); 2441 } 2442 } 2443 2444 /** 2445 * Returns the user-wide restrictions imposed on this user. 2446 * @return a Bundle containing all the restrictions. 2447 */ getUserRestrictions()2448 public Bundle getUserRestrictions() { 2449 return getUserRestrictions(Process.myUserHandle()); 2450 } 2451 2452 /** 2453 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 2454 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2455 * @return a Bundle containing all the restrictions. 2456 * 2457 * <p>Requires {@code android.permission.MANAGE_USERS} or 2458 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 2459 * must be the calling user or a managed profile associated with it. 2460 */ 2461 @RequiresPermission(anyOf = { 2462 android.Manifest.permission.MANAGE_USERS, 2463 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) getUserRestrictions(UserHandle userHandle)2464 public Bundle getUserRestrictions(UserHandle userHandle) { 2465 try { 2466 return mService.getUserRestrictions(userHandle.getIdentifier()); 2467 } catch (RemoteException re) { 2468 throw re.rethrowFromSystemServer(); 2469 } 2470 } 2471 2472 /** 2473 * @hide 2474 * Returns whether the given user has been disallowed from performing certain actions 2475 * or setting certain settings through UserManager (e.g. this type of restriction would prevent 2476 * the guest user from doing certain things, such as making calls). This method disregards 2477 * restrictions set by device policy. 2478 * @param restrictionKey the string key representing the restriction 2479 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2480 */ 2481 @TestApi 2482 @UnsupportedAppUsage 2483 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2484 Manifest.permission.CREATE_USERS}) hasBaseUserRestriction(@serRestrictionKey @onNull String restrictionKey, @NonNull UserHandle userHandle)2485 public boolean hasBaseUserRestriction(@UserRestrictionKey @NonNull String restrictionKey, 2486 @NonNull UserHandle userHandle) { 2487 try { 2488 return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier()); 2489 } catch (RemoteException re) { 2490 throw re.rethrowFromSystemServer(); 2491 } 2492 } 2493 2494 /** 2495 * This will no longer work. Device owners and profile owners should use 2496 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 2497 */ 2498 // System apps should use UserManager.setUserRestriction() instead. 2499 @Deprecated setUserRestrictions(Bundle restrictions)2500 public void setUserRestrictions(Bundle restrictions) { 2501 throw new UnsupportedOperationException("This method is no longer supported"); 2502 } 2503 2504 /** 2505 * This will no longer work. Device owners and profile owners should use 2506 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 2507 */ 2508 // System apps should use UserManager.setUserRestriction() instead. 2509 @Deprecated setUserRestrictions(Bundle restrictions, UserHandle userHandle)2510 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 2511 throw new UnsupportedOperationException("This method is no longer supported"); 2512 } 2513 2514 /** 2515 * Sets the value of a specific restriction. 2516 * Requires the MANAGE_USERS permission. 2517 * @param key the key of the restriction 2518 * @param value the value for the restriction 2519 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 2520 * android.content.ComponentName, String)} or 2521 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 2522 * android.content.ComponentName, String)} instead. 2523 */ 2524 @Deprecated 2525 @RequiresPermission(Manifest.permission.MANAGE_USERS) setUserRestriction(String key, boolean value)2526 public void setUserRestriction(String key, boolean value) { 2527 setUserRestriction(key, value, Process.myUserHandle()); 2528 } 2529 2530 /** 2531 * @hide 2532 * Sets the value of a specific restriction on a specific user. 2533 * @param key the key of the restriction 2534 * @param value the value for the restriction 2535 * @param userHandle the user whose restriction is to be changed. 2536 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 2537 * android.content.ComponentName, String)} or 2538 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 2539 * android.content.ComponentName, String)} instead. 2540 */ 2541 @Deprecated 2542 @RequiresPermission(Manifest.permission.MANAGE_USERS) setUserRestriction(String key, boolean value, UserHandle userHandle)2543 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 2544 try { 2545 mService.setUserRestriction(key, value, userHandle.getIdentifier()); 2546 } catch (RemoteException re) { 2547 throw re.rethrowFromSystemServer(); 2548 } 2549 } 2550 2551 /** 2552 * Returns whether the current user has been disallowed from performing certain actions 2553 * or setting certain settings. 2554 * 2555 * @param restrictionKey The string key representing the restriction. 2556 * @return {@code true} if the current user has the given restriction, {@code false} otherwise. 2557 */ hasUserRestriction(@serRestrictionKey String restrictionKey)2558 public boolean hasUserRestriction(@UserRestrictionKey String restrictionKey) { 2559 return hasUserRestrictionForUser(restrictionKey, Process.myUserHandle()); 2560 } 2561 2562 /** 2563 * @hide 2564 * Returns whether the given user has been disallowed from performing certain actions 2565 * or setting certain settings. 2566 * @param restrictionKey the string key representing the restriction 2567 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2568 */ 2569 @UnsupportedAppUsage hasUserRestriction(@serRestrictionKey String restrictionKey, UserHandle userHandle)2570 public boolean hasUserRestriction(@UserRestrictionKey String restrictionKey, 2571 UserHandle userHandle) { 2572 return hasUserRestrictionForUser(restrictionKey, userHandle); 2573 } 2574 2575 /** 2576 * Returns whether the given user has been disallowed from performing certain actions 2577 * or setting certain settings. 2578 * @param restrictionKey the string key representing the restriction 2579 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2580 * 2581 * <p>Requires {@code android.permission.MANAGE_USERS} or 2582 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 2583 * must be the calling user or a managed profile associated with it. 2584 * 2585 * @hide 2586 */ 2587 @SystemApi 2588 @RequiresPermission(anyOf = { 2589 android.Manifest.permission.MANAGE_USERS, 2590 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) hasUserRestrictionForUser(@onNull @serRestrictionKey String restrictionKey, @NonNull UserHandle userHandle)2591 public boolean hasUserRestrictionForUser(@NonNull @UserRestrictionKey String restrictionKey, 2592 @NonNull UserHandle userHandle) { 2593 try { 2594 return mService.hasUserRestriction(restrictionKey, userHandle.getIdentifier()); 2595 } catch (RemoteException re) { 2596 throw re.rethrowFromSystemServer(); 2597 } 2598 } 2599 2600 /** 2601 * @hide 2602 * Returns whether any user on the device has the given user restriction set. 2603 */ hasUserRestrictionOnAnyUser(@serRestrictionKey String restrictionKey)2604 public boolean hasUserRestrictionOnAnyUser(@UserRestrictionKey String restrictionKey) { 2605 try { 2606 return mService.hasUserRestrictionOnAnyUser(restrictionKey); 2607 } catch (RemoteException re) { 2608 throw re.rethrowFromSystemServer(); 2609 } 2610 } 2611 2612 /** 2613 * @hide 2614 * 2615 * Checks whether changing the given setting to the given value is prohibited 2616 * by the corresponding user restriction in the given user. 2617 * 2618 * May only be called by the OS itself. 2619 * 2620 * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. 2621 */ isSettingRestrictedForUser(String setting, @UserIdInt int userId, String value, int callingUid)2622 public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId, 2623 String value, int callingUid) { 2624 try { 2625 return mService.isSettingRestrictedForUser(setting, userId, value, callingUid); 2626 } catch (RemoteException re) { 2627 throw re.rethrowFromSystemServer(); 2628 } 2629 } 2630 2631 /** 2632 * @hide 2633 * Register a binder callback for user restrictions changes. 2634 * May only be called by the OS itself. 2635 */ addUserRestrictionsListener(final IUserRestrictionsListener listener)2636 public void addUserRestrictionsListener(final IUserRestrictionsListener listener) { 2637 try { 2638 mService.addUserRestrictionsListener(listener); 2639 } catch (RemoteException re) { 2640 throw re.rethrowFromSystemServer(); 2641 } 2642 } 2643 2644 /** 2645 * Return the serial number for a user. This is a device-unique 2646 * number assigned to that user; if the user is deleted and then a new 2647 * user created, the new users will not be given the same serial number. 2648 * @param user The user whose serial number is to be retrieved. 2649 * @return The serial number of the given user; returns -1 if the 2650 * given UserHandle does not exist. 2651 * @see #getUserForSerialNumber(long) 2652 */ getSerialNumberForUser(UserHandle user)2653 public long getSerialNumberForUser(UserHandle user) { 2654 return getUserSerialNumber(user.getIdentifier()); 2655 } 2656 2657 /** 2658 * Return the user associated with a serial number previously 2659 * returned by {@link #getSerialNumberForUser(UserHandle)}. 2660 * @param serialNumber The serial number of the user that is being 2661 * retrieved. 