1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.os; 18 19 import static android.app.admin.DevicePolicyResources.Drawables.Style.SOLID_COLORED; 20 import static android.app.admin.DevicePolicyResources.Strings.Core.WORK_PROFILE_BADGED_LABEL; 21 import static android.app.admin.DevicePolicyResources.Strings.SystemUi.STATUS_BAR_WORK_ICON_ACCESSIBILITY; 22 import static android.app.admin.DevicePolicyResources.UNDEFINED; 23 24 import android.Manifest; 25 import android.accounts.AccountManager; 26 import android.annotation.ColorInt; 27 import android.annotation.DrawableRes; 28 import android.annotation.FlaggedApi; 29 import android.annotation.IntDef; 30 import android.annotation.NonNull; 31 import android.annotation.Nullable; 32 import android.annotation.RequiresPermission; 33 import android.annotation.StringDef; 34 import android.annotation.SuppressAutoDoc; 35 import android.annotation.SuppressLint; 36 import android.annotation.SystemApi; 37 import android.annotation.SystemService; 38 import android.annotation.TestApi; 39 import android.annotation.UserHandleAware; 40 import android.annotation.UserIdInt; 41 import android.annotation.WorkerThread; 42 import android.app.Activity; 43 import android.app.ActivityManager; 44 import android.app.PropertyInvalidatedCache; 45 import android.app.admin.DevicePolicyManager; 46 import android.app.compat.CompatChanges; 47 import android.compat.annotation.ChangeId; 48 import android.compat.annotation.EnabledSince; 49 import android.compat.annotation.UnsupportedAppUsage; 50 import android.content.ComponentName; 51 import android.content.Context; 52 import android.content.Intent; 53 import android.content.IntentFilter; 54 import android.content.IntentSender; 55 import android.content.pm.UserInfo; 56 import android.content.pm.UserInfo.UserInfoFlag; 57 import android.content.pm.UserProperties; 58 import android.content.res.Resources; 59 import android.graphics.Bitmap; 60 import android.graphics.BitmapFactory; 61 import android.graphics.Rect; 62 import android.graphics.drawable.Drawable; 63 import android.location.LocationManager; 64 import android.nfc.Flags; 65 import android.provider.Settings; 66 import android.util.AndroidException; 67 import android.util.ArraySet; 68 import android.util.Log; 69 import android.view.WindowManager.LayoutParams; 70 71 import com.android.internal.R; 72 73 import java.io.IOException; 74 import java.lang.annotation.Retention; 75 import java.lang.annotation.RetentionPolicy; 76 import java.util.ArrayList; 77 import java.util.List; 78 import java.util.Objects; 79 import java.util.Set; 80 81 /** 82 * Manages users and user details on a multi-user system. There are two major categories of 83 * users: fully customizable users with their own login, and profiles that share a workspace 84 * with a related user. 85 * <p> 86 * Users are different from accounts, which are managed by 87 * {@link AccountManager}. Each user can have their own set of accounts. 88 * <p> 89 * See {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} for more on managed profiles. 90 */ 91 @SystemService(Context.USER_SERVICE) 92 @android.ravenwood.annotation.RavenwoodKeepPartialClass 93 public class UserManager { 94 95 private static final String TAG = "UserManager"; 96 97 @UnsupportedAppUsage 98 private final IUserManager mService; 99 /** Holding the Application context (not constructor param context). */ 100 private final Context mContext; 101 102 /** The userId of the constructor param context. To be used instead of mContext.getUserId(). */ 103 private final @UserIdInt int mUserId; 104 105 /** The userType of UserHandle.myUserId(); empty string if not a profile; null until cached. */ 106 private String mProfileTypeOfProcessUser = null; 107 108 /** Whether the device is in headless system user mode; null until cached. */ 109 private static Boolean sIsHeadlessSystemUser = null; 110 111 /** Maximum length of username. 112 * @hide 113 */ 114 public static final int MAX_USER_NAME_LENGTH = 100; 115 116 /** Maximum length of user property String value. 117 * @hide 118 */ 119 public static final int MAX_ACCOUNT_STRING_LENGTH = 500; 120 121 /** Maximum length of account options String values. 122 * @hide 123 */ 124 public static final int MAX_ACCOUNT_OPTIONS_LENGTH = 1000; 125 126 /** 127 * User type representing a {@link UserHandle#USER_SYSTEM system} user that is a human user. 128 * This type of user cannot be created; it can only pre-exist on first boot. 129 * @hide 130 */ 131 @SystemApi 132 public static final String USER_TYPE_FULL_SYSTEM = "android.os.usertype.full.SYSTEM"; 133 134 /** 135 * User type representing a regular non-profile non-{@link UserHandle#USER_SYSTEM system} human 136 * user. 137 * This is sometimes called an ordinary 'secondary user'. 138 * @hide 139 */ 140 @SystemApi 141 public static final String USER_TYPE_FULL_SECONDARY = "android.os.usertype.full.SECONDARY"; 142 143 /** 144 * User type representing a guest user that may be transient. 145 * @hide 146 */ 147 @SystemApi 148 public static final String USER_TYPE_FULL_GUEST = "android.os.usertype.full.GUEST"; 149 150 /** 151 * User type representing a user for demo purposes only, which can be removed at any time. 152 * @hide 153 */ 154 public static final String USER_TYPE_FULL_DEMO = "android.os.usertype.full.DEMO"; 155 156 /** 157 * User type representing a "restricted profile" user, which is a full user that is subject to 158 * certain restrictions from a parent user. Note, however, that it is NOT technically a profile. 159 * @hide 160 */ 161 public static final String USER_TYPE_FULL_RESTRICTED = "android.os.usertype.full.RESTRICTED"; 162 163 /** 164 * User type representing a managed profile, which is a profile that is to be managed by a 165 * device policy controller (DPC). 166 * The intended purpose is for work profiles, which are managed by a corporate entity. 167 */ 168 @FlaggedApi(android.os.Flags.FLAG_ALLOW_PRIVATE_PROFILE) 169 public static final String USER_TYPE_PROFILE_MANAGED = "android.os.usertype.profile.MANAGED"; 170 171 /** 172 * User type representing a clone profile. Clone profile is a user profile type used to run 173 * second instance of an otherwise single user App (eg, messengers). Currently only the 174 * {@link android.content.pm.UserInfo#isMain()} user can have a clone profile. 175 */ 176 @FlaggedApi(android.os.Flags.FLAG_ALLOW_PRIVATE_PROFILE) 177 public static final String USER_TYPE_PROFILE_CLONE = "android.os.usertype.profile.CLONE"; 178 179 180 /** 181 * User type representing a private profile. Private profile is a user profile that can be used 182 * as an alternative user-space to install and use sensitive apps. 183 * UI surfaces can adopt an alternative strategy to show apps belonging to this profile, in line 184 * with their sensitive nature. 185 */ 186 @FlaggedApi(android.os.Flags.FLAG_ALLOW_PRIVATE_PROFILE) 187 public static final String USER_TYPE_PROFILE_PRIVATE = "android.os.usertype.profile.PRIVATE"; 188 189 /** 190 * User type representing a generic profile for testing purposes. Only on debuggable builds. 191 * @hide 192 */ 193 public static final String USER_TYPE_PROFILE_TEST = "android.os.usertype.profile.TEST"; 194 195 /** 196 * User type representing a communal profile, which is shared by all users of the device. 197 * @hide 198 */ 199 public static final String USER_TYPE_PROFILE_COMMUNAL = "android.os.usertype.profile.COMMUNAL"; 200 201 /** 202 * User type representing a {@link UserHandle#USER_SYSTEM system} user that is <b>not</b> a 203 * human user. 204 * This type of user cannot be created; it can only pre-exist on first boot. 205 * @hide 206 */ 207 @SystemApi 208 public static final String USER_TYPE_SYSTEM_HEADLESS = "android.os.usertype.system.HEADLESS"; 209 210 /** 211 * Flag passed to {@link #requestQuietModeEnabled} to request disabling quiet mode only if 212 * there is no need to confirm the user credentials. If credentials are required to disable 213 * quiet mode, {@link #requestQuietModeEnabled} will do nothing and return {@code false}. 214 */ 215 public static final int QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED = 0x1; 216 217 /** 218 * Flag passed to {@link #requestQuietModeEnabled} to request disabling quiet mode without 219 * asking for credentials. This is used when managed profile password is forgotten. It starts 220 * the user in locked state so that a direct boot aware DPC could reset the password. 221 * Should not be used together with 222 * {@link #QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED} or an exception will be thrown. 223 * This flag is currently only allowed for {@link #isManagedProfile() managed profiles}; 224 * usage on other profiles may result in an Exception. 225 * @hide 226 */ 227 public static final int QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL = 0x2; 228 229 /** 230 * List of flags available for the {@link #requestQuietModeEnabled} method. 231 * @hide 232 */ 233 @Retention(RetentionPolicy.SOURCE) 234 @IntDef(flag = true, prefix = { "QUIET_MODE_" }, value = { 235 QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED, 236 QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL}) 237 public @interface QuietModeFlag {} 238 239 /** 240 * @hide 241 * No user restriction. 242 */ 243 @SystemApi 244 public static final int RESTRICTION_NOT_SET = 0x0; 245 246 /** 247 * @hide 248 * User restriction set by system/user. 249 */ 250 @SystemApi 251 public static final int RESTRICTION_SOURCE_SYSTEM = 0x1; 252 253 /** 254 * @hide 255 * User restriction set by a device owner. 256 */ 257 @SystemApi 258 public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 0x2; 259 260 /** 261 * @hide 262 * User restriction set by a profile owner. 263 */ 264 @SystemApi 265 public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 0x4; 266 267 /** @removed mistakenly exposed as system-api previously */ 268 @Retention(RetentionPolicy.SOURCE) 269 @IntDef(flag = true, prefix = { "RESTRICTION_" }, value = { 270 RESTRICTION_NOT_SET, 271 RESTRICTION_SOURCE_SYSTEM, 272 RESTRICTION_SOURCE_DEVICE_OWNER, 273 RESTRICTION_SOURCE_PROFILE_OWNER 274 }) 275 public @interface UserRestrictionSource {} 276 277 /** 278 * Specifies if a user is disallowed from adding and removing accounts, unless they are 279 * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by 280 * Authenticator. 281 * The default value is <code>false</code>. 282 * 283 * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still 284 * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account 285 * management is disallowed. 286 * 287 * <p>Holders of the permission 288 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT} 289 * can set this restriction using the DevicePolicyManager APIs mentioned below. 290 * 291 * <p>Key for user restrictions. 292 * <p>Type: Boolean 293 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 294 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 295 * @see #getUserRestrictions() 296 */ 297 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 298 299 /** 300 * Specifies if a user is disallowed from changing Wi-Fi access points via Settings. This 301 * restriction does not affect Wi-Fi tethering settings. 302 * 303 * <p>A device owner and a profile owner can set this restriction, although the restriction has 304 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 305 * primary user or by a profile owner of an organization-owned managed profile on the parent 306 * profile, it disallows the primary user from changing Wi-Fi access points. 307 * 308 * <p>Holders of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_WIFI} 309 * can set this restriction using the DevicePolicyManager APIs mentioned below. 310 * 311 * <p>The default value is <code>false</code>. 312 * 313 * <p>Key for user restrictions. 314 * <p>Type: Boolean 315 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 316 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 317 * @see #getUserRestrictions() 318 */ 319 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 320 321 /** 322 * Specifies if a user is disallowed from enabling/disabling Wi-Fi. 323 * 324 * <p>This restriction can only be set by a device owner, 325 * a profile owner of an organization-owned managed profile on the parent profile. 326 * When it is set by any of these owners, it applies globally - i.e., it disables airplane mode 327 * from changing Wi-Fi state. 328 * 329 * <p>Holders of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_WIFI} 330 * can set this restriction using the DevicePolicyManager APIs mentioned below. 331 * 332 * <p>The default value is <code>false</code>. 333 * 334 * <p>Key for user restrictions. 335 * <p>Type: Boolean 336 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 337 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 338 * @see #getUserRestrictions() 339 */ 340 public static final String DISALLOW_CHANGE_WIFI_STATE = "no_change_wifi_state"; 341 342 /** 343 * Specifies if a user is disallowed from using Wi-Fi tethering. 344 * 345 * <p>This restriction does not limit the user's ability to modify or connect to regular 346 * Wi-Fi networks, which is separately controlled by {@link #DISALLOW_CONFIG_WIFI}. 347 * 348 * <p>This restriction can only be set by a device owner, 349 * a profile owner of an organization-owned managed profile on the parent profile. 350 * When it is set by any of these owners, it prevents all users from using 351 * Wi-Fi tethering. Other forms of tethering are not affected. 352 * 353 * <p>Holders of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_WIFI} 354 * can set this restriction using the DevicePolicyManager APIs mentioned below. 355 * 356 * This user restriction disables only Wi-Fi tethering. 357 * Use {@link #DISALLOW_CONFIG_TETHERING} to limit all forms of tethering. 358 * When {@link #DISALLOW_CONFIG_TETHERING} is set, this user restriction becomes obsolete. 359 * 360 * <p>The default value is <code>false</code>. 361 * 362 * <p>Key for user restrictions. 363 * <p>Type: Boolean 364 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 365 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 366 * @see #getUserRestrictions() 367 */ 368 public static final String DISALLOW_WIFI_TETHERING = "no_wifi_tethering"; 369 370 /** 371 * Restricts a user's ability to possess or grant admin privileges. 372 * 373 * <p>When set to <code>true</code>, this prevents the user from: 374 * <ul> 375 * <li>Becoming an admin</li> 376 * <li>Giving other users admin privileges</li> 377 * </ul> 378 * 379 * <p>This restriction is only effective in environments where multiple admins are allowed. 380 * 381 * <p>Key for user restrictions. Type: Boolean. Default: <code>false</code>. 382 * 383 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 384 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 385 * @see #getUserRestrictions() 386 */ 387 public static final String DISALLOW_GRANT_ADMIN = "no_grant_admin"; 388 389 /** 390 * Specifies if users are disallowed from sharing Wi-Fi for admin configured networks. 391 * 392 * <p>Device owner and profile owner can set this restriction. 393 * When it is set by any of these owners, it prevents all users from 394 * sharing Wi-Fi for networks configured by these owners. 395 * Other networks not configured by these owners are not affected. 396 * 397 * <p>Holders of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_WIFI} 398 * can set this restriction using the DevicePolicyManager APIs mentioned below. 399 * 400 * <p>The default value is <code>false</code>. 401 * 402 * <p>Key for user restrictions. 403 * <p>Type: Boolean 404 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 405 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 406 * @see #getUserRestrictions() 407 */ 408 public static final String DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI = 409 "no_sharing_admin_configured_wifi"; 410 411 /** 412 * Specifies if a user is disallowed from using Wi-Fi Direct. 413 * 414 * <p>This restriction can only be set by a device owner, 415 * a profile owner of an organization-owned managed profile on the parent profile. 416 * When it is set by any of these owners, it prevents all users from using 417 * Wi-Fi Direct. 418 * 419 * <p>Holders of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_WIFI} 420 * can set this restriction using the DevicePolicyManager APIs mentioned below. 421 * 422 * <p>The default value is <code>false</code>. 423 * 424 * <p>Key for user restrictions. 425 * <p>Type: Boolean 426 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 427 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 428 * @see #getUserRestrictions() 429 */ 430 public static final String DISALLOW_WIFI_DIRECT = "no_wifi_direct"; 431 432 /** 433 * Specifies if a user is disallowed from adding a new Wi-Fi configuration. 434 * 435 * <p>This restriction can only be set by a device owner, 436 * a profile owner of an organization-owned managed profile on the parent profile. 437 * When it is set by any of these owners, it prevents all users from adding 438 * a new Wi-Fi configuration. This does not limit the owner and carrier's ability 439 * to add a new configuration. 440 * 441 * <p>Holders of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_WIFI} 442 * can set this restriction using the DevicePolicyManager APIs mentioned below. 443 * 444 * <p>The default value is <code>false</code>. 445 * 446 * <p>Key for user restrictions. 447 * <p>Type: Boolean 448 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 449 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 450 * @see #getUserRestrictions() 451 */ 452 public static final String DISALLOW_ADD_WIFI_CONFIG = "no_add_wifi_config"; 453 454 /** 455 * Specifies if a user is disallowed from changing the device 456 * language. The default value is <code>false</code>. 457 * 458 * <p>Holders of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCALE} 459 * can set this restriction using the DevicePolicyManager APIs mentioned below. 460 * 461 * <p>Key for user restrictions. 462 * <p>Type: Boolean 463 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 464 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 465 * @see #getUserRestrictions() 466 */ 467 public static final String DISALLOW_CONFIG_LOCALE = "no_config_locale"; 468 469 /** 470 * Specifies if a user is disallowed from installing applications. This user restriction also 471 * prevents device owners and profile owners installing apps. The default value is 472 * {@code false}. 473 * 474 * <p>Holders of the permission 475 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_APPS_CONTROL} 476 * can set this restriction using the DevicePolicyManager APIs mentioned below. 477 * 478 * <p>Key for user restrictions. 479 * <p>Type: Boolean 480 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 481 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 482 * @see #getUserRestrictions() 483 */ 484 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 485 486 /** 487 * Specifies if a user is disallowed from uninstalling applications. 488 * The default value is <code>false</code>. 489 * 490 * <p>Holders of the permission 491 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_APPS_CONTROL} 492 * can set this restriction using the DevicePolicyManager APIs mentioned below. 493 * 494 * <p>Key for user restrictions. 495 * <p>Type: Boolean 496 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 497 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 498 * @see #getUserRestrictions() 499 */ 500 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 501 502 /** 503 * Specifies if a user is disallowed from turning on location sharing. 504 * 505 * <p>In a managed profile, location sharing by default reflects the primary user's setting, but 506 * can be overridden and forced off by setting this restriction to true in the managed profile. 507 * 508 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 509 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 510 * managed profile on the parent profile, it prevents the primary user from turning on 511 * location sharing. 512 * 513 * <p>Holders of the permission 514 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCATION} 515 * can set this restriction using the DevicePolicyManager APIs mentioned below. 516 * 517 * <p>The default value is <code>false</code>. 518 * 519 * <p>Key for user restrictions. 520 * <p>Type: Boolean 521 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 522 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 523 * @see #getUserRestrictions() 524 */ 525 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 526 527 /** 528 * Specifies if airplane mode is disallowed on the device. 529 * 530 * <p>This restriction can only be set by a device owner, a profile owner on the primary 531 * user or a profile owner of an organization-owned managed profile on the parent profile. 532 * When it is set by any of these owners, it applies globally - i.e., it disables airplane mode 533 * on the entire device. 534 * 535 * <p>Holders of the permission 536 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_AIRPLANE_MODE} 537 * can set this restriction using the DevicePolicyManager APIs mentioned below. 538 * 539 * <p>The default value is <code>false</code>. 540 * 541 * <p>Key for user restrictions. 542 * <p>Type: Boolean 543 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 544 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 545 * @see #getUserRestrictions() 546 */ 547 public static final String DISALLOW_AIRPLANE_MODE = "no_airplane_mode"; 548 549 /** 550 * Specifies if a user is disallowed from configuring brightness. When device owner sets it, 551 * it'll only be applied on the target(system) user. 552 * 553 * <p>The default value is <code>false</code>. 554 * 555 * <p>Holders of the permission 556 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_DISPLAY} 557 * can set this restriction using the DevicePolicyManager APIs mentioned below. 558 * 559 * <p>This user restriction has no effect on managed profiles. 560 * <p>Key for user restrictions. 561 * <p>Type: Boolean 562 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 563 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 564 * @see #getUserRestrictions() 565 */ 566 public static final String DISALLOW_CONFIG_BRIGHTNESS = "no_config_brightness"; 567 568 /** 569 * Specifies if ambient display is disallowed for the user. 570 * 571 * <p>The default value is <code>false</code>. 572 * 573 * <p>Holders of the permission 574 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_DISPLAY} 575 * can set this restriction using the DevicePolicyManager APIs mentioned below. 576 * 577 * <p>This user restriction has no effect on managed profiles. 578 * <p>Key for user restrictions. 579 * <p>Type: Boolean 580 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 581 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 582 * @see #getUserRestrictions() 583 */ 584 public static final String DISALLOW_AMBIENT_DISPLAY = "no_ambient_display"; 585 586 /** 587 * Specifies if a user is disallowed from changing screen off timeout. 588 * 589 * <p>The default value is <code>false</code>. 590 * 591 * <p>Holders of the permission 592 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_DISPLAY} 593 * can set this restriction using the DevicePolicyManager APIs mentioned below. 594 * 595 * <p>This user restriction has no effect on managed profiles. 596 * <p>Key for user restrictions. 597 * <p>Type: Boolean 598 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 599 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 600 * @see #getUserRestrictions() 601 */ 602 public static final String DISALLOW_CONFIG_SCREEN_TIMEOUT = "no_config_screen_timeout"; 603 604 /** 605 * Specifies if a user is disallowed from enabling the 606 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 607 * Unknown sources exclude adb and special apps such as trusted app stores. 608 * The default value is <code>false</code>. 609 * 610 * <p>Holders of the permission 611 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES} 612 * can set this restriction using the DevicePolicyManager APIs mentioned below. 613 * 614 * <p>Key for user restrictions. 615 * <p>Type: Boolean 616 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 617 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 618 * @see #getUserRestrictions() 619 */ 620 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 621 622 /** 623 * This restriction is a device-wide version of {@link #DISALLOW_INSTALL_UNKNOWN_SOURCES}. 624 * 625 * Specifies if all users on the device are disallowed from enabling the 626 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 627 * 628 * This restriction can be enabled by the profile owner, in which case all accounts and 629 * profiles will be affected. 630 * 631 * <p>Holders of the permission 632 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES} 633 * can set this restriction using the DevicePolicyManager APIs mentioned below. 634 * 635 * The default value is <code>false</code>. 636 * 637 * <p>Key for user restrictions. 638 * <p>Type: Boolean 639 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 640 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 641 * @see #getUserRestrictions() 642 */ 643 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY = 644 "no_install_unknown_sources_globally"; 645 646 /** 647 * Specifies if a user is disallowed from configuring bluetooth via Settings. This does 648 * <em>not</em> restrict the user from turning bluetooth on or off. 649 * 650 * <p>This restriction doesn't prevent the user from using bluetooth. For disallowing usage of 651 * bluetooth completely on the device, use {@link #DISALLOW_BLUETOOTH}. 652 * 653 * <p>A device owner and a profile owner can set this restriction, although the restriction has 654 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 655 * primary user or by a profile owner of an organization-owned managed profile on the parent 656 * profile, it disallows the primary user from configuring bluetooth. 657 * 658 * <p>Holders of the permission 659 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_BLUETOOTH} 660 * can set this restriction using the DevicePolicyManager APIs mentioned below. 661 * 662 * <p>The default value is <code>false</code>. 663 * 664 * <p>Key for user restrictions. 665 * <p>Type: Boolean 666 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 667 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 668 * @see #getUserRestrictions() 669 */ 670 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 671 672 /** 673 * Specifies if bluetooth is disallowed on the device. If bluetooth is disallowed on the device, 674 * bluetooth cannot be turned on or configured via Settings. 675 * 676 * <p>This restriction can only be set by a device owner, a profile owner on the primary 677 * user or a profile owner of an organization-owned managed profile on the parent profile. 678 * When it is set by a device owner, it applies globally - i.e., it disables bluetooth on 679 * the entire device and all users will be affected. When it is set by a profile owner on the 680 * primary user or by a profile owner of an organization-owned managed profile on the parent 681 * profile, it disables the primary user from using bluetooth and configuring bluetooth 682 * in Settings. 683 * 684 * <p>Holders of the permission 685 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_BLUETOOTH} 686 * can set this restriction using the DevicePolicyManager APIs mentioned below. 687 * 688 * <p>The default value is <code>false</code>. 689 * 690 * <p>Key for user restrictions. 691 * <p>Type: Boolean 692 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 693 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 694 * @see #getUserRestrictions() 695 */ 696 public static final String DISALLOW_BLUETOOTH = "no_bluetooth"; 697 698 /** 699 * Specifies if outgoing bluetooth sharing is disallowed. 700 * 701 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 702 * owner, it applies globally. When it is set by a profile owner on the primary user or by a 703 * profile owner of an organization-owned managed profile on the parent profile, it disables 704 * the primary user from any outgoing bluetooth sharing. 705 * 706 * <p>Holders of the permission 707 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_BLUETOOTH} 708 * can set this restriction using the DevicePolicyManager APIs mentioned below. 709 * 710 * <p>Default is <code>true</code> for managed and private profiles, false otherwise. 711 * 712 * <p>When a device upgrades to {@link android.os.Build.VERSION_CODES#O}, the system sets it 713 * for all existing managed profiles. 714 * 715 * <p>Key for user restrictions. 716 * <p>Type: Boolean 717 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 718 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 719 * @see #getUserRestrictions() 720 */ 721 public static final String DISALLOW_BLUETOOTH_SHARING = "no_bluetooth_sharing"; 722 723 /** 724 * Specifies if a user is disallowed from transferring files over USB. 725 * 726 * <p>This restriction can only be set by a <a href="https://developers.google.com/android/work/terminology#device_owner_do"> 727 * device owner</a> or a <a href="https://developers.google.com/android/work/terminology#profile_owner_po"> 728 * profile owner</a> on the primary user's profile or a profile owner of an organization-owned 729 * <a href="https://developers.google.com/android/work/terminology#managed_profile"> 730 * managed profile</a> on the parent profile. 731 * When it is set by a device owner, it applies globally. When it is set by a profile owner 732 * on the primary user or by a profile owner of an organization-owned managed profile on 733 * the parent profile, it disables the primary user from transferring files over USB. No other 734 * user on the device is able to use file transfer over USB because the UI for file transfer 735 * is always associated with the primary user. 736 * 737 * <p>Holders of the permission 738 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER} 739 * can set this restriction using the DevicePolicyManager APIs mentioned below. 740 * 741 * <p>The default value is <code>false</code>. 742 * 743 * <p>Key for user restrictions. 744 * <p>Type: Boolean 745 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 746 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 747 * @see #getUserRestrictions() 748 */ 749 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 750 751 /** 752 * Specifies if a user is disallowed from configuring user 753 * credentials. The default value is <code>false</code>. 754 * 755 * <p>Holders of the permission 756 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS} 757 * can set this restriction using the DevicePolicyManager APIs mentioned below. 758 * 759 * <p>Key for user restrictions. 760 * <p>Type: Boolean 761 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 762 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 763 * @see #getUserRestrictions() 764 */ 765 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 766 767 /** 768 * When set on the admin user this specifies if the user can remove users. 769 * When set on a non-admin secondary user, this specifies if the user can remove itself. 770 * This restriction has no effect on managed profiles. 771 * The default value is <code>false</code>. 772 * 773 * <p>Holders of the permission 774 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MODIFY_USERS} 775 * can set this restriction using the DevicePolicyManager APIs mentioned below. 776 * 777 * <p>Key for user restrictions. 778 * <p>Type: Boolean 779 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 780 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 781 * @see #getUserRestrictions() 782 */ 783 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 784 785 /** 786 * Specifies if managed profiles of this user can be removed, other than by its profile owner. 787 * The default value is <code>false</code>. 788 * <p> 789 * This restriction has no effect on managed profiles. 790 * 791 * <p>Key for user restrictions. 792 * <p>Type: Boolean 793 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 794 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 795 * @see #getUserRestrictions() 796 * @deprecated As the ability to have a managed profile on a fully-managed device has been 797 * removed from the platform, this restriction will be silently ignored when applied by the 798 * device owner. 799 * When the device is provisioned with a managed profile on an organization-owned device, 800 * the managed profile could not be removed anyway. 801 */ 802 @Deprecated 803 public static final String DISALLOW_REMOVE_MANAGED_PROFILE = "no_remove_managed_profile"; 804 805 /** 806 * Specifies if a user is disallowed from enabling or accessing debugging features. 807 * 808 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 809 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 810 * managed profile on the parent profile, it disables debugging features altogether, including 811 * USB debugging. When set on a managed profile or a secondary user, it blocks debugging for 812 * that user only, including starting activities, making service calls, accessing content 813 * providers, sending broadcasts, installing/uninstalling packages, clearing user data, etc. 814 * 815 * <p>Holders of the permission 816 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES} 817 * can set this restriction using the DevicePolicyManager APIs mentioned below. 