1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.os; 18 19 import android.Manifest; 20 import android.accounts.AccountManager; 21 import android.annotation.ColorInt; 22 import android.annotation.DrawableRes; 23 import android.annotation.IntDef; 24 import android.annotation.NonNull; 25 import android.annotation.Nullable; 26 import android.annotation.RequiresPermission; 27 import android.annotation.StringDef; 28 import android.annotation.SuppressAutoDoc; 29 import android.annotation.SuppressLint; 30 import android.annotation.SystemApi; 31 import android.annotation.SystemService; 32 import android.annotation.TestApi; 33 import android.annotation.UserHandleAware; 34 import android.annotation.UserIdInt; 35 import android.annotation.WorkerThread; 36 import android.app.Activity; 37 import android.app.ActivityManager; 38 import android.app.PropertyInvalidatedCache; 39 import android.app.admin.DevicePolicyManager; 40 import android.compat.annotation.UnsupportedAppUsage; 41 import android.content.ComponentName; 42 import android.content.Context; 43 import android.content.Intent; 44 import android.content.IntentFilter; 45 import android.content.IntentSender; 46 import android.content.pm.UserInfo; 47 import android.content.pm.UserInfo.UserInfoFlag; 48 import android.content.res.Resources; 49 import android.graphics.Bitmap; 50 import android.graphics.BitmapFactory; 51 import android.graphics.Rect; 52 import android.graphics.drawable.Drawable; 53 import android.location.LocationManager; 54 import android.provider.Settings; 55 import android.telephony.TelephonyManager; 56 import android.util.AndroidException; 57 import android.util.ArraySet; 58 import android.view.WindowManager.LayoutParams; 59 60 import com.android.internal.R; 61 import com.android.internal.os.RoSystemProperties; 62 import com.android.internal.util.FrameworkStatsLog; 63 64 import java.io.IOException; 65 import java.lang.annotation.Retention; 66 import java.lang.annotation.RetentionPolicy; 67 import java.util.ArrayList; 68 import java.util.List; 69 import java.util.Set; 70 71 /** 72 * Manages users and user details on a multi-user system. There are two major categories of 73 * users: fully customizable users with their own login, and profiles that share a workspace 74 * with a related user. 75 * <p> 76 * Users are different from accounts, which are managed by 77 * {@link AccountManager}. Each user can have their own set of accounts. 78 * <p> 79 * See {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} for more on managed profiles. 80 */ 81 @SystemService(Context.USER_SERVICE) 82 public class UserManager { 83 84 private static final String TAG = "UserManager"; 85 @UnsupportedAppUsage 86 private final IUserManager mService; 87 /** Holding the Application context (not constructor param context). */ 88 private final Context mContext; 89 90 /** The userId of the constructor param context. To be used instead of mContext.getUserId(). */ 91 private final @UserIdInt int mUserId; 92 93 private Boolean mIsManagedProfileCached; 94 private Boolean mIsProfileCached; 95 96 /** 97 * User type representing a {@link UserHandle#USER_SYSTEM system} user that is a human user. 98 * This type of user cannot be created; it can only pre-exist on first boot. 99 * @hide 100 */ 101 @SystemApi 102 public static final String USER_TYPE_FULL_SYSTEM = "android.os.usertype.full.SYSTEM"; 103 104 /** 105 * User type representing a regular non-profile non-{@link UserHandle#USER_SYSTEM system} human 106 * user. 107 * This is sometimes called an ordinary 'secondary user'. 108 * @hide 109 */ 110 @SystemApi 111 public static final String USER_TYPE_FULL_SECONDARY = "android.os.usertype.full.SECONDARY"; 112 113 /** 114 * User type representing a guest user that may be transient. 115 * @hide 116 */ 117 public static final String USER_TYPE_FULL_GUEST = "android.os.usertype.full.GUEST"; 118 119 /** 120 * User type representing a user for demo purposes only, which can be removed at any time. 121 * @hide 122 */ 123 public static final String USER_TYPE_FULL_DEMO = "android.os.usertype.full.DEMO"; 124 125 /** 126 * User type representing a "restricted profile" user, which is a full user that is subject to 127 * certain restrictions from a parent user. Note, however, that it is NOT technically a profile. 128 * @hide 129 */ 130 public static final String USER_TYPE_FULL_RESTRICTED = "android.os.usertype.full.RESTRICTED"; 131 132 /** 133 * User type representing a managed profile, which is a profile that is to be managed by a 134 * device policy controller (DPC). 135 * The intended purpose is for work profiles, which are managed by a corporate entity. 136 * @hide 137 */ 138 @SystemApi 139 public static final String USER_TYPE_PROFILE_MANAGED = "android.os.usertype.profile.MANAGED"; 140 141 /** 142 * User type representing a clone profile. Clone profile is a user profile type used to run 143 * second instance of an otherwise single user App (eg, messengers). Only the primary user 144 * is allowed to have a clone profile. 145 * 146 * @hide 147 */ 148 @SystemApi 149 public static final String USER_TYPE_PROFILE_CLONE = "android.os.usertype.profile.CLONE"; 150 151 /** 152 * User type representing a generic profile for testing purposes. Only on debuggable builds. 