2662 * @return Return the user associated with the serial number, or null 2663 * if there is not one. 2664 * @see #getSerialNumberForUser(UserHandle) 2665 */ getUserForSerialNumber(long serialNumber)2666 public UserHandle getUserForSerialNumber(long serialNumber) { 2667 int ident = getUserHandle((int) serialNumber); 2668 return ident >= 0 ? new UserHandle(ident) : null; 2669 } 2670 2671 /** 2672 * Creates a user with the specified name and options. 2673 * Default user restrictions will be applied. 2674 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2675 * 2676 * @param name the user's name 2677 * @param flags UserInfo flags that identify the type of user and other properties. 2678 * @see UserInfo 2679 * 2680 * @return the UserInfo object for the created user, or null if the user could not be created. 2681 * @throws IllegalArgumentException if flags do not correspond to a valid user type. 2682 * @deprecated Use {@link #createUser(String, String, int)} instead. 2683 * @hide 2684 */ 2685 @UnsupportedAppUsage 2686 @Deprecated createUser(@ullable String name, @UserInfoFlag int flags)2687 public @Nullable UserInfo createUser(@Nullable String name, @UserInfoFlag int flags) { 2688 return createUser(name, UserInfo.getDefaultUserType(flags), flags); 2689 } 2690 2691 /** 2692 * Creates a user with the specified name and options. 2693 * Default user restrictions will be applied. 2694 * 2695 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 2696 * {@link android.Manifest.permission#CREATE_USERS} suffices if flags are in 2697 * com.android.server.pm.UserManagerService#ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION}. 2698 * 2699 * @param name the user's name 2700 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_GUEST}. 2701 * @param flags UserInfo flags that specify user properties. 2702 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 2703 * could not be created. 2704 * 2705 * @see UserInfo 2706 * 2707 * @hide 2708 */ 2709 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2710 Manifest.permission.CREATE_USERS}) createUser(@ullable String name, @NonNull String userType, @UserInfoFlag int flags)2711 public @Nullable UserInfo createUser(@Nullable String name, @NonNull String userType, 2712 @UserInfoFlag int flags) { 2713 try { 2714 return mService.createUserWithThrow(name, userType, flags); 2715 } catch (ServiceSpecificException e) { 2716 return null; 2717 } catch (RemoteException re) { 2718 throw re.rethrowFromSystemServer(); 2719 } 2720 } 2721 2722 /** 2723 * Pre-creates a user of the specified type. Default user restrictions will be applied. 2724 * 2725 * <p>This method can be used by OEMs to "warm" up the user creation by pre-creating some users 2726 * at the first boot, so they when the "real" user is created (for example, 2727 * by {@link #createUser(String, String, int)} or {@link #createGuest(Context, String)}), it 2728 * takes less time. 2729 * 2730 * <p>This method completes the majority of work necessary for user creation: it 2731 * creates user data, CE and DE encryption keys, app data directories, initializes the user and 2732 * grants default permissions. When pre-created users become "real" users, only then are 2733 * components notified of new user creation by firing user creation broadcasts. 2734 * 2735 * <p>All pre-created users are removed during system upgrade. 2736 * 2737 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 2738 * {@link android.Manifest.permission#CREATE_USERS} suffices if flags are in 2739 * com.android.server.pm.UserManagerService#ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION}. 2740 * 2741 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_GUEST}. 2742 * @return the {@link UserInfo} object for the created user. 2743 * 2744 * @throws UserOperationException if the user could not be created. 2745 * @hide 2746 */ 2747 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2748 Manifest.permission.CREATE_USERS}) preCreateUser(@onNull String userType)2749 public @NonNull UserInfo preCreateUser(@NonNull String userType) 2750 throws UserOperationException { 2751 try { 2752 return mService.preCreateUserWithThrow(userType); 2753 } catch (ServiceSpecificException e) { 2754 throw UserOperationException.from(e); 2755 } catch (RemoteException re) { 2756 throw re.rethrowFromSystemServer(); 2757 } 2758 } 2759 2760 /** 2761 * Creates a guest user and configures it. 2762 * @param context an application context 2763 * @param name the name to set for the user 2764 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 2765 * could not be created. 2766 * 2767 * @hide 2768 */ 2769 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2770 Manifest.permission.CREATE_USERS}) createGuest(Context context, String name)2771 public UserInfo createGuest(Context context, String name) { 2772 UserInfo guest = null; 2773 try { 2774 guest = mService.createUserWithThrow(name, USER_TYPE_FULL_GUEST, 0); 2775 if (guest != null) { 2776 Settings.Secure.putStringForUser(context.getContentResolver(), 2777 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id); 2778 } 2779 } catch (ServiceSpecificException e) { 2780 return null; 2781 } catch (RemoteException re) { 2782 throw re.rethrowFromSystemServer(); 2783 } 2784 return guest; 2785 } 2786 2787 /** 2788 * Gets the existing guest user if it exists. This does not include guest users that are dying. 2789 * @return The existing guest user if it exists. Null otherwise. 2790 * @hide 2791 */ 2792 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) findCurrentGuestUser()2793 public UserInfo findCurrentGuestUser() { 2794 try { 2795 return mService.findCurrentGuestUser(); 2796 } catch (RemoteException re) { 2797 throw re.rethrowFromSystemServer(); 2798 } 2799 } 2800 2801 /** 2802 * Creates a user with the specified name and options as a profile of the context's user. 2803 * 2804 * @param name the user's name. 2805 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 2806 * @param disallowedPackages packages to not install for this profile. 2807 * 2808 * @return the {@link android.os.UserHandle} object for the created user, 2809 * or throws {@link UserOperationException} if the user could not be created 2810 * and calling app is targeting {@link android.os.Build.VERSION_CODES#R} or above 2811 * (otherwise returns {@code null}). 2812 * 2813 * @throws UserOperationException if the user could not be created and the calling app is 2814 * targeting {@link android.os.Build.VERSION_CODES#R} or above. 2815 * 2816 * @hide 2817 */ 2818 @SystemApi 2819 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2820 Manifest.permission.CREATE_USERS}) 2821 @UserHandleAware createProfile(@onNull String name, @NonNull String userType, @NonNull Set<String> disallowedPackages)2822 public @Nullable UserHandle createProfile(@NonNull String name, @NonNull String userType, 2823 @NonNull Set<String> disallowedPackages) throws UserOperationException { 2824 try { 2825 return mService.createProfileForUserWithThrow(name, userType, 0, 2826 mUserId, disallowedPackages.toArray( 2827 new String[disallowedPackages.size()])).getUserHandle(); 2828 } catch (ServiceSpecificException e) { 2829 return returnNullOrThrowUserOperationException(e, 2830 mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.R); 2831 } catch (RemoteException re) { 2832 throw re.rethrowFromSystemServer(); 2833 } 2834 } 2835 2836 /** 2837 * Creates a user with the specified name and options as a profile of another user. 2838 * <p>Requires MANAGE_USERS. CREATE_USERS suffices for ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION 2839 * 2840 * @param name the user's name 2841 * @param flags flags that identify the type of user and other properties. 2842 * @param userId new user will be a profile of this user. 2843 * 2844 * @return the {@link UserInfo} object for the created user, or null if the user 2845 * could not be created. 2846 * @throws IllegalArgumentException if flags do not correspond to a valid user type. 2847 * @deprecated Use {@link #createProfileForUser(String, String, int, int)} instead. 2848 * @hide 2849 */ 2850 @UnsupportedAppUsage 2851 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2852 Manifest.permission.CREATE_USERS}) 2853 @Deprecated createProfileForUser(String name, @UserInfoFlag int flags, @UserIdInt int userId)2854 public UserInfo createProfileForUser(String name, @UserInfoFlag int flags, 2855 @UserIdInt int userId) { 2856 return createProfileForUser(name, UserInfo.getDefaultUserType(flags), flags, 2857 userId, null); 2858 } 2859 2860 /** 2861 * Creates a user with the specified name and options as a profile of another user. 2862 * 2863 * @param name the user's name 2864 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 2865 * @param flags UserInfo flags that specify user properties. 2866 * @param userId new user will be a profile of this user. 2867 * 2868 * @return the {@link UserInfo} object for the created user, or null if the user 2869 * could not be created. 2870 * @hide 2871 */ 2872 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2873 Manifest.permission.CREATE_USERS}) createProfileForUser(String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId)2874 public UserInfo createProfileForUser(String name, @NonNull String userType, 2875 @UserInfoFlag int flags, @UserIdInt int userId) { 2876 return createProfileForUser(name, userType, flags, userId, null); 2877 } 2878 2879 /** 2880 * Version of {@link #createProfileForUser(String, String, int, int)} that allows you to specify 2881 * any packages that should not be installed in the new profile by default, these packages can 2882 * still be installed later by the user if needed. 