818 * 819 * <p>The default value is <code>false</code>. 820 * 821 * <p>Key for user restrictions. 822 * <p>Type: Boolean 823 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 824 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 825 * @see #getUserRestrictions() 826 */ 827 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features"; 828 829 /** 830 * Specifies if a user is disallowed from configuring a VPN. The default value is 831 * <code>false</code>. This restriction has an effect when set by device owners and, in Android 832 * 6.0 ({@linkplain android.os.Build.VERSION_CODES#M API level 23}) or higher, profile owners. 833 * <p>This restriction also prevents VPNs from starting. However, in Android 7.0 834 * ({@linkplain android.os.Build.VERSION_CODES#N API level 24}) or higher, the system does 835 * start always-on VPNs created by the device or profile owner. 836 * <p>From Android 12 ({@linkplain android.os.Build.VERSION_CODES#S API level 31}) enforcing 837 * this restriction clears currently active VPN if it was configured by the user. 838 * 839 * <p>Holders of the permission 840 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_VPN} 841 * can set this restriction using the DevicePolicyManager APIs mentioned below. 842 * 843 * <p>Key for user restrictions. 844 * <p>Type: Boolean 845 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 846 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 847 * @see #getUserRestrictions() 848 */ 849 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn"; 850 851 /** 852 * Specifies if a user is disallowed from enabling or disabling location providers. As a 853 * result, user is disallowed from turning on or off location via Settings. 854 * 855 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 856 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 857 * managed profile on the parent profile, it disallows the primary user from turning location 858 * on or off. 859 * 860 * <p>Holders of the permission 861 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCATION} 862 * can set this restriction using the DevicePolicyManager APIs mentioned below. 863 * 864 * <p>The default value is <code>false</code>. 865 * 866 * <p>This user restriction is different from {@link #DISALLOW_SHARE_LOCATION}, 867 * as a device owner or a profile owner can still enable or disable location mode via 868 * {@link DevicePolicyManager#setLocationEnabled} when this restriction is on. 869 * 870 * <p>Key for user restrictions. 871 * <p>Type: Boolean 872 * @see LocationManager#isLocationEnabled() 873 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 874 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 875 * @see #getUserRestrictions() 876 */ 877 public static final String DISALLOW_CONFIG_LOCATION = "no_config_location"; 878 879 /** 880 * Specifies configuring date, time and timezone is disallowed via Settings. 881 * 882 * <p>A device owner and a profile owner can set this restriction, although the restriction has 883 * no effect in a managed profile. When it is set by a device owner or by a profile owner of an 884 * organization-owned managed profile on the parent profile, it applies globally - i.e., 885 * it disables date, time and timezone setting on the entire device and all users are affected. 886 * When it is set by a profile owner on the primary user, it disables the primary user 887 * from configuring date, time and timezone and disables all configuring of date, time and 888 * timezone in Settings. 889 * 890 * <p>Holders of the permission 891 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_TIME} 892 * can set this restriction using the DevicePolicyManager APIs mentioned below. 893 * 894 * <p>The default value is <code>false</code>. 895 * 896 * <p>Key for user restrictions. 897 * <p>Type: Boolean 898 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 899 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 900 * @see #getUserRestrictions() 901 */ 902 public static final String DISALLOW_CONFIG_DATE_TIME = "no_config_date_time"; 903 904 /** 905 * Specifies if a user is disallowed from using and configuring Tethering and portable hotspots 906 * via Settings. 907 * 908 * <p>This restriction can only be set by a device owner, a profile owner on the primary 909 * user or a profile owner of an organization-owned managed profile on the parent profile. 910 * When it is set by a device owner, it applies globally. When it is set by a profile owner 911 * on the primary user or by a profile owner of an organization-owned managed profile on 912 * the parent profile, it disables the primary user from using Tethering and hotspots and 913 * disables all configuring of Tethering and hotspots in Settings. 914 * 915 * <p>Holders of the permission 916 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MOBILE_NETWORK} 917 * can set this restriction using the DevicePolicyManager APIs mentioned below. 918 * 919 * <p>The default value is <code>false</code>. 920 * 921 * <p>In Android 9.0 or higher, if tethering is enabled when this restriction is set, 922 * tethering will be automatically turned off. 923 * 924 * <p>Key for user restrictions. 925 * <p>Type: Boolean 926 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 927 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 928 * @see #getUserRestrictions() 929 */ 930 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering"; 931 932 /** 933 * Specifies if a user is disallowed from resetting network settings 934 * from Settings. This can only be set by device owners and profile owners on the primary user. 935 * The default value is <code>false</code>. 936 * <p>This restriction has no effect on secondary users and managed profiles since only the 937 * primary user can reset the network settings of the device. 938 * 939 * <p>Holders of the permission 940 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MOBILE_NETWORK} 941 * can set this restriction using the DevicePolicyManager APIs mentioned below. 942 * 943 * <p>Key for user restrictions. 944 * <p>Type: Boolean 945 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 946 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 947 * @see #getUserRestrictions() 948 */ 949 public static final String DISALLOW_NETWORK_RESET = "no_network_reset"; 950 951 /** 952 * Specifies if a user is disallowed from factory resetting from Settings. 953 * This can only be set by device owners and profile owners on an admin user. 954 * The default value is <code>false</code>. 955 * <p>This restriction has no effect on non-admin users since they cannot factory reset the 956 * device. 957 * 958 * <p>Holders of the permission 959 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_FACTORY_RESET} 960 * can set this restriction using the DevicePolicyManager APIs mentioned below. 961 * 962 * <p>Key for user restrictions. 963 * <p>Type: Boolean 964 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 965 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 966 * @see #getUserRestrictions() 967 */ 968 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset"; 969 970 /** 971 * Specifies if a user is disallowed from adding new users. This can only be set by device 972 * owners or profile owners on the primary user. The default value is <code>false</code>. 973 * <p>This restriction has no effect on secondary users and managed profiles since only the 974 * primary user can add other users. 975 * <p> When the device is an organization-owned device provisioned with a managed profile, 976 * this restriction will be set as a base restriction which cannot be removed by any admin. 977 * 978 * <p>Holders of the permission 979 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MODIFY_USERS} 980 * can set this restriction using the DevicePolicyManager APIs mentioned below. 981 * 982 * <p>Key for user restrictions. 983 * <p>Type: Boolean 984 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 985 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 986 * @see #getUserRestrictions() 987 */ 988 public static final String DISALLOW_ADD_USER = "no_add_user"; 989 990 /** 991 * Specifies if a user is disallowed from adding managed profiles. 992 * <p>The default value for an unmanaged user is <code>false</code>. 993 * For users with a device owner set, the default is <code>true</code>. 994 * <p>This restriction has no effect on managed profiles. 995 * 996 * <p>Key for user restrictions. 997 * <p>Type: Boolean 998 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 999 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1000 * @see #getUserRestrictions() 1001 * @deprecated As the ability to have a managed profile on a fully-managed device has been 1002 * removed from the platform, this restriction will be silently ignored when applied by the 1003 * device owner. 1004 */ 1005 @Deprecated 1006 public static final String DISALLOW_ADD_MANAGED_PROFILE = "no_add_managed_profile"; 1007 1008 /** 1009 * Specifies if a user is disallowed from creating clone profile. 1010 * <p>The default value for an unmanaged user is <code>false</code>. 1011 * For users with a device owner set, the default is <code>true</code>. 1012 * 1013 * <p>Holders of the permission 1014 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILES} 1015 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1016 * 1017 * <p>Key for user restrictions. 1018 * <p>Type: Boolean 1019 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1020 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1021 * @see #getUserRestrictions() 1022 * @hide 1023 */ 1024 public static final String DISALLOW_ADD_CLONE_PROFILE = "no_add_clone_profile"; 1025 1026 /** 1027 * Specifies if a user is disallowed from creating a private profile. 1028 * <p>The default value for an unmanaged user is <code>false</code>. 1029 * For users with a device owner set, the default value is <code>true</code> and the 1030 * device owner currently cannot change it to <code>false</code>. 1031 * On organization-owned managed profile devices, the default value is <code>false</code> but 1032 * the profile owner can change it to <code>true</code> via the parent profile to block creating 1033 * of private profiles on the personal user. 1034 * 1035 * <p>Holders of the permission 1036 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILES} 1037 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1038 * 1039 * <p>Key for user restrictions. 1040 * <p>Type: Boolean 1041 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1042 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1043 * @see DevicePolicyManager#getParentProfileInstance(ComponentName) 1044 * @see #getUserRestrictions() 1045 */ 1046 @FlaggedApi(android.os.Flags.FLAG_ALLOW_PRIVATE_PROFILE) 1047 public static final String DISALLOW_ADD_PRIVATE_PROFILE = "no_add_private_profile"; 1048 1049 /** 1050 * Specifies if a user is disallowed from disabling application verification. The default 1051 * value is <code>false</code>. 1052 * 1053 * <p>In Android 8.0 ({@linkplain android.os.Build.VERSION_CODES#O API level 26}) and higher, 1054 * this is a global user restriction. If a device owner or profile owner sets this restriction, 1055 * the system enforces app verification across all users on the device. Running in earlier 1056 * Android versions, this restriction affects only the profile that sets it. 1057 * 1058 * <p>Holders of the permission 1059 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES} 1060 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1061 * 1062 * <p>Key for user restrictions. 1063 * <p>Type: Boolean 1064 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1065 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1066 * @see #getUserRestrictions() 1067 */ 1068 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps"; 1069 1070 /** 1071 * Specifies if a user is disallowed from configuring cell broadcasts. 1072 * 1073 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1074 * user or a profile owner of an organization-owned managed profile on the parent profile. 1075 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1076 * on the primary user or by a profile owner of an organization-owned managed profile on 1077 * the parent profile, it disables the primary user from configuring cell broadcasts. 1078 * 1079 * <p>Holders of the permission 1080 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MOBILE_NETWORK} 1081 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1082 * 1083 * <p>The default value is <code>false</code>. 1084 * 1085 * <p>This restriction has no effect on secondary users and managed profiles since only the 1086 * primary user can configure cell broadcasts. 1087 * 1088 * <p>Key for user restrictions. 1089 * <p>Type: Boolean 1090 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1091 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1092 * @see #getUserRestrictions() 1093 */ 1094 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts"; 1095 1096 /** 1097 * Specifies if a user is disallowed from configuring mobile networks. 1098 * 1099 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1100 * user or a profile owner of an organization-owned managed profile on the parent profile. 1101 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1102 * on the primary user or by a profile owner of an organization-owned managed profile on 1103 * the parent profile, it disables the primary user from configuring mobile networks. 1104 * 1105 * <p>Holders of the permission 1106 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MOBILE_NETWORK} 1107 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1108 * 1109 * <p>The default value is <code>false</code>. 1110 * 1111 * <p>This restriction has no effect on secondary users and managed profiles since only the 1112 * primary user can configure mobile networks. 1113 * 1114 * <p>Key for user restrictions. 1115 * <p>Type: Boolean 1116 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1117 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1118 * @see #getUserRestrictions() 1119 */ 1120 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks"; 1121 1122 /** 1123 * Specifies if a user is disallowed from modifying 1124 * applications in Settings or launchers. The following actions will not be allowed when this 1125 * restriction is enabled: 1126 * <li>uninstalling apps</li> 1127 * <li>disabling apps</li> 1128 * <li>clearing app caches</li> 1129 * <li>clearing app data</li> 1130 * <li>force stopping apps</li> 1131 * <li>clearing app defaults</li> 1132 * <p> 1133 * The default value is <code>false</code>. 1134 * 1135 * <p><strong>Note:</strong> The user will still be able to perform those actions via other 1136 * means (such as adb). Third party apps will also be able to uninstall apps via the 1137 * {@link android.content.pm.PackageInstaller}. {@link #DISALLOW_UNINSTALL_APPS} or 1138 * {@link DevicePolicyManager#setUninstallBlocked(ComponentName, String, boolean)} should be 1139 * used to prevent the user from uninstalling apps completely, and 1140 * {@link DevicePolicyManager#addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName)} 1141 * to add a default intent handler for a given intent filter. 1142 * 1143 * <p>Holders of the permission 1144 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_APPS_CONTROL} 1145 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1146 * 1147 * <p>Key for user restrictions. 1148 * <p>Type: Boolean 1149 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1150 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1151 * @see #getUserRestrictions() 1152 */ 1153 public static final String DISALLOW_APPS_CONTROL = "no_control_apps"; 1154 1155 /** 1156 * Specifies if a user is disallowed from mounting physical external media. 1157 * 1158 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1159 * user or a profile owner of an organization-owned managed profile on the parent profile. 1160 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1161 * on the primary user or by a profile owner of an organization-owned managed profile on 1162 * the parent profile, it disables the primary user from mounting physical external media. 1163 * 1164 * <p>Holders of the permission 1165 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_PHYSICAL_MEDIA} 1166 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1167 * 1168 * <p>The default value is <code>false</code>. 1169 * 1170 * <p>Key for user restrictions. 1171 * <p>Type: Boolean 1172 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1173 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1174 * @see #getUserRestrictions() 1175 */ 1176 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media"; 1177 1178 /** 1179 * Specifies if a user is disallowed from adjusting microphone volume. If set, the microphone 1180 * will be muted. 1181 * 1182 * <p>A device owner and a profile owner can set this restriction, although the restriction has 1183 * no effect in a managed profile. When it is set by a device owner, it applies globally. When 1184 * it is set by a profile owner on the primary user or by a profile owner of an 1185 * organization-owned managed profile on the parent profile, it will disallow the primary user 1186 * from adjusting the microphone volume. 1187 * 1188 * <p>Holders of the permission 1189 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MICROPHONE} 1190 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1191 * 1192 * <p>The default value is <code>false</code>. 1193 * 1194 * <p>Key for user restrictions. 1195 * <p>Type: Boolean 1196 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1197 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1198 * @see #getUserRestrictions() 1199 */ 1200 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone"; 1201 1202 /** 1203 * Specifies if a user is disallowed from adjusting the global volume. If set, the global volume 1204 * will be muted. This can be set by device owners from API 21 and profile owners from API 24. 1205 * The default value is <code>false</code>. 1206 * 1207 * <p>When the restriction is set by profile owners, then it only applies to relevant 1208 * profiles. 1209 * 1210 * <p>Holders of the permission 1211 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_AUDIO_OUTPUT} 1212 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1213 * 1214 * <p>This restriction has no effect on managed profiles. 1215 * <p>Key for user restrictions. 1216 * <p>Type: Boolean 1217 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1218 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1219 * @see #getUserRestrictions() 1220 */ 1221 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume"; 1222 1223 /** 1224 * Specifies that the user is not allowed to make outgoing phone calls. Emergency calls are 1225 * still permitted. 1226 * 1227 * <p>A device owner and a profile owner can set this restriction, although the restriction has 1228 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 1229 * primary user or by a profile owner of an organization-owned managed profile on the parent 1230 * profile, it disallows the primary user from making outgoing phone calls. 1231 * 1232 * <p>Holders of the permission 1233 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_CALLS} 1234 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1235 * 1236 * <p>The default value is <code>false</code>. 1237 * 1238 * <p>Key for user restrictions. 1239 * <p>Type: Boolean 1240 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1241 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1242 * @see #getUserRestrictions() 1243 */ 1244 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls"; 1245 1246 /** 1247 * Specifies that the user is not allowed to send or receive SMS messages. 1248 * 1249 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1250 * user or a profile owner of an organization-owned managed profile on the parent profile. 1251 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1252 * on the primary user or by a profile owner of an organization-owned managed profile on 1253 * the parent profile, it disables the primary user from sending or receiving SMS messages. 1254 * 1255 * <p>Holders of the permission 1256 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_SMS} 1257 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1258 * 1259 * <p>The default value is <code>false</code>. 1260 * 1261 * <p>Key for user restrictions. 1262 * <p>Type: Boolean 1263 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1264 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1265 * @see #getUserRestrictions() 1266 */ 1267 public static final String DISALLOW_SMS = "no_sms"; 1268 1269 /** 1270 * Specifies if the user is not allowed to have fun. In some cases, the 1271 * device owner may wish to prevent the user from experiencing amusement or 1272 * joy while using the device. The default value is <code>false</code>. 1273 * 1274 * <p>Holders of the permission 1275 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_FUN} 1276 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1277 * 1278 * <p>Key for user restrictions. 1279 * <p>Type: Boolean 1280 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1281 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1282 * @see #getUserRestrictions() 1283 */ 1284 public static final String DISALLOW_FUN = "no_fun"; 1285 1286 /** 1287 * Specifies that windows besides app windows should not be 1288 * created. This will block the creation of the following types of windows. 1289 * <li>{@link LayoutParams#TYPE_TOAST}</li> 1290 * <li>{@link LayoutParams#TYPE_APPLICATION_OVERLAY}</li> 1291 * 1292 * <p>This can only be set by device owners and profile owners on the primary user. 1293 * The default value is <code>false</code>. 1294 * 1295 * <p>Holders of the permission 1296 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_WINDOWS} 1297 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1298 * 1299 * <p>Key for user restrictions. 1300 * <p>Type: Boolean 1301 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1302 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1303 * @see #getUserRestrictions() 1304 */ 1305 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows"; 1306 1307 /** 1308 * Specifies that system error dialogs for crashed or unresponsive apps should not be shown. 1309 * In this case, the system will force-stop the app as if the user chooses the "close app" 1310 * option on the UI. A feedback report isn't collected as there is no way for the user to 1311 * provide explicit consent. The default value is <code>false</code>. 1312 * 1313 * <p>When this user restriction is set by device owners, it's applied to all users. When set by 1314 * the profile owner of the primary user or a secondary user, the restriction affects only the 1315 * calling user. This user restriction has no effect on managed profiles. 1316 * 1317 * <p>Holders of the permission 1318 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_SYSTEM_DIALOGS} 1319 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1320 * 1321 * <p>Key for user restrictions. 1322 * <p>Type: Boolean 1323 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1324 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1325 * @see #getUserRestrictions() 1326 */ 1327 public static final String DISALLOW_SYSTEM_ERROR_DIALOGS = "no_system_error_dialogs"; 1328 1329 /** 1330 * Specifies if the clipboard contents can be exported by pasting the data into other users or 1331 * profiles. This restriction doesn't prevent import, such as someone pasting clipboard data 1332 * from other profiles or users. The default value is {@code false}. 1333 * 1334 * <p><strong>Note</strong>: Because it's possible to extract data from screenshots using 1335 * optical character recognition (OCR), we strongly recommend combining this user restriction 1336 * with {@link DevicePolicyManager#setScreenCaptureDisabled(ComponentName, boolean)}. 1337 * 1338 * <p>Holders of the permission 1339 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION} 1340 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1341 * 1342 * <p>Key for user restrictions. 1343 * <p>Type: Boolean 1344 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1345 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1346 * @see #getUserRestrictions() 1347 */ 1348 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste"; 1349 1350 /** 1351 * Specifies if the user is not allowed to use NFC to beam out data from apps. 1352 * The default value is <code>false</code>. 1353 * 1354 * <p>Holders of the permission 1355 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION} 1356 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1357 * 1358 * <p>Key for user restrictions. 1359 * <p>Type: Boolean 1360 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1361 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1362 * @see #getUserRestrictions() 1363 */ 1364 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam"; 1365 1366 /** 1367 * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction 1368 * generally means that wallpapers are not supported for the particular user. This user 1369 * restriction is always set for managed profiles, because such profiles don't have wallpapers. 1370 * @hide 1371 * @see #DISALLOW_SET_WALLPAPER 1372 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1373 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1374 * @see #getUserRestrictions() 1375 */ 1376 public static final String DISALLOW_WALLPAPER = "no_wallpaper"; 1377 1378 /** 1379 * User restriction to disallow setting a wallpaper. Profile owner and device owner 1380 * are able to set wallpaper regardless of this restriction. 1381 * The default value is <code>false</code>. 1382 * 1383 * <p>Holders of the permission 1384 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_WALLPAPER} 1385 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1386 * 1387 * <p>Key for user restrictions. 1388 * <p>Type: Boolean 1389 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1390 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1391 * @see #getUserRestrictions() 1392 */ 1393 public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper"; 1394 1395 /** 1396 * Specifies if the user is not allowed to reboot the device into safe boot mode. 1397 * 1398 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1399 * user or a profile owner of an organization-owned managed profile on the parent profile. 1400 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1401 * on the primary user or by a profile owner of an organization-owned managed profile on 1402 * the parent profile, it disables the primary user from rebooting the device into safe 1403 * boot mode. 1404 * 1405 * <p>Holders of the permission 1406 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_SAFE_BOOT} 1407 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1408 * 1409 * <p>The default value is <code>false</code>. 1410 * 1411 * <p>Key for user restrictions. 1412 * <p>Type: Boolean 1413 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1414 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1415 * @see #getUserRestrictions() 1416 */ 1417 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot"; 1418 1419 /** 1420 * Specifies if a user is not allowed to record audio. This restriction is always enabled for 1421 * background users. The default value is <code>false</code>. 1422 * 1423 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1424 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1425 * @see #getUserRestrictions() 1426 * @hide 1427 */ 1428 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) 1429 public static final String DISALLOW_RECORD_AUDIO = "no_record_audio"; 1430 1431 /** 1432 * Specifies if a user is not allowed to run in the background and should be stopped and locked 1433 * during user switch. The default value is <code>false</code>. 1434 * 1435 * <p>This restriction can be set by device owners and profile owners. 1436 * 1437 * <p>Holders of the permission 1438 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_RUN_IN_BACKGROUND} 1439 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1440 * 1441 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1442 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1443 * @see #getUserRestrictions() 1444 * @hide 1445 */ 1446 @SystemApi 1447 public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background"; 1448 1449 /** 1450 * Specifies if a user is not allowed to use the camera. 1451 * 1452 * <p>A device owner and a profile owner can set this restriction. When it is set by a 1453 * device owner, it applies globally - i.e., it disables the use of camera on the entire device 1454 * and all users are affected. When it is set by a profile owner on the primary user or by a 1455 * profile owner of an organization-owned managed profile on the parent profile, it disables 1456 * the primary user from using camera. 1457 * 1458 * <p>Holders of the permission 1459 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_CAMERA} 1460 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1461 * 1462 * <p>The default value is <code>false</code>. 1463 * 1464 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1465 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1466 * @see #getUserRestrictions() 1467 * @hide 1468 */ 1469 public static final String DISALLOW_CAMERA = "no_camera"; 1470 1471 /** 1472 * Specifies if a user is not allowed to unmute the device's global volume. 1473 * 1474 * <p>Holders of the permission 1475 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_AUDIO_OUTPUT} 1476 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1477 * 1478 * @see DevicePolicyManager#setMasterVolumeMuted(ComponentName, boolean) 1479 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1480 * @see #getUserRestrictions() 1481 * @hide 1482 */ 1483 public static final String DISALLOW_UNMUTE_DEVICE = "disallow_unmute_device"; 1484 1485 /** 1486 * Specifies if a user is not allowed to use cellular data when roaming. 1487 * 1488 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1489 * user or a profile owner of an organization-owned managed profile on the parent profile. 1490 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1491 * on the primary user or by a profile owner of an organization-owned managed profile on 1492 * the parent profile, it disables the primary user from using cellular data when roaming. 1493 * 1494 * <p>Holders of the permission 1495 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MOBILE_NETWORK} 1496 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1497 * 1498 * <p>The default value is <code>false</code>. 1499 * 1500 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1501 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1502 * @see #getUserRestrictions() 1503 */ 1504 public static final String DISALLOW_DATA_ROAMING = "no_data_roaming"; 1505 1506 /** 1507 * Specifies if a user is not allowed to change their icon. Device owner and profile owner 1508 * can set this restriction. When it is set by device owner, only the target user will be 1509 * affected. The default value is <code>false</code>. 1510 * 1511 * <p>Holders of the permission 1512 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MODIFY_USERS} 1513 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1514 * 1515 * <p>Key for user restrictions. 1516 * <p>Type: Boolean 1517 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1518 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1519 * @see #getUserRestrictions() 1520 */ 1521 public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon"; 1522 1523 /** 1524 * Specifies if a user is not allowed to enable the oem unlock setting. The default value is 1525 * <code>false</code>. Setting this restriction has no effect if the bootloader is already 1526 * unlocked. 1527 * 1528 * <p>Not for use by third-party applications. 1529 * 1530 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1531 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1532 * @see #getUserRestrictions() 1533 * @deprecated use {@link OemLockManager#setOemUnlockAllowedByCarrier(boolean, byte[])} instead. 1534 * @hide 1535 */ 1536 @Deprecated 1537 @SystemApi 1538 public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock"; 1539 1540 /** 1541 * Specifies that the managed profile is not allowed to have unified lock screen challenge with 1542 * the primary user. 1543 * 1544 * <p><strong>Note:</strong> Setting this restriction alone doesn't automatically set a 1545 * separate challenge. Profile owner can ask the user to set a new password using 1546 * {@link DevicePolicyManager#ACTION_SET_NEW_PASSWORD} and verify it using 1547 * {@link DevicePolicyManager#isUsingUnifiedPassword(ComponentName)}. 1548 * 1549 * <p>Can be set by profile owners. It only has effect on managed profiles when set by managed 1550 * profile owner. Has no effect on non-managed profiles or users. 1551 * 1552 * <p>Holders of the permission 1553 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS} 1554 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1555 * 1556 * <p>Key for user restrictions. 