153 * @hide 154 */ 155 public static final String USER_TYPE_PROFILE_TEST = "android.os.usertype.profile.TEST"; 156 157 /** 158 * User type representing a {@link UserHandle#USER_SYSTEM system} user that is <b>not</b> a 159 * human user. 160 * This type of user cannot be created; it can only pre-exist on first boot. 161 * @hide 162 */ 163 @SystemApi 164 public static final String USER_TYPE_SYSTEM_HEADLESS = "android.os.usertype.system.HEADLESS"; 165 166 /** 167 * Flag passed to {@link #requestQuietModeEnabled} to request disabling quiet mode only if 168 * there is no need to confirm the user credentials. If credentials are required to disable 169 * quiet mode, {@link #requestQuietModeEnabled} will do nothing and return {@code false}. 170 */ 171 public static final int QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED = 0x1; 172 173 /** 174 * Flag passed to {@link #requestQuietModeEnabled} to request disabling quiet mode without 175 * asking for credentials. This is used when managed profile password is forgotten. It starts 176 * the user in locked state so that a direct boot aware DPC could reset the password. 177 * Should not be used together with 178 * {@link #QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED} or an exception will be thrown. 179 * @hide 180 */ 181 public static final int QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL = 0x2; 182 183 /** 184 * List of flags available for the {@link #requestQuietModeEnabled} method. 185 * @hide 186 */ 187 @Retention(RetentionPolicy.SOURCE) 188 @IntDef(flag = true, prefix = { "QUIET_MODE_" }, value = { 189 QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED, 190 QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL}) 191 public @interface QuietModeFlag {} 192 193 /** 194 * @hide 195 * No user restriction. 196 */ 197 @SystemApi 198 public static final int RESTRICTION_NOT_SET = 0x0; 199 200 /** 201 * @hide 202 * User restriction set by system/user. 203 */ 204 @SystemApi 205 public static final int RESTRICTION_SOURCE_SYSTEM = 0x1; 206 207 /** 208 * @hide 209 * User restriction set by a device owner. 210 */ 211 @SystemApi 212 public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 0x2; 213 214 /** 215 * @hide 216 * User restriction set by a profile owner. 217 */ 218 @SystemApi 219 public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 0x4; 220 221 /** @hide */ 222 @Retention(RetentionPolicy.SOURCE) 223 @IntDef(flag = true, prefix = { "RESTRICTION_" }, value = { 224 RESTRICTION_NOT_SET, 225 RESTRICTION_SOURCE_SYSTEM, 226 RESTRICTION_SOURCE_DEVICE_OWNER, 227 RESTRICTION_SOURCE_PROFILE_OWNER 228 }) 229 @SystemApi 230 public @interface UserRestrictionSource {} 231 232 /** 233 * Specifies if a user is disallowed from adding and removing accounts, unless they are 234 * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by 235 * Authenticator. 236 * The default value is <code>false</code>. 237 * 238 * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still 239 * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account 240 * management is disallowed. 241 * 242 * <p>Key for user restrictions. 243 * <p>Type: Boolean 244 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 245 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 246 * @see #getUserRestrictions() 247 */ 248 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 249 250 /** 251 * Specifies if a user is disallowed from changing Wi-Fi access points via Settings. 252 * 253 * <p>A device owner and a profile owner can set this restriction, although the restriction has 254 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 255 * primary user or by a profile owner of an organization-owned managed profile on the parent 256 * profile, it disallows the primary user from changing Wi-Fi access points. 257 * 258 * <p>The default value is <code>false</code>. 259 * 260 * <p>Key for user restrictions. 261 * <p>Type: Boolean 262 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 263 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 264 * @see #getUserRestrictions() 265 */ 266 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 267 268 /** 269 * Specifies if a user is disallowed from changing the device 270 * language. The default value is <code>false</code>. 271 * 272 * <p>Key for user restrictions. 273 * <p>Type: Boolean 274 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 275 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 276 * @see #getUserRestrictions() 277 */ 278 public static final String DISALLOW_CONFIG_LOCALE = "no_config_locale"; 279 280 /** 281 * Specifies if a user is disallowed from installing applications. This user restriction also 282 * prevents device owners and profile owners installing apps. The default value is 283 * {@code false}. 284 * 285 * <p>Key for user restrictions. 286 * <p>Type: Boolean 287 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 288 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 289 * @see #getUserRestrictions() 290 */ 291 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 292 293 /** 294 * Specifies if a user is disallowed from uninstalling applications. 295 * The default value is <code>false</code>. 296 * 297 * <p>Key for user restrictions. 