2883 * 2884 * @param name the user's name 2885 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 2886 * @param flags UserInfo flags that specify user properties. 2887 * @param userId new user will be a profile of this user. 2888 * @param disallowedPackages packages that will not be installed in the profile being created. 2889 * 2890 * @return the {@link UserInfo} object for the created user, or {@code null} if the user could 2891 * not be created. 2892 * 2893 * @hide 2894 */ 2895 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2896 Manifest.permission.CREATE_USERS}) createProfileForUser(String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, String[] disallowedPackages)2897 public UserInfo createProfileForUser(String name, @NonNull String userType, 2898 @UserInfoFlag int flags, @UserIdInt int userId, String[] disallowedPackages) { 2899 try { 2900 return mService.createProfileForUserWithThrow(name, userType, flags, userId, 2901 disallowedPackages); 2902 } catch (ServiceSpecificException e) { 2903 return null; 2904 } catch (RemoteException re) { 2905 throw re.rethrowFromSystemServer(); 2906 } 2907 } 2908 2909 /** 2910 * Similar to {@link #createProfileForUser(String, String, int, int, String[])} 2911 * except bypassing the checking of {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}. 2912 * 2913 * @see #createProfileForUser(String, String, int, int, String[]) 2914 * @hide 2915 */ 2916 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2917 Manifest.permission.CREATE_USERS}) createProfileForUserEvenWhenDisallowed(String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, String[] disallowedPackages)2918 public UserInfo createProfileForUserEvenWhenDisallowed(String name, 2919 @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, 2920 String[] disallowedPackages) { 2921 try { 2922 return mService.createProfileForUserEvenWhenDisallowedWithThrow(name, userType, flags, 2923 userId, disallowedPackages); 2924 } catch (ServiceSpecificException e) { 2925 return null; 2926 } catch (RemoteException re) { 2927 throw re.rethrowFromSystemServer(); 2928 } 2929 } 2930 2931 /** 2932 * Creates a restricted profile with the specified name. This method also sets necessary 2933 * restrictions and adds shared accounts. 2934 * 2935 * @param name profile's name 2936 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 2937 * could not be created. 2938 * 2939 * @hide 2940 */ 2941 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2942 Manifest.permission.CREATE_USERS}) createRestrictedProfile(String name)2943 public UserInfo createRestrictedProfile(String name) { 2944 try { 2945 UserHandle parentUserHandle = Process.myUserHandle(); 2946 UserInfo user = mService.createRestrictedProfileWithThrow(name, 2947 parentUserHandle.getIdentifier()); 2948 if (user != null) { 2949 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle, 2950 UserHandle.of(user.id)); 2951 } 2952 return user; 2953 } catch (ServiceSpecificException e) { 2954 return null; 2955 } catch (RemoteException re) { 2956 throw re.rethrowFromSystemServer(); 2957 } 2958 } 2959 2960 /** 2961 * Returns an intent to create a user for the provided name and account name. The name 2962 * and account name will be used when the setup process for the new user is started. 2963 * <p> 2964 * The intent should be launched using startActivityForResult and the return result will 2965 * indicate if the user consented to adding a new user and if the operation succeeded. Any 2966 * errors in creating the user will be returned in the result code. If the user cancels the 2967 * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the 2968 * result code will be {@link Activity#RESULT_OK}. 2969 * <p> 2970 * Use {@link #supportsMultipleUsers()} to first check if the device supports this operation 2971 * at all. 2972 * <p> 2973 * The new user is created but not initialized. After switching into the user for the first 2974 * time, the preferred user name and account information are used by the setup process for that 2975 * user. 2976 * 2977 * @param userName Optional name to assign to the user. 2978 * @param accountName Optional account name that will be used by the setup wizard to initialize 2979 * the user. 2980 * @param accountType Optional account type for the account to be created. This is required 2981 * if the account name is specified. 2982 * @param accountOptions Optional bundle of data to be passed in during account creation in the 2983 * new user via {@link AccountManager#addAccount(String, String, String[], 2984 * Bundle, android.app.Activity, android.accounts.AccountManagerCallback, 2985 * Handler)}. 2986 * @return An Intent that can be launched from an Activity. 2987 * @see #USER_CREATION_FAILED_NOT_PERMITTED 2988 * @see #USER_CREATION_FAILED_NO_MORE_USERS 2989 * @see #supportsMultipleUsers 2990 */ createUserCreationIntent(@ullable String userName, @Nullable String accountName, @Nullable String accountType, @Nullable PersistableBundle accountOptions)2991 public static Intent createUserCreationIntent(@Nullable String userName, 2992 @Nullable String accountName, 2993 @Nullable String accountType, @Nullable PersistableBundle accountOptions) { 2994 Intent intent = new Intent(ACTION_CREATE_USER); 2995 if (userName != null) { 2996 intent.putExtra(EXTRA_USER_NAME, userName); 2997 } 2998 if (accountName != null && accountType == null) { 2999 throw new IllegalArgumentException("accountType must be specified if accountName is " 3000 + "specified"); 3001 } 3002 if (accountName != null) { 3003 intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName); 3004 } 3005 if (accountType != null) { 3006 intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType); 3007 } 3008 if (accountOptions != null) { 3009 intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions); 3010 } 3011 return intent; 3012 } 3013 3014 /** 3015 * @hide 3016 * 3017 * Returns the preferred account name for user creation. 3018 */ 3019 @SystemApi 3020 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getSeedAccountName()3021 public String getSeedAccountName() { 3022 try { 3023 return mService.getSeedAccountName(); 3024 } catch (RemoteException re) { 3025 throw re.rethrowFromSystemServer(); 3026 } 3027 } 3028 3029 /** 3030 * @hide 3031 * 3032 * Returns the preferred account type for user creation. 3033 */ 3034 @SystemApi 3035 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getSeedAccountType()3036 public String getSeedAccountType() { 3037 try { 3038 return mService.getSeedAccountType(); 3039 } catch (RemoteException re) { 3040 throw re.rethrowFromSystemServer(); 3041 } 3042 } 3043 3044 /** 3045 * @hide 3046 * 3047 * Returns the preferred account's options bundle for user creation. 3048 * @return Any options set by the requestor that created the user. 3049 */ 3050 @SystemApi 3051 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getSeedAccountOptions()3052 public PersistableBundle getSeedAccountOptions() { 3053 try { 3054 return mService.getSeedAccountOptions(); 3055 } catch (RemoteException re) { 3056 throw re.rethrowFromSystemServer(); 3057 } 3058 } 3059 3060 /** 3061 * @hide 3062 * 3063 * Called by a system activity to set the seed account information of a user created 3064 * through the user creation intent. 3065 * @param userId 3066 * @param accountName 3067 * @param accountType 3068 * @param accountOptions 3069 * @see #createUserCreationIntent(String, String, String, PersistableBundle) 3070 */ 3071 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setSeedAccountData(int userId, String accountName, String accountType, PersistableBundle accountOptions)3072 public void setSeedAccountData(int userId, String accountName, String accountType, 3073 PersistableBundle accountOptions) { 3074 try { 3075 mService.setSeedAccountData(userId, accountName, accountType, accountOptions, 3076 /* persist= */ true); 3077 } catch (RemoteException re) { 3078 throw re.rethrowFromSystemServer(); 3079 } 3080 } 3081 3082 /** 3083 * @hide 3084 * Clears the seed information used to create this user. 3085 */ 3086 @SystemApi 3087 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) clearSeedAccountData()3088 public void clearSeedAccountData() { 3089 try { 3090 mService.clearSeedAccountData(); 3091 } catch (RemoteException re) { 3092 throw re.rethrowFromSystemServer(); 3093 } 3094 } 3095 3096 /** 3097 * @hide 3098 * Marks the guest user for deletion to allow a new guest to be created before deleting 3099 * the current user who is a guest. 3100 * @param userId 3101 * @return 3102 */ 3103 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) markGuestForDeletion(@serIdInt int userId)3104 public boolean markGuestForDeletion(@UserIdInt int userId) { 3105 try { 3106 return mService.markGuestForDeletion(userId); 3107 } catch (RemoteException re) { 3108 throw re.rethrowFromSystemServer(); 3109 } 3110 } 3111 3112 /** 3113 * Sets the user as enabled, if such an user exists. 3114 * 3115 * <p>Note that the default is true, it's only that managed profiles might not be enabled. 