1557 * <p>Type: Boolean 1558 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1559 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1560 * @see #getUserRestrictions() 1561 */ 1562 public static final String DISALLOW_UNIFIED_PASSWORD = "no_unified_password"; 1563 1564 /** 1565 * Allows apps in the parent profile to handle web links from the managed profile. 1566 * 1567 * This user restriction has an effect only in a managed profile. 1568 * If set: 1569 * Intent filters of activities in the parent profile with action 1570 * {@link android.content.Intent#ACTION_VIEW}, 1571 * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which 1572 * define a host can handle intents from the managed profile. 1573 * 1574 * <p>Holders of the permission 1575 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILES} 1576 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1577 * 1578 * <p>The default value is <code>false</code>. 1579 * 1580 * <p>Key for user restrictions. 1581 * <p>Type: Boolean 1582 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1583 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1584 * @see #getUserRestrictions() 1585 */ 1586 public static final String ALLOW_PARENT_PROFILE_APP_LINKING 1587 = "allow_parent_profile_app_linking"; 1588 1589 /** 1590 * Specifies if a user is not allowed to use Autofill Services. 1591 * 1592 * <p>Device owner and profile owner can set this restriction. When it is set by device owner, 1593 * only the target user will be affected. 1594 * 1595 * <p>Holders of the permission 1596 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_AUTOFILL} 1597 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1598 * 1599 * <p>The default value is <code>false</code>. 1600 * 1601 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1602 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1603 * @see #getUserRestrictions() 1604 */ 1605 public static final String DISALLOW_AUTOFILL = "no_autofill"; 1606 1607 /** 1608 * Specifies if the contents of a user's screen is not allowed to be captured for artificial 1609 * intelligence purposes. 1610 * 1611 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 1612 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 1613 * managed profile on the parent profile, it disables the primary user's screen from being 1614 * captured for artificial intelligence purposes. 1615 * 1616 * <p>Holders of the permission 1617 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_SCREEN_CONTENT} 1618 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1619 * 1620 * <p>The default value is <code>false</code>. 1621 * 1622 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1623 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1624 * @see #getUserRestrictions() 1625 */ 1626 public static final String DISALLOW_CONTENT_CAPTURE = "no_content_capture"; 1627 1628 /** 1629 * Specifies if the current user is able to receive content suggestions for selections based on 1630 * the contents of their screen. 1631 * 1632 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 1633 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 1634 * managed profile on the parent profile, it disables the primary user from receiving content 1635 * suggestions for selections based on the contents of their screen. 1636 * 1637 * <p>Holders of the permission 1638 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_SCREEN_CONTENT} 1639 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1640 * 1641 * <p>The default value is <code>false</code>. 1642 * 1643 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1644 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1645 * @see #getUserRestrictions() 1646 */ 1647 public static final String DISALLOW_CONTENT_SUGGESTIONS = "no_content_suggestions"; 1648 1649 /** 1650 * Specifies if user switching is blocked on the current user. 1651 * 1652 * <p> This restriction can only be set by the device owner, it will be applied to all users. 1653 * Device owner can still switch user via 1654 * {@link DevicePolicyManager#switchUser(ComponentName, UserHandle)} when this restriction is 1655 * set. 1656 * 1657 * <p>Holders of the permission 1658 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MODIFY_USERS} 1659 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1660 * 1661 * <p>The default value is <code>false</code>. 1662 * 1663 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1664 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1665 * @see #getUserRestrictions() 1666 */ 1667 public static final String DISALLOW_USER_SWITCH = "no_user_switch"; 1668 1669 /** 1670 * Specifies whether the user can share file / picture / data from the primary user into the 1671 * managed profile, either by sending them from the primary side, or by picking up data within 1672 * an app in the managed profile. 1673 * <p> 1674 * When a managed profile is created, the system allows the user to send data from the primary 1675 * side to the profile by setting up certain default cross profile intent filters. If 1676 * this is undesired, this restriction can be set to disallow it. Note that this restriction 1677 * will not block any sharing allowed by explicit 1678 * {@link DevicePolicyManager#addCrossProfileIntentFilter} calls by the profile owner. 1679 * <p> 1680 * This restriction is only meaningful when set by profile owner. When it is set by device 1681 * owner, it does not have any effect. 1682 * <p> 1683 * 1684 * <p>Holders of the permission 1685 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_PROFILE_INTERACTION} 1686 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1687 * 1688 * <p>The default value is <code>false</code>. 1689 * 1690 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1691 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1692 * @see #getUserRestrictions() 1693 */ 1694 public static final String DISALLOW_SHARE_INTO_MANAGED_PROFILE = "no_sharing_into_profile"; 1695 1696 /** 1697 * Specifies whether the user is allowed to print. 1698 * 1699 * This restriction can be set by device or profile owner. 1700 * 1701 * <p>Holders of the permission 1702 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_PRINTING} 1703 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1704 * 1705 * The default value is {@code false}. 1706 * 1707 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1708 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1709 * @see #getUserRestrictions() 1710 */ 1711 public static final String DISALLOW_PRINTING = "no_printing"; 1712 1713 /** 1714 * Specifies whether the user is allowed to modify private DNS settings. 1715 * 1716 * <p>This restriction can only be set by a device owner or a profile owner of an 1717 * organization-owned managed profile on the parent profile. When it is set by either of these 1718 * owners, it applies globally. 1719 * 1720 * <p>Holders of the permission 1721 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_RESTRICT_PRIVATE_DNS} 1722 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1723 * 1724 * <p>The default value is <code>false</code>. 1725 * 1726 * <p>Key for user restrictions. 1727 * <p>Type: Boolean 1728 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1729 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1730 * @see #getUserRestrictions() 1731 */ 1732 public static final String DISALLOW_CONFIG_PRIVATE_DNS = 1733 "disallow_config_private_dns"; 1734 1735 /** 1736 * Specifies whether the microphone toggle is available to the user. If this restriction is set, 1737 * the user will not be able to block microphone access via the system toggle. If microphone 1738 * access is blocked when the restriction is added, it will be automatically re-enabled. 1739 * 1740 * This restriction can only be set by a device owner. 1741 * 1742 * <p>The default value is <code>false</code>. 1743 * 1744 * @see android.hardware.SensorPrivacyManager 1745 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1746 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1747 * @see #getUserRestrictions() 1748 */ 1749 public static final String DISALLOW_MICROPHONE_TOGGLE = 1750 "disallow_microphone_toggle"; 1751 1752 /** 1753 * Specifies whether the camera toggle is available to the user. If this restriction is set, 1754 * the user will not be able to block camera access via the system toggle. If camera 1755 * access is blocked when the restriction is added, it will be automatically re-enabled. 1756 * 1757 * This restriction can only be set by a device owner. 1758 * 1759 * <p>The default value is <code>false</code>. 1760 * 1761 * @see android.hardware.SensorPrivacyManager 1762 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1763 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1764 * @see #getUserRestrictions() 1765 */ 1766 public static final String DISALLOW_CAMERA_TOGGLE = 1767 "disallow_camera_toggle"; 1768 1769 /** 1770 * This is really not a user restriction in the normal sense. This can't be set to a user, 1771 * via UserManager nor via DevicePolicyManager. This is not even set in UserSettingsUtils. 1772 * This is defined here purely for convenience within the settings app. 1773 * 1774 * TODO(b/191306258): Refactor the Settings app to remove the need for this field, and delete it 1775 * 1776 * Specifies whether biometrics are available to the user. This is used internally only, 1777 * as a means of communications between biometric settings and 1778 * {@link com.android.settingslib.enterprise.ActionDisabledByAdminControllerFactory}. 1779 * 1780 * @see {@link android.hardware.biometrics.ParentalControlsUtilsInternal} 1781 * @see {@link com.android.settings.biometrics.ParentalControlsUtils} 1782 * 1783 * @hide 1784 */ 1785 public static final String DISALLOW_BIOMETRIC = "disallow_biometric"; 1786 1787 /** 1788 * Specifies whether the user is allowed to modify default apps in settings. 1789 * 1790 * <p>A device owner and a profile owner can set this restriction. When it is set by a 1791 * device owner, it applies globally - i.e., modifying of default apps in Settings for all 1792 * users is disallowed. When it is set by a profile owner on the primary user or by a profile 1793 * owner of an organization-owned managed profile on the parent profile, modifying of 1794 * default apps in Settings for the primary user is disallowed. 1795 * 1796 * <p>The default value is <code>false</code>. 1797 * 1798 * <p>Key for user restrictions. 1799 * <p>Type: Boolean 1800 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1801 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1802 * @see #getUserRestrictions() 1803 */ 1804 public static final String DISALLOW_CONFIG_DEFAULT_APPS = "disallow_config_default_apps"; 1805 1806 /** 1807 * Application restriction key that is used to indicate the pending arrival 1808 * of real restrictions for the app. 1809 * 1810 * <p> 1811 * Applications that support restrictions should check for the presence of this key. 1812 * A <code>true</code> value indicates that restrictions may be applied in the near 1813 * future but are not available yet. It is the responsibility of any 1814 * management application that sets this flag to update it when the final 1815 * restrictions are enforced. 1816 * 1817 * <p>Key for application restrictions. 1818 * <p>Type: Boolean 1819 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions( 1820 * android.content.ComponentName, String, Bundle) 1821 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions( 1822 * android.content.ComponentName, String) 1823 */ 1824 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending"; 1825 1826 /** 1827 * Specifies if a user is not allowed to use 2g networks. 1828 * 1829 * <p> This is a security feature. 2g has no mutual authentication between a device and 1830 * cellular base station and downgrading a device's connection to 2g is a common tactic for 1831 * several types of privacy and security compromising attacks that could allow an adversary 1832 * to intercept, inject, or modify cellular communications. 1833 * 1834 * <p>This restriction can only be set by a device owner or a profile owner of an 1835 * organization-owned managed profile on the parent profile. 1836 * In all cases, the setting applies globally on the device. 1837 * 1838 * <p> Cellular connectivity loss (where a device would have otherwise successfully 1839 * connected to a 2g network) occurs if the device is in an area where only 2g networks are 1840 * available. Emergency calls are an exception and are never impacted. The device will still 1841 * scan for and connect to a 2g network for emergency calls. 1842 * 1843 * <p>Holders of the permission 1844 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MOBILE_NETWORK} 1845 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1846 * 1847 * <p>The default value is <code>false</code>. 1848 * 1849 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1850 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1851 * @see #getUserRestrictions() 1852 */ 1853 public static final String DISALLOW_CELLULAR_2G = "no_cellular_2g"; 1854 1855 /** 1856 * This user restriction specifies if Ultra-wideband is disallowed on the device. If 1857 * Ultra-wideband is disallowed it cannot be turned on via Settings. 1858 * 1859 * <p> 1860 * Ultra-wideband (UWB) is a radio technology that can use a very low energy level 1861 * for short-range, high-bandwidth communications over a large portion of the radio spectrum. 1862 * 1863 * <p>This restriction can only be set by a device owner or a profile owner of an 1864 * organization-owned managed profile on the parent profile. 1865 * In both cases, the restriction applies globally on the device and will turn off the 1866 * ultra-wideband radio if it's currently on and prevent the radio from being turned on in 1867 * the future. 1868 * 1869 * <p>Holders of the permission 1870 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION} 1871 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1872 * 1873 * <p>Default is <code>false</code>. 1874 * 1875 * <p>Key for user restrictions. 1876 * <p>Type: Boolean 1877 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1878 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1879 * @see #getUserRestrictions() 1880 */ 1881 public static final String DISALLOW_ULTRA_WIDEBAND_RADIO = "no_ultra_wideband_radio"; 1882 1883 /** 1884 * This user restriction specifies if Near-field communication is disallowed on the device. If 1885 * Near-field communication is disallowed it cannot be turned on via Settings. 1886 * 1887 * <p>This restriction can only be set by a device owner or a profile owner of an 1888 * organization-owned managed profile on the parent profile. 1889 * In both cases, the restriction applies globally on the device and will turn off the 1890 * Near-field communication radio if it's currently on and prevent the radio from being turned 1891 * on in the future. 1892 * 1893 * <p> 1894 * Near-field communication (NFC) is a radio technology that allows two devices (like your phone 1895 * and a payments terminal) to communicate with each other when they're close together. 1896 * 1897 * <p>Default is <code>false</code>. 1898 * 1899 * <p>Key for user restrictions. 1900 * <p>Type: Boolean 1901 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1902 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1903 * @see #getUserRestrictions() 1904 */ 1905 @FlaggedApi(Flags.FLAG_ENABLE_NFC_USER_RESTRICTION) 1906 public static final String DISALLOW_NEAR_FIELD_COMMUNICATION_RADIO = 1907 "no_near_field_communication_radio"; 1908 1909 /** 1910 * This user restriction specifies if Near-field communication is disallowed to change 1911 * on the device. If Near-field communication is disallowed it cannot be changed via Settings. 1912 * 1913 * <p>This restriction can only be set by a device owner or a profile owner of an 1914 * organization-owned managed profile on the parent profile. 1915 * In both cases, the restriction applies globally on the device and will not allow Near-field 1916 * communication state being changed. 1917 * 1918 * <p> 1919 * Near-field communication (NFC) is a radio technology that allows two devices (like your phone 1920 * and a payments terminal) to communicate with each other when they're close together. 1921 * 1922 * <p>Default is <code>false</code>. 1923 * 1924 * <p>Key for user restrictions. 1925 * <p>Type: Boolean 1926 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1927 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1928 * @see #getUserRestrictions() 1929 */ 1930 @FlaggedApi(Flags.FLAG_ENABLE_NFC_USER_RESTRICTION) 1931 public static final String DISALLOW_CHANGE_NEAR_FIELD_COMMUNICATION_RADIO = 1932 "no_change_near_field_communication_radio"; 1933 1934 /** 1935 * This user restriction specifies if Thread network is disallowed on the device. If Thread 1936 * network is disallowed it cannot be turned on via Settings. 1937 * 1938 * <p>This restriction can only be set by a device owner or a profile owner of an 1939 * organization-owned managed profile on the parent profile. 1940 * In both cases, the restriction applies globally on the device and will turn off the 1941 * Thread network radio if it's currently on and prevent the radio from being turned 1942 * on in the future. 1943 * 1944 * <p> <a href="https://www.threadgroup.org">Thread</a> is a low-power and low-latency wireless 1945 * mesh networking protocol built on IPv6. 1946 * 1947 * <p>Default is <code>false</code>. 1948 * 1949 * <p>Key for user restrictions. 1950 * <p>Type: Boolean 1951 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1952 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1953 * @see #getUserRestrictions() 1954 */ 1955 @FlaggedApi(com.android.net.thread.platform.flags.Flags.FLAG_THREAD_USER_RESTRICTION_ENABLED) 1956 public static final String DISALLOW_THREAD_NETWORK = "no_thread_network"; 1957 1958 /** 1959 * This user restriction specifies if the user is able to add embedded SIMs to the device. 1960 * 1961 * <p> 1962 * This restriction blocks the download of embedded SIMs. 1963 * 1964 * <p> 1965 * This restriction can only be set by a device owner or a profile owner of an 1966 * organization-owned managed profile. 1967 * In both cases, the restriction applies globally on the device. 1968 * 1969 * <p> 1970 * Holders of the permission 1971 * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_MOBILE_NETWORK} 1972 * can set this restriction using the DevicePolicyManager APIs mentioned below. 1973 * 1974 * <p>Default is <code>false</code>. 1975 * 1976 * <p>Key for user restrictions. 1977 * <p>Type: Boolean 1978 * 1979 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1980 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1981 * @see #getUserRestrictions() 1982 */ 1983 @FlaggedApi(android.app.admin.flags.Flags.FLAG_ESIM_MANAGEMENT_ENABLED) 1984 public static final String DISALLOW_SIM_GLOBALLY = 1985 "no_sim_globally"; 1986 1987 /** 1988 * This user restriction specifies if assist content is disallowed from being sent to 1989 * a privileged app such as the Assistant app. Assist content includes screenshots and 1990 * information about an app, such as package name. 1991 * 1992 * <p>This restriction can only be set by a device owner or a profile owner. When it is set 1993 * by a device owner, it disables the assist contextual data on the entire device. When it is 1994 * set by a profile owner, it disables assist content on the profile. 1995 * 1996 * <p>Default is <code>false</code>. 1997 * 1998 * <p>Key for user restrictions. 1999 * <p>Type: Boolean 2000 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 2001 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 2002 * @see #getUserRestrictions() 2003 */ 2004 @FlaggedApi(android.app.admin.flags.Flags.FLAG_ASSIST_CONTENT_USER_RESTRICTION_ENABLED) 2005 public static final String DISALLOW_ASSIST_CONTENT = "no_assist_content"; 2006 2007 /** 2008 * List of key values that can be passed into the various user restriction related methods 2009 * in {@link UserManager} & {@link DevicePolicyManager}. 2010 * Note: This is slightly different from the real set of user restrictions listed in {@link 2011 * com.android.server.pm.UserRestrictionsUtils#USER_RESTRICTIONS}. For example 2012 * {@link #KEY_RESTRICTIONS_PENDING} is not a real user restriction, but is a legitimate 2013 * value that can be passed into {@link #hasUserRestriction(String)}. 2014 * @hide 2015 */ 2016 @StringDef(value = { 2017 ALLOW_PARENT_PROFILE_APP_LINKING, 2018 DISALLOW_ADD_CLONE_PROFILE, 2019 DISALLOW_ADD_MANAGED_PROFILE, 2020 DISALLOW_ADD_PRIVATE_PROFILE, 2021 DISALLOW_ADD_USER, 2022 DISALLOW_ADD_WIFI_CONFIG, 2023 DISALLOW_ADJUST_VOLUME, 2024 DISALLOW_AIRPLANE_MODE, 2025 DISALLOW_AMBIENT_DISPLAY, 2026 DISALLOW_APPS_CONTROL, 2027 DISALLOW_ASSIST_CONTENT, 2028 DISALLOW_AUTOFILL, 2029 DISALLOW_BIOMETRIC, 2030 DISALLOW_BLUETOOTH, 2031 DISALLOW_BLUETOOTH_SHARING, 2032 DISALLOW_CAMERA, 2033 DISALLOW_CAMERA_TOGGLE, 2034 DISALLOW_CELLULAR_2G, 2035 DISALLOW_CHANGE_NEAR_FIELD_COMMUNICATION_RADIO, 2036 DISALLOW_CHANGE_WIFI_STATE, 2037 DISALLOW_CONFIG_BLUETOOTH, 2038 DISALLOW_CONFIG_BRIGHTNESS, 2039 DISALLOW_CONFIG_CELL_BROADCASTS, 2040 DISALLOW_CONFIG_CREDENTIALS, 2041 DISALLOW_CONFIG_DATE_TIME, 2042 DISALLOW_CONFIG_DEFAULT_APPS, 2043 DISALLOW_CONFIG_LOCALE, 2044 DISALLOW_CONFIG_LOCATION, 2045 DISALLOW_CONFIG_MOBILE_NETWORKS, 2046 DISALLOW_CONFIG_PRIVATE_DNS, 2047 DISALLOW_CONFIG_SCREEN_TIMEOUT, 2048 DISALLOW_CONFIG_TETHERING, 2049 DISALLOW_CONFIG_VPN, 2050 DISALLOW_CONFIG_WIFI, 2051 DISALLOW_CONTENT_CAPTURE, 2052 DISALLOW_CONTENT_SUGGESTIONS, 2053 DISALLOW_CREATE_WINDOWS, 2054 DISALLOW_CROSS_PROFILE_COPY_PASTE, 2055 DISALLOW_DATA_ROAMING, 2056 DISALLOW_DEBUGGING_FEATURES, 2057 DISALLOW_FACTORY_RESET, 2058 DISALLOW_FUN, 2059 DISALLOW_GRANT_ADMIN, 2060 DISALLOW_INSTALL_APPS, 2061 DISALLOW_INSTALL_UNKNOWN_SOURCES, 2062 DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, 2063 DISALLOW_MICROPHONE_TOGGLE, 2064 DISALLOW_MODIFY_ACCOUNTS, 2065 DISALLOW_MOUNT_PHYSICAL_MEDIA, 2066 DISALLOW_NEAR_FIELD_COMMUNICATION_RADIO, 2067 DISALLOW_NETWORK_RESET, 2068 DISALLOW_OEM_UNLOCK, 2069 DISALLOW_OUTGOING_BEAM, 2070 DISALLOW_OUTGOING_CALLS, 2071 DISALLOW_PRINTING, 2072 DISALLOW_RECORD_AUDIO, 2073 DISALLOW_REMOVE_MANAGED_PROFILE, 2074 DISALLOW_REMOVE_USER, 2075 DISALLOW_RUN_IN_BACKGROUND, 2076 DISALLOW_SAFE_BOOT, 2077 DISALLOW_SET_USER_ICON, 2078 DISALLOW_SET_WALLPAPER, 2079 DISALLOW_SHARE_INTO_MANAGED_PROFILE, 2080 DISALLOW_SHARE_LOCATION, 2081 DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI, 2082 DISALLOW_SIM_GLOBALLY, 2083 DISALLOW_SMS, 2084 DISALLOW_SYSTEM_ERROR_DIALOGS, 2085 DISALLOW_THREAD_NETWORK, 2086 DISALLOW_ULTRA_WIDEBAND_RADIO, 2087 DISALLOW_UNIFIED_PASSWORD, 2088 DISALLOW_UNINSTALL_APPS, 2089 DISALLOW_UNMUTE_DEVICE, 2090 DISALLOW_UNMUTE_MICROPHONE, 2091 DISALLOW_USB_FILE_TRANSFER, 2092 DISALLOW_USER_SWITCH, 2093 DISALLOW_WALLPAPER, 2094 DISALLOW_WIFI_DIRECT, 2095 DISALLOW_WIFI_TETHERING, 2096 ENSURE_VERIFY_APPS, 2097 KEY_RESTRICTIONS_PENDING, 2098 }) 2099 @Retention(RetentionPolicy.SOURCE) 2100 public @interface UserRestrictionKey {} 2101 2102 /** 2103 * Property used to override whether the device uses headless system user mode. 2104 * 2105 * <p>Only used on non-user builds. 2106 * 2107 * <p><b>NOTE: </b>setting this variable directly won't properly change the headless system user 2108 * mode behavior and might put the device in a bad state; the system user mode should be changed 2109 * using {@code cmd user set-system-user-mode-emulation} instead. 2110 * 2111 * @hide 2112 */ 2113 public static final String SYSTEM_USER_MODE_EMULATION_PROPERTY = 2114 "persist.debug.user_mode_emulation"; 2115 2116 /** @hide */ 2117 public static final String SYSTEM_USER_MODE_EMULATION_DEFAULT = "default"; 2118 /** @hide */ 2119 public static final String SYSTEM_USER_MODE_EMULATION_FULL = "full"; 2120 /** @hide */ 2121 public static final String SYSTEM_USER_MODE_EMULATION_HEADLESS = "headless"; 2122 2123 /** 2124 * System Property used to override whether users can be created even if their type is disabled 2125 * or their limit is reached. Set value to 1 to enable. 2126 * 2127 * <p>Only used on non-user builds. 2128 * 2129 * @hide 2130 */ 2131 public static final String DEV_CREATE_OVERRIDE_PROPERTY = "debug.user.creation_override"; 2132 2133 private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER"; 2134 2135 /** 2136 * Action to start an activity to create a supervised user. 2137 * Only devices with non-empty config_supervisedUserCreationPackage support this. 2138 * 2139 * @hide 2140 */ 2141 @SystemApi 2142 @RequiresPermission(Manifest.permission.MANAGE_USERS) 2143 public static final String ACTION_CREATE_SUPERVISED_USER = 2144 "android.os.action.CREATE_SUPERVISED_USER"; 2145 2146 /** 2147 * Extra containing a name for the user being created. Optional parameter passed to 2148 * ACTION_CREATE_USER activity. 2149 * @hide 2150 */ 2151 public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME"; 2152 2153 /** 2154 * Extra containing account name for the user being created. Optional parameter passed to 2155 * ACTION_CREATE_USER activity. 2156 * @hide 2157 */ 2158 public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME"; 2159 2160 /** 2161 * Extra containing account type for the user being created. Optional parameter passed to 2162 * ACTION_CREATE_USER activity. 2163 * @hide 2164 */ 2165 public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE"; 2166 2167 /** 2168 * Extra containing account-specific data for the user being created. Optional parameter passed 2169 * to ACTION_CREATE_USER activity. 2170 * @hide 2171 */ 2172 public static final String EXTRA_USER_ACCOUNT_OPTIONS 2173 = "android.os.extra.USER_ACCOUNT_OPTIONS"; 2174 2175 /** @hide */ 2176 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 2177 /** @hide */ 2178 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 2179 /** @hide */ 2180 public static final int PIN_VERIFICATION_SUCCESS = -1; 2181 2182 /** 2183 * Sent when user restrictions have changed. 2184 * 2185 * @hide 2186 */ 2187 @SystemApi // To allow seeing it from CTS. 2188 public static final String ACTION_USER_RESTRICTIONS_CHANGED = 2189 "android.os.action.USER_RESTRICTIONS_CHANGED"; 2190 2191 /** 2192 * Error result indicating that this user is not allowed to add other users on this device. 2193 * This is a result code returned from the activity created by the intent 2194 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 2195 */ 2196 public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER; 2197 2198 /** 2199 * Error result indicating that no more users can be created on this device. 2200 * This is a result code returned from the activity created by the intent 2201 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 2202 */ 2203 public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1; 2204 2205 /** 2206 * Indicates that users are switchable. 2207 * @hide 2208 */ 2209 @SystemApi 2210 public static final int SWITCHABILITY_STATUS_OK = 0; 2211 2212 /** 2213 * Indicated that the user is in a phone call. 2214 * @hide 2215 */ 2216 @SystemApi 2217 public static final int SWITCHABILITY_STATUS_USER_IN_CALL = 1 << 0; 2218 2219 /** 2220 * Indicates that user switching is disallowed ({@link #DISALLOW_USER_SWITCH} is set). 2221 * @hide 2222 */ 2223 @SystemApi 2224 public static final int SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED = 1 << 1; 2225 2226 /** 2227 * Indicates that the system user is locked and user switching is not allowed. 2228 * @hide 2229 */ 2230 @SystemApi 2231 public static final int SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED = 1 << 2; 2232 2233 /** 2234 * Result returned in {@link #getUserSwitchability()} indicating user switchability. 2235 * @hide 2236 */ 2237 @Retention(RetentionPolicy.SOURCE) 2238 @IntDef(flag = true, prefix = { "SWITCHABILITY_STATUS_" }, value = { 2239 SWITCHABILITY_STATUS_OK, 2240 SWITCHABILITY_STATUS_USER_IN_CALL, 2241 SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED, 2242 SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED 2243 }) 2244 public @interface UserSwitchabilityResult {} 2245 2246 /** 2247 * A response code from {@link #removeUserWhenPossible(UserHandle, boolean)} indicating that 2248 * the specified user has been successfully removed. 2249 * 2250 * @hide 2251 */ 2252 @SystemApi 2253 public static final int REMOVE_RESULT_REMOVED = 0; 2254 2255 /** 2256 * A response code from {@link #removeUserWhenPossible(UserHandle, boolean)} indicating that 2257 * the specified user is marked so that it will be removed when the user is stopped or on boot. 2258 * 2259 * @hide 2260 */ 2261 @SystemApi 2262 public static final int REMOVE_RESULT_DEFERRED = 1; 2263 2264 /** 2265 * A response code from {@link #removeUserWhenPossible(UserHandle, boolean)} indicating that 2266 * the specified user is already in the process of being removed. 2267 * 2268 * @hide 2269 */ 2270 @SystemApi 2271 public static final int REMOVE_RESULT_ALREADY_BEING_REMOVED = 2; 2272 2273 /** 2274 * A response code indicating that the specified user is removable. 2275 * 2276 * @hide 2277 */ 2278 public static final int REMOVE_RESULT_USER_IS_REMOVABLE = 3; 2279 2280 /** 2281 * A response code from {@link #removeUserWhenPossible(UserHandle, boolean)} indicating that 2282 * an unknown error occurred that prevented the user from being removed or set as ephemeral. 2283 * 2284 * @hide 2285 */ 2286 @SystemApi 2287 public static final int REMOVE_RESULT_ERROR_UNKNOWN = -1; 2288 2289 /** 2290 * A response code from {@link #removeUserWhenPossible(UserHandle, boolean)} indicating that 2291 * the user could not be removed due to a {@link #DISALLOW_REMOVE_MANAGED_PROFILE} or 2292 * {@link #DISALLOW_REMOVE_USER} user restriction. 2293 * 2294 * @hide 2295 */ 2296 @SystemApi 2297 public static final int REMOVE_RESULT_ERROR_USER_RESTRICTION = -2; 2298 2299 /** 2300 * A response code from {@link #removeUserWhenPossible(UserHandle, boolean)} indicating that 2301 * user being removed does not exist. 2302 * 2303 * @hide 2304 */ 2305 @SystemApi 2306 public static final int REMOVE_RESULT_ERROR_USER_NOT_FOUND = -3; 2307 2308 /** 2309 * A response code from {@link #removeUserWhenPossible(UserHandle, boolean)} indicating that 2310 * user being removed is a {@link UserHandle#SYSTEM} user which can't be removed. 2311 * 2312 * @hide 2313 */ 2314 @SystemApi 2315 public static final int REMOVE_RESULT_ERROR_SYSTEM_USER = -4; 2316 2317 /** 2318 * A response code from {@link #removeUserWhenPossible(UserHandle, boolean)} indicating that 2319 * user being removed is a {@link UserInfo#FLAG_MAIN} user and can't be removed because 2320 * system property {@link com.android.internal.R.bool.isMainUserPermanentAdmin} is true. 2321 * @hide 2322 */ 2323 @SystemApi 2324 public static final int REMOVE_RESULT_ERROR_MAIN_USER_PERMANENT_ADMIN = -5; 2325 2326 /** 2327 * Possible response codes from {@link #removeUserWhenPossible(UserHandle, boolean)}. 2328 * 2329 * @hide 2330 */ 2331 @IntDef(prefix = { "REMOVE_RESULT_" }, value = { 2332 REMOVE_RESULT_REMOVED, 2333 REMOVE_RESULT_DEFERRED, 2334 REMOVE_RESULT_ALREADY_BEING_REMOVED, 2335 REMOVE_RESULT_USER_IS_REMOVABLE, 2336 REMOVE_RESULT_ERROR_USER_RESTRICTION, 2337 REMOVE_RESULT_ERROR_USER_NOT_FOUND, 2338 REMOVE_RESULT_ERROR_SYSTEM_USER, 2339 REMOVE_RESULT_ERROR_MAIN_USER_PERMANENT_ADMIN, 2340 REMOVE_RESULT_ERROR_UNKNOWN, 2341 }) 2342 @Retention(RetentionPolicy.SOURCE) 2343 public @interface RemoveResult {} 2344 2345 /** 2346 * Indicates user operation is successful. 2347 */ 2348 public static final int USER_OPERATION_SUCCESS = 0; 2349 2350 /** 2351 * Indicates user operation failed for unknown reason. 2352 */ 2353 public static final int USER_OPERATION_ERROR_UNKNOWN = 1; 2354 2355 /** 2356 * Indicates user operation failed because target user is a managed profile. 2357 */ 2358 public static final int USER_OPERATION_ERROR_MANAGED_PROFILE = 2; 2359 2360 /** 2361 * Indicates user operation failed because maximum running user limit has been reached. 2362 */ 2363 public static final int USER_OPERATION_ERROR_MAX_RUNNING_USERS = 3; 2364 2365 /** 2366 * Indicates user operation failed because the target user is in the foreground. 2367 */ 2368 public static final int USER_OPERATION_ERROR_CURRENT_USER = 4; 2369 2370 /** 2371 * Indicates user operation failed because device has low data storage. 2372 */ 2373 public static final int USER_OPERATION_ERROR_LOW_STORAGE = 5; 2374 2375 /** 2376 * Indicates user operation failed because maximum user limit has been reached. 2377 */ 2378 public static final int USER_OPERATION_ERROR_MAX_USERS = 6; 2379 2380 /** 2381 * Indicates user operation failed because a user with that account already exists. 2382 * 2383 * @hide 2384 */ 2385 @SystemApi 2386 public static final int USER_OPERATION_ERROR_USER_ACCOUNT_ALREADY_EXISTS = 7; 2387 2388 /** 2389 * Indicates user operation failed because user is disabled on the device. 2390 * @hide 2391 */ 2392 public static final int USER_OPERATION_ERROR_DISABLED_USER = 8; 2393 /** 2394 * Indicates user operation failed because user is disabled on the device. 2395 * @hide 2396 */ 2397 public static final int USER_OPERATION_ERROR_PRIVATE_PROFILE = 9; 2398 2399 /** 2400 * Result returned from various user operations. 