298 * <p>Type: Boolean 299 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 300 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 301 * @see #getUserRestrictions() 302 */ 303 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 304 305 /** 306 * Specifies if a user is disallowed from turning on location sharing. 307 * 308 * <p>In a managed profile, location sharing by default reflects the primary user's setting, but 309 * can be overridden and forced off by setting this restriction to true in the managed profile. 310 * 311 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 312 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 313 * managed profile on the parent profile, it prevents the primary user from turning on 314 * location sharing. 315 * 316 * <p>The default value is <code>false</code>. 317 * 318 * <p>Key for user restrictions. 319 * <p>Type: Boolean 320 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 321 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 322 * @see #getUserRestrictions() 323 */ 324 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 325 326 /** 327 * Specifies if airplane mode is disallowed on the device. 328 * 329 * <p>This restriction can only be set by a device owner, a profile owner on the primary 330 * user or a profile owner of an organization-owned managed profile on the parent profile. 331 * When it is set by any of these owners, it applies globally - i.e., it disables airplane mode 332 * on the entire device. 333 * 334 * <p>The default value is <code>false</code>. 335 * 336 * <p>Key for user restrictions. 337 * <p>Type: Boolean 338 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 339 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 340 * @see #getUserRestrictions() 341 */ 342 public static final String DISALLOW_AIRPLANE_MODE = "no_airplane_mode"; 343 344 /** 345 * Specifies if a user is disallowed from configuring brightness. When device owner sets it, 346 * it'll only be applied on the target(system) user. 347 * 348 * <p>The default value is <code>false</code>. 349 * 350 * <p>This user restriction has no effect on managed profiles. 351 * <p>Key for user restrictions. 352 * <p>Type: Boolean 353 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 354 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 355 * @see #getUserRestrictions() 356 */ 357 public static final String DISALLOW_CONFIG_BRIGHTNESS = "no_config_brightness"; 358 359 /** 360 * Specifies if ambient display is disallowed for the user. 361 * 362 * <p>The default value is <code>false</code>. 363 * 364 * <p>This user restriction has no effect on managed profiles. 365 * <p>Key for user restrictions. 366 * <p>Type: Boolean 367 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 368 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 369 * @see #getUserRestrictions() 370 */ 371 public static final String DISALLOW_AMBIENT_DISPLAY = "no_ambient_display"; 372 373 /** 374 * Specifies if a user is disallowed from changing screen off timeout. 375 * 376 * <p>The default value is <code>false</code>. 377 * 378 * <p>This user restriction has no effect on managed profiles. 379 * <p>Key for user restrictions. 380 * <p>Type: Boolean 381 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 382 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 383 * @see #getUserRestrictions() 384 */ 385 public static final String DISALLOW_CONFIG_SCREEN_TIMEOUT = "no_config_screen_timeout"; 386 387 /** 388 * Specifies if a user is disallowed from enabling the 389 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 390 * Unknown sources exclude adb and special apps such as trusted app stores. 391 * The default value is <code>false</code>. 392 * 393 * <p>Key for user restrictions. 394 * <p>Type: Boolean 395 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 396 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 397 * @see #getUserRestrictions() 398 */ 399 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 400 401 /** 402 * This restriction is a device-wide version of {@link #DISALLOW_INSTALL_UNKNOWN_SOURCES}. 403 * 404 * Specifies if all users on the device are disallowed from enabling the 405 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 406 * 407 * This restriction can be enabled by the profile owner, in which case all accounts and 408 * profiles will be affected. 409 * 410 * The default value is <code>false</code>. 411 * 412 * <p>Key for user restrictions. 413 * <p>Type: Boolean 414 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 415 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 416 * @see #getUserRestrictions() 417 */ 418 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY = 419 "no_install_unknown_sources_globally"; 420 421 /** 422 * Specifies if a user is disallowed from configuring bluetooth via Settings. This does 423 * <em>not</em> restrict the user from turning bluetooth on or off. 424 * 425 * <p>This restriction doesn't prevent the user from using bluetooth. For disallowing usage of 426 * bluetooth completely on the device, use {@link #DISALLOW_BLUETOOTH}. 