3116 * Also ephemeral users can be disabled to indicate that their removal is in progress and they 3117 * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled. 3118 * 3119 * @param userId the id of the profile to enable 3120 * @hide 3121 */ 3122 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserEnabled(@serIdInt int userId)3123 public void setUserEnabled(@UserIdInt int userId) { 3124 try { 3125 mService.setUserEnabled(userId); 3126 } catch (RemoteException re) { 3127 throw re.rethrowFromSystemServer(); 3128 } 3129 } 3130 3131 /** 3132 * Assigns admin privileges to the user, if such a user exists. 3133 * 3134 * <p>Note that this does not alter the user's pre-existing user restrictions. 3135 * 3136 * @param userId the id of the user to become admin 3137 * @hide 3138 */ 3139 @RequiresPermission(allOf = { 3140 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 3141 Manifest.permission.MANAGE_USERS 3142 }) setUserAdmin(@serIdInt int userId)3143 public void setUserAdmin(@UserIdInt int userId) { 3144 try { 3145 mService.setUserAdmin(userId); 3146 } catch (RemoteException re) { 3147 throw re.rethrowFromSystemServer(); 3148 } 3149 } 3150 3151 /** 3152 * Evicts the user's credential encryption key from memory by stopping and restarting the user. 3153 * 3154 * @hide 3155 */ 3156 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) evictCredentialEncryptionKey(@serIdInt int userId)3157 public void evictCredentialEncryptionKey(@UserIdInt int userId) { 3158 try { 3159 mService.evictCredentialEncryptionKey(userId); 3160 } catch (RemoteException re) { 3161 throw re.rethrowFromSystemServer(); 3162 } 3163 } 3164 3165 /** 3166 * Return the number of users currently created on the device. 3167 * <p>This API is not for use by third-party apps. It requires the {@code MANAGE_USERS} 3168 * permission.</p> 3169 */ 3170 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getUserCount()3171 public int getUserCount() { 3172 List<UserInfo> users = getUsers(); 3173 return users != null ? users.size() : 1; 3174 } 3175 3176 /** 3177 * Returns information for all users on this device, including ones marked for deletion. 3178 * To retrieve only users that are alive, use {@link #getUsers(boolean)}. 3179 * 3180 * @return the list of users that exist on the device. 3181 * @hide 3182 */ 3183 @UnsupportedAppUsage 3184 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getUsers()3185 public List<UserInfo> getUsers() { 3186 return getUsers(/* excludeDying= */ false); 3187 } 3188 3189 /** 3190 * Returns information for all users on this device. Requires 3191 * {@link android.Manifest.permission#MANAGE_USERS} permission. 3192 * 3193 * @param excludeDying specify if the list should exclude users being 3194 * removed. 3195 * @return the list of users that were created. 3196 * @hide 3197 */ 3198 @UnsupportedAppUsage getUsers(boolean excludeDying)3199 public @NonNull List<UserInfo> getUsers(boolean excludeDying) { 3200 return getUsers(/*excludePartial= */ true, excludeDying, 3201 /* excludePreCreated= */ true); 3202 } 3203 3204 /** 3205 * Returns information for all users on this device, based on the filtering parameters. 3206 * 3207 * @hide 3208 */ 3209 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getUsers(boolean excludePartial, boolean excludeDying, boolean excludePreCreated)3210 public List<UserInfo> getUsers(boolean excludePartial, boolean excludeDying, 3211 boolean excludePreCreated) { 3212 try { 3213 return mService.getUsers(excludePartial, excludeDying, excludePreCreated); 3214 } catch (RemoteException re) { 3215 throw re.rethrowFromSystemServer(); 3216 } 3217 } 3218 3219 /** 3220 * Returns the user handles for all users on this device, based on the filtering parameters. 3221 * 3222 * @param excludeDying specify if the list should exclude users being removed. 3223 * @return the list of user handles. 3224 * @hide 3225 */ 3226 @SystemApi 3227 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getUserHandles(boolean excludeDying)3228 public @NonNull List<UserHandle> getUserHandles(boolean excludeDying) { 3229 List<UserInfo> users = getUsers(excludeDying); 3230 List<UserHandle> result = new ArrayList<>(users.size()); 3231 for (UserInfo user : users) { 3232 result.add(user.getUserHandle()); 3233 } 3234 return result; 3235 } 3236 3237 /** 3238 * Returns serial numbers of all users on this device. 3239 * 3240 * @param excludeDying specify if the list should exclude users being removed. 3241 * @return the list of serial numbers of users that exist on the device. 3242 * @hide 3243 */ 3244 @SystemApi 3245 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getSerialNumbersOfUsers(boolean excludeDying)3246 public long[] getSerialNumbersOfUsers(boolean excludeDying) { 3247 List<UserInfo> users = getUsers(excludeDying); 3248 long[] result = new long[users.size()]; 3249 for (int i = 0; i < result.length; i++) { 3250 result[i] = users.get(i).serialNumber; 3251 } 3252 return result; 3253 } 3254 3255 /** 3256 * @return the user's account name, null if not found. 3257 * @hide 3258 */ 3259 @RequiresPermission( allOf = { 3260 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 3261 Manifest.permission.MANAGE_USERS 3262 }) getUserAccount(@serIdInt int userId)3263 public @Nullable String getUserAccount(@UserIdInt int userId) { 3264 try { 3265 return mService.getUserAccount(userId); 3266 } catch (RemoteException re) { 3267 throw re.rethrowFromSystemServer(); 3268 } 3269 } 3270 3271 /** 3272 * Set account name for the given user. 3273 * @hide 3274 */ 3275 @RequiresPermission( allOf = { 3276 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 3277 Manifest.permission.MANAGE_USERS 3278 }) setUserAccount(@serIdInt int userId, @Nullable String accountName)3279 public void setUserAccount(@UserIdInt int userId, @Nullable String accountName) { 3280 try { 3281 mService.setUserAccount(userId, accountName); 3282 } catch (RemoteException re) { 3283 throw re.rethrowFromSystemServer(); 3284 } 3285 } 3286 3287 /** 3288 * Returns information for Primary user. 3289 * 3290 * @return the Primary user, null if not found. 3291 * @hide 3292 */ 3293 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getPrimaryUser()3294 public @Nullable UserInfo getPrimaryUser() { 3295 try { 3296 return mService.getPrimaryUser(); 3297 } catch (RemoteException re) { 3298 throw re.rethrowFromSystemServer(); 3299 } 3300 } 3301 3302 /** 3303 * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS 3304 * permission. 3305 * 3306 * @return true if more users can be added, false if limit has been reached. 3307 * @hide 3308 */ 3309 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) canAddMoreUsers()3310 public boolean canAddMoreUsers() { 3311 // TODO(b/142482943): UMS has different logic, excluding Demo and Profile from counting. Why 3312 // not here? The logic is inconsistent. See UMS.canAddMoreManagedProfiles 3313 final List<UserInfo> users = getUsers(true); 3314 final int totalUserCount = users.size(); 3315 int aliveUserCount = 0; 3316 for (int i = 0; i < totalUserCount; i++) { 3317 UserInfo user = users.get(i); 3318 if (!user.isGuest()) { 3319 aliveUserCount++; 3320 } 3321 } 3322 return aliveUserCount < getMaxSupportedUsers(); 3323 } 3324 3325 /** 3326 * Checks whether it's possible to add more managed profiles. Caller must hold the MANAGE_USERS 3327 * permission. 3328 * if allowedToRemoveOne is true and if the user already has a managed profile, then return if 3329 * we could add a new managed profile to this user after removing the existing one. 3330 * 3331 * @return true if more managed profiles can be added, false if limit has been reached. 3332 * @hide 3333 */ 3334 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) canAddMoreManagedProfiles(@serIdInt int userId, boolean allowedToRemoveOne)3335 public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) { 3336 try { 3337 return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne); 3338 } catch (RemoteException re) { 3339 throw re.rethrowFromSystemServer(); 3340 } 3341 } 3342 3343 /** 3344 * Checks whether it's possible to add more profiles of the given type to the given user. 3345 * 3346 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 3347 * @return true if more profiles can be added, false if limit has been reached. 3348 * @hide 3349 */ 3350 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) canAddMoreProfilesToUser(@onNull String userType, @UserIdInt int userId)3351 public boolean canAddMoreProfilesToUser(@NonNull String userType, @UserIdInt int userId) { 3352 try { 3353 return mService.canAddMoreProfilesToUser(userType, userId, false); 3354 } catch (RemoteException re) { 3355 throw re.rethrowFromSystemServer(); 3356 } 3357 } 3358 3359 /** 3360 * Returns list of the profiles of userId including userId itself. 3361 * Note that this returns both enabled and not enabled profiles. See 3362 * {@link #getEnabledProfiles(int)} if you need only the enabled ones. 3363 * 3364 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 3365 * {@link android.Manifest.permission#CREATE_USERS} suffices if userId is the calling user. 3366 * @param userId profiles of this user will be returned. 3367 * @return the list of profiles. 