2401 * 2402 * @hide 2403 */ 2404 @Retention(RetentionPolicy.SOURCE) 2405 @IntDef(prefix = { "USER_OPERATION_" }, value = { 2406 USER_OPERATION_SUCCESS, 2407 USER_OPERATION_ERROR_UNKNOWN, 2408 USER_OPERATION_ERROR_MANAGED_PROFILE, 2409 USER_OPERATION_ERROR_MAX_RUNNING_USERS, 2410 USER_OPERATION_ERROR_CURRENT_USER, 2411 USER_OPERATION_ERROR_LOW_STORAGE, 2412 USER_OPERATION_ERROR_MAX_USERS, 2413 USER_OPERATION_ERROR_USER_ACCOUNT_ALREADY_EXISTS, 2414 USER_OPERATION_ERROR_DISABLED_USER, 2415 USER_OPERATION_ERROR_PRIVATE_PROFILE, 2416 }) 2417 public @interface UserOperationResult {} 2418 2419 /** 2420 * Thrown to indicate user operation failed. 2421 */ 2422 public static class UserOperationException extends RuntimeException { 2423 private final @UserOperationResult int mUserOperationResult; 2424 2425 /** 2426 * Constructs a UserOperationException with specific result code. 2427 * 2428 * @param message the detail message 2429 * @param userOperationResult the result code 2430 * @hide 2431 */ UserOperationException(String message, @UserOperationResult int userOperationResult)2432 public UserOperationException(String message, 2433 @UserOperationResult int userOperationResult) { 2434 super(message); 2435 mUserOperationResult = userOperationResult; 2436 } 2437 2438 /** 2439 * Returns the operation result code. 2440 */ getUserOperationResult()2441 public @UserOperationResult int getUserOperationResult() { 2442 return mUserOperationResult; 2443 } 2444 2445 /** 2446 * Returns a UserOperationException containing the same message and error code. 2447 * @hide 2448 */ from(ServiceSpecificException exception)2449 public static UserOperationException from(ServiceSpecificException exception) { 2450 return new UserOperationException(exception.getMessage(), exception.errorCode); 2451 } 2452 } 2453 2454 /** 2455 * Converts the ServiceSpecificException into a UserOperationException or throws null; 2456 * 2457 * @param exception exception to convert. 2458 * @param throwInsteadOfNull if an exception should be thrown or null returned. 2459 * @return null if chosen not to throw exception. 2460 * @throws UserOperationException 2461 */ returnNullOrThrowUserOperationException(ServiceSpecificException exception, boolean throwInsteadOfNull)2462 private <T> T returnNullOrThrowUserOperationException(ServiceSpecificException exception, 2463 boolean throwInsteadOfNull) throws UserOperationException { 2464 if (throwInsteadOfNull) { 2465 throw UserOperationException.from(exception); 2466 } else { 2467 return null; 2468 } 2469 } 2470 2471 /** 2472 * Thrown to indicate user operation failed. (Checked exception) 2473 * @hide 2474 */ 2475 public static class CheckedUserOperationException extends AndroidException { 2476 private final @UserOperationResult int mUserOperationResult; 2477 2478 /** 2479 * Constructs a CheckedUserOperationException with specific result code. 2480 * 2481 * @param message the detail message 2482 * @param userOperationResult the result code 2483 * @hide 2484 */ CheckedUserOperationException(String message, @UserOperationResult int userOperationResult)2485 public CheckedUserOperationException(String message, 2486 @UserOperationResult int userOperationResult) { 2487 super(message); 2488 mUserOperationResult = userOperationResult; 2489 } 2490 2491 /** Returns the operation result code. */ getUserOperationResult()2492 public @UserOperationResult int getUserOperationResult() { 2493 return mUserOperationResult; 2494 } 2495 2496 /** Return a ServiceSpecificException containing the same message and error code. */ toServiceSpecificException()2497 public ServiceSpecificException toServiceSpecificException() { 2498 return new ServiceSpecificException(mUserOperationResult, getMessage()); 2499 } 2500 } 2501 2502 /** 2503 * For apps targeting {@link Build.VERSION_CODES#TIRAMISU} and above, any UserManager API marked 2504 * as {@link android.annotation.UserHandleAware @UserHandleAware} will use the context user 2505 * (rather than the calling user). 2506 * For apps targeting an SDK version <em>below</em> this, the behaviour 2507 * depends on the particular method and when it was first introduced: 2508 * <ul> 2509 * <li> 2510 * if the {@literal @}UserHandleAware specifies a 2511 * {@link android.annotation.UserHandleAware#enabledSinceTargetSdkVersion} of 2512 * {@link Build.VERSION_CODES#TIRAMISU} the <em>calling</em> user is used. 2513 * </li> 2514 * <li> 2515 * if the {@literal @}UserHandleAware doesn't specify a 2516 * {@link android.annotation.UserHandleAware#enabledSinceTargetSdkVersion}, the 2517 * <em>context</em> user is used. 2518 * </li> 2519 * <li>there should currently be no other values used by UserManager for 2520 * {@link android.annotation.UserHandleAware#enabledSinceTargetSdkVersion}, since all 2521 * old implicitly user-dependant APIs were updated in that version and anything 2522 * introduced more recently should already be {@literal @}UserHandleAware. 2523 * </li> 2524 * </ul> 2525 * 2526 * Note that when an API marked with 2527 * {@link android.annotation.UserHandleAware#enabledSinceTargetSdkVersion} is run 2528 * on a device whose OS predates that version, the calling user will be used, since on such a 2529 * device, the API is not {@literal @}UserHandleAware yet. 2530 * 2531 * @hide 2532 */ 2533 @ChangeId 2534 @EnabledSince(targetSdkVersion = Build.VERSION_CODES.TIRAMISU) 2535 public static final long ALWAYS_USE_CONTEXT_USER = 183155436L; 2536 2537 /** 2538 * Returns the context user or the calling user, depending on the target SDK. 2539 * New APIs do not require such gating and therefore should always use mUserId instead. 2540 * @see #ALWAYS_USE_CONTEXT_USER 2541 */ getContextUserIfAppropriate()2542 private @UserIdInt int getContextUserIfAppropriate() { 2543 if (CompatChanges.isChangeEnabled(ALWAYS_USE_CONTEXT_USER)) { 2544 return mUserId; 2545 } else { 2546 final int callingUser = UserHandle.myUserId(); 2547 if (callingUser != mUserId) { 2548 Log.w(TAG, "Using the calling user " + callingUser 2549 + ", rather than the specified context user " + mUserId 2550 + ", because API is only UserHandleAware on higher targetSdkVersions.", 2551 new Throwable()); 2552 } 2553 return callingUser; 2554 } 2555 } 2556 2557 /** @hide */ 2558 @UnsupportedAppUsage get(Context context)2559 public static UserManager get(Context context) { 2560 return (UserManager) context.getSystemService(Context.USER_SERVICE); 2561 } 2562 2563 /** @hide */ UserManager(Context context, IUserManager service)2564 public UserManager(Context context, IUserManager service) { 2565 mService = service; 2566 Context appContext = context.getApplicationContext(); 2567 mContext = (appContext == null ? context : appContext); 2568 mUserId = context.getUserId(); 2569 } 2570 2571 /** 2572 * Returns whether this device supports multiple users with their own login and customizable 2573 * space. 2574 * @return whether the device supports multiple users. 2575 */ supportsMultipleUsers()2576 public static boolean supportsMultipleUsers() { 2577 return getMaxSupportedUsers() > 1 2578 && SystemProperties.getBoolean("fw.show_multiuserui", 2579 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI)); 2580 } 2581 2582 /** 2583 * @return Whether guest user is always ephemeral 2584 * @hide 2585 */ isGuestUserAlwaysEphemeral()2586 public static boolean isGuestUserAlwaysEphemeral() { 2587 return Resources.getSystem() 2588 .getBoolean(com.android.internal.R.bool.config_guestUserEphemeral); 2589 } 2590 2591 /** 2592 * @return true, when we want to enable user manager API and UX to allow 2593 * guest user ephemeral state change based on user input 2594 * @hide 2595 */ isGuestUserAllowEphemeralStateChange()2596 public static boolean isGuestUserAllowEphemeralStateChange() { 2597 return Resources.getSystem() 2598 .getBoolean(com.android.internal.R.bool.config_guestUserAllowEphemeralStateChange); 2599 } 2600 2601 /** 2602 * Returns whether the device is configured to support a Communal Profile. 2603 * @hide 2604 */ isCommunalProfileEnabled()2605 public static boolean isCommunalProfileEnabled() { 2606 return SystemProperties.getBoolean("persist.fw.omnipresent_communal_user", 2607 Resources.getSystem() 2608 .getBoolean(com.android.internal.R.bool.config_omnipresentCommunalUser)); 2609 } 2610 2611 /** 2612 * Returns whether the device supports Private Profile 2613 * @hide 2614 */ isPrivateProfileEnabled()2615 public static boolean isPrivateProfileEnabled() { 2616 if (android.multiuser.Flags.blockPrivateSpaceCreation()) { 2617 return !ActivityManager.isLowRamDeviceStatic(); 2618 } 2619 return true; 2620 } 2621 2622 /** 2623 * Returns whether multiple admins are enabled on the device 2624 * @hide 2625 */ isMultipleAdminEnabled()2626 public static boolean isMultipleAdminEnabled() { 2627 return Resources.getSystem() 2628 .getBoolean(com.android.internal.R.bool.config_enableMultipleAdmins); 2629 } 2630 2631 /** 2632 * Checks whether the device is running in a headless system user mode. 2633 * 2634 * <p>Headless system user mode means the {@link #isSystemUser() system user} runs system 2635 * services and some system UI, but it is not associated with any real person and additional 2636 * users must be created to be associated with real persons. 2637 * 2638 * @return whether the device is running in a headless system user mode. 2639 */ isHeadlessSystemUserMode()2640 public static boolean isHeadlessSystemUserMode() { 2641 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 2642 // (Its value is determined when UMS is constructed and cannot change.) 2643 // Worst case we might end up calling the AIDL method multiple times but that's fine. 2644 if (sIsHeadlessSystemUser == null) { 2645 // Unfortunately this API is static, but the property no longer is. So go fetch the UMS. 2646 try { 2647 final IUserManager service = IUserManager.Stub.asInterface( 2648 ServiceManager.getService(Context.USER_SERVICE)); 2649 sIsHeadlessSystemUser = service.isHeadlessSystemUserMode(); 2650 } catch (RemoteException re) { 2651 throw re.rethrowFromSystemServer(); 2652 } 2653 } 2654 return sIsHeadlessSystemUser; 2655 } 2656 2657 /** 2658 * @deprecated use {@link #getUserSwitchability()} instead. 2659 * 2660 * @removed 2661 * @hide 2662 */ 2663 @Deprecated 2664 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2665 android.Manifest.permission.INTERACT_ACROSS_USERS}) 2666 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) 2667 @UserHandleAware canSwitchUsers()2668 public boolean canSwitchUsers() { 2669 try { 2670 return mService.getUserSwitchability(mUserId) == SWITCHABILITY_STATUS_OK; 2671 } catch (RemoteException re) { 2672 throw re.rethrowFromSystemServer(); 2673 } 2674 } 2675 2676 /** 2677 * Returns whether switching users is currently allowed for the context user. 2678 * <p> 2679 * Switching users is not allowed in the following cases: 2680 * <li>the user is in a phone call</li> 2681 * <li>{@link #DISALLOW_USER_SWITCH} is set</li> 2682 * <li>system user hasn't been unlocked yet</li> 2683 * 2684 * @return A {@link UserSwitchabilityResult} flag indicating if the user is switchable. 2685 * @hide 2686 */ 2687 @SystemApi 2688 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2689 android.Manifest.permission.INTERACT_ACROSS_USERS}) 2690 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) getUserSwitchability()2691 public @UserSwitchabilityResult int getUserSwitchability() { 2692 return getUserSwitchability(UserHandle.of(getContextUserIfAppropriate())); 2693 } 2694 2695 /** 2696 * Returns whether switching users is currently allowed for the provided user. 2697 * <p> 2698 * Switching users is not allowed in the following cases: 2699 * <li>the user is in a phone call</li> 2700 * <li>{@link #DISALLOW_USER_SWITCH} is set</li> 2701 * <li>system user hasn't been unlocked yet</li> 2702 * 2703 * @return A {@link UserSwitchabilityResult} flag indicating if the user is switchable. 2704 * @hide 2705 */ 2706 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2707 android.Manifest.permission.INTERACT_ACROSS_USERS}) getUserSwitchability(UserHandle userHandle)2708 public @UserSwitchabilityResult int getUserSwitchability(UserHandle userHandle) { 2709 try { 2710 return mService.getUserSwitchability(userHandle.getIdentifier()); 2711 } catch (RemoteException re) { 2712 throw re.rethrowFromSystemServer(); 2713 } 2714 } 2715 2716 /** 2717 * Returns the userId for the context user. 2718 * 2719 * @return the userId of the context user. 2720 * 2721 * @deprecated To get the <em>calling</em> user, use {@link UserHandle#myUserId()}. 2722 * To get the <em>context</em> user, get it directly from the context. 2723 * 2724 * @hide 2725 */ 2726 @Deprecated 2727 @UnsupportedAppUsage 2728 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) 2729 // *** Do NOT use this in UserManager. Instead always use mUserId. *** getUserHandle()2730 public @UserIdInt int getUserHandle() { 2731 return getContextUserIfAppropriate(); 2732 } 2733 2734 /** 2735 * Returns the userId for the user that this process is running under 2736 * (<em>not</em> the context user). 2737 * 2738 * @return the userId of <em>this process</em>. 2739 * 2740 * @deprecated Use {@link UserHandle#myUserId()} 2741 * @hide 2742 */ 2743 @Deprecated 2744 // NOT @UserHandleAware getProcessUserId()2745 public @UserIdInt int getProcessUserId() { 2746 return UserHandle.myUserId(); 2747 } 2748 2749 /** 2750 * @return the user type of the context user. 2751 * @hide 2752 */ 2753 @TestApi 2754 @RequiresPermission(anyOf = { 2755 android.Manifest.permission.MANAGE_USERS, 2756 android.Manifest.permission.CREATE_USERS, 2757 android.Manifest.permission.QUERY_USERS}) 2758 @UserHandleAware getUserType()2759 public @NonNull String getUserType() { 2760 UserInfo userInfo = getUserInfo(mUserId); 2761 return userInfo == null ? "" : userInfo.userType; 2762 } 2763 2764 /** 2765 * Returns the user name of the context user. This call is only available to applications on 2766 * the system image. 2767 * 2768 * @return the user name 2769 */ 2770 @RequiresPermission(anyOf = { 2771 android.Manifest.permission.MANAGE_USERS, 2772 android.Manifest.permission.CREATE_USERS, 2773 android.Manifest.permission.QUERY_USERS, 2774 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) 2775 2776 @UserHandleAware( 2777 requiresAnyOfPermissionsIfNotCaller = { 2778 android.Manifest.permission.MANAGE_USERS, 2779 android.Manifest.permission.CREATE_USERS, 2780 android.Manifest.permission.QUERY_USERS}) getUserName()2781 public @NonNull String getUserName() { 2782 if (UserHandle.myUserId() == mUserId) { 2783 try { 2784 return mService.getUserName(); 2785 } catch (RemoteException re) { 2786 throw re.rethrowFromSystemServer(); 2787 } 2788 } else { 2789 UserInfo userInfo = getUserInfo(mUserId); 2790 if (userInfo != null && userInfo.name != null) { 2791 return userInfo.name; 2792 } 2793 return ""; 2794 } 2795 } 2796 2797 /** 2798 * Returns whether user name has been set. 2799 * <p>This method can be used to check that the value returned by {@link #getUserName()} was 2800 * set by the user and is not a placeholder string provided by the system. 2801 * @hide 2802 */ 2803 @SystemApi 2804 @RequiresPermission(anyOf = { 2805 android.Manifest.permission.MANAGE_USERS, 2806 android.Manifest.permission.CREATE_USERS, 2807 android.Manifest.permission.QUERY_USERS, 2808 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) 2809 @UserHandleAware( 2810 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 2811 requiresAnyOfPermissionsIfNotCaller = { 2812 android.Manifest.permission.MANAGE_USERS, 2813 android.Manifest.permission.CREATE_USERS, 2814 android.Manifest.permission.QUERY_USERS}) isUserNameSet()2815 public boolean isUserNameSet() { 2816 try { 2817 return mService.isUserNameSet(getContextUserIfAppropriate()); 2818 } catch (RemoteException re) { 2819 throw re.rethrowFromSystemServer(); 2820 } 2821 } 2822 2823 /** 2824 * Used to determine whether the user making this call is subject to 2825 * teleportations. 2826 * 2827 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can 2828 * now automatically identify goats using advanced goat recognition technology.</p> 2829 * 2830 * <p>As of {@link android.os.Build.VERSION_CODES#R}, this method always returns 2831 * {@code false} in order to protect goat privacy.</p> 2832 * 2833 * @return Returns whether the user making this call is a goat. 2834 */ 2835 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) isUserAGoat()2836 public boolean isUserAGoat() { 2837 if (mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.R) { 2838 return false; 2839 } 2840 // Caution: This is NOT @UserHandleAware (because mContext is getApplicationContext and 2841 // can hold a different userId), but for R+ it returns false, so it doesn't matter anyway. 2842 return mContext.getPackageManager() 2843 .isPackageAvailable("com.coffeestainstudios.goatsimulator"); 2844 } 2845 2846 /** 2847 * Used to check if the context user is the primary user. The primary user is the first human 2848 * user on a device. This is not supported in headless system user mode. 2849 * 2850 * @return whether the context user is the primary user. 2851 * 2852 * @deprecated This method always returns true for the system user, who may not be a full user 2853 * if {@link #isHeadlessSystemUserMode} is true. Use {@link #isSystemUser}, {@link #isAdminUser} 2854 * or {@link #isMainUser} instead. 2855 * 2856 * @hide 2857 */ 2858 @Deprecated 2859 @SystemApi 2860 @RequiresPermission(anyOf = { 2861 Manifest.permission.MANAGE_USERS, 2862 Manifest.permission.CREATE_USERS, 2863 Manifest.permission.QUERY_USERS}) 2864 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) isPrimaryUser()2865 public boolean isPrimaryUser() { 2866 final UserInfo user = getUserInfo(getContextUserIfAppropriate()); 2867 return user != null && user.isPrimary(); 2868 } 2869 2870 /** 2871 * Used to check if the context user is the system user. The system user 2872 * is the initial user that is implicitly created on first boot and hosts most of the 2873 * system services. 2874 * 2875 * @return whether the context user is the system user. 2876 */ 2877 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) isSystemUser()2878 public boolean isSystemUser() { 2879 return getContextUserIfAppropriate() == UserHandle.USER_SYSTEM; 2880 } 2881 2882 /** 2883 * Returns {@code true} if the context user is the designated "main user" of the device. This 2884 * user may have access to certain features which are limited to at most one user. There will 2885 * never be more than one main user on a device. 2886 * 2887 * <p>Currently, on most form factors the first human user on the device will be the main user; 2888 * in the future, the concept may be transferable, so a different user (or even no user at all) 2889 * may be designated the main user instead. On other form factors there might not be a main 2890 * user. 2891 * 2892 * <p>Note that this will not be the system user on devices for which 2893 * {@link #isHeadlessSystemUserMode()} returns true. 2894 * @hide 2895 */ 2896 @SystemApi 2897 @RequiresPermission(anyOf = { 2898 Manifest.permission.MANAGE_USERS, 2899 Manifest.permission.CREATE_USERS, 2900 Manifest.permission.QUERY_USERS}) 2901 @UserHandleAware isMainUser()2902 public boolean isMainUser() { 2903 final UserInfo user = getUserInfo(mUserId); 2904 return user != null && user.isMain(); 2905 } 2906 2907 /** 2908 * Returns the designated "main user" of the device, or {@code null} if there is no main user. 2909 * 2910 * @see #isMainUser() 2911 * @hide 2912 */ 2913 @SystemApi 2914 @RequiresPermission(anyOf = { 2915 Manifest.permission.MANAGE_USERS, 2916 Manifest.permission.CREATE_USERS, 2917 Manifest.permission.QUERY_USERS}) getMainUser()2918 public @Nullable UserHandle getMainUser() { 2919 try { 2920 final int mainUserId = mService.getMainUserId(); 2921 if (mainUserId == UserHandle.USER_NULL) { 2922 return null; 2923 } 2924 return UserHandle.of(mainUserId); 2925 } catch (RemoteException re) { 2926 throw re.rethrowFromSystemServer(); 2927 } 2928 } 2929 /** 2930 * Returns the designated "communal profile" of the device, or {@code null} if there is none. 2931 * @hide 2932 */ 2933 @FlaggedApi(android.multiuser.Flags.FLAG_SUPPORT_COMMUNAL_PROFILE) 2934 @TestApi 2935 @RequiresPermission(anyOf = { 2936 Manifest.permission.MANAGE_USERS, 2937 Manifest.permission.CREATE_USERS, 2938 Manifest.permission.QUERY_USERS}) getCommunalProfile()2939 public @Nullable UserHandle getCommunalProfile() { 2940 try { 2941 final int userId = mService.getCommunalProfileId(); 2942 if (userId == UserHandle.USER_NULL) { 2943 return null; 2944 } 2945 return UserHandle.of(userId); 2946 } catch (RemoteException re) { 2947 throw re.rethrowFromSystemServer(); 2948 } 2949 } 2950 2951 /** 2952 * Checks if the context user is running in a communal profile. 2953 * 2954 * A communal profile is a {@link #isProfile() profile}, but instead of being associated with a 2955 * particular parent user, it is communal to the device. 2956 * 2957 * @return whether the context user is a communal profile. 2958 */ 2959 @FlaggedApi(android.multiuser.Flags.FLAG_SUPPORT_COMMUNAL_PROFILE) 2960 @UserHandleAware( 2961 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 2962 android.Manifest.permission.MANAGE_USERS, 2963 android.Manifest.permission.QUERY_USERS, 2964 android.Manifest.permission.INTERACT_ACROSS_USERS}) isCommunalProfile()2965 public boolean isCommunalProfile() { 2966 return isCommunalProfile(mUserId); 2967 } 2968 2969 /** 2970 * Returns {@code true} if the given user is the designated "communal profile" of the device. 2971 * @hide 2972 */ 2973 @RequiresPermission(anyOf = { 2974 android.Manifest.permission.MANAGE_USERS, 2975 android.Manifest.permission.QUERY_USERS, 2976 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isCommunalProfile(@serIdInt int userId)2977 private boolean isCommunalProfile(@UserIdInt int userId) { 2978 return isUserTypeCommunalProfile(getProfileType(userId)); 2979 } 2980 2981 /** 2982 * Used to check if the context user is an admin user. An admin user may be allowed to 2983 * modify or configure certain settings that aren't available to non-admin users, 2984 * create and delete additional users, etc. There can be more than one admin users. 2985 * 2986 * @return whether the context user is an admin user. 2987 */ 2988 @UserHandleAware( 2989 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 2990 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 2991 Manifest.permission.MANAGE_USERS, 2992 Manifest.permission.CREATE_USERS, 2993 Manifest.permission.QUERY_USERS}) isAdminUser()2994 public boolean isAdminUser() { 2995 try { 2996 return mService.isAdminUser(getContextUserIfAppropriate()); 2997 } catch (RemoteException re) { 2998 throw re.rethrowFromSystemServer(); 2999 } 3000 } 3001 3002 /** 3003 * @hide 3004 * Returns whether the provided user is an admin user. There can be more than one admin 3005 * user. 3006 */ 3007 @UnsupportedAppUsage 3008 @RequiresPermission(anyOf = { 3009 Manifest.permission.MANAGE_USERS, 3010 Manifest.permission.CREATE_USERS, 3011 Manifest.permission.QUERY_USERS}) isUserAdmin(@serIdInt int userId)3012 public boolean isUserAdmin(@UserIdInt int userId) { 3013 UserInfo user = getUserInfo(userId); 3014 return user != null && user.isAdmin(); 3015 } 3016 3017 /** 3018 * Used to check if the user currently running in the <b>foreground</b> is an 3019 * {@link #isAdminUser() admin} user. 3020 * 3021 * @return whether the foreground user is an admin user. 3022 * @see #isAdminUser() 3023 * @see #isUserForeground() 3024 */ 3025 @FlaggedApi(android.multiuser.Flags.FLAG_SUPPORT_COMMUNAL_PROFILE_NEXTGEN) isForegroundUserAdmin()3026 public boolean isForegroundUserAdmin() { 3027 try { 3028 return mService.isForegroundUserAdmin(); 3029 } catch (RemoteException re) { 3030 throw re.rethrowFromSystemServer(); 3031 } 3032 } 3033 3034 /** 3035 * Returns whether the context user is of the given user type. 3036 * 3037 * @param userType the name of the user's user type, e.g. 3038 * {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 3039 * @return true if the user is of the given user type. 3040 * @hide 3041 */ 3042 @SystemApi 3043 @RequiresPermission(anyOf = { 3044 android.Manifest.permission.MANAGE_USERS, 3045 android.Manifest.permission.CREATE_USERS, 3046 android.Manifest.permission.QUERY_USERS}) 3047 @UserHandleAware isUserOfType(@onNull String userType)3048 public boolean isUserOfType(@NonNull String userType) { 3049 try { 3050 return mService.isUserOfType(mUserId, userType); 3051 } catch (RemoteException re) { 3052 throw re.rethrowFromSystemServer(); 3053 } 3054 } 3055 3056 /** 3057 * Returns whether the user type is a 3058 * {@link UserManager#USER_TYPE_PROFILE_MANAGED managed profile}. 3059 * @hide 3060 */ 3061 @android.ravenwood.annotation.RavenwoodKeep isUserTypeManagedProfile(@ullable String userType)3062 public static boolean isUserTypeManagedProfile(@Nullable String userType) { 3063 return USER_TYPE_PROFILE_MANAGED.equals(userType); 3064 } 3065 3066 /** 3067 * Returns whether the user type is a {@link UserManager#USER_TYPE_FULL_GUEST guest user}. 3068 * @hide 3069 */ 3070 @android.ravenwood.annotation.RavenwoodKeep isUserTypeGuest(@ullable String userType)3071 public static boolean isUserTypeGuest(@Nullable String userType) { 3072 return USER_TYPE_FULL_GUEST.equals(userType); 3073 } 3074 3075 /** 3076 * Returns whether the user type is a 3077 * {@link UserManager#USER_TYPE_FULL_RESTRICTED restricted user}. 3078 * @hide 3079 */ 3080 @android.ravenwood.annotation.RavenwoodKeep isUserTypeRestricted(@ullable String userType)3081 public static boolean isUserTypeRestricted(@Nullable String userType) { 3082 return USER_TYPE_FULL_RESTRICTED.equals(userType); 3083 } 3084 3085 /** 3086 * Returns whether the user type is a {@link UserManager#USER_TYPE_FULL_DEMO demo user}. 3087 * @hide 3088 */ 3089 @android.ravenwood.annotation.RavenwoodKeep isUserTypeDemo(@ullable String userType)3090 public static boolean isUserTypeDemo(@Nullable String userType) { 3091 return USER_TYPE_FULL_DEMO.equals(userType); 3092 } 3093 3094 /** 3095 * Returns whether the user type is a {@link UserManager#USER_TYPE_PROFILE_CLONE clone user}. 3096 * @hide 3097 */ 3098 @android.ravenwood.annotation.RavenwoodKeep isUserTypeCloneProfile(@ullable String userType)3099 public static boolean isUserTypeCloneProfile(@Nullable String userType) { 3100 return USER_TYPE_PROFILE_CLONE.equals(userType); 3101 } 3102 3103 /** 3104 * Returns whether the user type is a 3105 * {@link UserManager#USER_TYPE_PROFILE_COMMUNAL communal profile}. 3106 * @hide 3107 */ 3108 @android.ravenwood.annotation.RavenwoodKeep isUserTypeCommunalProfile(@ullable String userType)3109 public static boolean isUserTypeCommunalProfile(@Nullable String userType) { 3110 return USER_TYPE_PROFILE_COMMUNAL.equals(userType); 3111 } 3112 3113 /** 3114 * Returns whether the user type is a 3115 * {@link UserManager#USER_TYPE_PROFILE_PRIVATE private profile}. 3116 * 3117 * @hide 3118 */ 3119 @android.ravenwood.annotation.RavenwoodKeep isUserTypePrivateProfile(@ullable String userType)3120 public static boolean isUserTypePrivateProfile(@Nullable String userType) { 3121 return USER_TYPE_PROFILE_PRIVATE.equals(userType); 3122 } 3123 3124 /** 3125 * @hide 3126 * @deprecated Use {@link #isRestrictedProfile()} 3127 */ 3128 @UnsupportedAppUsage 3129 @Deprecated 3130 @UserHandleAware( 3131 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 3132 requiresAnyOfPermissionsIfNotCaller = { 3133 android.Manifest.permission.MANAGE_USERS, 3134 android.Manifest.permission.CREATE_USERS, 3135 android.Manifest.permission.QUERY_USERS} 3136 ) isLinkedUser()3137 public boolean isLinkedUser() { 3138 return isRestrictedProfile(); 3139 } 3140 3141 /** 3142 * Used to check if the context user is a restricted profile. Restricted profiles 3143 * may have a reduced number of available apps, app restrictions, and account restrictions. 3144 * 3145 * <p>The caller must be in the same profile group as the context user or else hold 3146 * <li>{@link android.Manifest.permission#MANAGE_USERS}, 3147 * <li>or {@link android.Manifest.permission#CREATE_USERS}, 3148 * <li>or, for devices after {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, 3149 * {@link android.Manifest.permission#QUERY_USERS}. 3150 * 3151 * @return whether the context user is a restricted profile. 3152 * @hide 3153 */ 3154 @SystemApi 3155 @UserHandleAware( 3156 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 3157 requiresAnyOfPermissionsIfNotCaller = { 3158 android.Manifest.permission.MANAGE_USERS, 3159 android.Manifest.permission.CREATE_USERS, 3160 android.Manifest.permission.QUERY_USERS} 3161 ) isRestrictedProfile()3162 public boolean isRestrictedProfile() { 3163 try { 3164 return mService.isRestricted(getContextUserIfAppropriate()); 3165 } catch (RemoteException re) { 3166 throw re.rethrowFromSystemServer(); 3167 } 3168 } 3169 3170 /** 3171 * Check if a user is a restricted profile. Restricted profiles may have a reduced number of 3172 * available apps, app restrictions, and account restrictions. 3173 * 3174 * <p>Requires 3175 * <li>{@link android.Manifest.permission#MANAGE_USERS}, 3176 * <li>or {@link android.Manifest.permission#CREATE_USERS}, 3177 * <li>or, for devices after {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, 3178 * {@link android.Manifest.permission#QUERY_USERS}. 3179 * 3180 * @param user the user to check 3181 * @return whether the user is a restricted profile. 3182 * @hide 3183 */ 3184 @SystemApi 3185 @RequiresPermission(anyOf = { 3186 Manifest.permission.MANAGE_USERS, 3187 Manifest.permission.CREATE_USERS, 3188 Manifest.permission.QUERY_USERS}, 3189 conditional = true) isRestrictedProfile(@onNull UserHandle user)3190 public boolean isRestrictedProfile(@NonNull UserHandle user) { 3191 try { 3192 return mService.isRestricted(user.getIdentifier()); 3193 } catch (RemoteException re) { 3194 throw re.rethrowFromSystemServer(); 3195 } 3196 } 3197 3198 /** 3199 * Checks if the context user can have a restricted profile. 3200 * @return whether the context user can have a restricted profile. 3201 * @hide 3202 */ 3203 @SystemApi 3204 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 3205 @UserHandleAware canHaveRestrictedProfile()3206 public boolean canHaveRestrictedProfile() { 3207 try { 3208 return mService.canHaveRestrictedProfile(mUserId); 3209 } catch (RemoteException re) { 3210 throw re.rethrowFromSystemServer(); 3211 } 3212 } 3213 3214 /** 3215 * Checks if it's possible to add a private profile to the context user 3216 * @return whether the context user can add a private profile. 3217 * @hide 3218 */ 3219 @TestApi 3220 @FlaggedApi(android.os.Flags.FLAG_ALLOW_PRIVATE_PROFILE) 3221 @RequiresPermission(anyOf = { 3222 Manifest.permission.MANAGE_USERS, 3223 Manifest.permission.CREATE_USERS}, 3224 conditional = true) 3225 @UserHandleAware canAddPrivateProfile()3226 public boolean canAddPrivateProfile() { 3227 if (!android.multiuser.Flags.enablePrivateSpaceFeatures()) return false; 3228 if (android.multiuser.Flags.blockPrivateSpaceCreation()) { 3229 try { 3230 return mService.canAddPrivateProfile(mUserId); 3231 } catch (RemoteException re) { 3232 throw re.rethrowFromSystemServer(); 3233 } 3234 } 3235 return true; 3236 } 3237 3238 /** 3239 * Returns whether the context user has at least one restricted profile associated with it. 3240 * @return whether the user has a restricted profile associated with it 3241 * @hide 3242 */ 3243 @SystemApi 3244 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 3245 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) hasRestrictedProfiles()3246 public boolean hasRestrictedProfiles() { 3247 try { 3248 return mService.hasRestrictedProfiles(getContextUserIfAppropriate()); 3249 } catch (RemoteException re) { 3250 throw re.rethrowFromSystemServer(); 3251 } 3252 } 3253 3254 /** 3255 * Get the parent of a restricted profile. 3256 * 3257 * @return the parent of the user or {@code null} if the user is not restricted profile 3258 * @hide 3259 */ 3260 @SystemApi 3261 @RequiresPermission(anyOf = { 3262 Manifest.permission.MANAGE_USERS, 3263 Manifest.permission.CREATE_USERS, 3264 Manifest.permission.QUERY_USERS}) 3265 @UserHandleAware getRestrictedProfileParent()3266 public @Nullable UserHandle getRestrictedProfileParent() { 3267 final UserInfo info = getUserInfo(mUserId); 3268 if (info == null) return null; 3269 if (!info.isRestricted()) return null; 3270 final int parent = info.restrictedProfileParentId; 3271 if (parent == UserHandle.USER_NULL) return null; 3272 return UserHandle.of(parent); 3273 } 3274 3275 /** 3276 * Checks if a user is a guest user. 3277 * @return whether user is a guest user. 3278 * @hide 3279 */ 3280 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) 3281 @RequiresPermission(anyOf = { 3282 Manifest.permission.MANAGE_USERS, 3283 Manifest.permission.CREATE_USERS, 3284 Manifest.permission.QUERY_USERS}) isGuestUser(@serIdInt int userId)3285 public boolean isGuestUser(@UserIdInt int userId) { 3286 UserInfo user = getUserInfo(userId); 3287 return user != null && user.isGuest(); 3288 } 3289 3290 /** 3291 * Used to check if the context user is a guest user. A guest user may be transient. 3292 * 3293 * @return whether the context user is a guest user. 3294 * @hide 3295 */ 3296 @SystemApi 3297 @RequiresPermission(anyOf = { 3298 Manifest.permission.MANAGE_USERS, 3299 Manifest.permission.CREATE_USERS, 3300 Manifest.permission.QUERY_USERS}) 3301 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) isGuestUser()3302 public boolean isGuestUser() { 3303 UserInfo user = getUserInfo(getContextUserIfAppropriate()); 3304 return user != null && user.isGuest(); 3305 } 3306 3307 3308 /** 3309 * Checks if the context user is a demo user. When running in a demo user, 3310 * apps can be more helpful to the user, or explain their features in more detail. 