427 * 428 * <p>A device owner and a profile owner can set this restriction, although the restriction has 429 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 430 * primary user or by a profile owner of an organization-owned managed profile on the parent 431 * profile, it disallows the primary user from configuring bluetooth. 432 * 433 * <p>The default value is <code>false</code>. 434 * 435 * <p>Key for user restrictions. 436 * <p>Type: Boolean 437 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 438 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 439 * @see #getUserRestrictions() 440 */ 441 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 442 443 /** 444 * Specifies if bluetooth is disallowed on the device. If bluetooth is disallowed on the device, 445 * bluetooth cannot be turned on or configured via Settings. 446 * 447 * <p>This restriction can only be set by a device owner, a profile owner on the primary 448 * user or a profile owner of an organization-owned managed profile on the parent profile. 449 * When it is set by a device owner, it applies globally - i.e., it disables bluetooth on 450 * the entire device and all users will be affected. When it is set by a profile owner on the 451 * primary user or by a profile owner of an organization-owned managed profile on the parent 452 * profile, it disables the primary user from using bluetooth and configuring bluetooth 453 * in Settings. 454 * 455 * <p>The default value is <code>false</code>. 456 * 457 * <p>Key for user restrictions. 458 * <p>Type: Boolean 459 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 460 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 461 * @see #getUserRestrictions() 462 */ 463 public static final String DISALLOW_BLUETOOTH = "no_bluetooth"; 464 465 /** 466 * Specifies if outgoing bluetooth sharing is disallowed. 467 * 468 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 469 * owner, it applies globally. When it is set by a profile owner on the primary user or by a 470 * profile owner of an organization-owned managed profile on the parent profile, it disables 471 * the primary user from any outgoing bluetooth sharing. 472 * 473 * <p>Default is <code>true</code> for managed profiles and false otherwise. 474 * 475 * <p>When a device upgrades to {@link android.os.Build.VERSION_CODES#O}, the system sets it 476 * for all existing managed profiles. 477 * 478 * <p>Key for user restrictions. 479 * <p>Type: Boolean 480 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 481 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 482 * @see #getUserRestrictions() 483 */ 484 public static final String DISALLOW_BLUETOOTH_SHARING = "no_bluetooth_sharing"; 485 486 /** 487 * Specifies if a user is disallowed from transferring files over USB. 488 * 489 * <p>This restriction can only be set by a device owner, a profile owner on the primary 490 * user or a profile owner of an organization-owned managed profile on the parent profile. 491 * When it is set by a device owner, it applies globally. When it is set by a profile owner 492 * on the primary user or by a profile owner of an organization-owned managed profile on 493 * the parent profile, it disables the primary user from transferring files over USB. No other 494 * user on the device is able to use file transfer over USB because the UI for file transfer 495 * is always associated with the primary user. 496 * 497 * <p>The default value is <code>false</code>. 498 * 499 * <p>Key for user restrictions. 500 * <p>Type: Boolean 501 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 502 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 503 * @see #getUserRestrictions() 504 */ 505 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 506 507 /** 508 * Specifies if a user is disallowed from configuring user 509 * credentials. The default value is <code>false</code>. 510 * 511 * <p>Key for user restrictions. 512 * <p>Type: Boolean 513 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 514 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 515 * @see #getUserRestrictions() 516 */ 517 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 518 519 /** 520 * When set on the admin user this specifies if the user can remove users. 521 * When set on a non-admin secondary user, this specifies if the user can remove itself. 522 * This restriction has no effect on managed profiles. 523 * The default value is <code>false</code>. 524 * 525 * <p>Key for user restrictions. 526 * <p>Type: Boolean 527 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 528 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 529 * @see #getUserRestrictions() 530 */ 531 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 532 533 /** 534 * Specifies if managed profiles of this user can be removed, other than by its profile owner. 535 * The default value is <code>false</code>. 536 * <p> 537 * This restriction has no effect on managed profiles. 538 * 539 * <p>Key for user restrictions. 540 * <p>Type: Boolean 541 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 542 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 543 * @see #getUserRestrictions() 544 * @deprecated As the ability to have a managed profile on a fully-managed device has been 545 * removed from the platform, this restriction will be silently ignored when applied by the 546 * device owner. 