• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License
15  */
16 package android.os;
17 
18 import android.annotation.Nullable;
19 import android.content.Context;
20 import android.content.pm.UserInfo;
21 import android.graphics.Bitmap;
22 
23 /**
24  * @hide Only for use within the system server.
25  */
26 public abstract class UserManagerInternal {
27     public static final int CAMERA_NOT_DISABLED = 0;
28     public static final int CAMERA_DISABLED_LOCALLY = 1;
29     public static final int CAMERA_DISABLED_GLOBALLY = 2;
30 
31     public interface UserRestrictionsListener {
32         /**
33          * Called when a user restriction changes.
34          *
35          * @param userId target user id
36          * @param newRestrictions new user restrictions
37          * @param prevRestrictions user restrictions that were previously set
38          */
onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions)39         void onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions);
40     }
41 
42     /**
43      * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to set
44      * restrictions enforced by the user.
45      *
46      * @param userId target user id for the local restrictions.
47      * @param restrictions a bundle of user restrictions.
48      * @param isDeviceOwner whether {@code userId} corresponds to device owner user id.
49      * @param cameraRestrictionScope is camera disabled and if so what is the scope of restriction.
50      *        Should be one of {@link #CAMERA_NOT_DISABLED}, {@link #CAMERA_DISABLED_LOCALLY} or
51      *                               {@link #CAMERA_DISABLED_GLOBALLY}
52      */
setDevicePolicyUserRestrictions(int userId, @Nullable Bundle restrictions, boolean isDeviceOwner, int cameraRestrictionScope)53     public abstract void setDevicePolicyUserRestrictions(int userId, @Nullable Bundle restrictions,
54             boolean isDeviceOwner, int cameraRestrictionScope);
55 
56     /**
57      * Returns the "base" user restrictions.
58      *
59      * Used by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading
60      * from MNC.
61      */
getBaseUserRestrictions(int userId)62     public abstract Bundle getBaseUserRestrictions(int userId);
63 
64     /**
65      * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading
66      * from MNC.
67      */
setBaseUserRestrictionsByDpmsForMigration(int userId, Bundle baseRestrictions)68     public abstract void setBaseUserRestrictionsByDpmsForMigration(int userId,
69             Bundle baseRestrictions);
70 
71     /** Return a user restriction. */
getUserRestriction(int userId, String key)72     public abstract boolean getUserRestriction(int userId, String key);
73 
74     /** Adds a listener to user restriction changes. */
addUserRestrictionsListener(UserRestrictionsListener listener)75     public abstract void addUserRestrictionsListener(UserRestrictionsListener listener);
76 
77     /** Remove a {@link UserRestrictionsListener}. */
removeUserRestrictionsListener(UserRestrictionsListener listener)78     public abstract void removeUserRestrictionsListener(UserRestrictionsListener listener);
79 
80     /**
81      * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update
82      * whether the device is managed by device owner.
83      */
setDeviceManaged(boolean isManaged)84     public abstract void setDeviceManaged(boolean isManaged);
85 
86     /**
87      * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update
88      * whether the user is managed by profile owner.
89      */
setUserManaged(int userId, boolean isManaged)90     public abstract void setUserManaged(int userId, boolean isManaged);
91 
92     /**
93      * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to omit
94      * restriction check, because DevicePolicyManager must always be able to set user icon
95      * regardless of any restriction.
96      * Also called by {@link com.android.server.pm.UserManagerService} because the logic of setting
97      * the icon is in this method.
98      */
setUserIcon(int userId, Bitmap bitmap)99     public abstract void setUserIcon(int userId, Bitmap bitmap);
100 
101     /**
102      * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to inform the
103      * user manager whether all users should be created ephemeral.
104      */
setForceEphemeralUsers(boolean forceEphemeralUsers)105     public abstract void setForceEphemeralUsers(boolean forceEphemeralUsers);
106 
107     /**
108      * Switches to the system user and deletes all other users.
109      *
110      * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when
111      * the force-ephemeral-users policy is toggled on to make sure there are no pre-existing
112      * non-ephemeral users left.
113      */
removeAllUsers()114     public abstract void removeAllUsers();
115 
116     /**
117      * Called by the activity manager when the ephemeral user goes to background and its removal
118      * starts as a result.