3311 * 3312 * @return whether the context user is a demo user. 3313 */ 3314 @UserHandleAware( 3315 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 3316 requiresPermissionIfNotCaller = android.Manifest.permission.MANAGE_USERS 3317 ) isDemoUser()3318 public boolean isDemoUser() { 3319 try { 3320 return mService.isDemoUser(getContextUserIfAppropriate()); 3321 } catch (RemoteException re) { 3322 throw re.rethrowFromSystemServer(); 3323 } 3324 } 3325 3326 /** 3327 * Checks if the context user is running in a profile. A profile is a user that 3328 * typically has its own separate data but shares its UI with some parent user. For example, a 3329 * {@link #isManagedProfile() managed profile} is a type of profile. 3330 * 3331 * @return whether the context user is in a profile. 3332 */ 3333 @UserHandleAware( 3334 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 3335 android.Manifest.permission.MANAGE_USERS, 3336 android.Manifest.permission.QUERY_USERS, 3337 android.Manifest.permission.INTERACT_ACROSS_USERS}) isProfile()3338 public boolean isProfile() { 3339 return isProfile(mUserId); 3340 } 3341 3342 /** 3343 * Returns whether the specified user is a profile. 3344 * @hide 3345 */ isProfile(@serIdInt int userId)3346 public boolean isProfile(@UserIdInt int userId) { 3347 final String profileType = getProfileType(userId); 3348 return profileType != null && !profileType.equals(""); 3349 } 3350 3351 /** 3352 * Returns the user type of the context user if it is a profile. 3353 * 3354 * This is a more specific form of {@link #getUserType()} with relaxed permission requirements. 3355 * 3356 * @return the user type of the context user if it is a {@link #isProfile() profile}, 3357 * an empty string if it is not a profile, 3358 * or null if the user doesn't exist. 3359 */ 3360 @UserHandleAware( 3361 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 3362 android.Manifest.permission.MANAGE_USERS, 3363 android.Manifest.permission.QUERY_USERS, 3364 android.Manifest.permission.INTERACT_ACROSS_USERS}) getProfileType()3365 private @Nullable String getProfileType() { 3366 return getProfileType(mUserId); 3367 } 3368 3369 /** @see #getProfileType() */ getProfileType(@serIdInt int userId)3370 private @Nullable String getProfileType(@UserIdInt int userId) { 3371 // First, the typical case (i.e. the *process* user, not necessarily the context user). 3372 // This cache cannot be become invalidated since it's about the calling process itself. 3373 if (userId == UserHandle.myUserId()) { 3374 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 3375 // Worst case we might end up calling the AIDL method multiple times but that's fine. 3376 if (mProfileTypeOfProcessUser != null) { 3377 return mProfileTypeOfProcessUser; 3378 } 3379 try { 3380 final String profileType = mService.getProfileType(userId); 3381 if (profileType != null) { 3382 return mProfileTypeOfProcessUser = profileType.intern(); 3383 } 3384 } catch (RemoteException re) { 3385 throw re.rethrowFromSystemServer(); 3386 } 3387 } 3388 3389 // The userId is not for the process's user. Use a slower cache that handles invalidation. 3390 return mProfileTypeCache.query(userId); 3391 } 3392 3393 /** 3394 * Checks if the context user is a managed profile. 3395 * 3396 * Note that this applies specifically to <em>managed</em> profiles. For profiles in general, 3397 * use {@link #isProfile()} instead. 3398 * 3399 * @return whether the context user is a managed profile. 3400 */ 3401 @UserHandleAware( 3402 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 3403 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 3404 android.Manifest.permission.MANAGE_USERS, 3405 android.Manifest.permission.QUERY_USERS, 3406 android.Manifest.permission.INTERACT_ACROSS_USERS}) isManagedProfile()3407 public boolean isManagedProfile() { 3408 return isManagedProfile(getContextUserIfAppropriate()); 3409 } 3410 3411 /** 3412 * Checks if the specified user is a managed profile. 3413 * Requires {@link android.Manifest.permission#MANAGE_USERS} or 3414 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} or 3415 * {@link android.Manifest.permission#QUERY_USERS} permission, otherwise the caller 3416 * must be in the same profile group of specified user. 3417 * 3418 * Note that this applies specifically to <em>managed</em> profiles. For profiles in general, 3419 * use {@link #isProfile()} instead. 3420 * 3421 * @return whether the specified user is a managed profile. 3422 * @hide 3423 */ 3424 @SystemApi 3425 @RequiresPermission(anyOf = { 3426 android.Manifest.permission.MANAGE_USERS, 3427 android.Manifest.permission.QUERY_USERS, 3428 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isManagedProfile(@serIdInt int userId)3429 public boolean isManagedProfile(@UserIdInt int userId) { 3430 return isUserTypeManagedProfile(getProfileType(userId)); 3431 } 3432 3433 /** 3434 * Checks if the context user is a clone profile. 3435 * 3436 * @return whether the context user is a clone profile. 3437 * 3438 * @see android.os.UserManager#USER_TYPE_PROFILE_CLONE 3439 * @hide 3440 */ 3441 @SystemApi 3442 @UserHandleAware( 3443 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 3444 android.Manifest.permission.MANAGE_USERS, 3445 android.Manifest.permission.QUERY_USERS, 3446 android.Manifest.permission.INTERACT_ACROSS_USERS}) 3447 @SuppressAutoDoc isCloneProfile()3448 public boolean isCloneProfile() { 3449 return isUserTypeCloneProfile(getProfileType()); 3450 } 3451 3452 /** 3453 * Checks if the context user is a private profile. 3454 * 3455 * <p>A Private profile is a separate {@link #isProfile() profile} that can be used to store 3456 * sensitive apps and data, which can be hidden or revealed at the user's discretion. 3457 * 3458 * @return whether the context user is a private profile. 3459 * 3460 * @hide 3461 */ 3462 @SystemApi 3463 @FlaggedApi(android.os.Flags.FLAG_ALLOW_PRIVATE_PROFILE) 3464 @UserHandleAware( 3465 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 3466 android.Manifest.permission.MANAGE_USERS, 3467 android.Manifest.permission.QUERY_USERS, 3468 android.Manifest.permission.INTERACT_ACROSS_USERS}) 3469 @SuppressAutoDoc isPrivateProfile()3470 public boolean isPrivateProfile() { 3471 return isUserTypePrivateProfile(getProfileType()); 3472 } 3473 3474 /** 3475 * Checks if the context user is an ephemeral user. 3476 * 3477 * @return whether the context user is an ephemeral user. 3478 * @hide 3479 */ 3480 @RequiresPermission(anyOf = { 3481 Manifest.permission.MANAGE_USERS, 3482 Manifest.permission.CREATE_USERS, 3483 Manifest.permission.QUERY_USERS}) 3484 @UserHandleAware isEphemeralUser()3485 public boolean isEphemeralUser() { 3486 return isUserEphemeral(mUserId); 3487 } 3488 3489 /** 3490 * Returns whether the specified user is ephemeral. 3491 * @hide 3492 */ 3493 @RequiresPermission(anyOf = { 3494 Manifest.permission.MANAGE_USERS, 3495 Manifest.permission.CREATE_USERS, 3496 Manifest.permission.QUERY_USERS}) isUserEphemeral(@serIdInt int userId)3497 public boolean isUserEphemeral(@UserIdInt int userId) { 3498 final UserInfo user = getUserInfo(userId); 3499 return user != null && user.isEphemeral(); 3500 } 3501 3502 /** 3503 * Return whether the given user is actively running. This means that 3504 * the user is in the "started" state, not "stopped" -- it is currently 3505 * allowed to run code through scheduled alarms, receiving broadcasts, 3506 * etc. A started user may be either the current foreground user or a 3507 * background user; the result here does not distinguish between the two. 3508 * 3509 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 3510 * {@link android.os.Build.VERSION_CODES#N}, this API required a system permission 3511 * in order to check other profile's status. 3512 * Since Android Nougat MR1 (SDK version >= 25; 3513 * {@link android.os.Build.VERSION_CODES#N_MR1}), the restriction has been relaxed, and now 3514 * it'll accept any {@link android.os.UserHandle} within the same profile group as the caller. 3515 * 3516 * @param user The user to retrieve the running state for. 3517 */ 3518 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3519 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunning(UserHandle user)3520 public boolean isUserRunning(UserHandle user) { 3521 return isUserRunning(user.getIdentifier()); 3522 } 3523 3524 /** @hide */ 3525 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3526 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunning(@serIdInt int userId)3527 public boolean isUserRunning(@UserIdInt int userId) { 3528 try { 3529 return mService.isUserRunning(userId); 3530 } catch (RemoteException re) { 3531 throw re.rethrowFromSystemServer(); 3532 } 3533 } 3534 3535 /** 3536 * Return whether the given user is actively running <em>or</em> stopping. 3537 * This is like {@link #isUserRunning(UserHandle)}, but will also return 3538 * true if the user had been running but is in the process of being stopped 3539 * (but is not yet fully stopped, and still running some code). 3540 * 3541 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 3542 * {@link android.os.Build.VERSION_CODES#N}, this API required a system permission 3543 * in order to check other profile's status. 3544 * Since Android Nougat MR1 (SDK version >= 25; 3545 * {@link android.os.Build.VERSION_CODES#N_MR1}), the restriction has been relaxed, and now 3546 * it'll accept any {@link android.os.UserHandle} within the same profile group as the caller. 3547 * 3548 * @param user The user to retrieve the running state for. 3549 */ 3550 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3551 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunningOrStopping(UserHandle user)3552 public boolean isUserRunningOrStopping(UserHandle user) { 3553 try { 3554 // TODO: reconcile stopped vs stopping? 3555 return ActivityManager.getService().isUserRunning( 3556 user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED); 3557 } catch (RemoteException re) { 3558 throw re.rethrowFromSystemServer(); 3559 } 3560 } 3561 3562 /** 3563 * Checks if the context user is running in the foreground. 3564 * 3565 * @return whether the context user is running in the foreground. 3566 */ 3567 @UserHandleAware( 3568 requiresAnyOfPermissionsIfNotCaller = { 3569 android.Manifest.permission.MANAGE_USERS, 3570 android.Manifest.permission.INTERACT_ACROSS_USERS}) isUserForeground()3571 public boolean isUserForeground() { 3572 try { 3573 return mService.isUserForeground(mUserId); 3574 } catch (RemoteException re) { 3575 throw re.rethrowFromSystemServer(); 3576 } 3577 } 3578 3579 /** 3580 * @see #isVisibleBackgroundUsersSupported() 3581 * @hide 3582 */ isVisibleBackgroundUsersEnabled()3583 public static boolean isVisibleBackgroundUsersEnabled() { 3584 return SystemProperties.getBoolean("fw.visible_bg_users", 3585 Resources.getSystem() 3586 .getBoolean(R.bool.config_multiuserVisibleBackgroundUsers)); 3587 } 3588 3589 /** 3590 * Returns whether the device allows full users to be started in background visible in a given 3591 * display (which would allow them to launch activities in that display). 3592 * 3593 * Note that this is specifically about allowing <b>full</b> users to be background visible. 3594 * Even if it is false, there can still be background visible users. 3595 * 3596 * In particular, the Communal Profile is a background visible user, and it can be supported 3597 * unrelated to the value of this method. 3598 * 3599 * @return {@code false} for most devices, except on automotive builds for vehicles with 3600 * passenger displays. 3601 * 3602 * @hide 3603 */ 3604 // TODO(b/310249114): Rename to isVisibleBackgroundFullUsersSupported 3605 @TestApi isVisibleBackgroundUsersSupported()3606 public boolean isVisibleBackgroundUsersSupported() { 3607 return isVisibleBackgroundUsersEnabled(); 3608 } 3609 3610 /** 3611 * @hide 3612 */ isVisibleBackgroundUsersOnDefaultDisplayEnabled()3613 public static boolean isVisibleBackgroundUsersOnDefaultDisplayEnabled() { 3614 return SystemProperties.getBoolean("fw.visible_bg_users_on_default_display", 3615 Resources.getSystem() 3616 .getBoolean(R.bool.config_multiuserVisibleBackgroundUsersOnDefaultDisplay)); 3617 } 3618 3619 /** 3620 * Returns whether the device allows full users to be started in background visible in the 3621 * {@link android.view.Display#DEFAULT_DISPLAY default display}. 3622 * 3623 * @return {@code false} for most devices, except passenger-only automotive build (i.e., when 3624 * Android runs in a separate system in the back seat to manage the passenger displays). 3625 * 3626 * @see #isVisibleBackgroundUsersSupported() 3627 * @hide 3628 */ 3629 @TestApi isVisibleBackgroundUsersOnDefaultDisplaySupported()3630 public boolean isVisibleBackgroundUsersOnDefaultDisplaySupported() { 3631 return isVisibleBackgroundUsersOnDefaultDisplayEnabled(); 3632 } 3633 3634 /** 3635 * Checks if the user is visible at the moment. 3636 * 3637 * <p>Roughly speaking, a "visible user" is a user that can present UI on at least one display. 3638 * It includes: 3639 * 3640 * <ol> 3641 * <li>The current foreground user. 3642 * <li>(Running) profiles of the current foreground user. 3643 * <li>Background users assigned to secondary displays (for example, passenger users on 3644 * automotive builds, using the display associated with their seats). 3645 * <li>A communal profile, if present. 3646 * </ol> 3647 * 3648 * @return whether the user is visible at the moment, as defined above. 3649 * 3650 * @hide 3651 */ 3652 @SystemApi 3653 @UserHandleAware( 3654 requiresAnyOfPermissionsIfNotCaller = { 3655 android.Manifest.permission.MANAGE_USERS, 3656 android.Manifest.permission.INTERACT_ACROSS_USERS}) isUserVisible()3657 public boolean isUserVisible() { 3658 try { 3659 return mService.isUserVisible(mUserId); 3660 } catch (RemoteException re) { 3661 throw re.rethrowFromSystemServer(); 3662 } 3663 } 3664 3665 /** 3666 * Gets the visible users (as defined by {@link #isUserVisible()}. 3667 * 3668 * @return visible users at the moment. 3669 * 3670 * @hide 3671 */ 3672 @SystemApi 3673 @RequiresPermission(anyOf = { 3674 "android.permission.INTERACT_ACROSS_USERS", 3675 "android.permission.MANAGE_USERS" 3676 }) getVisibleUsers()3677 public @NonNull Set<UserHandle> getVisibleUsers() { 3678 ArraySet<UserHandle> result = new ArraySet<>(); 3679 try { 3680 int[] visibleUserIds = mService.getVisibleUsers(); 3681 if (visibleUserIds != null) { 3682 for (int userId : visibleUserIds) { 3683 result.add(UserHandle.of(userId)); 3684 } 3685 } 3686 } catch (RemoteException re) { 3687 throw re.rethrowFromSystemServer(); 3688 } 3689 return result; 3690 } 3691 3692 /** 3693 * See {@link com.android.server.pm.UserManagerInternal#getMainDisplayAssignedToUser(int)}. 3694 * 3695 * @hide 3696 */ 3697 @TestApi getMainDisplayIdAssignedToUser()3698 public int getMainDisplayIdAssignedToUser() { 3699 try { 3700 return mService.getMainDisplayIdAssignedToUser(); 3701 } catch (RemoteException re) { 3702 throw re.rethrowFromSystemServer(); 3703 } 3704 } 3705 3706 /** 3707 * Return whether the context user is running in an "unlocked" state. 3708 * <p> 3709 * On devices with direct boot, a user is unlocked only after they've 3710 * entered their credentials (such as a lock pattern or PIN). On devices 3711 * without direct boot, a user is unlocked as soon as it starts. 3712 * <p> 3713 * When a user is locked, only device-protected data storage is available. 3714 * When a user is unlocked, both device-protected and credential-protected 3715 * private app data storage is available. 3716 * 3717 * @see Intent#ACTION_USER_UNLOCKED 3718 * @see Context#createDeviceProtectedStorageContext() 3719 */ 3720 @UserHandleAware( 3721 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 3722 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 3723 android.Manifest.permission.MANAGE_USERS, 3724 android.Manifest.permission.INTERACT_ACROSS_USERS} 3725 ) isUserUnlocked()3726 public boolean isUserUnlocked() { 3727 return isUserUnlocked(getContextUserIfAppropriate()); 3728 } 3729 3730 /** 3731 * Return whether the given user is running in an "unlocked" state. 3732 * <p> 3733 * On devices with direct boot, a user is unlocked only after they've 3734 * entered their credentials (such as a lock pattern or PIN). On devices 3735 * without direct boot, a user is unlocked as soon as it starts. 3736 * <p> 3737 * When a user is locked, only device-protected data storage is available. 3738 * When a user is unlocked, both device-protected and credential-protected 3739 * private app data storage is available. 3740 * <p>Requires {@code android.permission.MANAGE_USERS} or 3741 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 3742 * must be the calling user or a profile associated with it. 3743 * 3744 * @param user to retrieve the unlocked state for. 3745 * @see Intent#ACTION_USER_UNLOCKED 3746 * @see Context#createDeviceProtectedStorageContext() 3747 */ 3748 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3749 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlocked(UserHandle user)3750 public boolean isUserUnlocked(UserHandle user) { 3751 return isUserUnlocked(user.getIdentifier()); 3752 } 3753 3754 private static final String CACHE_KEY_IS_USER_UNLOCKED_PROPERTY = 3755 "cache_key.is_user_unlocked"; 3756 3757 private final PropertyInvalidatedCache<Integer, Boolean> mIsUserUnlockedCache = 3758 new PropertyInvalidatedCache<Integer, Boolean>( 3759 32, CACHE_KEY_IS_USER_UNLOCKED_PROPERTY) { 3760 @Override 3761 public Boolean recompute(Integer query) { 3762 try { 3763 return mService.isUserUnlocked(query); 3764 } catch (RemoteException re) { 3765 throw re.rethrowFromSystemServer(); 3766 } 3767 } 3768 @Override 3769 public boolean bypass(Integer query) { 3770 return query < 0; 3771 } 3772 }; 3773 3774 // Uses IS_USER_UNLOCKED_PROPERTY for invalidation as the APIs have the same dependencies. 3775 private final PropertyInvalidatedCache<Integer, Boolean> mIsUserUnlockingOrUnlockedCache = 3776 new PropertyInvalidatedCache<Integer, Boolean>( 3777 32, CACHE_KEY_IS_USER_UNLOCKED_PROPERTY) { 3778 @Override 3779 public Boolean recompute(Integer query) { 3780 try { 3781 return mService.isUserUnlockingOrUnlocked(query); 3782 } catch (RemoteException re) { 3783 throw re.rethrowFromSystemServer(); 3784 } 3785 } 3786 @Override 3787 public boolean bypass(Integer query) { 3788 return query < 0; 3789 } 3790 }; 3791 3792 /** @hide */ 3793 @UnsupportedAppUsage 3794 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3795 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlocked(@serIdInt int userId)3796 public boolean isUserUnlocked(@UserIdInt int userId) { 3797 return mIsUserUnlockedCache.query(userId); 3798 } 3799 3800 /** @hide */ disableIsUserUnlockedCache()3801 public void disableIsUserUnlockedCache() { 3802 mIsUserUnlockedCache.disableLocal(); 3803 mIsUserUnlockingOrUnlockedCache.disableLocal(); 3804 } 3805 3806 /** @hide */ invalidateIsUserUnlockedCache()3807 public static final void invalidateIsUserUnlockedCache() { 3808 PropertyInvalidatedCache.invalidateCache(CACHE_KEY_IS_USER_UNLOCKED_PROPERTY); 3809 } 3810 3811 /** 3812 * Return whether the provided user is already running in an 3813 * "unlocked" state or in the process of unlocking. 3814 * <p> 3815 * On devices with direct boot, a user is unlocked only after they've 3816 * entered their credentials (such as a lock pattern or PIN). On devices 3817 * without direct boot, a user is unlocked as soon as it starts. 3818 * <p> 3819 * When a user is locked, only device-protected data storage is available. 3820 * When a user is unlocked, both device-protected and credential-protected 3821 * private app data storage is available. 3822 * 3823 * <p>Requires {@code android.permission.MANAGE_USERS} or 3824 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 3825 * must be the calling user or a profile associated with it. 3826 * 3827 * @hide 3828 */ 3829 @SystemApi 3830 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3831 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlockingOrUnlocked(@onNull UserHandle user)3832 public boolean isUserUnlockingOrUnlocked(@NonNull UserHandle user) { 3833 return isUserUnlockingOrUnlocked(user.getIdentifier()); 3834 } 3835 3836 /** @hide */ 3837 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3838 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlockingOrUnlocked(@serIdInt int userId)3839 public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) { 3840 return mIsUserUnlockingOrUnlockedCache.query(userId); 3841 } 3842 3843 /** 3844 * Return the time when the calling user started in elapsed milliseconds since boot, 3845 * or 0 if not started. 3846 * 3847 * @hide 3848 */ 3849 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) 3850 // NOT @UserHandleAware getUserStartRealtime()3851 public long getUserStartRealtime() { 3852 if (getContextUserIfAppropriate() != UserHandle.myUserId()) { 3853 // Note: If we want to support this in the future, also annotate with 3854 // @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) 3855 throw new IllegalArgumentException("Calling from a context differing from the calling " 3856 + "user is not currently supported."); 3857 } 3858 try { 3859 return mService.getUserStartRealtime(); 3860 } catch (RemoteException re) { 3861 throw re.rethrowFromSystemServer(); 3862 } 3863 } 3864 3865 /** 3866 * Return the time when the context user was unlocked elapsed milliseconds since boot, 3867 * or 0 if not unlocked. 3868 * 3869 * @hide 3870 */ 3871 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) 3872 // NOT @UserHandleAware getUserUnlockRealtime()3873 public long getUserUnlockRealtime() { 3874 if (getContextUserIfAppropriate() != UserHandle.myUserId()) { 3875 // Note: If we want to support this in the future, also annotate with 3876 // @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) 3877 throw new IllegalArgumentException("Calling from a context differing from the calling " 3878 + "user is not currently supported."); 3879 } 3880 try { 3881 return mService.getUserUnlockRealtime(); 3882 } catch (RemoteException re) { 3883 throw re.rethrowFromSystemServer(); 3884 } 3885 } 3886 3887 /** 3888 * Returns the UserInfo object describing a specific user. 3889 * @param userId the user handle of the user whose information is being requested. 3890 * @return the UserInfo object for a specific user. 3891 * @hide 3892 */ 3893 @UnsupportedAppUsage 3894 @RequiresPermission(anyOf = { 3895 Manifest.permission.MANAGE_USERS, 3896 Manifest.permission.CREATE_USERS, 3897 Manifest.permission.QUERY_USERS}) getUserInfo(@serIdInt int userId)3898 public UserInfo getUserInfo(@UserIdInt int userId) { 3899 try { 3900 return mService.getUserInfo(userId); 3901 } catch (RemoteException re) { 3902 throw re.rethrowFromSystemServer(); 3903 } 3904 } 3905 3906 /** 3907 * Returns a {@link UserProperties} object describing the properties of the given user. 3908 * 3909 * Note that the caller may not have permission to access all items; requesting any item for 3910 * which permission is lacking will throw a {@link SecurityException}. 3911 * 3912 * <p> Requires 3913 * {@code android.Manifest.permission#MANAGE_USERS}, 3914 * {@code android.Manifest.permission#QUERY_USERS}, or 3915 * {@code android.Manifest.permission#INTERACT_ACROSS_USERS} 3916 * permission, or else the caller must be in the same profile group as the caller. 3917 * 3918 * @param userHandle the user handle of the user whose information is being requested. 3919 * @return a UserProperties object for a specific user. 3920 * @throws IllegalArgumentException if {@code userHandle} doesn't correspond to an existing user 3921 * 3922 * @hide 3923 */ 3924 @SystemApi 3925 @RequiresPermission(anyOf = { 3926 android.Manifest.permission.MANAGE_USERS, 3927 android.Manifest.permission.QUERY_USERS, 3928 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) getUserProperties(@onNull UserHandle userHandle)3929 public @NonNull UserProperties getUserProperties(@NonNull UserHandle userHandle) { 3930 return mUserPropertiesCache.query(userHandle.getIdentifier()); 3931 } 3932 3933 /** 3934 * @hide 3935 * 3936 * Returns who set a user restriction on a user. 3937 * @param restrictionKey the string key representing the restriction 3938 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 3939 * @return The source of user restriction. Any combination of {@link #RESTRICTION_NOT_SET}, 3940 * {@link #RESTRICTION_SOURCE_SYSTEM}, {@link #RESTRICTION_SOURCE_DEVICE_OWNER} 3941 * and {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 3942 * @deprecated use {@link #getUserRestrictionSources(String, int)} instead. 3943 */ 3944 @Deprecated 3945 @SystemApi 3946 @UserRestrictionSource 3947 @RequiresPermission(anyOf = { 3948 Manifest.permission.MANAGE_USERS, 3949 Manifest.permission.QUERY_USERS}) getUserRestrictionSource(@serRestrictionKey String restrictionKey, UserHandle userHandle)3950 public int getUserRestrictionSource(@UserRestrictionKey String restrictionKey, 3951 UserHandle userHandle) { 3952 try { 3953 return mService.getUserRestrictionSource(restrictionKey, userHandle.getIdentifier()); 3954 } catch (RemoteException re) { 3955 throw re.rethrowFromSystemServer(); 3956 } 3957 } 3958 3959 /** 3960 * @hide 3961 * 3962 * Returns a list of users who set a user restriction on a given user. 3963 * @param restrictionKey the string key representing the restriction 3964 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 3965 * @return a list of user ids enforcing this restriction. 3966 */ 3967 @SystemApi 3968 @RequiresPermission(anyOf = { 3969 android.Manifest.permission.MANAGE_USERS, 3970 android.Manifest.permission.QUERY_USERS}) getUserRestrictionSources( @serRestrictionKey String restrictionKey, UserHandle userHandle)3971 public List<EnforcingUser> getUserRestrictionSources( 3972 @UserRestrictionKey String restrictionKey, UserHandle userHandle) { 3973 try { 3974 return mService.getUserRestrictionSources(restrictionKey, userHandle.getIdentifier()); 3975 } catch (RemoteException re) { 3976 throw re.rethrowFromSystemServer(); 3977 } 3978 } 3979 3980 /** 3981 * Returns the user-wide restrictions imposed on the context user. 3982 * @return a Bundle containing all the restrictions. 3983 */ 3984 @UserHandleAware( 3985 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 3986 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 3987 android.Manifest.permission.MANAGE_USERS, 3988 android.Manifest.permission.INTERACT_ACROSS_USERS} 3989 ) getUserRestrictions()3990 public Bundle getUserRestrictions() { 3991 try { 3992 return mService.getUserRestrictions(getContextUserIfAppropriate()); 3993 } catch (RemoteException re) { 3994 throw re.rethrowFromSystemServer(); 3995 } 3996 } 3997 3998 /** 3999 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 4000 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 4001 * @return a Bundle containing all the restrictions. 4002 * 4003 * <p>Requires {@code android.permission.MANAGE_USERS} or 4004 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 4005 * must be the calling user or a profile associated with it. 4006 */ 4007 @RequiresPermission(anyOf = { 4008 android.Manifest.permission.MANAGE_USERS, 4009 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) getUserRestrictions(UserHandle userHandle)4010 public Bundle getUserRestrictions(UserHandle userHandle) { 4011 try { 4012 return mService.getUserRestrictions(userHandle.getIdentifier()); 4013 } catch (RemoteException re) { 4014 throw re.rethrowFromSystemServer(); 4015 } 4016 } 4017 4018 /** 4019 * @hide 4020 * Returns whether the given user has been disallowed from performing certain actions 4021 * or setting certain settings through UserManager (e.g. this type of restriction would prevent 4022 * the guest user from doing certain things, such as making calls). This method disregards 4023 * restrictions set by device policy. 4024 * @param restrictionKey the string key representing the restriction 4025 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 4026 */ 4027 @TestApi 4028 @UnsupportedAppUsage 4029 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4030 Manifest.permission.CREATE_USERS}) hasBaseUserRestriction(@serRestrictionKey @onNull String restrictionKey, @NonNull UserHandle userHandle)4031 public boolean hasBaseUserRestriction(@UserRestrictionKey @NonNull String restrictionKey, 4032 @NonNull UserHandle userHandle) { 4033 try { 4034 return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier()); 4035 } catch (RemoteException re) { 4036 throw re.rethrowFromSystemServer(); 4037 } 4038 } 4039 4040 /** 4041 * This will no longer work. Device owners and profile owners should use 4042 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 4043 */ 4044 // System apps should use UserManager.setUserRestriction() instead. 4045 @Deprecated setUserRestrictions(Bundle restrictions)4046 public void setUserRestrictions(Bundle restrictions) { 4047 throw new UnsupportedOperationException("This method is no longer supported"); 4048 } 4049 4050 /** 4051 * This will no longer work. Device owners and profile owners should use 4052 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 4053 */ 4054 // System apps should use UserManager.setUserRestriction() instead. 4055 @Deprecated setUserRestrictions(Bundle restrictions, UserHandle userHandle)4056 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 4057 throw new UnsupportedOperationException("This method is no longer supported"); 4058 } 4059 4060 /** 4061 * Sets the value of a specific restriction on the context user. 4062 * Requires the MANAGE_USERS permission. 4063 * @param key the key of the restriction 4064 * @param value the value for the restriction 4065 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 4066 * android.content.ComponentName, String)} or 4067 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 4068 * android.content.ComponentName, String)} instead. 4069 */ 4070 @Deprecated 4071 @RequiresPermission(Manifest.permission.MANAGE_USERS) 4072 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) setUserRestriction(String key, boolean value)4073 public void setUserRestriction(String key, boolean value) { 4074 try { 4075 mService.setUserRestriction(key, value, getContextUserIfAppropriate()); 4076 } catch (RemoteException re) { 4077 throw re.rethrowFromSystemServer(); 4078 } 4079 } 4080 4081 /** 4082 * @hide 4083 * Sets the value of a specific restriction on a specific user. 4084 * @param key the key of the restriction 4085 * @param value the value for the restriction 4086 * @param userHandle the user whose restriction is to be changed. 4087 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 4088 * android.content.ComponentName, String)} or 4089 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 4090 * android.content.ComponentName, String)} instead. 4091 */ 4092 @Deprecated 4093 @RequiresPermission(Manifest.permission.MANAGE_USERS) setUserRestriction(String key, boolean value, UserHandle userHandle)4094 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 4095 try { 4096 mService.setUserRestriction(key, value, userHandle.getIdentifier()); 4097 } catch (RemoteException re) { 4098 throw re.rethrowFromSystemServer(); 4099 } 4100 } 4101 4102 /** 4103 * Returns whether the context user has been disallowed from performing certain actions 4104 * or setting certain settings. 4105 * 4106 * @param restrictionKey The string key representing the restriction. 4107 * @return {@code true} if the context user has the given restriction, {@code false} otherwise. 4108 */ 4109 @UserHandleAware( 4110 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 4111 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 4112 android.Manifest.permission.MANAGE_USERS, 4113 android.Manifest.permission.INTERACT_ACROSS_USERS} 4114 ) hasUserRestriction(@serRestrictionKey String restrictionKey)4115 public boolean hasUserRestriction(@UserRestrictionKey String restrictionKey) { 4116 return hasUserRestrictionForUser(restrictionKey, getContextUserIfAppropriate()); 4117 } 4118 4119 /** 4120 * @hide 4121 * Returns whether the given user has been disallowed from performing certain actions 4122 * or setting certain settings. 4123 * @param restrictionKey the string key representing the restriction 4124 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 4125 * @deprecated Use {@link #hasUserRestrictionForUser(String, UserHandle)} instead. 4126 */ 4127 @UnsupportedAppUsage 4128 @RequiresPermission(anyOf = { 4129 android.Manifest.permission.MANAGE_USERS, 4130 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) 4131 @Deprecated hasUserRestriction(@serRestrictionKey String restrictionKey, UserHandle userHandle)4132 public boolean hasUserRestriction(@UserRestrictionKey String restrictionKey, 4133 UserHandle userHandle) { 4134 return hasUserRestrictionForUser(restrictionKey, userHandle); 4135 } 4136 4137 /** 4138 * Returns whether the given user has been disallowed from performing certain actions 4139 * or setting certain settings. 