3368 * @hide 3369 */ 3370 @UnsupportedAppUsage 3371 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3372 Manifest.permission.CREATE_USERS}, conditional = true) getProfiles(@serIdInt int userId)3373 public List<UserInfo> getProfiles(@UserIdInt int userId) { 3374 try { 3375 return mService.getProfiles(userId, false /* enabledOnly */); 3376 } catch (RemoteException re) { 3377 throw re.rethrowFromSystemServer(); 3378 } 3379 } 3380 3381 /** 3382 * Checks if the 2 provided user handles belong to the same profile group. 3383 * 3384 * @param user one of the two user handles to check. 3385 * @param otherUser one of the two user handles to check. 3386 * @return true if the two users are in the same profile group. 3387 * 3388 * @hide 3389 */ 3390 @SystemApi 3391 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isSameProfileGroup(@onNull UserHandle user, @NonNull UserHandle otherUser)3392 public boolean isSameProfileGroup(@NonNull UserHandle user, @NonNull UserHandle otherUser) { 3393 return isSameProfileGroup(user.getIdentifier(), otherUser.getIdentifier()); 3394 } 3395 3396 /** 3397 * Checks if the 2 provided user ids belong to the same profile group. 3398 * @param userId one of the two user ids to check. 3399 * @param otherUserId one of the two user ids to check. 3400 * @return true if the two user ids are in the same profile group. 3401 * @hide 3402 */ 3403 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isSameProfileGroup(@serIdInt int userId, int otherUserId)3404 public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) { 3405 try { 3406 return mService.isSameProfileGroup(userId, otherUserId); 3407 } catch (RemoteException re) { 3408 throw re.rethrowFromSystemServer(); 3409 } 3410 } 3411 3412 /** 3413 * Returns list of the profiles of userId including userId itself. 3414 * Note that this returns only enabled. 3415 * 3416 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 3417 * {@link android.Manifest.permission#CREATE_USERS} suffices if userId is the calling user. 3418 * @param userId profiles of this user will be returned. 3419 * @return the list of profiles. 3420 * @hide 3421 */ 3422 @UnsupportedAppUsage 3423 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3424 Manifest.permission.CREATE_USERS}, conditional = true) getEnabledProfiles(@serIdInt int userId)3425 public List<UserInfo> getEnabledProfiles(@UserIdInt int userId) { 3426 try { 3427 return mService.getProfiles(userId, true /* enabledOnly */); 3428 } catch (RemoteException re) { 3429 throw re.rethrowFromSystemServer(); 3430 } 3431 } 3432 3433 /** 3434 * Returns a list of UserHandles for profiles associated with the user that the calling process 3435 * is running on, including the user itself. 3436 * 3437 * @return A non-empty list of UserHandles associated with the calling user. 3438 */ getUserProfiles()3439 public List<UserHandle> getUserProfiles() { 3440 int[] userIds = getProfileIds(UserHandle.myUserId(), true /* enabledOnly */); 3441 List<UserHandle> result = new ArrayList<>(userIds.length); 3442 for (int userId : userIds) { 3443 result.add(UserHandle.of(userId)); 3444 } 3445 return result; 3446 } 3447 3448 /** 3449 * Returns a list of ids for enabled profiles associated with the context user including the 3450 * user itself. 3451 * 3452 * @return A non-empty list of UserHandles associated with the calling user. 3453 * @hide 3454 */ 3455 @SystemApi 3456 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3457 Manifest.permission.CREATE_USERS}, conditional = true) 3458 @UserHandleAware getEnabledProfiles()3459 public @NonNull List<UserHandle> getEnabledProfiles() { 3460 return getProfiles(true); 3461 } 3462 3463 /** 3464 * Returns a list of ids for all profiles associated with the context user including the user 3465 * itself. 3466 * 3467 * @return A non-empty list of UserHandles associated with the calling user. 3468 * @hide 3469 */ 3470 @SystemApi 3471 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3472 Manifest.permission.CREATE_USERS}, conditional = true) 3473 @UserHandleAware getAllProfiles()3474 public @NonNull List<UserHandle> getAllProfiles() { 3475 return getProfiles(false); 3476 } 3477 3478 /** 3479 * Returns a list of ids for profiles associated with the context user including the user 3480 * itself. 3481 * 3482 * @param enabledOnly whether to return only {@link UserInfo#isEnabled() enabled} profiles 3483 * @return A non-empty list of UserHandles associated with the calling user. 3484 */ 3485 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3486 Manifest.permission.CREATE_USERS}, conditional = true) 3487 @UserHandleAware getProfiles(boolean enabledOnly)3488 private @NonNull List<UserHandle> getProfiles(boolean enabledOnly) { 3489 final int[] userIds = getProfileIds(mUserId, enabledOnly); 3490 final List<UserHandle> result = new ArrayList<>(userIds.length); 3491 for (int userId : userIds) { 3492 result.add(UserHandle.of(userId)); 3493 } 3494 return result; 3495 } 3496 3497 /** 3498 * Returns a list of ids for profiles associated with the specified user including the user 3499 * itself. 3500 * 3501 * @param userId id of the user to return profiles for 3502 * @param enabledOnly whether return only {@link UserInfo#isEnabled() enabled} profiles 3503 * @return A non-empty list of ids of profiles associated with the specified user. 3504 * 3505 * @hide 3506 */ 3507 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3508 Manifest.permission.CREATE_USERS}, conditional = true) getProfileIds(@serIdInt int userId, boolean enabledOnly)3509 public @NonNull int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) { 3510 try { 3511 return mService.getProfileIds(userId, enabledOnly); 3512 } catch (RemoteException re) { 3513 throw re.rethrowFromSystemServer(); 3514 } 3515 } 3516 3517 /** 3518 * @see #getProfileIds(int, boolean) 3519 * @hide 3520 */ 3521 @UnsupportedAppUsage 3522 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3523 Manifest.permission.CREATE_USERS}, conditional = true) getProfileIdsWithDisabled(@serIdInt int userId)3524 public int[] getProfileIdsWithDisabled(@UserIdInt int userId) { 3525 return getProfileIds(userId, false /* enabledOnly */); 3526 } 3527 3528 /** 3529 * @see #getProfileIds(int, boolean) 3530 * @hide 3531 */ 3532 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3533 Manifest.permission.CREATE_USERS}, conditional = true) getEnabledProfileIds(@serIdInt int userId)3534 public int[] getEnabledProfileIds(@UserIdInt int userId) { 3535 return getProfileIds(userId, true /* enabledOnly */); 3536 } 3537 3538 /** 3539 * Returns the device credential owner id of the profile from 3540 * which this method is called, or userId if called from a user that 3541 * is not a profile. 3542 * 3543 * @hide 3544 */ 3545 @RequiresPermission(Manifest.permission.MANAGE_USERS) getCredentialOwnerProfile(@serIdInt int userId)3546 public int getCredentialOwnerProfile(@UserIdInt int userId) { 3547 try { 3548 return mService.getCredentialOwnerProfile(userId); 3549 } catch (RemoteException re) { 3550 throw re.rethrowFromSystemServer(); 3551 } 3552 } 3553 3554 /** 3555 * Returns the parent of the profile which this method is called from 3556 * or null if called from a user that is not a profile. 3557 * 3558 * @hide 3559 */ 3560 @UnsupportedAppUsage 3561 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getProfileParent(@serIdInt int userId)3562 public UserInfo getProfileParent(@UserIdInt int userId) { 3563 try { 3564 return mService.getProfileParent(userId); 3565 } catch (RemoteException re) { 3566 throw re.rethrowFromSystemServer(); 3567 } 3568 } 3569 3570 /** 3571 * Get the parent of a user profile. 3572 * 3573 * @param user the handle of the user profile 3574 * 3575 * @return the parent of the user or {@code null} if the user is not profile 3576 * 3577 * @hide 3578 */ 3579 @SystemApi 3580 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getProfileParent(@onNull UserHandle user)3581 public @Nullable UserHandle getProfileParent(@NonNull UserHandle user) { 3582 UserInfo info = getProfileParent(user.getIdentifier()); 3583 3584 if (info == null) { 3585 return null; 3586 } 3587 3588 return UserHandle.of(info.id); 3589 } 3590 3591 /** 3592 * Enables or disables quiet mode for a managed profile. If quiet mode is enabled, apps in a 3593 * managed profile don't run, generate notifications, or consume data or battery. 3594 * <p> 3595 * If a user's credential is needed to turn off quiet mode, a confirm credential screen will be 3596 * shown to the user. 3597 * <p> 3598 * The change may not happen instantly, however apps can listen for 3599 * {@link Intent#ACTION_MANAGED_PROFILE_AVAILABLE} and 3600 * {@link Intent#ACTION_MANAGED_PROFILE_UNAVAILABLE} broadcasts in order to be notified of 3601 * the change of the quiet mode. Apps can also check the current state of quiet mode by 3602 * calling {@link #isQuietModeEnabled(UserHandle)}. 3603 * <p> 3604 * The caller must either be the foreground default launcher or have one of these permissions: 3605 * {@code MANAGE_USERS} or {@code MODIFY_QUIET_MODE}. 