547 * When the device is provisioned with a managed profile on an organization-owned device, 548 * the managed profile could not be removed anyway. 549 */ 550 @Deprecated 551 public static final String DISALLOW_REMOVE_MANAGED_PROFILE = "no_remove_managed_profile"; 552 553 /** 554 * Specifies if a user is disallowed from enabling or accessing debugging features. 555 * 556 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 557 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 558 * managed profile on the parent profile, it disables debugging features altogether, including 559 * USB debugging. When set on a managed profile or a secondary user, it blocks debugging for 560 * that user only, including starting activities, making service calls, accessing content 561 * providers, sending broadcasts, installing/uninstalling packages, clearing user data, etc. 562 * 563 * <p>The default value is <code>false</code>. 564 * 565 * <p>Key for user restrictions. 566 * <p>Type: Boolean 567 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 568 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 569 * @see #getUserRestrictions() 570 */ 571 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features"; 572 573 /** 574 * Specifies if a user is disallowed from configuring a VPN. The default value is 575 * <code>false</code>. This restriction has an effect when set by device owners and, in Android 576 * 6.0 ({@linkplain android.os.Build.VERSION_CODES#M API level 23}) or higher, profile owners. 577 * <p>This restriction also prevents VPNs from starting. However, in Android 7.0 578 * ({@linkplain android.os.Build.VERSION_CODES#N API level 24}) or higher, the system does 579 * start always-on VPNs created by the device or profile owner. 580 * <p>From Android 12 ({@linkplain android.os.Build.VERSION_CODES#S API level 31}) enforcing 581 * this restriction clears currently active VPN if it was configured by the user. 582 * 583 * <p>Key for user restrictions. 584 * <p>Type: Boolean 585 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 586 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 587 * @see #getUserRestrictions() 588 */ 589 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn"; 590 591 /** 592 * Specifies if a user is disallowed from enabling or disabling location providers. As a 593 * result, user is disallowed from turning on or off location via Settings. 594 * 595 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 596 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 597 * managed profile on the parent profile, it disallows the primary user from turning location 598 * on or off. 599 * 600 * <p>The default value is <code>false</code>. 601 * 602 * <p>This user restriction is different from {@link #DISALLOW_SHARE_LOCATION}, 603 * as a device owner or a profile owner can still enable or disable location mode via 604 * {@link DevicePolicyManager#setLocationEnabled} when this restriction is on. 605 * 606 * <p>Key for user restrictions. 607 * <p>Type: Boolean 608 * @see LocationManager#isLocationEnabled() 609 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 610 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 611 * @see #getUserRestrictions() 612 */ 613 public static final String DISALLOW_CONFIG_LOCATION = "no_config_location"; 614 615 /** 616 * Specifies configuring date, time and timezone is disallowed via Settings. 617 * 618 * <p>A device owner and a profile owner can set this restriction, although the restriction has 619 * no effect in a managed profile. When it is set by a device owner or by a profile owner of an 620 * organization-owned managed profile on the parent profile, it applies globally - i.e., 621 * it disables date, time and timezone setting on the entire device and all users are affected. 622 * When it is set by a profile owner on the primary user, it disables the primary user 623 * from configuring date, time and timezone and disables all configuring of date, time and 624 * timezone in Settings. 625 * 626 * <p>The default value is <code>false</code>. 627 * 628 * <p>Key for user restrictions. 629 * <p>Type: Boolean 630 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 631 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 632 * @see #getUserRestrictions() 633 */ 634 public static final String DISALLOW_CONFIG_DATE_TIME = "no_config_date_time"; 635 636 /** 637 * Specifies if a user is disallowed from configuring Tethering and portable hotspots 638 * via Settings. 639 * 640 * <p>This restriction can only be set by a device owner, a profile owner on the primary 641 * user or a profile owner of an organization-owned managed profile on the parent profile. 642 * When it is set by a device owner, it applies globally. When it is set by a profile owner 643 * on the primary user or by a profile owner of an organization-owned managed profile on 644 * the parent profile, it disables the primary user from using Tethering and hotspots and 645 * disables all configuring of Tethering and hotspots in Settings. 646 * 647 * <p>The default value is <code>false</code>. 648 * 649 * <p>In Android 9.0 or higher, if tethering is enabled when this restriction is set, 650 * tethering will be automatically turned off. 651 * 652 * <p>Key for user restrictions. 