4140 * @param restrictionKey the string key representing the restriction 4141 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 4142 * 4143 * <p>Requires {@code android.permission.MANAGE_USERS} or 4144 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 4145 * must be the calling user or a profile associated with it. 4146 * 4147 * @hide 4148 */ 4149 @SystemApi 4150 @RequiresPermission(anyOf = { 4151 android.Manifest.permission.MANAGE_USERS, 4152 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) hasUserRestrictionForUser(@onNull @serRestrictionKey String restrictionKey, @NonNull UserHandle userHandle)4153 public boolean hasUserRestrictionForUser(@NonNull @UserRestrictionKey String restrictionKey, 4154 @NonNull UserHandle userHandle) { 4155 return hasUserRestrictionForUser(restrictionKey, userHandle.getIdentifier()); 4156 } 4157 4158 @RequiresPermission(anyOf = { 4159 android.Manifest.permission.MANAGE_USERS, 4160 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) hasUserRestrictionForUser(@onNull @serRestrictionKey String restrictionKey, @UserIdInt int userId)4161 private boolean hasUserRestrictionForUser(@NonNull @UserRestrictionKey String restrictionKey, 4162 @UserIdInt int userId) { 4163 try { 4164 return mService.hasUserRestriction(restrictionKey, userId); 4165 } catch (RemoteException re) { 4166 throw re.rethrowFromSystemServer(); 4167 } 4168 } 4169 4170 /** 4171 * @hide 4172 * Returns whether any user on the device has the given user restriction set. 4173 */ hasUserRestrictionOnAnyUser(@serRestrictionKey String restrictionKey)4174 public boolean hasUserRestrictionOnAnyUser(@UserRestrictionKey String restrictionKey) { 4175 try { 4176 return mService.hasUserRestrictionOnAnyUser(restrictionKey); 4177 } catch (RemoteException re) { 4178 throw re.rethrowFromSystemServer(); 4179 } 4180 } 4181 4182 /** 4183 * @hide 4184 * 4185 * Checks whether changing the given setting to the given value is prohibited 4186 * by the corresponding user restriction in the given user. 4187 * 4188 * May only be called by the OS itself. 4189 * 4190 * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. 4191 */ isSettingRestrictedForUser(String setting, @UserIdInt int userId, String value, int callingUid)4192 public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId, 4193 String value, int callingUid) { 4194 try { 4195 return mService.isSettingRestrictedForUser(setting, userId, value, callingUid); 4196 } catch (RemoteException re) { 4197 throw re.rethrowFromSystemServer(); 4198 } 4199 } 4200 4201 /** 4202 * @hide 4203 * Register a binder callback for user restrictions changes. 4204 * May only be called by the OS itself. 4205 */ addUserRestrictionsListener(final IUserRestrictionsListener listener)4206 public void addUserRestrictionsListener(final IUserRestrictionsListener listener) { 4207 try { 4208 mService.addUserRestrictionsListener(listener); 4209 } catch (RemoteException re) { 4210 throw re.rethrowFromSystemServer(); 4211 } 4212 } 4213 4214 /** 4215 * Return the serial number for a user. This is a device-unique 4216 * number assigned to that user; if the user is deleted and then a new 4217 * user created, the new users will not be given the same serial number. 4218 * @param user The user whose serial number is to be retrieved. 4219 * @return The serial number of the given user; returns -1 if the 4220 * given UserHandle does not exist. 4221 * @see #getUserForSerialNumber(long) 4222 */ getSerialNumberForUser(UserHandle user)4223 public long getSerialNumberForUser(UserHandle user) { 4224 return getUserSerialNumber(user.getIdentifier()); 4225 } 4226 4227 /** 4228 * Return the user associated with a serial number previously 4229 * returned by {@link #getSerialNumberForUser(UserHandle)}. 4230 * @param serialNumber The serial number of the user that is being 4231 * retrieved. 4232 * @return Return the user associated with the serial number, or null 4233 * if there is not one. 4234 * @see #getSerialNumberForUser(UserHandle) 4235 */ getUserForSerialNumber(long serialNumber)4236 public UserHandle getUserForSerialNumber(long serialNumber) { 4237 int ident = getUserHandle((int) serialNumber); 4238 return ident >= 0 ? new UserHandle(ident) : null; 4239 } 4240 4241 /** 4242 * Creates a user with the specified name and options. 4243 * Default user restrictions will be applied. 4244 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 4245 * 4246 * @param name the user's name 4247 * @param flags UserInfo flags that identify the type of user and other properties. 4248 * @see UserInfo 4249 * 4250 * @return the UserInfo object for the created user, or null if the user could not be created. 4251 * @throws IllegalArgumentException if flags do not correspond to a valid user type. 4252 * @deprecated Use {@link #createUser(String, String, int)} instead. 4253 * @hide 4254 */ 4255 @UnsupportedAppUsage 4256 @Deprecated createUser(@ullable String name, @UserInfoFlag int flags)4257 public @Nullable UserInfo createUser(@Nullable String name, @UserInfoFlag int flags) { 4258 return createUser(name, UserInfo.getDefaultUserType(flags), flags); 4259 } 4260 4261 /** 4262 * Creates a user with the specified name and options. 4263 * Default user restrictions will be applied. 4264 * 4265 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 4266 * {@link android.Manifest.permission#CREATE_USERS} suffices if flags are in 4267 * com.android.server.pm.UserManagerService#ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION. 4268 * 4269 * @param name the user's name 4270 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_GUEST}. 4271 * @param flags UserInfo flags that specify user properties. 4272 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 4273 * could not be created. 4274 * 4275 * @see UserInfo 4276 * 4277 * @hide 4278 */ 4279 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4280 Manifest.permission.CREATE_USERS}) 4281 @TestApi createUser(@ullable String name, @NonNull String userType, @UserInfoFlag int flags)4282 public @Nullable UserInfo createUser(@Nullable String name, @NonNull String userType, 4283 @UserInfoFlag int flags) { 4284 try { 4285 return mService.createUserWithThrow(name, userType, flags); 4286 } catch (ServiceSpecificException e) { 4287 return null; 4288 } catch (RemoteException re) { 4289 throw re.rethrowFromSystemServer(); 4290 } 4291 } 4292 4293 /** 4294 * Creates a user with the specified {@link NewUserRequest}. 4295 * 4296 * @param newUserRequest specify the user information 4297 * 4298 * @hide 4299 */ 4300 @SystemApi 4301 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4302 Manifest.permission.CREATE_USERS}) createUser(@onNull NewUserRequest newUserRequest)4303 public @NonNull NewUserResponse createUser(@NonNull NewUserRequest newUserRequest) { 4304 try { 4305 final UserHandle userHandle = mService.createUserWithAttributes( 4306 newUserRequest.getName(), 4307 newUserRequest.getUserType(), 4308 newUserRequest.getFlags(), 4309 newUserRequest.getUserIcon(), 4310 newUserRequest.getAccountName(), 4311 newUserRequest.getAccountType(), 4312 newUserRequest.getAccountOptions()); 4313 4314 return new NewUserResponse(userHandle, USER_OPERATION_SUCCESS); 4315 4316 } catch (ServiceSpecificException e) { 4317 Log.w(TAG, "Exception while creating user " + newUserRequest, e); 4318 return new NewUserResponse(null, e.errorCode); 4319 } catch (RemoteException re) { 4320 throw re.rethrowFromSystemServer(); 4321 } 4322 } 4323 4324 /** 4325 * Pre-creates a user of the specified type. Default user restrictions will be applied. 4326 * 4327 * <p>This method can be used by OEMs to "warm" up the user creation by pre-creating some users 4328 * at the first boot, so they when the "real" user is created (for example, 4329 * by {@link #createUser(String, String, int)} or {@link #createGuest(Context)}), it 4330 * takes less time. 4331 * 4332 * <p>This method completes the majority of work necessary for user creation: it 4333 * creates user data, CE and DE encryption keys, app data directories, initializes the user and 4334 * grants default permissions. When pre-created users become "real" users, only then are 4335 * components notified of new user creation by firing user creation broadcasts. 4336 * 4337 * <p>All pre-created users are removed during system upgrade. 4338 * 4339 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 4340 * {@link android.Manifest.permission#CREATE_USERS} suffices if flags are in 4341 * com.android.server.pm.UserManagerService#ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION. 4342 * 4343 * 4344 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_GUEST}. 4345 * @return the {@link UserInfo} object for the created user. 4346 * 4347 * @throws UserOperationException if the user could not be created. 4348 * 4349 * @deprecated Pre-created users are deprecated. This method should no longer be used, and will 4350 * be removed once all the callers are removed. 4351 * 4352 * @hide 4353 */ 4354 @Deprecated 4355 @TestApi 4356 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4357 Manifest.permission.CREATE_USERS}) preCreateUser(@onNull String userType)4358 public @NonNull UserInfo preCreateUser(@NonNull String userType) 4359 throws UserOperationException { 4360 Log.w(TAG, "preCreateUser(): Pre-created user is deprecated."); 4361 try { 4362 return mService.preCreateUserWithThrow(userType); 4363 } catch (ServiceSpecificException e) { 4364 throw UserOperationException.from(e); 4365 } catch (RemoteException re) { 4366 throw re.rethrowFromSystemServer(); 4367 } 4368 } 4369 4370 /** 4371 * Creates a guest user and configures it. 4372 * @param context an application context 4373 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 4374 * could not be created. 4375 * 4376 * @hide 4377 */ 4378 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4379 Manifest.permission.CREATE_USERS}) createGuest(Context context)4380 public @Nullable UserInfo createGuest(Context context) { 4381 try { 4382 final UserInfo guest = mService.createUserWithThrow(null, USER_TYPE_FULL_GUEST, 0); 4383 Settings.Secure.putStringForUser(context.getContentResolver(), 4384 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id); 4385 4386 if (UserManager.isGuestUserAllowEphemeralStateChange()) { 4387 // Mark guest as (changeably) ephemeral if REMOVE_GUEST_ON_EXIT is 1 4388 // This is done so that a user via a UI controller can choose to 4389 // make a guest as ephemeral or not. 4390 // Settings.Global.REMOVE_GUEST_ON_EXIT holds the choice on what the guest state 4391 // should be, with default being ephemeral. 4392 boolean resetGuestOnExit = Settings.Global.getInt(context.getContentResolver(), 4393 Settings.Global.REMOVE_GUEST_ON_EXIT, 1) == 1; 4394 4395 if (resetGuestOnExit && !guest.isEphemeral()) { 4396 setUserEphemeral(guest.id, true); 4397 } 4398 } 4399 return guest; 4400 } catch (ServiceSpecificException e) { 4401 return null; 4402 } catch (RemoteException re) { 4403 throw re.rethrowFromSystemServer(); 4404 } 4405 } 4406 4407 // TODO(b/256690588): Remove this after removing its callsites. 4408 /** 4409 * Gets the existing guest user if it exists. This does not include guest users that are dying. 4410 * @return The existing guest user if it exists. Null otherwise. 4411 * @hide 4412 * 4413 * @deprecated Use {@link #getGuestUsers()} 4414 */ 4415 @Deprecated 4416 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) findCurrentGuestUser()4417 public UserInfo findCurrentGuestUser() { 4418 try { 4419 final List<UserInfo> guestUsers = mService.getGuestUsers(); 4420 if (guestUsers.size() == 0) { 4421 return null; 4422 } 4423 return guestUsers.get(0); 4424 } catch (RemoteException re) { 4425 throw re.rethrowFromSystemServer(); 4426 } 4427 } 4428 4429 /** 4430 * Returns the existing guest users. This does not include guest users that are dying. 4431 * @hide 4432 */ 4433 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getGuestUsers()4434 public @NonNull List<UserInfo> getGuestUsers() { 4435 try { 4436 return mService.getGuestUsers(); 4437 } catch (RemoteException re) { 4438 throw re.rethrowFromSystemServer(); 4439 } 4440 } 4441 4442 /** 4443 * Creates a user with the specified name and options as a profile of the context's user. 4444 * 4445 * @param name the user's name. 4446 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 4447 * @param disallowedPackages packages to not install for this profile. 4448 * 4449 * @return the {@link android.os.UserHandle} object for the created user, 4450 * or throws {@link UserOperationException} if the user could not be created 4451 * and calling app is targeting {@link android.os.Build.VERSION_CODES#R} or above 4452 * (otherwise returns {@code null}). 4453 * 4454 * @throws UserOperationException if the user could not be created and the calling app is 4455 * targeting {@link android.os.Build.VERSION_CODES#R} or above. 4456 * 4457 * @hide 4458 */ 4459 @SystemApi 4460 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4461 Manifest.permission.CREATE_USERS}) 4462 @UserHandleAware createProfile(@onNull String name, @NonNull String userType, @NonNull Set<String> disallowedPackages)4463 public @Nullable UserHandle createProfile(@NonNull String name, @NonNull String userType, 4464 @NonNull Set<String> disallowedPackages) throws UserOperationException { 4465 try { 4466 return mService.createProfileForUserWithThrow(name, userType, 0, 4467 mUserId, disallowedPackages.toArray( 4468 new String[disallowedPackages.size()])).getUserHandle(); 4469 } catch (ServiceSpecificException e) { 4470 return returnNullOrThrowUserOperationException(e, 4471 mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.R); 4472 } catch (RemoteException re) { 4473 throw re.rethrowFromSystemServer(); 4474 } 4475 } 4476 4477 /** 4478 * Creates a user with the specified name and options as a profile of another user. 4479 * <p>Requires MANAGE_USERS. CREATE_USERS suffices for ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION 4480 * 4481 * @param name the user's name 4482 * @param flags flags that identify the type of user and other properties. 4483 * @param userId new user will be a profile of this user. 4484 * 4485 * @return the {@link UserInfo} object for the created user, or null if the user 4486 * could not be created. 4487 * @throws IllegalArgumentException if flags do not correspond to a valid user type. 4488 * @deprecated Use {@link #createProfileForUser(String, String, int, int)} instead. 4489 * @hide 4490 */ 4491 @UnsupportedAppUsage 4492 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4493 Manifest.permission.CREATE_USERS}) 4494 @Deprecated createProfileForUser(String name, @UserInfoFlag int flags, @UserIdInt int userId)4495 public UserInfo createProfileForUser(String name, @UserInfoFlag int flags, 4496 @UserIdInt int userId) { 4497 return createProfileForUser(name, UserInfo.getDefaultUserType(flags), flags, 4498 userId, null); 4499 } 4500 4501 /** 4502 * Creates a user with the specified name and options as a profile of another user. 4503 * 4504 * @param name the user's name 4505 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 4506 * @param flags UserInfo flags that specify user properties. 4507 * @param userId new user will be a profile of this user. 4508 * 4509 * @return the {@link UserInfo} object for the created user, or null if the user 4510 * could not be created. 4511 * @hide 4512 */ 4513 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4514 Manifest.permission.CREATE_USERS}) createProfileForUser(String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId)4515 public @Nullable UserInfo createProfileForUser(String name, @NonNull String userType, 4516 @UserInfoFlag int flags, @UserIdInt int userId) { 4517 return createProfileForUser(name, userType, flags, userId, null); 4518 } 4519 4520 /** 4521 * Version of {@link #createProfileForUser(String, String, int, int)} that allows you to specify 4522 * any packages that should not be installed in the new profile by default, these packages can 4523 * still be installed later by the user if needed. 4524 * 4525 * @param name the user's name 4526 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 4527 * @param flags UserInfo flags that specify user properties. 4528 * @param userId new user will be a profile of this user. 4529 * @param disallowedPackages packages that will not be installed in the profile being created. 4530 * 4531 * @return the {@link UserInfo} object for the created user, or {@code null} if the user could 4532 * not be created. 4533 * 4534 * @hide 4535 */ 4536 @TestApi 4537 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4538 Manifest.permission.CREATE_USERS}) createProfileForUser(@ullable String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, @Nullable String[] disallowedPackages)4539 public @Nullable UserInfo createProfileForUser(@Nullable String name, @NonNull String userType, 4540 @UserInfoFlag int flags, @UserIdInt int userId, @Nullable String[] disallowedPackages) { 4541 try { 4542 return mService.createProfileForUserWithThrow(name, userType, flags, userId, 4543 disallowedPackages); 4544 } catch (ServiceSpecificException e) { 4545 return null; 4546 } catch (RemoteException re) { 4547 throw re.rethrowFromSystemServer(); 4548 } 4549 } 4550 4551 /** 4552 * Similar to {@link #createProfileForUser(String, String, int, int, String[])} 4553 * except bypassing the checking of {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}. 4554 * 4555 * @see #createProfileForUser(String, String, int, int, String[]) 4556 * @hide 4557 */ 4558 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4559 Manifest.permission.CREATE_USERS}) createProfileForUserEvenWhenDisallowed(String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, String[] disallowedPackages)4560 public @Nullable UserInfo createProfileForUserEvenWhenDisallowed(String name, 4561 @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, 4562 String[] disallowedPackages) { 4563 try { 4564 return mService.createProfileForUserEvenWhenDisallowedWithThrow(name, userType, flags, 4565 userId, disallowedPackages); 4566 } catch (ServiceSpecificException e) { 4567 return null; 4568 } catch (RemoteException re) { 4569 throw re.rethrowFromSystemServer(); 4570 } 4571 } 4572 4573 /** 4574 * Creates a restricted profile with the specified name. This method also sets necessary 4575 * restrictions and adds shared accounts (with the context user). 4576 * 4577 * @param name profile's name 4578 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 4579 * could not be created. 4580 * 4581 * @hide 4582 */ 4583 @TestApi 4584 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4585 Manifest.permission.CREATE_USERS}) 4586 @UserHandleAware createRestrictedProfile(@ullable String name)4587 public @Nullable UserInfo createRestrictedProfile(@Nullable String name) { 4588 try { 4589 final int parentUserId = mUserId; 4590 final UserInfo profile = mService.createRestrictedProfileWithThrow(name, parentUserId); 4591 final UserHandle parentUserHandle = UserHandle.of(parentUserId); 4592 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle, 4593 UserHandle.of(profile.id)); 4594 return profile; 4595 } catch (ServiceSpecificException e) { 4596 return null; 4597 } catch (RemoteException re) { 4598 throw re.rethrowFromSystemServer(); 4599 } 4600 } 4601 4602 /** 4603 * Returns an intent to create a user for the provided name and account name. The name 4604 * and account name will be used when the setup process for the new user is started. 4605 * <p> 4606 * The intent should be launched using startActivityForResult and the return result will 4607 * indicate if the user consented to adding a new user and if the operation succeeded. Any 4608 * errors in creating the user will be returned in the result code. If the user cancels the 4609 * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the 4610 * result code will be {@link Activity#RESULT_OK}. 4611 * <p> 4612 * Use {@link #supportsMultipleUsers()} to first check if the device supports this operation 4613 * at all. 4614 * <p> 4615 * The new user is created but not initialized. After switching into the user for the first 4616 * time, the preferred user name and account information are used by the setup process for that 4617 * user. 4618 * 4619 * This API should only be called if the current user is an {@link #isAdminUser() admin} user, 4620 * as otherwise the returned intent will not be able to create a user. 4621 * 4622 * @param userName Optional name to assign to the user. Character limit is 100. 4623 * @param accountName Optional account name that will be used by the setup wizard to initialize 4624 * the user. Character limit is 500. 4625 * @param accountType Optional account type for the account to be created. This is required 4626 * if the account name is specified. Character limit is 500. 4627 * @param accountOptions Optional bundle of data to be passed in during account creation in the 4628 * new user via {@link AccountManager#addAccount(String, String, String[], 4629 * Bundle, android.app.Activity, android.accounts.AccountManagerCallback, 4630 * Handler)}. Character limit is 1000. 4631 * @return An Intent that can be launched from an Activity. 4632 * @see #USER_CREATION_FAILED_NOT_PERMITTED 4633 * @see #USER_CREATION_FAILED_NO_MORE_USERS 4634 * @see #supportsMultipleUsers 4635 */ createUserCreationIntent(@ullable String userName, @Nullable String accountName, @Nullable String accountType, @Nullable PersistableBundle accountOptions)4636 public static Intent createUserCreationIntent(@Nullable String userName, 4637 @Nullable String accountName, 4638 @Nullable String accountType, @Nullable PersistableBundle accountOptions) { 4639 Intent intent = new Intent(ACTION_CREATE_USER); 4640 if (userName != null) { 4641 intent.putExtra(EXTRA_USER_NAME, userName); 4642 } 4643 if (accountName != null && accountType == null) { 4644 throw new IllegalArgumentException("accountType must be specified if accountName is " 4645 + "specified"); 4646 } 4647 if (accountName != null) { 4648 intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName); 4649 } 4650 if (accountType != null) { 4651 intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType); 4652 } 4653 if (accountOptions != null) { 4654 intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions); 4655 } 4656 return intent; 4657 } 4658 4659 /** 4660 * Returns the list of the system packages that would be installed on this type of user upon 4661 * its creation. 4662 * 4663 * Returns {@code null} if all system packages would be installed. 4664 * 4665 * @hide 4666 */ 4667 @TestApi 4668 @SuppressLint("NullableCollection") 4669 @RequiresPermission(anyOf = { 4670 android.Manifest.permission.MANAGE_USERS, 4671 android.Manifest.permission.CREATE_USERS 4672 }) getPreInstallableSystemPackages(@onNull String userType)4673 public @Nullable Set<String> getPreInstallableSystemPackages(@NonNull String userType) { 4674 try { 4675 final String[] installableSystemPackages 4676 = mService.getPreInstallableSystemPackages(userType); 4677 if (installableSystemPackages == null) { 4678 return null; 4679 } 4680 return new ArraySet<>(installableSystemPackages); 4681 } catch (RemoteException re) { 4682 throw re.rethrowFromSystemServer(); 4683 } 4684 } 4685 4686 /** 4687 * @hide 4688 * 4689 * Returns the preferred account name for the context user's creation. 4690 */ 4691 @SystemApi 4692 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 4693 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) getSeedAccountName()4694 public String getSeedAccountName() { 4695 try { 4696 return mService.getSeedAccountName(getContextUserIfAppropriate()); 4697 } catch (RemoteException re) { 4698 throw re.rethrowFromSystemServer(); 4699 } 4700 } 4701 4702 /** 4703 * @hide 4704 * 4705 * Returns the preferred account type for the context user's creation. 4706 */ 4707 @SystemApi 4708 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 4709 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) getSeedAccountType()4710 public String getSeedAccountType() { 4711 try { 4712 return mService.getSeedAccountType(getContextUserIfAppropriate()); 4713 } catch (RemoteException re) { 4714 throw re.rethrowFromSystemServer(); 4715 } 4716 } 4717 4718 /** 4719 * @hide 4720 * 4721 * Returns the preferred account's options bundle for user creation. 4722 * @return Any options set by the requestor that created the context user. 4723 */ 4724 @SystemApi 4725 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 4726 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) getSeedAccountOptions()4727 public PersistableBundle getSeedAccountOptions() { 4728 try { 4729 return mService.getSeedAccountOptions(getContextUserIfAppropriate()); 4730 } catch (RemoteException re) { 4731 throw re.rethrowFromSystemServer(); 4732 } 4733 } 4734 4735 /** 4736 * @hide 4737 * 4738 * Called by a system activity to set the seed account information of a user created 4739 * through the user creation intent. 4740 * @param userId 4741 * @param accountName 4742 * @param accountType 4743 * @param accountOptions 4744 * @see #createUserCreationIntent(String, String, String, PersistableBundle) 4745 */ 4746 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setSeedAccountData(int userId, String accountName, String accountType, PersistableBundle accountOptions)4747 public void setSeedAccountData(int userId, String accountName, String accountType, 4748 PersistableBundle accountOptions) { 4749 try { 4750 mService.setSeedAccountData(userId, accountName, accountType, accountOptions, 4751 /* persist= */ true); 4752 } catch (RemoteException re) { 4753 throw re.rethrowFromSystemServer(); 4754 } 4755 } 4756 4757 /** 4758 * @hide 4759 * Clears the seed information used to create the context user. 4760 */ 4761 @SystemApi 4762 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 4763 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) clearSeedAccountData()4764 public void clearSeedAccountData() { 4765 try { 4766 mService.clearSeedAccountData(getContextUserIfAppropriate()); 4767 } catch (RemoteException re) { 4768 throw re.rethrowFromSystemServer(); 4769 } 4770 } 4771 4772 /** 4773 * @hide 4774 * Marks the guest user for deletion to allow a new guest to be created before deleting 4775 * the current user who is a guest. 4776 * @param userId 4777 * @return 4778 */ 4779 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) markGuestForDeletion(@serIdInt int userId)4780 public boolean markGuestForDeletion(@UserIdInt int userId) { 4781 try { 4782 return mService.markGuestForDeletion(userId); 4783 } catch (RemoteException re) { 4784 throw re.rethrowFromSystemServer(); 4785 } 4786 } 4787 4788 /** 4789 * Sets the user as enabled, if such an user exists. 4790 * 4791 * <p>Note that the default is true, it's only that managed profiles might not be enabled. 4792 * (Managed profiles created by DevicePolicyManager will start out disabled, and DPM will later 4793 * toggle them to enabled once they are provisioned. This is the primary purpose of the 4794 * {@link UserInfo#FLAG_DISABLED} flag.) 4795 * Also ephemeral users can be disabled to indicate that their removal is in progress and they 4796 * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled. 4797 * 4798 * @param userId the id of the profile to enable 4799 * @hide 4800 */ 4801 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserEnabled(@serIdInt int userId)4802 public void setUserEnabled(@UserIdInt int userId) { 4803 try { 4804 mService.setUserEnabled(userId); 4805 } catch (RemoteException re) { 4806 throw re.rethrowFromSystemServer(); 4807 } 4808 } 4809 4810 /** 4811 * Assigns admin privileges to the user, if such a user exists. 4812 * 4813 * <p>Note that this does not alter the user's pre-existing user restrictions. 4814 * 4815 * @param userId the id of the user to become admin 4816 * @hide 4817 */ 4818 @RequiresPermission(allOf = { 4819 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 4820 Manifest.permission.MANAGE_USERS 4821 }) setUserAdmin(@serIdInt int userId)4822 public void setUserAdmin(@UserIdInt int userId) { 4823 try { 4824 mService.setUserAdmin(userId); 4825 } catch (RemoteException re) { 4826 throw re.rethrowFromSystemServer(); 4827 } 4828 } 4829 4830 /** 4831 * Revokes admin privileges from the user, if such a user exists. 4832 * 4833 * <p>Note that this does not alter the user's pre-existing user restrictions. 4834 * 4835 * @param userId the id of the user to revoke admin rights from 4836 * @hide 4837 */ 4838 @RequiresPermission(allOf = { 4839 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 4840 Manifest.permission.MANAGE_USERS 4841 }) revokeUserAdmin(@serIdInt int userId)4842 public void revokeUserAdmin(@UserIdInt int userId) { 4843 try { 4844 mService.revokeUserAdmin(userId); 4845 } catch (RemoteException re) { 4846 throw re.rethrowFromSystemServer(); 4847 } 4848 } 4849 4850 /** 4851 * Evicts the user's credential encryption key from memory by stopping and restarting the user. 4852 * 4853 * @hide 4854 */ 4855 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) evictCredentialEncryptionKey(@serIdInt int userId)4856 public void evictCredentialEncryptionKey(@UserIdInt int userId) { 4857 try { 4858 mService.evictCredentialEncryptionKey(userId); 4859 } catch (RemoteException re) { 4860 throw re.rethrowFromSystemServer(); 4861 } 4862 } 4863 4864 /** 4865 * Return the number of users currently created on the device. 4866 */ 4867 @RequiresPermission(anyOf = { 4868 android.Manifest.permission.MANAGE_USERS, 4869 android.Manifest.permission.CREATE_USERS 4870 }) getUserCount()4871 public int getUserCount() { 4872 List<UserInfo> users = getUsers(); 4873 return users != null ? users.size() : 1; 4874 } 4875 4876 /** 4877 * Returns information for all fully-created users on this device, including ones marked for 4878 * deletion. 4879 * 4880 * <p>To retrieve only users that are not marked for deletion, use {@link #getAliveUsers()}. 4881 * 4882 * <p>To retrieve *all* users (including partial and pre-created users), use 4883 * {@link #getUsers(boolean, boolean, boolean)) getUsers(false, false, false)}. 4884 * 4885 * <p>To retrieve a more specific list of users, use 4886 * {@link #getUsers(boolean, boolean, boolean)}. 4887 * 4888 * @return the list of users that were created. 4889 * 4890 * @hide 4891 */ 4892 @UnsupportedAppUsage 4893 @RequiresPermission(anyOf = { 4894 android.Manifest.permission.MANAGE_USERS, 4895 android.Manifest.permission.CREATE_USERS 4896 }) 4897 @TestApi getUsers()4898 public @NonNull List<UserInfo> getUsers() { 4899 return getUsers(/*excludePartial= */ true, /* excludeDying= */ false, 4900 /* excludePreCreated= */ true); 4901 } 4902 4903 /** 4904 * Returns information for all "usable" users on this device (i.e, it excludes users that are 4905 * marked for deletion, pre-created users, etc...). 4906 * 4907 * <p>To retrieve all fully-created users, use {@link #getUsers()}. 4908 * 4909 * <p>To retrieve a more specific list of users, use 4910 * {@link #getUsers(boolean, boolean, boolean)}. 4911 * 4912 * @return the list of users that were created. 4913 * @hide 4914 */ 4915 @RequiresPermission(anyOf = { 4916 android.Manifest.permission.MANAGE_USERS, 4917 android.Manifest.permission.CREATE_USERS 4918 }) 4919 @TestApi getAliveUsers()4920 public @NonNull List<UserInfo> getAliveUsers() { 4921 return getUsers(/*excludePartial= */ true, /* excludeDying= */ true, 4922 /* excludePreCreated= */ true); 4923 } 4924 4925 /** 4926 * @deprecated use {@link #getAliveUsers()} for {@code getUsers(true)}, or 4927 * {@link #getUsers()} for @code getUsers(false)}. 4928 * 4929 * @hide 4930 */ 4931 @Deprecated 4932 @UnsupportedAppUsage 4933 @RequiresPermission(anyOf = { 4934 android.Manifest.permission.MANAGE_USERS, 4935 android.Manifest.permission.CREATE_USERS 4936 }) getUsers(boolean excludeDying)4937 public @NonNull List<UserInfo> getUsers(boolean excludeDying) { 4938 return getUsers(/*excludePartial= */ true, excludeDying, 4939 /* excludePreCreated= */ true); 4940 } 4941 4942 /** 4943 * Returns information for all users on this device, based on the filtering parameters. 4944 * 4945 * @deprecated Pre-created users are deprecated and no longer supported. 4946 * Use {@link #getUsers()}, or {@link #getAliveUsers()} instead. 4947 * @hide 4948 */ 4949 @Deprecated 4950 @TestApi 4951 @RequiresPermission(anyOf = { 4952 android.Manifest.permission.MANAGE_USERS, 4953 android.Manifest.permission.CREATE_USERS 4954 }) getUsers(boolean excludePartial, boolean excludeDying, boolean excludePreCreated)4955 public @NonNull List<UserInfo> getUsers(boolean excludePartial, boolean excludeDying, 4956 boolean excludePreCreated) { 4957 try { 4958 return mService.getUsers(excludePartial, excludeDying, excludePreCreated); 4959 } catch (RemoteException re) { 4960 throw re.rethrowFromSystemServer(); 4961 } 4962 } 4963 4964 /** 4965 * Returns the user handles for all users on this device, based on the filtering parameters. 4966 * 4967 * @param excludeDying specify if the list should exclude users being removed. 4968 * @return the list of user handles. 4969 * @hide 4970 */ 4971 @SystemApi 4972 @RequiresPermission(anyOf = { 4973 android.Manifest.permission.MANAGE_USERS, 4974 android.Manifest.permission.CREATE_USERS 4975 }) getUserHandles(boolean excludeDying)4976 public @NonNull List<UserHandle> getUserHandles(boolean excludeDying) { 4977 List<UserInfo> users = getUsers(/* excludePartial= */ true, excludeDying, 4978 /* excludePreCreated= */ true); 4979 List<UserHandle> result = new ArrayList<>(users.size()); 4980 for (UserInfo user : users) { 4981 result.add(user.getUserHandle()); 4982 } 4983 return result; 4984 } 4985 4986 /** 4987 * Returns serial numbers of all users on this device. 