3606 * 3607 * @param enableQuietMode whether quiet mode should be enabled or disabled 3608 * @param userHandle user handle of the profile 3609 * @return {@code false} if user's credential is needed in order to turn off quiet mode, 3610 * {@code true} otherwise 3611 * @throws SecurityException if the caller is invalid 3612 * @throws IllegalArgumentException if {@code userHandle} is not a managed profile 3613 * 3614 * @see #isQuietModeEnabled(UserHandle) 3615 */ 3616 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 3617 Manifest.permission.MODIFY_QUIET_MODE}, conditional = true) requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle)3618 public boolean requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle) { 3619 return requestQuietModeEnabled(enableQuietMode, userHandle, null); 3620 } 3621 3622 /** 3623 * Perform the same operation as {@link #requestQuietModeEnabled(boolean, UserHandle)}, but 3624 * with a flag to tweak the behavior of the request. 3625 * 3626 * @param enableQuietMode whether quiet mode should be enabled or disabled 3627 * @param userHandle user handle of the profile 3628 * @param flags Can be 0 or {@link #QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED}. 3629 * @return {@code false} if user's credential is needed in order to turn off quiet mode, 3630 * {@code true} otherwise 3631 * @throws SecurityException if the caller is invalid 3632 * @throws IllegalArgumentException if {@code userHandle} is not a managed profile 3633 * 3634 * @see #isQuietModeEnabled(UserHandle) 3635 */ requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle, @QuietModeFlag int flags)3636 public boolean requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle, 3637 @QuietModeFlag int flags) { 3638 return requestQuietModeEnabled(enableQuietMode, userHandle, null, flags); 3639 } 3640 3641 /** 3642 * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify 3643 * a target to start when user is unlocked. If {@code target} is specified, caller must have 3644 * the {@link android.Manifest.permission#MANAGE_USERS} permission. 3645 * 3646 * @see {@link #requestQuietModeEnabled(boolean, UserHandle)} 3647 * @hide 3648 */ 3649 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) requestQuietModeEnabled( boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target)3650 public boolean requestQuietModeEnabled( 3651 boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target) { 3652 return requestQuietModeEnabled(enableQuietMode, userHandle, target, 0); 3653 } 3654 3655 /** 3656 * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify 3657 * a target to start when user is unlocked. If {@code target} is specified, caller must have 3658 * the {@link android.Manifest.permission#MANAGE_USERS} permission. 3659 * 3660 * @see #requestQuietModeEnabled(boolean, UserHandle) 3661 * @hide 3662 */ requestQuietModeEnabled( boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target, int flags)3663 public boolean requestQuietModeEnabled( 3664 boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target, 3665 int flags) { 3666 try { 3667 return mService.requestQuietModeEnabled( 3668 mContext.getPackageName(), enableQuietMode, userHandle.getIdentifier(), target, 3669 flags); 3670 } catch (RemoteException re) { 3671 throw re.rethrowFromSystemServer(); 3672 } 3673 } 3674 3675 /** 3676 * Returns whether the given profile is in quiet mode or not. 3677 * Notes: Quiet mode is only supported for managed profiles. 3678 * 3679 * @param userHandle The user handle of the profile to be queried. 3680 * @return true if the profile is in quiet mode, false otherwise. 3681 */ isQuietModeEnabled(UserHandle userHandle)3682 public boolean isQuietModeEnabled(UserHandle userHandle) { 3683 try { 3684 return mService.isQuietModeEnabled(userHandle.getIdentifier()); 3685 } catch (RemoteException re) { 3686 throw re.rethrowFromSystemServer(); 3687 } 3688 } 3689 3690 /** 3691 * Returns whether the given user has a badge (generally to put on profiles' icons). 3692 * 3693 * @param userId userId of the user in question 3694 * @return true if the user's icons should display a badge; false otherwise. 3695 * 3696 * @see #getBadgedIconForUser more information about badging in general 3697 * @hide 3698 */ hasBadge(@serIdInt int userId)3699 public boolean hasBadge(@UserIdInt int userId) { 3700 if (!isProfile(userId)) { 3701 // Since currently only profiles actually have badges, we can do this optimization. 3702 return false; 3703 } 3704 try { 3705 return mService.hasBadge(userId); 3706 } catch (RemoteException re) { 3707 throw re.rethrowFromSystemServer(); 3708 } 3709 } 3710 3711 /** 3712 * Returns whether the user associated with the context has a badge (generally to put on 3713 * profiles' icons). 3714 * 3715 * @return true if the user's icons should display a badge; false otherwise. 3716 * @see #getBadgedIconForUser more information about badging in general 3717 * @hide 3718 */ 3719 @UserHandleAware hasBadge()3720 public boolean hasBadge() { 3721 return hasBadge(mUserId); 3722 } 3723 3724 /** 3725 * Returns the light theme badge color for the given user (generally to color a profile's 3726 * icon's badge). 3727 * 3728 * <p>To check whether a badge color is expected for the user, first call {@link #hasBadge}. 3729 * 3730 * @return the color (not the resource ID) to be used for the user's badge 3731 * @throws Resources.NotFoundException if no valid badge color exists for this user 3732 * 3733 * @see #getBadgedIconForUser more information about badging in general 3734 * @hide 3735 */ getUserBadgeColor(@serIdInt int userId)3736 public @ColorInt int getUserBadgeColor(@UserIdInt int userId) { 3737 try { 3738 final int resourceId = mService.getUserBadgeColorResId(userId); 3739 return Resources.getSystem().getColor(resourceId, null); 3740 } catch (RemoteException re) { 3741 throw re.rethrowFromSystemServer(); 3742 } 3743 } 3744 3745 /** 3746 * Returns the dark theme badge color for the given user (generally to color a profile's icon's 3747 * badge). 3748 * 3749 * <p>To check whether a badge color is expected for the user, first call {@link #hasBadge}. 3750 * 3751 * @return the color (not the resource ID) to be used for the user's badge 3752 * @throws Resources.NotFoundException if no valid badge color exists for this user 3753 * 3754 * @see #getBadgedIconForUser more information about badging in general 3755 * @hide 3756 */ getUserBadgeDarkColor(@serIdInt int userId)3757 public @ColorInt int getUserBadgeDarkColor(@UserIdInt int userId) { 3758 try { 3759 final int resourceId = mService.getUserBadgeDarkColorResId(userId); 3760 return Resources.getSystem().getColor(resourceId, null); 3761 } catch (RemoteException re) { 3762 throw re.rethrowFromSystemServer(); 3763 } 3764 } 3765 3766 /** 3767 * Returns the Resource ID of the user's icon badge. 3768 * 3769 * @return the Resource ID of the user's icon badge if it has one; otherwise 3770 * {@link Resources#ID_NULL}. 3771 * 3772 * @see #getBadgedIconForUser more information about badging in general 3773 * @hide 3774 */ getUserIconBadgeResId(@serIdInt int userId)3775 public @DrawableRes int getUserIconBadgeResId(@UserIdInt int userId) { 3776 try { 3777 return mService.getUserIconBadgeResId(userId); 3778 } catch (RemoteException re) { 3779 throw re.rethrowFromSystemServer(); 3780 } 3781 } 3782 3783 /** 3784 * Returns the Resource ID of the user's badge. 3785 * 3786 * @return the Resource ID of the user's badge if it has one; otherwise 3787 * {@link Resources#ID_NULL}. 3788 * 3789 * @see #getBadgedIconForUser more information about badging in general 3790 * @hide 3791 */ getUserBadgeResId(@serIdInt int userId)3792 public @DrawableRes int getUserBadgeResId(@UserIdInt int userId) { 3793 try { 3794 return mService.getUserBadgeResId(userId); 3795 } catch (RemoteException re) { 3796 throw re.rethrowFromSystemServer(); 3797 } 3798 } 3799 3800 /** 3801 * Returns the Resource ID of the user's badge without a background. 3802 * 3803 * @return the Resource ID of the user's no-background badge if it has one; otherwise 3804 * {@link Resources#ID_NULL}. 3805 * 3806 * @see #getBadgedIconForUser more information about badging in general 3807 * @hide 3808 */ getUserBadgeNoBackgroundResId(@serIdInt int userId)3809 public @DrawableRes int getUserBadgeNoBackgroundResId(@UserIdInt int userId) { 3810 try { 3811 return mService.getUserBadgeNoBackgroundResId(userId); 3812 } catch (RemoteException re) { 3813 throw re.rethrowFromSystemServer(); 3814 } 3815 } 3816 3817 /** 3818 * If the target user is a profile of the calling user or the caller 3819 * is itself a profile, then this returns a badged copy of the given 3820 * icon to be able to distinguish it from the original icon. For badging an 3821 * arbitrary drawable use {@link #getBadgedDrawableForUser( 3822 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}. 3823 * <p> 3824 * If the original drawable is a BitmapDrawable and the backing bitmap is 3825 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 3826 * is performed in place and the original drawable is returned. 3827 * </p> 3828 * 3829 * @param icon The icon to badge. 3830 * @param user The target user. 3831 * @return A drawable that combines the original icon and a badge as 3832 * determined by the system. 3833 * @removed 3834 */ getBadgedIconForUser(Drawable icon, UserHandle user)3835 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) { 3836 return mContext.getPackageManager().getUserBadgedIcon(icon, user); 3837 } 3838 3839 /** 3840 * If the target user is a profile of the calling user or the caller 3841 * is itself a profile, then this returns a badged copy of the given 3842 * drawable allowing the user to distinguish it from the original drawable. 