119      *
120      * <p>It marks the ephemeral user as disabled in order to prevent it from being re-entered
121      * before its removal finishes.
122      *
123      * @param userId the ID of the ephemeral user.
124      */
onEphemeralUserStop(int userId)125     public abstract void onEphemeralUserStop(int userId);
126 
127     /**
128      * Same as UserManager.createUser(), but bypasses the check for
129      * {@link UserManager#DISALLOW_ADD_USER} and {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}
130      *
131      * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when
132      * createAndManageUser is called by the device owner.
133      */
createUserEvenWhenDisallowed(String name, int flags, String[] disallowedPackages)134     public abstract UserInfo createUserEvenWhenDisallowed(String name, int flags,
135             String[] disallowedPackages);
136 
137     /**
138      * Same as {@link UserManager#removeUser(int userHandle)}, but bypasses the check for
139      * {@link UserManager#DISALLOW_REMOVE_USER} and
140      * {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE} and does not require the
141      * {@link android.Manifest.permission#MANAGE_USERS} permission.
142      */
removeUserEvenWhenDisallowed(int userId)143     public abstract boolean removeUserEvenWhenDisallowed(int userId);
144 
145     /**
146      * Return whether the given user is running in an
147      * {@code UserState.STATE_RUNNING_UNLOCKING} or
148      * {@code UserState.STATE_RUNNING_UNLOCKED} state.
149      */
isUserUnlockingOrUnlocked(int userId)150     public abstract boolean isUserUnlockingOrUnlocked(int userId);
151 
152     /**
153      * Return whether the given user is running in an
154      * {@code UserState.STATE_RUNNING_UNLOCKED} state.
155      */
isUserUnlocked(int userId)156     public abstract boolean isUserUnlocked(int userId);
157 
158     /**
159      * Returns whether the given user is running
160      */
isUserRunning(int userId)161     public abstract boolean isUserRunning(int userId);
162 
163     /**
164      * Returns whether the given user is initialized
165      */
isUserInitialized(int userId)166     public abstract boolean isUserInitialized(int userId);
167 
168     /**
169      * Returns whether the given user exists
170      */
exists(int userId)171     public abstract boolean exists(int userId);
172 
173     /**
174      * Set user's running state
175      */
setUserState(int userId, int userState)176     public abstract void setUserState(int userId, int userState);
177 
178     /**
179      * Remove user's running state
180      */
removeUserState(int userId)181     public abstract void removeUserState(int userId);
182 
183     /**
184      * Returns an array of user ids. This array is cached in UserManagerService and passed as a
185      * reference, so do not modify the returned array.
186      *
187      * @return the array of user ids.
188      */
getUserIds()189     public abstract int[] getUserIds();
190 
191     /**
192      * Checks if the {@code callingUserId} and {@code targetUserId} are same or in same group
193      * and that the {@code callingUserId} is not a managed profile and
194      * {@code targetUserId} is enabled.
195      *
196      * @return TRUE if the {@code callingUserId} can access {@code targetUserId}. FALSE
197      * otherwise
198      *
199      * @throws SecurityException if the calling user and {@code targetUser} are not in the same
200      * group and {@code throwSecurityException} is true, otherwise if will simply return false.
201      */
isProfileAccessible(int callingUserId, int targetUserId, String debugMsg, boolean throwSecurityException)202     public abstract boolean isProfileAccessible(int callingUserId, int targetUserId,
203             String debugMsg, boolean throwSecurityException);
204 
205     /**
206      * If {@code userId} is of a managed profile, return the parent user ID. Otherwise return
207      * itself.
208      */
getProfileParentId(int userId)209     public abstract int getProfileParentId(int userId);
210 
211     /**
212      * Checks whether changing a setting to a value is prohibited by the corresponding user
213      * restriction.
214      *
215      * <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction(
216      * Context, int, String, boolean)}, which should be in sync with this method.
217      *
218      * @return {@code true} if the change is prohibited, {@code false} if the change is allowed.
219      *
220      * @hide
221      */
isSettingRestrictedForUser(String setting, int userId, String value, int callingUid)222     public abstract boolean isSettingRestrictedForUser(String setting, int userId, String value,
223             int callingUid);
224 }
225