4988 * 4989 * @param excludeDying specify if the list should exclude users being removed. 4990 * @return the list of serial numbers of users that exist on the device. 4991 * @hide 4992 */ 4993 @SystemApi 4994 @RequiresPermission(anyOf = { 4995 android.Manifest.permission.MANAGE_USERS, 4996 android.Manifest.permission.CREATE_USERS 4997 }) getSerialNumbersOfUsers(boolean excludeDying)4998 public long[] getSerialNumbersOfUsers(boolean excludeDying) { 4999 List<UserInfo> users = getUsers(/* excludePartial= */ true, excludeDying, 5000 /* excludePreCreated= */ true); 5001 long[] result = new long[users.size()]; 5002 for (int i = 0; i < result.length; i++) { 5003 result[i] = users.get(i).serialNumber; 5004 } 5005 return result; 5006 } 5007 5008 /** 5009 * @return the user's account name, null if not found. 5010 * @hide 5011 */ 5012 @RequiresPermission( allOf = { 5013 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 5014 Manifest.permission.MANAGE_USERS 5015 }) getUserAccount(@serIdInt int userId)5016 public @Nullable String getUserAccount(@UserIdInt int userId) { 5017 try { 5018 return mService.getUserAccount(userId); 5019 } catch (RemoteException re) { 5020 throw re.rethrowFromSystemServer(); 5021 } 5022 } 5023 5024 /** 5025 * Set account name for the given user. 5026 * @hide 5027 */ 5028 @RequiresPermission( allOf = { 5029 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 5030 Manifest.permission.MANAGE_USERS 5031 }) setUserAccount(@serIdInt int userId, @Nullable String accountName)5032 public void setUserAccount(@UserIdInt int userId, @Nullable String accountName) { 5033 try { 5034 mService.setUserAccount(userId, accountName); 5035 } catch (RemoteException re) { 5036 throw re.rethrowFromSystemServer(); 5037 } 5038 } 5039 5040 /** 5041 * Returns information for Primary user (which in practice is the same as the System user). 5042 * 5043 * @return the Primary user, null if not found. 5044 * @deprecated For the system user, call {@link #getUserInfo} on {@link UserHandle#USER_SYSTEM}, 5045 * or just use {@link UserHandle#SYSTEM} or {@link UserHandle#USER_SYSTEM}. 5046 * For the designated MainUser, use {@link #getMainUser()}. 5047 * 5048 * @hide 5049 */ 5050 @Deprecated 5051 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getPrimaryUser()5052 public @Nullable UserInfo getPrimaryUser() { 5053 try { 5054 return mService.getPrimaryUser(); 5055 } catch (RemoteException re) { 5056 throw re.rethrowFromSystemServer(); 5057 } 5058 } 5059 5060 /** 5061 * Returns the user who was last in the foreground, not including the current user and not 5062 * including profiles. 5063 * 5064 * <p>Returns {@code null} if there is no previous user, for example if there 5065 * is only one full user (i.e. only one user which is not a profile) on the device. 5066 * 5067 * <p>This method may be used for example to find the user to switch back to if the 5068 * current user is removed, or if creating a new user is aborted. 5069 * 5070 * <p>Note that reboots do not interrupt this calculation; the previous user need not have 5071 * used the device since it rebooted. 5072 * 5073 * <p>Note also that on devices that support multiple users on multiple displays, it is possible 5074 * that the returned user will be visible on a secondary display, as the foreground user is the 5075 * one associated with the main display. 5076 * 5077 * @hide 5078 */ 5079 @SystemApi 5080 @RequiresPermission(anyOf = { 5081 android.Manifest.permission.MANAGE_USERS, 5082 android.Manifest.permission.CREATE_USERS, 5083 android.Manifest.permission.QUERY_USERS 5084 }) getPreviousForegroundUser()5085 public @Nullable UserHandle getPreviousForegroundUser() { 5086 try { 5087 final int previousUser = mService.getPreviousFullUserToEnterForeground(); 5088 if (previousUser == UserHandle.USER_NULL) { 5089 return null; 5090 } 5091 return UserHandle.of(previousUser); 5092 } catch (RemoteException re) { 5093 throw re.rethrowFromSystemServer(); 5094 } 5095 } 5096 5097 /** 5098 * Checks whether it's possible to add more users. 5099 * 5100 * @return true if more users can be added, false if limit has been reached. 5101 * 5102 * @deprecated use {@link #canAddMoreUsers(String)} instead. 5103 * 5104 * @hide 5105 */ 5106 @Deprecated 5107 @RequiresPermission(anyOf = { 5108 android.Manifest.permission.MANAGE_USERS, 5109 android.Manifest.permission.CREATE_USERS 5110 }) canAddMoreUsers()5111 public boolean canAddMoreUsers() { 5112 // TODO(b/142482943): UMS has different logic, excluding Demo and Profile from counting. Why 5113 // not here? The logic is inconsistent. See UMS.canAddMoreManagedProfiles 5114 final List<UserInfo> users = getAliveUsers(); 5115 final int totalUserCount = users.size(); 5116 int aliveUserCount = 0; 5117 for (int i = 0; i < totalUserCount; i++) { 5118 UserInfo user = users.get(i); 5119 if (!user.isGuest()) { 5120 aliveUserCount++; 5121 } 5122 } 5123 return aliveUserCount < getMaxSupportedUsers(); 5124 } 5125 5126 /** 5127 * Checks whether it is possible to add more users of the given user type. 5128 * 5129 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_SECONDARY}. 5130 * @return true if more users of the given type can be added, otherwise false. 5131 * @hide 5132 */ 5133 @RequiresPermission(anyOf = { 5134 android.Manifest.permission.MANAGE_USERS, 5135 android.Manifest.permission.CREATE_USERS 5136 }) canAddMoreUsers(@onNull String userType)5137 public boolean canAddMoreUsers(@NonNull String userType) { 5138 try { 5139 if (userType.equals(USER_TYPE_FULL_GUEST)) { 5140 return mService.canAddMoreUsersOfType(userType); 5141 } else { 5142 return canAddMoreUsers() && mService.canAddMoreUsersOfType(userType); 5143 } 5144 } catch (RemoteException re) { 5145 throw re.rethrowFromSystemServer(); 5146 } 5147 } 5148 5149 /** 5150 * Returns the remaining number of users of the given type that can be created. 5151 * 5152 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_SECONDARY}. 5153 * @return how many additional users can be created. 5154 * @hide 5155 */ 5156 @SystemApi 5157 @RequiresPermission(anyOf = { 5158 android.Manifest.permission.MANAGE_USERS, 5159 android.Manifest.permission.CREATE_USERS, 5160 android.Manifest.permission.QUERY_USERS 5161 }) getRemainingCreatableUserCount(@onNull String userType)5162 public int getRemainingCreatableUserCount(@NonNull String userType) { 5163 Objects.requireNonNull(userType, "userType must not be null"); 5164 try { 5165 return mService.getRemainingCreatableUserCount(userType); 5166 } catch (RemoteException re) { 5167 throw re.rethrowFromSystemServer(); 5168 } 5169 } 5170 5171 /** 5172 * Returns the remaining number of profiles that can be added to the context user. 5173 * <p>Note that is applicable to any profile type (currently not including Restricted profiles). 5174 * 5175 * @param userType the type of profile, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 5176 * @return how many additional profiles can be created. 5177 * @hide 5178 */ 5179 @SystemApi 5180 @RequiresPermission(anyOf = { 5181 android.Manifest.permission.MANAGE_USERS, 5182 android.Manifest.permission.CREATE_USERS, 5183 android.Manifest.permission.QUERY_USERS 5184 }) 5185 @UserHandleAware getRemainingCreatableProfileCount(@onNull String userType)5186 public int getRemainingCreatableProfileCount(@NonNull String userType) { 5187 Objects.requireNonNull(userType, "userType must not be null"); 5188 try { 5189 // TODO(b/142482943): Perhaps let the following code apply to restricted users too. 5190 return mService.getRemainingCreatableProfileCount(userType, mUserId); 5191 } catch (RemoteException re) { 5192 throw re.rethrowFromSystemServer(); 5193 } 5194 } 5195 5196 /** 5197 * Checks whether it's possible to add more managed profiles. 5198 * if allowedToRemoveOne is true and if the user already has a managed profile, then return if 5199 * we could add a new managed profile to this user after removing the existing one. 5200 * 5201 * @return true if more managed profiles can be added, false if limit has been reached. 5202 * @hide 5203 */ 5204 @RequiresPermission(anyOf = { 5205 android.Manifest.permission.MANAGE_USERS, 5206 android.Manifest.permission.CREATE_USERS, 5207 android.Manifest.permission.QUERY_USERS 5208 }) canAddMoreManagedProfiles(@serIdInt int userId, boolean allowedToRemoveOne)5209 public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) { 5210 try { 5211 return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne); 5212 } catch (RemoteException re) { 5213 throw re.rethrowFromSystemServer(); 5214 } 5215 } 5216 5217 /** 5218 * Checks whether it's possible to add more profiles of the given type to the given user. 5219 * 5220 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 5221 * @return true if more profiles can be added, false if limit has been reached. 5222 * @hide 5223 */ 5224 @RequiresPermission(anyOf = { 5225 android.Manifest.permission.MANAGE_USERS, 5226 android.Manifest.permission.CREATE_USERS, 5227 android.Manifest.permission.QUERY_USERS 5228 }) canAddMoreProfilesToUser(@onNull String userType, @UserIdInt int userId)5229 public boolean canAddMoreProfilesToUser(@NonNull String userType, @UserIdInt int userId) { 5230 try { 5231 return mService.canAddMoreProfilesToUser(userType, userId, false); 5232 } catch (RemoteException re) { 5233 throw re.rethrowFromSystemServer(); 5234 } 5235 } 5236 5237 /** 5238 * Checks whether this device supports users of the given user type. 5239 * 5240 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_SECONDARY}. 5241 * @return true if the creation of users of the given user type is enabled on this device. 5242 * @hide 5243 */ 5244 @TestApi 5245 @RequiresPermission(anyOf = { 5246 android.Manifest.permission.MANAGE_USERS, 5247 android.Manifest.permission.CREATE_USERS 5248 }) isUserTypeEnabled(@onNull String userType)5249 public boolean isUserTypeEnabled(@NonNull String userType) { 5250 try { 5251 return mService.isUserTypeEnabled(userType); 5252 } catch (RemoteException re) { 5253 throw re.rethrowFromSystemServer(); 5254 } 5255 } 5256 5257 /** 5258 * Returns list of the profiles of userId including userId itself. 5259 * Note that this returns both enabled and not enabled profiles. See 5260 * {@link #getEnabledProfiles(int)} if you need only the enabled ones. 5261 * <p>Note that this includes all profile types (not including Restricted profiles). 5262 * 5263 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} or 5264 * {@link android.Manifest.permission#CREATE_USERS} or 5265 * {@link android.Manifest.permission#QUERY_USERS} if userId is not the calling user. 5266 * @param userId profiles of this user will be returned. 5267 * @return the list of profiles. 5268 * @hide 5269 */ 5270 @UnsupportedAppUsage 5271 @RequiresPermission(anyOf = { 5272 Manifest.permission.MANAGE_USERS, 5273 Manifest.permission.CREATE_USERS, 5274 Manifest.permission.QUERY_USERS}, conditional = true) getProfiles(@serIdInt int userId)5275 public List<UserInfo> getProfiles(@UserIdInt int userId) { 5276 try { 5277 return mService.getProfiles(userId, false /* enabledOnly */); 5278 } catch (RemoteException re) { 5279 throw re.rethrowFromSystemServer(); 5280 } 5281 } 5282 5283 /** 5284 * Returns list of the profiles of the given user, including userId itself, as well as the 5285 * communal profile, if there is one. 5286 * 5287 * <p>Note that this returns both enabled and not enabled profiles. 5288 * <p>Note that this includes all profile types (not including Restricted profiles). 5289 * 5290 * @hide 5291 */ 5292 @FlaggedApi(android.multiuser.Flags.FLAG_SUPPORT_COMMUNAL_PROFILE) 5293 @RequiresPermission(anyOf = { 5294 Manifest.permission.MANAGE_USERS, 5295 Manifest.permission.CREATE_USERS, 5296 Manifest.permission.QUERY_USERS}) getProfilesIncludingCommunal(@serIdInt int userId)5297 public List<UserInfo> getProfilesIncludingCommunal(@UserIdInt int userId) { 5298 final List<UserInfo> profiles = getProfiles(userId); 5299 final UserHandle communalProfile = getCommunalProfile(); 5300 if (communalProfile != null) { 5301 final UserInfo communalInfo = getUserInfo(communalProfile.getIdentifier()); 5302 if (communalInfo != null) { 5303 profiles.add(communalInfo); 5304 } 5305 } 5306 return profiles; 5307 } 5308 5309 /** 5310 * Checks if the 2 provided user handles belong to the same profile group. 5311 * 5312 * @param user one of the two user handles to check. 5313 * @param otherUser one of the two user handles to check. 5314 * @return true if the two users are in the same profile group. 5315 * 5316 * @hide 5317 */ 5318 @SystemApi 5319 @RequiresPermission(anyOf = { 5320 android.Manifest.permission.MANAGE_USERS, 5321 android.Manifest.permission.QUERY_USERS}) isSameProfileGroup(@onNull UserHandle user, @NonNull UserHandle otherUser)5322 public boolean isSameProfileGroup(@NonNull UserHandle user, @NonNull UserHandle otherUser) { 5323 return isSameProfileGroup(user.getIdentifier(), otherUser.getIdentifier()); 5324 } 5325 5326 /** 5327 * Checks if the 2 provided user ids belong to the same profile group. 5328 * @param userId one of the two user ids to check. 5329 * @param otherUserId one of the two user ids to check. 5330 * @return true if the two user ids are in the same profile group. 5331 * @hide 5332 */ 5333 @RequiresPermission(anyOf = { 5334 android.Manifest.permission.MANAGE_USERS, 5335 android.Manifest.permission.QUERY_USERS}) isSameProfileGroup(@serIdInt int userId, int otherUserId)5336 public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) { 5337 try { 5338 return mService.isSameProfileGroup(userId, otherUserId); 5339 } catch (RemoteException re) { 5340 throw re.rethrowFromSystemServer(); 5341 } 5342 } 5343 5344 /** 5345 * Returns list of the profiles of userId including userId itself. 5346 * Note that this returns only {@link UserInfo#isEnabled() enabled} profiles. 5347 * <p>Note that this includes all profile types (not including Restricted profiles). 5348 * 5349 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} or 5350 * {@link android.Manifest.permission#CREATE_USERS} or 5351 * {@link android.Manifest.permission#QUERY_USERS} if userId is not the calling user. 5352 * @param userId profiles of this user will be returned. 5353 * @return the list of profiles. 5354 * @deprecated use {@link #getUserProfiles()} instead. 5355 * 5356 * @hide 5357 */ 5358 @Deprecated 5359 @UnsupportedAppUsage 5360 @RequiresPermission(anyOf = { 5361 Manifest.permission.MANAGE_USERS, 5362 Manifest.permission.CREATE_USERS, 5363 Manifest.permission.QUERY_USERS}, conditional = true) getEnabledProfiles(@serIdInt int userId)5364 public List<UserInfo> getEnabledProfiles(@UserIdInt int userId) { 5365 try { 5366 return mService.getProfiles(userId, true /* enabledOnly */); 5367 } catch (RemoteException re) { 5368 throw re.rethrowFromSystemServer(); 5369 } 5370 } 5371 5372 /** 5373 * Returns a list of UserHandles for profiles associated with the context user, including the 5374 * user itself. 5375 * <p>Note that this includes all profile types (not including Restricted profiles). 5376 * 5377 * @return A non-empty list of UserHandles associated with the context user. 5378 */ 5379 @UserHandleAware( 5380 enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU, 5381 requiresAnyOfPermissionsIfNotCaller = { 5382 Manifest.permission.MANAGE_USERS, 5383 Manifest.permission.CREATE_USERS, 5384 Manifest.permission.QUERY_USERS}) getUserProfiles()5385 public List<UserHandle> getUserProfiles() { 5386 int[] userIds = getProfileIds(getContextUserIfAppropriate(), true /* enabledOnly */); 5387 return convertUserIdsToUserHandles(userIds); 5388 } 5389 5390 /** 5391 * Returns a list of ids for enabled profiles associated with the context user including the 5392 * user itself. 5393 * <p>Note that this includes all profile types (not including Restricted profiles). 5394 * 5395 * @return A non-empty list of UserHandles associated with the context user. 5396 * @hide 5397 */ 5398 @SystemApi 5399 @UserHandleAware( 5400 requiresAnyOfPermissionsIfNotCaller = { 5401 Manifest.permission.MANAGE_USERS, 5402 Manifest.permission.CREATE_USERS, 5403 Manifest.permission.QUERY_USERS}) getEnabledProfiles()5404 public @NonNull List<UserHandle> getEnabledProfiles() { 5405 return getProfiles(true); 5406 } 5407 5408 /** 5409 * Returns a list of ids for all profiles associated with the context user including the user 5410 * itself. 5411 * <p>Note that this includes all profile types (not including Restricted profiles). 5412 * 5413 * @return A non-empty list of UserHandles associated with the context user. 5414 * @hide 5415 */ 5416 @SystemApi 5417 @UserHandleAware( 5418 requiresAnyOfPermissionsIfNotCaller = { 5419 Manifest.permission.MANAGE_USERS, 5420 Manifest.permission.CREATE_USERS, 5421 Manifest.permission.QUERY_USERS}) getAllProfiles()5422 public @NonNull List<UserHandle> getAllProfiles() { 5423 return getProfiles(false); 5424 } 5425 5426 /** 5427 * Returns a list of ids for profiles associated with the context user including the user 5428 * itself. 5429 * <p>Note that this includes all profile types (not including Restricted profiles). 5430 * 5431 * @param enabledOnly whether to return only {@link UserInfo#isEnabled() enabled} profiles 5432 * @return A non-empty list of UserHandles associated with the context user. 5433 */ 5434 @UserHandleAware( 5435 requiresAnyOfPermissionsIfNotCaller = { 5436 Manifest.permission.MANAGE_USERS, 5437 Manifest.permission.CREATE_USERS, 5438 Manifest.permission.QUERY_USERS}) getProfiles(boolean enabledOnly)5439 private @NonNull List<UserHandle> getProfiles(boolean enabledOnly) { 5440 final int[] userIds = getProfileIds(mUserId, enabledOnly); 5441 return convertUserIdsToUserHandles(userIds); 5442 } 5443 5444 /** Converts the given array of userIds to a List of UserHandles. */ convertUserIdsToUserHandles(@onNull int[] userIds)5445 private @NonNull List<UserHandle> convertUserIdsToUserHandles(@NonNull int[] userIds) { 5446 final List<UserHandle> result = new ArrayList<>(userIds.length); 5447 for (int userId : userIds) { 5448 result.add(UserHandle.of(userId)); 5449 } 5450 return result; 5451 } 5452 5453 /** 5454 * Returns a list of ids for profiles associated with the specified user including the user 5455 * itself. 5456 * <p>Note that this includes all profile types (not including Restricted profiles). 5457 * 5458 * @param userId id of the user to return profiles for 5459 * @param enabledOnly whether return only {@link UserInfo#isEnabled() enabled} profiles 5460 * @return A non-empty list of ids of profiles associated with the specified user. 5461 * 5462 * @hide 5463 */ 5464 @RequiresPermission(anyOf = { 5465 Manifest.permission.MANAGE_USERS, 5466 Manifest.permission.CREATE_USERS, 5467 Manifest.permission.QUERY_USERS}, conditional = true) getProfileIds(@serIdInt int userId, boolean enabledOnly)5468 public @NonNull int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) { 5469 try { 5470 return mService.getProfileIds(userId, enabledOnly); 5471 } catch (RemoteException re) { 5472 throw re.rethrowFromSystemServer(); 5473 } 5474 } 5475 5476 /** 5477 * @see #getProfileIds(int, boolean) 5478 * @hide 5479 */ 5480 @UnsupportedAppUsage 5481 @RequiresPermission(anyOf = { 5482 Manifest.permission.MANAGE_USERS, 5483 Manifest.permission.CREATE_USERS, 5484 Manifest.permission.QUERY_USERS}, conditional = true) getProfileIdsWithDisabled(@serIdInt int userId)5485 public int[] getProfileIdsWithDisabled(@UserIdInt int userId) { 5486 return getProfileIds(userId, false /* enabledOnly */); 5487 } 5488 5489 /** 5490 * @see #getProfileIds(int, boolean) 5491 * @hide 5492 */ 5493 @RequiresPermission(anyOf = { 5494 Manifest.permission.MANAGE_USERS, 5495 Manifest.permission.CREATE_USERS, 5496 Manifest.permission.QUERY_USERS}, conditional = true) getEnabledProfileIds(@serIdInt int userId)5497 public int[] getEnabledProfileIds(@UserIdInt int userId) { 5498 return getProfileIds(userId, true /* enabledOnly */); 5499 } 5500 5501 /** 5502 * @return A list of ids of profiles associated with the specified user excluding those with 5503 * {@link UserProperties#getProfileApiVisibility()} set to hidden. The returned list includes 5504 * the user itself. 5505 * @hide 5506 * @see #getProfileIds(int, boolean) 5507 */ 5508 @RequiresPermission(anyOf = { 5509 Manifest.permission.MANAGE_USERS, 5510 Manifest.permission.CREATE_USERS, 5511 Manifest.permission.QUERY_USERS}, conditional = true) getProfileIdsExcludingHidden(@serIdInt int userId, boolean enabled)5512 public int[] getProfileIdsExcludingHidden(@UserIdInt int userId, boolean enabled) { 5513 try { 5514 return mService.getProfileIdsExcludingHidden(userId, enabled); 5515 } catch (RemoteException re) { 5516 throw re.rethrowFromSystemServer(); 5517 } 5518 } 5519 5520 /** 5521 * Returns the device credential owner id of the profile from 5522 * which this method is called, or userId if called from a user that 5523 * is not a profile. 5524 * 5525 * @hide 5526 */ 5527 @RequiresPermission(Manifest.permission.MANAGE_USERS) getCredentialOwnerProfile(@serIdInt int userId)5528 public int getCredentialOwnerProfile(@UserIdInt int userId) { 5529 try { 5530 return mService.getCredentialOwnerProfile(userId); 5531 } catch (RemoteException re) { 5532 throw re.rethrowFromSystemServer(); 5533 } 5534 } 5535 5536 /** 5537 * Returns the parent of the profile which this method is called from 5538 * or null if it has no parent (e.g. if it is not a profile). 5539 * 5540 * @hide 5541 */ 5542 @UnsupportedAppUsage 5543 @RequiresPermission(anyOf = { 5544 android.Manifest.permission.MANAGE_USERS, 5545 android.Manifest.permission.INTERACT_ACROSS_USERS 5546 }) getProfileParent(@serIdInt int userId)5547 public UserInfo getProfileParent(@UserIdInt int userId) { 5548 try { 5549 return mService.getProfileParent(userId); 5550 } catch (RemoteException re) { 5551 throw re.rethrowFromSystemServer(); 5552 } 5553 } 5554 5555 /** 5556 * Get the parent of a user profile. 5557 * 5558 * @param user the handle of the user profile 5559 * 5560 * @return the parent of the user or {@code null} if the user has no parent 5561 * 5562 * @hide 5563 */ 5564 @SystemApi 5565 @RequiresPermission(anyOf = { 5566 android.Manifest.permission.MANAGE_USERS, 5567 android.Manifest.permission.INTERACT_ACROSS_USERS 5568 }) getProfileParent(@onNull UserHandle user)5569 public @Nullable UserHandle getProfileParent(@NonNull UserHandle user) { 5570 UserInfo info = getProfileParent(user.getIdentifier()); 5571 5572 if (info == null) { 5573 return null; 5574 } 5575 5576 return UserHandle.of(info.id); 5577 } 5578 5579 /** 5580 * Enables or disables quiet mode for a profile. If quiet mode is enabled, apps in the profile 5581 * don't run, generate notifications, or consume data or battery. 5582 * <p> 5583 * If a user's credential is needed to turn off quiet mode, a confirm credential screen will be 5584 * shown to the user. 5585 * <p> 5586 * The change may not happen instantly, however apps can listen for 5587 * {@link Intent#ACTION_MANAGED_PROFILE_AVAILABLE} and 5588 * {@link Intent#ACTION_MANAGED_PROFILE_UNAVAILABLE} broadcasts in order to be notified of 5589 * the change of the quiet mode for managed profile. 5590 * Apps can listen to generic broadcasts {@link Intent#ACTION_PROFILE_AVAILABLE} and 5591 * {@link Intent#ACTION_PROFILE_UNAVAILABLE} to be notified of the change in quiet mode for 5592 * any profiles. Apps can also check the current state of quiet mode by calling 5593 * {@link #isQuietModeEnabled(UserHandle)}. 5594 * <p> 5595 * The caller must either be the foreground default launcher or have one of these permissions: 5596 * {@code MANAGE_USERS} or {@code MODIFY_QUIET_MODE}. 5597 * 5598 * @param enableQuietMode whether quiet mode should be enabled or disabled 5599 * @param userHandle user handle of the profile 5600 * @return {@code false} if user's credential is needed in order to turn off quiet mode, 5601 * {@code true} otherwise 5602 * @throws SecurityException if the caller is invalid 5603 * @throws IllegalArgumentException if {@code userHandle} is not a profile 5604 * 5605 * @see #isQuietModeEnabled(UserHandle) 5606 */ 5607 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 5608 Manifest.permission.MODIFY_QUIET_MODE}, conditional = true) requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle)5609 public boolean requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle) { 5610 return requestQuietModeEnabled(enableQuietMode, userHandle, null); 5611 } 5612 5613 /** 5614 * Perform the same operation as {@link #requestQuietModeEnabled(boolean, UserHandle)}, but 5615 * with a flag to tweak the behavior of the request. 5616 * 5617 * @param enableQuietMode whether quiet mode should be enabled or disabled 5618 * @param userHandle user handle of the profile 5619 * @param flags Can be 0 or {@link #QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED}. 5620 * @return {@code false} if user's credential is needed in order to turn off quiet mode, 5621 * {@code true} otherwise 5622 * @throws SecurityException if the caller is invalid 5623 * @throws IllegalArgumentException if {@code userHandle} is not a managed profile 5624 * 5625 * @see #isQuietModeEnabled(UserHandle) 5626 */ requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle, @QuietModeFlag int flags)5627 public boolean requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle, 5628 @QuietModeFlag int flags) { 5629 return requestQuietModeEnabled(enableQuietMode, userHandle, null, flags); 5630 } 5631 5632 /** 5633 * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify 5634 * a target to start when user is unlocked. If {@code target} is specified, caller must have 5635 * the {@link android.Manifest.permission#MANAGE_USERS} permission. 5636 * 5637 * @see {@link #requestQuietModeEnabled(boolean, UserHandle)} 5638 * @hide 5639 */ 5640 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) requestQuietModeEnabled( boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target)5641 public boolean requestQuietModeEnabled( 5642 boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target) { 5643 return requestQuietModeEnabled(enableQuietMode, userHandle, target, 0); 5644 } 5645 5646 /** 5647 * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify 5648 * a target to start when user is unlocked. If {@code target} is specified, caller must have 5649 * the {@link android.Manifest.permission#MANAGE_USERS} permission. 5650 * 5651 * @see #requestQuietModeEnabled(boolean, UserHandle) 5652 * @hide 5653 */ requestQuietModeEnabled( boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target, int flags)5654 public boolean requestQuietModeEnabled( 5655 boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target, 5656 int flags) { 5657 try { 5658 return mService.requestQuietModeEnabled( 5659 mContext.getPackageName(), enableQuietMode, userHandle.getIdentifier(), target, 5660 flags); 5661 } catch (RemoteException re) { 5662 throw re.rethrowFromSystemServer(); 5663 } 5664 } 5665 5666 /** 5667 * Returns whether the given profile is in quiet mode or not. 5668 * 5669 * @param userHandle The user handle of the profile to be queried. 5670 * @return true if the profile is in quiet mode, false otherwise. 5671 */ isQuietModeEnabled(UserHandle userHandle)5672 public boolean isQuietModeEnabled(UserHandle userHandle) { 5673 try { 5674 return mService.isQuietModeEnabled(userHandle.getIdentifier()); 5675 } catch (RemoteException re) { 5676 throw re.rethrowFromSystemServer(); 5677 } 5678 } 5679 5680 /** 5681 * Returns whether the given user has a badge (generally to put on profiles' icons). 5682 * 5683 * @param userId userId of the user in question 5684 * @return true if the user's icons should display a badge; false otherwise. 5685 * 5686 * @see #getBadgedIconForUser more information about badging in general 5687 * @hide 5688 */ hasBadge(@serIdInt int userId)5689 public boolean hasBadge(@UserIdInt int userId) { 5690 if (!isProfile(userId)) { 5691 // Since currently only profiles actually have badges, we can do this optimization. 5692 return false; 5693 } 5694 try { 5695 return mService.hasBadge(userId); 5696 } catch (RemoteException re) { 5697 throw re.rethrowFromSystemServer(); 5698 } 5699 } 5700 5701 /** 5702 * Returns whether the user associated with the context has a badge (generally to put on 5703 * profiles' icons). 5704 * 5705 * @return true if the user's icons should display a badge; false otherwise. 5706 * @see #getBadgedIconForUser more information about badging in general 5707 * @hide 5708 */ 5709 @UserHandleAware hasBadge()5710 public boolean hasBadge() { 5711 return hasBadge(mUserId); 5712 } 5713 5714 /** 5715 * Returns the light theme badge color for the given user (generally to color a profile's 5716 * icon's badge). 5717 * 5718 * <p>To check whether a badge color is expected for the user, first call {@link #hasBadge}. 5719 * 5720 * @return the color (not the resource ID) to be used for the user's badge 5721 * @throws Resources.NotFoundException if no valid badge color exists for this user 5722 * 5723 * @see #getBadgedIconForUser more information about badging in general 5724 * @hide 5725 */ getUserBadgeColor(@serIdInt int userId)5726 public @ColorInt int getUserBadgeColor(@UserIdInt int userId) { 5727 try { 5728 final int resourceId = mService.getUserBadgeColorResId(userId); 5729 return Resources.getSystem().getColor(resourceId, null); 5730 } catch (RemoteException re) { 5731 throw re.rethrowFromSystemServer(); 5732 } 5733 } 5734 5735 /** 5736 * Returns the dark theme badge color for the given user (generally to color a profile's icon's 5737 * badge). 5738 * 5739 * <p>To check whether a badge color is expected for the user, first call {@link #hasBadge}. 5740 * 5741 * @return the color (not the resource ID) to be used for the user's badge 5742 * @throws Resources.NotFoundException if no valid badge color exists for this user 5743 * 5744 * @see #getBadgedIconForUser more information about badging in general 5745 * @hide 5746 */ getUserBadgeDarkColor(@serIdInt int userId)5747 public @ColorInt int getUserBadgeDarkColor(@UserIdInt int userId) { 5748 try { 5749 final int resourceId = mService.getUserBadgeDarkColorResId(userId); 5750 return Resources.getSystem().getColor(resourceId, null); 5751 } catch (RemoteException re) { 5752 throw re.rethrowFromSystemServer(); 5753 } 5754 } 5755 5756 /** 5757 * Returns the Resource ID of the user's icon badge. 5758 * 5759 * @return the Resource ID of the user's icon badge if it has one; otherwise 5760 * {@link Resources#ID_NULL}. 5761 * 5762 * @see #getBadgedIconForUser more information about badging in general 5763 * @hide 5764 */ getUserIconBadgeResId(@serIdInt int userId)5765 public @DrawableRes int getUserIconBadgeResId(@UserIdInt int userId) { 5766 try { 5767 return mService.getUserIconBadgeResId(userId); 5768 } catch (RemoteException re) { 5769 throw re.rethrowFromSystemServer(); 5770 } 5771 } 5772 5773 /** 5774 * Returns the Resource ID of the user's badge. 5775 * 5776 * @return the Resource ID of the user's badge if it has one; otherwise 5777 * {@link Resources#ID_NULL}. 5778 * 5779 * @see #getBadgedIconForUser more information about badging in general 5780 * @hide 5781 */ getUserBadgeResId(@serIdInt int userId)5782 public @DrawableRes int getUserBadgeResId(@UserIdInt int userId) { 5783 try { 5784 return mService.getUserBadgeResId(userId); 5785 } catch (RemoteException re) { 5786 throw re.rethrowFromSystemServer(); 5787 } 5788 } 5789 5790 /** 5791 * Returns the Resource ID of the user's badge without a background. 5792 * 5793 * @return the Resource ID of the user's no-background badge if it has one; otherwise 5794 * {@link Resources#ID_NULL}. 5795 * 5796 * @see #getBadgedIconForUser more information about badging in general 5797 * @hide 5798 */ getUserBadgeNoBackgroundResId(@serIdInt int userId)5799 public @DrawableRes int getUserBadgeNoBackgroundResId(@UserIdInt int userId) { 5800 try { 5801 return mService.getUserBadgeNoBackgroundResId(userId); 5802 } catch (RemoteException re) { 5803 throw re.rethrowFromSystemServer(); 5804 } 5805 } 5806 5807 /** 5808 * Returns the Resource ID of the user's status bar icon. 5809 * 5810 * @return the Resource ID of the user's status bar icon if it has one; otherwise 5811 * {@link Resources#ID_NULL}. 5812 * @hide 5813 */ getUserStatusBarIconResId(@serIdInt int userId)5814 public @DrawableRes int getUserStatusBarIconResId(@UserIdInt int userId) { 5815 try { 5816 return mService.getUserStatusBarIconResId(userId); 5817 } catch (RemoteException re) { 5818 throw re.rethrowFromSystemServer(); 5819 } 5820 } 5821 5822 /** 5823 * If the target user is a profile of the calling user or the caller 5824 * is itself a profile, then this returns a badged copy of the given 5825 * icon to be able to distinguish it from the original icon. For badging an 5826 * arbitrary drawable use {@link #getBadgedDrawableForUser( 5827 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}. 5828 * <p> 5829 * If the original drawable is a BitmapDrawable and the backing bitmap is 5830 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 5831 * is performed in place and the original drawable is returned. 5832 * </p> 5833 * 5834 * @param icon The icon to badge. 5835 * @param user The target user. 5836 * @return A drawable that combines the original icon and a badge as 5837 * determined by the system. 