3843 * The caller can specify the location in the bounds of the drawable to be 3844 * badged where the badge should be applied as well as the density of the 3845 * badge to be used. 3846 * <p> 3847 * If the original drawable is a BitmapDrawable and the backing bitmap is 3848 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 3849 * is performed in place and the original drawable is returned. 3850 * </p> 3851 * 3852 * @param badgedDrawable The drawable to badge. 3853 * @param user The target user. 3854 * @param badgeLocation Where in the bounds of the badged drawable to place 3855 * the badge. If it's {@code null}, the badge is applied on top of the entire 3856 * drawable being badged. 3857 * @param badgeDensity The optional desired density for the badge as per 3858 * {@link android.util.DisplayMetrics#densityDpi}. If it's not positive, 3859 * the density of the display is used. 3860 * @return A drawable that combines the original drawable and a badge as 3861 * determined by the system. 3862 * @removed 3863 */ getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, Rect badgeLocation, int badgeDensity)3864 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, 3865 Rect badgeLocation, int badgeDensity) { 3866 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user, 3867 badgeLocation, badgeDensity); 3868 } 3869 3870 /** 3871 * If the target user is a profile of the calling user or the caller 3872 * is itself a profile, then this returns a copy of the label with 3873 * badging for accessibility services like talkback. E.g. passing in "Email" 3874 * and it might return "Work Email" for Email in the work profile. 3875 * 3876 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} or 3877 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the caller 3878 * must be in the same profile group of specified user. 3879 * 3880 * @param label The label to change. 3881 * @param user The target user. 3882 * @return A label that combines the original label and a badge as 3883 * determined by the system. 3884 * @removed 3885 */ getBadgedLabelForUser(CharSequence label, UserHandle user)3886 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) { 3887 final int userId = user.getIdentifier(); 3888 if (!hasBadge(userId)) { 3889 return label; 3890 } 3891 try { 3892 final int resourceId = mService.getUserBadgeLabelResId(userId); 3893 return Resources.getSystem().getString(resourceId, label); 3894 } catch (RemoteException re) { 3895 throw re.rethrowFromSystemServer(); 3896 } 3897 } 3898 3899 /** 3900 * Removes a user and all associated data. 3901 * @param userId the integer handle of the user. 3902 * @hide 3903 */ 3904 @UnsupportedAppUsage 3905 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3906 Manifest.permission.CREATE_USERS}) removeUser(@serIdInt int userId)3907 public boolean removeUser(@UserIdInt int userId) { 3908 try { 3909 return mService.removeUser(userId); 3910 } catch (RemoteException re) { 3911 throw re.rethrowFromSystemServer(); 3912 } 3913 } 3914 3915 /** 3916 * Removes a user and all associated data. 3917 * 3918 * @param user the user that needs to be removed. 3919 * @return {@code true} if the user was successfully removed, {@code false} otherwise. 3920 * @throws IllegalArgumentException if {@code user} is {@code null} 3921 * @hide 3922 */ 3923 @SystemApi 3924 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3925 Manifest.permission.CREATE_USERS}) removeUser(@onNull UserHandle user)3926 public boolean removeUser(@NonNull UserHandle user) { 3927 if (user == null) { 3928 throw new IllegalArgumentException("user cannot be null"); 3929 } 3930 return removeUser(user.getIdentifier()); 3931 } 3932 3933 3934 /** 3935 * Similar to {@link #removeUser(int)} except bypassing the checking of 3936 * {@link UserManager#DISALLOW_REMOVE_USER} 3937 * or {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE}. 3938 * 3939 * @see {@link #removeUser(int)} 3940 * @hide 3941 */ 3942 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3943 Manifest.permission.CREATE_USERS}) removeUserEvenWhenDisallowed(@serIdInt int userId)3944 public boolean removeUserEvenWhenDisallowed(@UserIdInt int userId) { 3945 try { 3946 return mService.removeUserEvenWhenDisallowed(userId); 3947 } catch (RemoteException re) { 3948 throw re.rethrowFromSystemServer(); 3949 } 3950 } 3951 3952 /** 3953 * Updates the user's name. 3954 * 3955 * @param userId the user's integer id 3956 * @param name the new name for the user 3957 * @hide 3958 */ 3959 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserName(@serIdInt int userId, String name)3960 public void setUserName(@UserIdInt int userId, String name) { 3961 try { 3962 mService.setUserName(userId, name); 3963 } catch (RemoteException re) { 3964 throw re.rethrowFromSystemServer(); 3965 } 3966 } 3967 3968 /** 3969 * Updates the context user's name. 3970 * 3971 * @param name the new name for the user 3972 * @hide 3973 */ 3974 @SystemApi 3975 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 3976 @UserHandleAware setUserName(@ullable String name)3977 public void setUserName(@Nullable String name) { 3978 setUserName(mUserId, name); 3979 } 3980 3981 /** 3982 * Sets the user's photo. 3983 * @param userId the user for whom to change the photo. 3984 * @param icon the bitmap to set as the photo. 3985 * 3986 * @hide 3987 */ 3988 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserIcon(@serIdInt int userId, @NonNull Bitmap icon)3989 public void setUserIcon(@UserIdInt int userId, @NonNull Bitmap icon) { 3990 try { 3991 mService.setUserIcon(userId, icon); 3992 } catch (ServiceSpecificException e) { 3993 return; 3994 } catch (RemoteException re) { 3995 throw re.rethrowFromSystemServer(); 3996 } 3997 } 3998 3999 /** 4000 * Sets the context user's photo. 4001 * 4002 * @param icon the bitmap to set as the photo. 4003 * 4004 * @throws UserOperationException according to the function signature, but may not actually 4005 * throw it in practice. Catch RuntimeException instead. 4006 * 4007 * @hide 4008 */ 4009 @SystemApi 4010 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 4011 @UserHandleAware setUserIcon(@onNull Bitmap icon)4012 public void setUserIcon(@NonNull Bitmap icon) throws UserOperationException { 4013 setUserIcon(mUserId, icon); 4014 } 4015 4016 /** 4017 * Returns a bitmap of the user's photo 4018 * @param userId the user whose photo we want to read. 4019 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 4020 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 4021 * @hide 4022 */ 4023 @UnsupportedAppUsage 4024 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 4025 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) getUserIcon(@serIdInt int userId)4026 public Bitmap getUserIcon(@UserIdInt int userId) { 4027 try { 4028 ParcelFileDescriptor fd = mService.getUserIcon(userId); 4029 if (fd != null) { 4030 try { 4031 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor()); 4032 } finally { 4033 try { 4034 fd.close(); 4035 } catch (IOException e) { 4036 } 4037 } 4038 } 4039 } catch (RemoteException re) { 4040 throw re.rethrowFromSystemServer(); 4041 } 4042 return null; 4043 } 4044 4045 /** 4046 * Returns a Bitmap for the context user's photo. 4047 * 4048 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 4049 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 4050 * @hide 4051 */ 4052 @SystemApi 4053 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 4054 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) 4055 @UserHandleAware getUserIcon()4056 public @Nullable Bitmap getUserIcon() { 4057 return getUserIcon(mUserId); 4058 } 4059 4060 /** 4061 * Returns the maximum number of users that can be created on this device. A return value 4062 * of 1 means that it is a single user device. 4063 * @hide 4064 * @return a value greater than or equal to 1 4065 */ 4066 @UnsupportedAppUsage getMaxSupportedUsers()4067 public static int getMaxSupportedUsers() { 4068 // Don't allow multiple users on certain builds 4069 if (android.os.Build.ID.startsWith("JVP")) return 1; 4070 return SystemProperties.getInt("fw.max_users", 4071 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 4072 } 4073 4074 /** 4075 * Returns true if the user switcher is enabled (regardless of whether there is anything 4076 * interesting for it to show). 4077 * 4078 * @return true if user switcher is enabled 4079 * @hide 4080 */ isUserSwitcherEnabled()4081 public boolean isUserSwitcherEnabled() { 4082 return isUserSwitcherEnabled(true); 4083 } 4084 4085 /** 4086 * Returns true if the user switcher should be shown. 4087 * 4088 * @param showEvenIfNotActionable value to return if the feature is enabled but there is nothing 4089 * actionable for the user to do anyway 4090 * @return true if user switcher should be shown. 4091 * @hide 4092 */ isUserSwitcherEnabled(boolean showEvenIfNotActionable)4093 public boolean isUserSwitcherEnabled(boolean showEvenIfNotActionable) { 4094 if (!supportsMultipleUsers()) { 4095 return false; 4096 } 4097 if (hasUserRestriction(DISALLOW_USER_SWITCH)) { 4098 return false; 4099 } 4100 // If Demo Mode is on, don't show user switcher 4101 if (isDeviceInDemoMode(mContext)) { 4102 return false; 4103 } 4104 // Check the Settings.Global.USER_SWITCHER_ENABLED that the user can toggle on/off. 4105 final boolean userSwitcherSettingOn = Settings.Global.getInt(mContext.getContentResolver(), 4106 Settings.Global.USER_SWITCHER_ENABLED, 4107 Resources.getSystem().getBoolean(R.bool.config_showUserSwitcherByDefault) ? 1 : 0) 4108 != 0; 4109 if (!userSwitcherSettingOn) { 4110 return false; 4111 } 4112 4113 // The feature is enabled. But is it worth showing? 4114 return showEvenIfNotActionable 4115 || areThereUsersToWhichToSwitch() // There are switchable users. 4116 || !hasUserRestriction(UserManager.DISALLOW_ADD_USER); // New users can be added. 4117 } 4118 4119 /** Returns whether there are any users (other than the current user) to which to switch. */ areThereUsersToWhichToSwitch()4120 private boolean areThereUsersToWhichToSwitch() { 4121 final List<UserInfo> users = getUsers(true); 4122 if (users == null) { 4123 return false; 4124 } 4125 int switchableUserCount = 0; 4126 for (UserInfo user : users) { 4127 if (user.supportsSwitchToByUser()) { 4128 ++switchableUserCount; 4129 } 4130 } 4131 return switchableUserCount > 1; 4132 } 4133 4134 /** 4135 * @hide 4136 */ 4137 @UnsupportedAppUsage isDeviceInDemoMode(Context context)4138 public static boolean isDeviceInDemoMode(Context context) { 4139 return Settings.Global.getInt(context.getContentResolver(), 4140 Settings.Global.DEVICE_DEMO_MODE, 0) > 0; 4141 } 4142 4143 /** 4144 * Returns a serial number on this device for a given userId. User handles can be recycled 4145 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 4146 * @param userId 4147 * @return a serial number associated with that user, or -1 if the userId is not valid. 4148 * @hide 4149 */ 4150 @UnsupportedAppUsage getUserSerialNumber(@serIdInt int userId)4151 public int getUserSerialNumber(@UserIdInt int userId) { 4152 try { 4153 return mService.getUserSerialNumber(userId); 4154 } catch (RemoteException re) { 4155 throw re.rethrowFromSystemServer(); 4156 } 4157 } 4158 4159 /** 4160 * Returns a userId on this device for a given user serial number. User handles can be 4161 * recycled when deleting and creating users, but serial numbers are not reused until the device 4162 * is wiped. 4163 * @param userSerialNumber 4164 * @return the userId associated with that user serial number, or -1 if the serial number 4165 * is not valid. 4166 * @hide 4167 */ 4168 @UnsupportedAppUsage getUserHandle(int userSerialNumber)4169 public @UserIdInt int getUserHandle(int userSerialNumber) { 4170 try { 4171 return mService.getUserHandle(userSerialNumber); 4172 } catch (RemoteException re) { 4173 throw re.rethrowFromSystemServer(); 4174 } 4175 } 4176 4177 /** 4178 * Returns a {@link Bundle} containing any saved application restrictions for this user, for the 4179 * given package name. Only an application with this package name can call this method. 4180 * 4181 * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application, 4182 * where the types of values may be: 4183 * <ul> 4184 * <li>{@code boolean} 4185 * <li>{@code int} 4186 * <li>{@code String} or {@code String[]} 4187 * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]} 4188 * </ul> 4189 * 4190 * <p>NOTE: The method performs disk I/O and shouldn't be called on the main thread 4191 * 4192 * @param packageName the package name of the calling application 4193 * @return a {@link Bundle} with the restrictions for that package, or an empty {@link Bundle} 4194 * if there are no saved restrictions. 4195 * 4196 * @see #KEY_RESTRICTIONS_PENDING 4197 */ 4198 @WorkerThread getApplicationRestrictions(String packageName)4199 public Bundle getApplicationRestrictions(String packageName) { 4200 try { 4201 return mService.getApplicationRestrictions(packageName); 4202 } catch (RemoteException re) { 4203 throw re.rethrowFromSystemServer(); 4204 } 4205 } 4206 4207 /** 4208 * @hide 4209 */ 4210 @WorkerThread getApplicationRestrictions(String packageName, UserHandle user)4211 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 4212 try { 4213 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 4214 } catch (RemoteException re) { 4215 throw re.rethrowFromSystemServer(); 4216 } 4217 } 4218 4219 /** 4220 * @hide 4221 */ 4222 @WorkerThread setApplicationRestrictions(String packageName, Bundle restrictions, UserHandle user)4223 public void setApplicationRestrictions(String packageName, Bundle restrictions, 4224 UserHandle user) { 4225 try { 4226 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 4227 } catch (RemoteException re) { 4228 throw re.rethrowFromSystemServer(); 4229 } 4230 } 4231 4232 /** 4233 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed 4234 * apps and requires the MANAGE_USERS permission. 4235 * @param newPin the PIN to use for challenge dialogs. 4236 * @return Returns true if the challenge PIN was set successfully. 4237 * @deprecated The restrictions PIN functionality is no longer provided by the system. 4238 * This method is preserved for backwards compatibility reasons and always returns false. 4239 */ 4240 @Deprecated setRestrictionsChallenge(String newPin)4241 public boolean setRestrictionsChallenge(String newPin) { 4242 return false; 4243 } 4244 4245 /** 4246 * @hide 4247 * Set restrictions that should apply to any future guest user that's created. 4248 */ 4249 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setDefaultGuestRestrictions(Bundle restrictions)4250 public void setDefaultGuestRestrictions(Bundle restrictions) { 4251 try { 4252 mService.setDefaultGuestRestrictions(restrictions); 4253 } catch (RemoteException re) { 4254 throw re.rethrowFromSystemServer(); 4255 } 4256 } 4257 4258 /** 4259 * @hide 4260 * Gets the default guest restrictions. 4261 */ 4262 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getDefaultGuestRestrictions()4263 public Bundle getDefaultGuestRestrictions() { 4264 try { 4265 return mService.getDefaultGuestRestrictions(); 4266 } catch (RemoteException re) { 4267 throw re.rethrowFromSystemServer(); 4268 } 4269 } 4270 4271 /** 4272 * Returns creation time of the user or of a managed profile associated with the calling user. 4273 * @param userHandle user handle of the user or a managed profile associated with the 4274 * calling user. 4275 * @return creation time in milliseconds since Epoch time. 4276 */ getUserCreationTime(UserHandle userHandle)4277 public long getUserCreationTime(UserHandle userHandle) { 4278 try { 4279 return mService.getUserCreationTime(userHandle.getIdentifier()); 4280 } catch (RemoteException re) { 4281 throw re.rethrowFromSystemServer(); 4282 } 4283 } 4284 4285 /** 4286 * @hide 4287 * Checks if any uninitialized user has the specific seed account name and type. 4288 * 4289 * @param accountName The account name to check for 4290 * @param accountType The account type of the account to check for 4291 * @return whether the seed account was found 4292 */ 4293 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) someUserHasSeedAccount(String accountName, String accountType)4294 public boolean someUserHasSeedAccount(String accountName, String accountType) { 4295 try { 4296 return mService.someUserHasSeedAccount(accountName, accountType); 4297 } catch (RemoteException re) { 4298 throw re.rethrowFromSystemServer(); 4299 } 4300 } 4301 4302 /** 4303 * @hide 4304 * User that enforces a restriction. 4305 * 4306 * @see #getUserRestrictionSources(String, UserHandle) 4307 */ 4308 @SystemApi 4309 public static final class EnforcingUser implements Parcelable { 4310 private final @UserIdInt int userId; 4311 private final @UserRestrictionSource int userRestrictionSource; 4312 4313 /** 4314 * @hide 4315 */ EnforcingUser( @serIdInt int userId, @UserRestrictionSource int userRestrictionSource)4316 public EnforcingUser( 4317 @UserIdInt int userId, @UserRestrictionSource int userRestrictionSource) { 4318 this.userId = userId; 4319 this.userRestrictionSource = userRestrictionSource; 4320 } 4321 EnforcingUser(Parcel in)4322 private EnforcingUser(Parcel in) { 4323 userId = in.readInt(); 4324 userRestrictionSource = in.readInt(); 4325 } 4326 4327 public static final @android.annotation.NonNull Creator<EnforcingUser> CREATOR = new Creator<EnforcingUser>() { 4328 @Override 4329 public EnforcingUser createFromParcel(Parcel in) { 4330 return new EnforcingUser(in); 4331 } 4332 4333 @Override 4334 public EnforcingUser[] newArray(int size) { 4335 return new EnforcingUser[size]; 4336 } 4337 }; 4338 4339 @Override describeContents()4340 public int describeContents() { 4341 return 0; 4342 } 4343 4344 @Override writeToParcel(Parcel dest, int flags)4345 public void writeToParcel(Parcel dest, int flags) { 4346 dest.writeInt(userId); 4347 dest.writeInt(userRestrictionSource); 4348 } 4349 4350 /** 4351 * Returns an id of the enforcing user. 4352 * 4353 * <p> Will be UserHandle.USER_NULL when restriction is set by the system. 4354 */ getUserHandle()4355 public UserHandle getUserHandle() { 4356 return UserHandle.of(userId); 4357 } 4358 4359 /** 4360 * Returns the status of the enforcing user. 4361 * 4362 * <p> One of {@link #RESTRICTION_SOURCE_SYSTEM}, 4363 * {@link #RESTRICTION_SOURCE_DEVICE_OWNER} and 4364 * {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 4365 */ getUserRestrictionSource()4366 public @UserRestrictionSource int getUserRestrictionSource() { 4367 return userRestrictionSource; 4368 } 4369 } 4370 } 4371