5838 * @removed 5839 */ getBadgedIconForUser(Drawable icon, UserHandle user)5840 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) { 5841 return mContext.getPackageManager().getUserBadgedIcon(icon, user); 5842 } 5843 5844 /** 5845 * If the target user is a profile of the calling user or the caller 5846 * is itself a profile, then this returns a badged copy of the given 5847 * drawable allowing the user to distinguish it from the original drawable. 5848 * The caller can specify the location in the bounds of the drawable to be 5849 * badged where the badge should be applied as well as the density of the 5850 * badge to be used. 5851 * <p> 5852 * If the original drawable is a BitmapDrawable and the backing bitmap is 5853 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 5854 * is performed in place and the original drawable is returned. 5855 * </p> 5856 * 5857 * @param badgedDrawable The drawable to badge. 5858 * @param user The target user. 5859 * @param badgeLocation Where in the bounds of the badged drawable to place 5860 * the badge. If it's {@code null}, the badge is applied on top of the entire 5861 * drawable being badged. 5862 * @param badgeDensity The optional desired density for the badge as per 5863 * {@link android.util.DisplayMetrics#densityDpi}. If it's not positive, 5864 * the density of the display is used. 5865 * @return A drawable that combines the original drawable and a badge as 5866 * determined by the system. 5867 * @removed 5868 */ getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, Rect badgeLocation, int badgeDensity)5869 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, 5870 Rect badgeLocation, int badgeDensity) { 5871 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user, 5872 badgeLocation, badgeDensity); 5873 } 5874 5875 /** 5876 * Retrieves a user badge associated with the current context user. This is only 5877 * applicable to profile users since non-profile users do not have badges. 5878 * 5879 * @return A {@link Drawable} user badge corresponding to the context user 5880 * @throws android.content.res.Resources.NotFoundException if the user is not a profile or 5881 * does not have a badge defined. 5882 * @hide 5883 */ 5884 @SystemApi 5885 @UserHandleAware( 5886 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 5887 Manifest.permission.MANAGE_USERS, 5888 Manifest.permission.INTERACT_ACROSS_USERS}) 5889 @SuppressLint("UnflaggedApi") // b/306636213 getUserBadge()5890 public @NonNull Drawable getUserBadge() { 5891 if (!isProfile(mUserId)) { 5892 throw new Resources.NotFoundException("No badge found for this user."); 5893 } 5894 if (isManagedProfile(mUserId)) { 5895 DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class); 5896 return dpm.getResources().getDrawable( 5897 android.app.admin.DevicePolicyResources.Drawables.WORK_PROFILE_ICON_BADGE, 5898 SOLID_COLORED, () -> getDefaultUserBadge(mUserId)); 5899 } 5900 return getDefaultUserBadge(mUserId); 5901 } 5902 getDefaultUserBadge(@serIdInt int userId)5903 private Drawable getDefaultUserBadge(@UserIdInt int userId){ 5904 return mContext.getResources().getDrawable(getUserBadgeResId(userId), mContext.getTheme()); 5905 } 5906 5907 /** 5908 * If the target user is a profile of the calling user or the caller 5909 * is itself a profile, then this returns a copy of the label with 5910 * badging for accessibility services like talkback. E.g. passing in "Email" 5911 * and it might return "Work Email" for Email in the work profile. 5912 * 5913 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} or 5914 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the caller 5915 * must be in the same profile group of specified user. 5916 * 5917 * @param label The label to change. 5918 * @param user The target user. 5919 * @return A label that combines the original label and a badge as 5920 * determined by the system. 5921 * @removed 5922 */ getBadgedLabelForUser(CharSequence label, UserHandle user)5923 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) { 5924 final int userId = user.getIdentifier(); 5925 if (!hasBadge(userId)) { 5926 return label; 5927 } 5928 DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class); 5929 return dpm.getResources().getString( 5930 getUpdatableUserBadgedLabelId(userId), 5931 () -> getDefaultUserBadgedLabel(label, userId), 5932 /* formatArgs= */ label); 5933 } 5934 getUpdatableUserBadgedLabelId(int userId)5935 private String getUpdatableUserBadgedLabelId(int userId) { 5936 return isManagedProfile(userId) ? WORK_PROFILE_BADGED_LABEL : UNDEFINED; 5937 } 5938 getDefaultUserBadgedLabel(CharSequence label, int userId)5939 private String getDefaultUserBadgedLabel(CharSequence label, int userId) { 5940 try { 5941 final int resourceId = mService.getUserBadgeLabelResId(userId); 5942 return Resources.getSystem().getString(resourceId, label); 5943 } catch (RemoteException re) { 5944 throw re.rethrowFromSystemServer(); 5945 } 5946 } 5947 5948 /** 5949 * Returns the string/label that should be used to represent the context user. For example, 5950 * this string can represent a profile in tabbed views. This is only applicable to 5951 * {@link #isProfile() profile users}. This string is translated to the device default language. 5952 * 5953 * @return String representing the label for the context user. 5954 * 5955 * @throws android.content.res.Resources.NotFoundException if the user does not have a label 5956 * defined. 5957 * 5958 * @hide 5959 */ 5960 @SystemApi 5961 @SuppressLint("UnflaggedApi") // b/306636213 5962 @UserHandleAware( 5963 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 5964 Manifest.permission.MANAGE_USERS, 5965 Manifest.permission.QUERY_USERS, 5966 Manifest.permission.INTERACT_ACROSS_USERS}) getProfileLabel()5967 public @NonNull String getProfileLabel() { 5968 if (isManagedProfile(mUserId)) { 5969 DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class); 5970 return dpm.getResources().getString( 5971 android.app.admin.DevicePolicyResources.Strings.Core.RESOLVER_WORK_TAB, 5972 () -> getDefaultProfileLabel(mUserId)); 5973 } 5974 return getDefaultProfileLabel(mUserId); 5975 } 5976 getDefaultProfileLabel(int userId)5977 private String getDefaultProfileLabel(int userId) { 5978 try { 5979 final int resourceId = mService.getProfileLabelResId(userId); 5980 return Resources.getSystem().getString(resourceId); 5981 } catch (RemoteException re) { 5982 throw re.rethrowFromSystemServer(); 5983 } 5984 } 5985 5986 /** 5987 * Returns the string used to represent the profile associated with the given userId. This 5988 * string typically includes the profile name used by accessibility services like TalkBack. 5989 * 5990 * @return String representing the accessibility label for the given profile user. 5991 * 5992 * @throws android.content.res.Resources.NotFoundException if the user does not have a label 5993 * defined. 5994 * 5995 * @see #getBadgedLabelForUser(CharSequence, UserHandle) 5996 * 5997 * @hide 5998 */ 5999 @UserHandleAware( 6000 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 6001 Manifest.permission.MANAGE_USERS, 6002 Manifest.permission.QUERY_USERS, 6003 Manifest.permission.INTERACT_ACROSS_USERS}) getProfileAccessibilityString(@serIdInt int userId)6004 public String getProfileAccessibilityString(@UserIdInt int userId) { 6005 if (isManagedProfile(mUserId)) { 6006 DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class); 6007 dpm.getResources().getString( 6008 STATUS_BAR_WORK_ICON_ACCESSIBILITY, 6009 () -> getProfileAccessibilityLabel(userId)); 6010 } 6011 return getProfileAccessibilityLabel(userId); 6012 } 6013 getProfileAccessibilityLabel(@serIdInt int userId)6014 private String getProfileAccessibilityLabel(@UserIdInt int userId) { 6015 try { 6016 final int resourceId = mService.getProfileAccessibilityLabelResId(userId); 6017 return Resources.getSystem().getString(resourceId); 6018 } catch (Resources.NotFoundException nfe) { 6019 Log.e(TAG, "Accessibility label not defined for user " + userId); 6020 throw nfe; 6021 } catch (RemoteException e) { 6022 throw new RuntimeException(e); 6023 } 6024 } 6025 6026 /** 6027 * If the user is a {@link UserManager#isProfile profile}, checks if the user 6028 * shares media with its parent user (the user that created this profile). 6029 * Returns false for any other type of user. 6030 * 6031 * @return true if the user shares media with its parent user, false otherwise. 6032 * 6033 * @deprecated use {@link #getUserProperties(UserHandle)} with 6034 * {@link UserProperties#isMediaSharedWithParent()} instead. 6035 * @hide 6036 */ 6037 @SystemApi 6038 @Deprecated 6039 @UserHandleAware( 6040 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 6041 Manifest.permission.MANAGE_USERS, 6042 Manifest.permission.QUERY_USERS, 6043 Manifest.permission.INTERACT_ACROSS_USERS}) 6044 @SuppressAutoDoc isMediaSharedWithParent()6045 public boolean isMediaSharedWithParent() { 6046 try { 6047 return getUserProperties(UserHandle.of(mUserId)).isMediaSharedWithParent(); 6048 } catch (IllegalArgumentException e) { 6049 // If the user doesn't exist, return false (for historical reasons) 6050 return false; 6051 } 6052 } 6053 6054 /** 6055 * Returns whether the user can have shared lockscreen credential with its parent user. 6056 * 6057 * This API only works for {@link UserManager#isProfile() profiles} 6058 * and will always return false for any other user type. 6059 * 6060 * @deprecated use {@link #getUserProperties(UserHandle)} with 6061 * {@link UserProperties#isCredentialShareableWithParent()} instead. 6062 * @hide 6063 */ 6064 @SystemApi 6065 @Deprecated 6066 @UserHandleAware( 6067 requiresAnyOfPermissionsIfNotCallerProfileGroup = { 6068 Manifest.permission.MANAGE_USERS, 6069 Manifest.permission.QUERY_USERS, 6070 Manifest.permission.INTERACT_ACROSS_USERS}) 6071 @SuppressAutoDoc isCredentialSharableWithParent()6072 public boolean isCredentialSharableWithParent() { 6073 try { 6074 return getUserProperties(UserHandle.of(mUserId)).isCredentialShareableWithParent(); 6075 } catch (IllegalArgumentException e) { 6076 // If the user doesn't exist, return false (for historical reasons) 6077 return false; 6078 } 6079 } 6080 6081 /** 6082 * Removes a user and its profiles along with their associated data. 6083 * @param userId the integer handle of the user. 6084 * @hide 6085 */ 6086 @UnsupportedAppUsage 6087 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 6088 Manifest.permission.CREATE_USERS}) removeUser(@serIdInt int userId)6089 public boolean removeUser(@UserIdInt int userId) { 6090 try { 6091 return mService.removeUser(userId); 6092 } catch (RemoteException re) { 6093 throw re.rethrowFromSystemServer(); 6094 } 6095 } 6096 6097 /** 6098 * Removes a user and its profiles along with their associated data. 6099 * 6100 * @param user the user that needs to be removed. 6101 * @return {@code true} if the user was successfully removed, {@code false} otherwise. 6102 * @throws IllegalArgumentException if {@code user} is {@code null} 6103 * @hide 6104 */ 6105 @SystemApi 6106 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 6107 Manifest.permission.CREATE_USERS}) removeUser(@onNull UserHandle user)6108 public boolean removeUser(@NonNull UserHandle user) { 6109 if (user == null) { 6110 throw new IllegalArgumentException("user cannot be null"); 6111 } 6112 return removeUser(user.getIdentifier()); 6113 } 6114 6115 6116 /** 6117 * Similar to {@link #removeUser(int)} except bypassing the checking of 6118 * {@link UserManager#DISALLOW_REMOVE_USER} 6119 * or {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE}. 6120 * 6121 * @see {@link #removeUser(int)} 6122 * @hide 6123 */ 6124 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 6125 Manifest.permission.CREATE_USERS}) removeUserEvenWhenDisallowed(@serIdInt int userId)6126 public boolean removeUserEvenWhenDisallowed(@UserIdInt int userId) { 6127 try { 6128 return mService.removeUserEvenWhenDisallowed(userId); 6129 } catch (RemoteException re) { 6130 throw re.rethrowFromSystemServer(); 6131 } 6132 } 6133 6134 /** 6135 * Immediately removes the user and its profiles or, if the user cannot be removed, such as 6136 * when the user is the current user, then set the user as ephemeral 6137 * so that it will be removed when it is stopped. 6138 * 6139 * @param overrideDevicePolicy when {@code true}, user is removed even if the caller has 6140 * the {@link #DISALLOW_REMOVE_USER} or {@link #DISALLOW_REMOVE_MANAGED_PROFILE} restriction 6141 * 6142 * @return the {@link RemoveResult} code: {@link #REMOVE_RESULT_REMOVED}, 6143 * {@link #REMOVE_RESULT_DEFERRED}, {@link #REMOVE_RESULT_ALREADY_BEING_REMOVED}, 6144 * {@link #REMOVE_RESULT_ERROR_USER_RESTRICTION}, {@link #REMOVE_RESULT_ERROR_USER_NOT_FOUND}, 6145 * {@link #REMOVE_RESULT_ERROR_SYSTEM_USER}, 6146 * {@link #REMOVE_RESULT_ERROR_MAIN_USER_PERMANENT_ADMIN}, or 6147 * {@link #REMOVE_RESULT_ERROR_UNKNOWN}. All error codes have negative values. 6148 * 6149 * @hide 6150 */ 6151 @SystemApi 6152 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 6153 Manifest.permission.CREATE_USERS}) removeUserWhenPossible(@onNull UserHandle user, boolean overrideDevicePolicy)6154 public @RemoveResult int removeUserWhenPossible(@NonNull UserHandle user, 6155 boolean overrideDevicePolicy) { 6156 try { 6157 return mService.removeUserWhenPossible(user.getIdentifier(), overrideDevicePolicy); 6158 } catch (RemoteException re) { 6159 throw re.rethrowFromSystemServer(); 6160 } 6161 } 6162 6163 /** 6164 * Check if {@link #removeUserWhenPossible} returned a success code which means that the user 6165 * has been removed or is slated for removal. 6166 * 6167 * @param result is {@link #RemoveResult} code return by {@link #removeUserWhenPossible}. 6168 * @return {@code true} if it is a success code. 6169 * @hide 6170 */ 6171 @SystemApi isRemoveResultSuccessful(@emoveResult int result)6172 public static boolean isRemoveResultSuccessful(@RemoveResult int result) { 6173 return result >= 0; 6174 } 6175 6176 /** 6177 * Updates the user's name. 6178 * 6179 * @param userId the user's integer id 6180 * @param name the new name for the user 6181 * @hide 6182 */ 6183 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserName(@serIdInt int userId, String name)6184 public void setUserName(@UserIdInt int userId, String name) { 6185 try { 6186 mService.setUserName(userId, name); 6187 } catch (RemoteException re) { 6188 throw re.rethrowFromSystemServer(); 6189 } 6190 } 6191 6192 /** 6193 * Set the user as ephemeral or non-ephemeral. 6194 * 6195 * If the user was initially created as ephemeral then this 6196 * method has no effect and false is returned. 6197 * 6198 * @param userId the user's integer id 6199 * @param enableEphemeral true: change user state to ephemeral, 6200 * false: change user state to non-ephemeral 6201 * @return true: user now has the desired ephemeral state, 6202 * false: desired user ephemeral state could not be set 6203 * 6204 * @hide 6205 */ 6206 @RequiresPermission(anyOf = { 6207 android.Manifest.permission.MANAGE_USERS, 6208 android.Manifest.permission.CREATE_USERS}) setUserEphemeral(@serIdInt int userId, boolean enableEphemeral)6209 public boolean setUserEphemeral(@UserIdInt int userId, boolean enableEphemeral) { 6210 try { 6211 return mService.setUserEphemeral(userId, enableEphemeral); 6212 } catch (RemoteException re) { 6213 throw re.rethrowFromSystemServer(); 6214 } 6215 } 6216 6217 /** 6218 * Updates the context user's name. 6219 * 6220 * @param name the new name for the user 6221 * @hide 6222 */ 6223 @SystemApi 6224 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 6225 @UserHandleAware setUserName(@ullable String name)6226 public void setUserName(@Nullable String name) { 6227 setUserName(mUserId, name); 6228 } 6229 6230 /** 6231 * Sets the user's photo. 6232 * @param userId the user for whom to change the photo. 6233 * @param icon the bitmap to set as the photo. 6234 * 6235 * @hide 6236 */ 6237 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserIcon(@serIdInt int userId, @NonNull Bitmap icon)6238 public void setUserIcon(@UserIdInt int userId, @NonNull Bitmap icon) { 6239 try { 6240 mService.setUserIcon(userId, icon); 6241 } catch (ServiceSpecificException e) { 6242 return; 6243 } catch (RemoteException re) { 6244 throw re.rethrowFromSystemServer(); 6245 } 6246 } 6247 6248 /** 6249 * Sets the context user's photo. 6250 * 6251 * @param icon the bitmap to set as the photo. 6252 * 6253 * @throws UserOperationException according to the function signature, but may not actually 6254 * throw it in practice. Catch RuntimeException instead. 6255 * 6256 * @hide 6257 */ 6258 @SystemApi 6259 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 6260 @UserHandleAware setUserIcon(@onNull Bitmap icon)6261 public void setUserIcon(@NonNull Bitmap icon) throws UserOperationException { 6262 setUserIcon(mUserId, icon); 6263 } 6264 6265 /** 6266 * Returns a bitmap of the user's photo 6267 * @param userId the user whose photo we want to read. 6268 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 6269 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 6270 * @hide 6271 */ 6272 @UnsupportedAppUsage 6273 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 6274 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) getUserIcon(@serIdInt int userId)6275 public Bitmap getUserIcon(@UserIdInt int userId) { 6276 try { 6277 ParcelFileDescriptor fd = mService.getUserIcon(userId); 6278 if (fd != null) { 6279 try { 6280 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor()); 6281 } finally { 6282 try { 6283 fd.close(); 6284 } catch (IOException e) { 6285 } 6286 } 6287 } 6288 } catch (RemoteException re) { 6289 throw re.rethrowFromSystemServer(); 6290 } 6291 return null; 6292 } 6293 6294 /** 6295 * Returns a Bitmap for the context user's photo. 6296 * 6297 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 6298 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 6299 * @hide 6300 */ 6301 @SystemApi 6302 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 6303 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) 6304 @UserHandleAware getUserIcon()6305 public @Nullable Bitmap getUserIcon() { 6306 return getUserIcon(mUserId); 6307 } 6308 6309 /** 6310 * Returns the maximum number of users that can be created on this device. A return value 6311 * of 1 means that it is a single user device. 6312 * @hide 6313 * @return a value greater than or equal to 1 6314 */ 6315 @UnsupportedAppUsage getMaxSupportedUsers()6316 public static int getMaxSupportedUsers() { 6317 // Don't allow multiple users on certain builds 6318 if (android.os.Build.ID.startsWith("JVP")) return 1; 6319 return Math.max(1, SystemProperties.getInt("fw.max_users", 6320 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers))); 6321 } 6322 6323 /** 6324 * Returns true if the user switcher is enabled (regardless of whether there is anything 6325 * interesting for it to show). 6326 * 6327 * @return true if user switcher is enabled 6328 * @hide 6329 */ 6330 @RequiresPermission(anyOf = { 6331 android.Manifest.permission.MANAGE_USERS, 6332 android.Manifest.permission.CREATE_USERS // And INTERACT_ if diff profile group 6333 }) 6334 @UserHandleAware isUserSwitcherEnabled()6335 public boolean isUserSwitcherEnabled() { 6336 return isUserSwitcherEnabled(true); 6337 } 6338 6339 /** 6340 * Returns true if the user switcher should be shown. 6341 * 6342 * @param showEvenIfNotActionable value to return if the feature is enabled but there is nothing 6343 * actionable for the user to do anyway 6344 * @return true if user switcher should be shown. 6345 * @hide 6346 */ 6347 @RequiresPermission(anyOf = { 6348 android.Manifest.permission.MANAGE_USERS, 6349 android.Manifest.permission.CREATE_USERS // And INTERACT_ if diff profile group 6350 }) 6351 @UserHandleAware isUserSwitcherEnabled(boolean showEvenIfNotActionable)6352 public boolean isUserSwitcherEnabled(boolean showEvenIfNotActionable) { 6353 6354 try { 6355 return mService.isUserSwitcherEnabled(showEvenIfNotActionable, mUserId); 6356 } catch (RemoteException re) { 6357 throw re.rethrowFromSystemServer(); 6358 } 6359 } 6360 6361 /** 6362 * @hide 6363 */ 6364 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) isDeviceInDemoMode(Context context)6365 public static boolean isDeviceInDemoMode(Context context) { 6366 return Settings.Global.getInt(context.getContentResolver(), 6367 Settings.Global.DEVICE_DEMO_MODE, 0) > 0; 6368 } 6369 6370 /** 6371 * Returns a serial number on this device for a given userId. User handles can be recycled 6372 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 6373 * @param userId 6374 * @return a serial number associated with that user, or -1 if the userId is not valid. 6375 * @hide 6376 */ 6377 @UnsupportedAppUsage getUserSerialNumber(@serIdInt int userId)6378 public int getUserSerialNumber(@UserIdInt int userId) { 6379 try { 6380 return mService.getUserSerialNumber(userId); 6381 } catch (RemoteException re) { 6382 throw re.rethrowFromSystemServer(); 6383 } 6384 } 6385 6386 /** 6387 * Returns a userId on this device for a given user serial number. User handles can be 6388 * recycled when deleting and creating users, but serial numbers are not reused until the device 6389 * is wiped. 6390 * @param userSerialNumber 6391 * @return the userId associated with that user serial number, or -1 if the serial number 6392 * is not valid. 6393 * @hide 6394 */ 6395 @UnsupportedAppUsage getUserHandle(int userSerialNumber)6396 public @UserIdInt int getUserHandle(int userSerialNumber) { 6397 try { 6398 return mService.getUserHandle(userSerialNumber); 6399 } catch (RemoteException re) { 6400 throw re.rethrowFromSystemServer(); 6401 } 6402 } 6403 6404 /** 6405 * Returns a {@link Bundle} containing any saved application restrictions for the context user, 6406 * for the given package name. Only an application with this package name can call this method. 6407 * 6408 * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application, 6409 * where the types of values may be: 6410 * <ul> 6411 * <li>{@code boolean} 6412 * <li>{@code int} 6413 * <li>{@code String} or {@code String[]} 6414 * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]} 6415 * </ul> 6416 * 6417 * <p>NOTE: The method performs disk I/O and shouldn't be called on the main thread 6418 * 6419 * @param packageName the package name of the calling application 6420 * @return a {@link Bundle} with the restrictions for that package, or an empty {@link Bundle} 6421 * if there are no saved restrictions. 6422 * 6423 * @see #KEY_RESTRICTIONS_PENDING 6424 * 6425 * <p>Starting from Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, 6426 * it is possible for there to be multiple managing apps on the device with the ability to set 6427 * restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. 6428 * This API will only to return the restrictions set by the DPCs. To retrieve restrictions 6429 * set by all managing apps, use 6430 * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} instead. 6431 * 6432 * @see DevicePolicyManager 6433 */ 6434 @WorkerThread 6435 @UserHandleAware(enabledSinceTargetSdkVersion = Build.VERSION_CODES.TIRAMISU) getApplicationRestrictions(String packageName)6436 public Bundle getApplicationRestrictions(String packageName) { 6437 try { 6438 return mService.getApplicationRestrictionsForUser(packageName, 6439 getContextUserIfAppropriate()); 6440 } catch (RemoteException re) { 6441 throw re.rethrowFromSystemServer(); 6442 } 6443 } 6444 6445 /** 6446 * <p>Starting from Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, 6447 * it is possible for there to be multiple managing apps on the device with the ability to set 6448 * restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. 6449 * This API will only to return the restrictions set by the DPCs. To retrieve restrictions 6450 * set by all managing apps, use 6451 * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} instead. 6452 * 6453 * @hide 6454 */ 6455 @WorkerThread getApplicationRestrictions(String packageName, UserHandle user)6456 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 6457 try { 6458 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 6459 } catch (RemoteException re) { 6460 throw re.rethrowFromSystemServer(); 6461 } 6462 } 6463 6464 /** 6465 * @hide 6466 */ 6467 @WorkerThread setApplicationRestrictions(String packageName, Bundle restrictions, UserHandle user)6468 public void setApplicationRestrictions(String packageName, Bundle restrictions, 6469 UserHandle user) { 6470 try { 6471 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 6472 } catch (RemoteException re) { 6473 throw re.rethrowFromSystemServer(); 6474 } 6475 } 6476 6477 /** 6478 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed 6479 * apps and requires the MANAGE_USERS permission. 6480 * @param newPin the PIN to use for challenge dialogs. 6481 * @return Returns true if the challenge PIN was set successfully. 6482 * @deprecated The restrictions PIN functionality is no longer provided by the system. 6483 * This method is preserved for backwards compatibility reasons and always returns false. 6484 */ 6485 @Deprecated setRestrictionsChallenge(String newPin)6486 public boolean setRestrictionsChallenge(String newPin) { 6487 return false; 6488 } 6489 6490 /** 6491 * @hide 6492 * Set restrictions that should apply to any future guest user that's created. 6493 */ 6494 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setDefaultGuestRestrictions(Bundle restrictions)6495 public void setDefaultGuestRestrictions(Bundle restrictions) { 6496 try { 6497 mService.setDefaultGuestRestrictions(restrictions); 6498 } catch (RemoteException re) { 6499 throw re.rethrowFromSystemServer(); 6500 } 6501 } 6502 6503 /** 6504 * @hide 6505 * Gets the default guest restrictions. 6506 */ 6507 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getDefaultGuestRestrictions()6508 public Bundle getDefaultGuestRestrictions() { 6509 try { 6510 return mService.getDefaultGuestRestrictions(); 6511 } catch (RemoteException re) { 6512 throw re.rethrowFromSystemServer(); 6513 } 6514 } 6515 6516 /** 6517 * Returns creation time of the given user. The given user must be the calling user or 6518 * a profile associated with it. 6519 * @param userHandle user handle of the calling user or a profile associated with the 6520 * calling user. 6521 * @return creation time in milliseconds since Epoch time. 6522 */ getUserCreationTime(UserHandle userHandle)6523 public long getUserCreationTime(UserHandle userHandle) { 6524 try { 6525 return mService.getUserCreationTime(userHandle.getIdentifier()); 6526 } catch (RemoteException re) { 6527 throw re.rethrowFromSystemServer(); 6528 } 6529 } 6530 6531 /** 6532 * Checks if any uninitialized user has the specific seed account name and type. 6533 * 6534 * @param accountName The account name to check for 6535 * @param accountType The account type of the account to check for 6536 * @return whether the seed account was found 6537 * @hide 6538 */ 6539 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) someUserHasSeedAccount(String accountName, String accountType)6540 public boolean someUserHasSeedAccount(String accountName, String accountType) { 6541 try { 6542 return mService.someUserHasSeedAccount(accountName, accountType); 6543 } catch (RemoteException re) { 6544 throw re.rethrowFromSystemServer(); 6545 } 6546 } 6547 6548 /** 6549 * Checks if any initialized or uninitialized user has the specific account name and type. 6550 * 6551 * @param accountName The account name to check for 6552 * @param accountType The account type of the account to check for 6553 * @return whether the account was found 6554 * @hide 6555 */ 6556 @SystemApi 6557 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 6558 Manifest.permission.CREATE_USERS}) someUserHasAccount( @onNull String accountName, @NonNull String accountType)6559 public boolean someUserHasAccount( 6560 @NonNull String accountName, @NonNull String accountType) { 6561 Objects.requireNonNull(accountName, "accountName must not be null"); 6562 Objects.requireNonNull(accountType, "accountType must not be null"); 6563 6564 try { 6565 return mService.someUserHasAccount(accountName, accountType); 6566 } catch (RemoteException re) { 6567 throw re.rethrowFromSystemServer(); 6568 } 6569 } 6570 6571 /** 6572 * Sets the user who should be in the foreground when boot completes. This should be called 6573 * during boot, and the provided user must be a full user (i.e. not a profile). 6574 * 6575 * @hide 6576 */ 6577 @SystemApi 6578 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 6579 Manifest.permission.CREATE_USERS}) setBootUser(@onNull UserHandle bootUser)6580 public void setBootUser(@NonNull UserHandle bootUser) { 6581 try { 6582 mService.setBootUser(bootUser.getIdentifier()); 6583 } catch (RemoteException re) { 6584 throw re.rethrowFromSystemServer(); 6585 } 6586 } 6587 6588 /** 6589 * Returns the user who should be in the foreground when boot completes. 6590 * 6591 * @hide 6592 */ 6593 @TestApi 6594 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 6595 Manifest.permission.CREATE_USERS}) 6596 @SuppressWarnings("[AndroidFrameworkContextUserId]") getBootUser()6597 public @NonNull UserHandle getBootUser() { 6598 try { 6599 return UserHandle.of(mService.getBootUser()); 6600 } catch (RemoteException re) { 6601 throw re.rethrowFromSystemServer(); 6602 } 6603 } 6604 6605 /* Cache key for anything that assumes that userIds cannot be re-used without rebooting. */ 6606 private static final String CACHE_KEY_STATIC_USER_PROPERTIES = "cache_key.static_user_props"; 6607 6608 private final PropertyInvalidatedCache<Integer, String> mProfileTypeCache = 6609 new PropertyInvalidatedCache<Integer, String>(32, CACHE_KEY_STATIC_USER_PROPERTIES) { 6610 @Override 6611 public String recompute(Integer query) { 6612 try { 6613 // Will be null (and not cached) if invalid user; otherwise cache the type. 6614 String profileType = mService.getProfileType(query); 6615 if (profileType != null) profileType = profileType.intern(); 6616 return profileType; 6617 } catch (RemoteException re) { 6618 throw re.rethrowFromSystemServer(); 6619 } 6620 } 6621 @Override 6622 public boolean bypass(Integer query) { 6623 return query < 0; 6624 } 6625 }; 6626 6627 /** @hide */ invalidateStaticUserProperties()6628 public static final void invalidateStaticUserProperties() { 6629 PropertyInvalidatedCache.invalidateCache(CACHE_KEY_STATIC_USER_PROPERTIES); 6630 } 6631 6632 /* Cache key for UserProperties object. */ 6633 private static final String CACHE_KEY_USER_PROPERTIES = "cache_key.user_properties"; 6634 6635 // TODO: It would be better to somehow have this as static, so that it can work cross-context. 6636 private final PropertyInvalidatedCache<Integer, UserProperties> mUserPropertiesCache = 6637 new PropertyInvalidatedCache<Integer, UserProperties>(16, CACHE_KEY_USER_PROPERTIES) { 6638 @Override 6639 public UserProperties recompute(Integer userId) { 6640 try { 6641 // If the userId doesn't exist, this will throw rather than cache garbage. 6642 return mService.getUserPropertiesCopy(userId); 6643 } catch (RemoteException re) { 6644 throw re.rethrowFromSystemServer(); 6645 } 6646 } 6647 @Override 6648 public boolean bypass(Integer query) { 6649 return query < 0; 6650 } 6651 }; 6652 6653 /** @hide */ invalidateUserPropertiesCache()6654 public static final void invalidateUserPropertiesCache() { 6655 PropertyInvalidatedCache.invalidateCache(CACHE_KEY_USER_PROPERTIES); 6656 } 6657 6658 /** 6659 * @hide 6660 * User that enforces a restriction. 6661 * 6662 * @see #getUserRestrictionSources(String, UserHandle) 6663 */ 6664 @SystemApi 6665 public static final class EnforcingUser implements Parcelable { 6666 private final @UserIdInt int userId; 6667 private final @UserRestrictionSource int userRestrictionSource; 6668 6669 /** 6670 * @hide 6671 */ EnforcingUser( @serIdInt int userId, @UserRestrictionSource int userRestrictionSource)6672 public EnforcingUser( 6673 @UserIdInt int userId, @UserRestrictionSource int userRestrictionSource) { 6674 this.userId = userId; 6675 this.userRestrictionSource = userRestrictionSource; 6676 } 6677 EnforcingUser(Parcel in)6678 private EnforcingUser(Parcel in) { 6679 userId = in.readInt(); 6680 userRestrictionSource = in.readInt(); 6681 } 6682 6683 public static final @android.annotation.NonNull Creator<EnforcingUser> CREATOR = new Creator<EnforcingUser>() { 6684 @Override 6685 public EnforcingUser createFromParcel(Parcel in) { 6686 return new EnforcingUser(in); 6687 } 6688 6689 @Override 6690 public EnforcingUser[] newArray(int size) { 6691 return new EnforcingUser[size]; 6692 } 6693 }; 6694 6695 @Override describeContents()6696 public int describeContents() { 6697 return 0; 6698 } 6699 6700 @Override writeToParcel(Parcel dest, int flags)6701 public void writeToParcel(Parcel dest, int flags) { 6702 dest.writeInt(userId); 6703 dest.writeInt(userRestrictionSource); 6704 } 6705 6706 /** 6707 * Returns an id of the enforcing user. 6708 * 6709 * <p> Will be UserHandle.USER_NULL when restriction is set by the system. 6710 */ getUserHandle()6711 public UserHandle getUserHandle() { 6712 return UserHandle.of(userId); 6713 } 6714 6715 /** 6716 * Returns the status of the enforcing user. 6717 * 6718 * <p> One of {@link #RESTRICTION_SOURCE_SYSTEM}, 6719 * {@link #RESTRICTION_SOURCE_DEVICE_OWNER} and 6720 * {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 6721 */ getUserRestrictionSource()6722 public @UserRestrictionSource int getUserRestrictionSource() { 6723 return userRestrictionSource; 6724 } 6725 } 6726 } 6727