653 * <p>Type: Boolean 654 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 655 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 656 * @see #getUserRestrictions() 657 */ 658 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering"; 659 660 /** 661 * Specifies if a user is disallowed from resetting network settings 662 * from Settings. This can only be set by device owners and profile owners on the primary user. 663 * The default value is <code>false</code>. 664 * <p>This restriction has no effect on secondary users and managed profiles since only the 665 * primary user can reset the network settings of the device. 666 * 667 * <p>Key for user restrictions. 668 * <p>Type: Boolean 669 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 670 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 671 * @see #getUserRestrictions() 672 */ 673 public static final String DISALLOW_NETWORK_RESET = "no_network_reset"; 674 675 /** 676 * Specifies if a user is disallowed from factory resetting from Settings. 677 * This can only be set by device owners and profile owners on an admin user. 678 * The default value is <code>false</code>. 679 * <p>This restriction has no effect on non-admin users since they cannot factory reset the 680 * device. 681 * 682 * <p>Key for user restrictions. 683 * <p>Type: Boolean 684 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 685 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 686 * @see #getUserRestrictions() 687 */ 688 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset"; 689 690 /** 691 * Specifies if a user is disallowed from adding new users. This can only be set by device 692 * owners or profile owners on the primary user. The default value is <code>false</code>. 693 * <p>This restriction has no effect on secondary users and managed profiles since only the 694 * primary user can add other users. 695 * <p> When the device is an organization-owned device provisioned with a managed profile, 696 * this restriction will be set as a base restriction which cannot be removed by any admin. 697 * 698 * <p>Key for user restrictions. 699 * <p>Type: Boolean 700 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 701 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 702 * @see #getUserRestrictions() 703 */ 704 public static final String DISALLOW_ADD_USER = "no_add_user"; 705 706 /** 707 * Specifies if a user is disallowed from adding managed profiles. 708 * <p>The default value for an unmanaged user is <code>false</code>. 709 * For users with a device owner set, the default is <code>true</code>. 710 * <p>This restriction has no effect on managed profiles. 711 * 712 * <p>Key for user restrictions. 713 * <p>Type: Boolean 714 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 715 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 716 * @see #getUserRestrictions() 717 * @deprecated As the ability to have a managed profile on a fully-managed device has been 718 * removed from the platform, this restriction will be silently ignored when applied by the 719 * device owner. 720 */ 721 @Deprecated 722 public static final String DISALLOW_ADD_MANAGED_PROFILE = "no_add_managed_profile"; 723 724 /** 725 * Specifies if a user is disallowed from disabling application verification. The default 726 * value is <code>false</code>. 727 * 728 * <p>In Android 8.0 ({@linkplain android.os.Build.VERSION_CODES#O API level 26}) and higher, 729 * this is a global user restriction. If a device owner or profile owner sets this restriction, 730 * the system enforces app verification across all users on the device. Running in earlier 731 * Android versions, this restriction affects only the profile that sets it. 732 * 733 * <p>Key for user restrictions. 734 * <p>Type: Boolean 735 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 736 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 737 * @see #getUserRestrictions() 738 */ 739 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps"; 740 741 /** 742 * Specifies if a user is disallowed from configuring cell broadcasts. 743 * 744 * <p>This restriction can only be set by a device owner, a profile owner on the primary 745 * user or a profile owner of an organization-owned managed profile on the parent profile. 746 * When it is set by a device owner, it applies globally. When it is set by a profile owner 747 * on the primary user or by a profile owner of an organization-owned managed profile on 748 * the parent profile, it disables the primary user from configuring cell broadcasts. 749 * 750 * <p>The default value is <code>false</code>. 751 * 752 * <p>This restriction has no effect on secondary users and managed profiles since only the 753 * primary user can configure cell broadcasts. 754 * 755 * <p>Key for user restrictions. 756 * <p>Type: Boolean 757 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 758 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 759 * @see #getUserRestrictions() 760 */ 761 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts"; 762 763 /** 764 * Specifies if a user is disallowed from configuring mobile networks. 765 * 766 * <p>This restriction can only be set by a device owner, a profile owner on the primary 767 * user or a profile owner of an organization-owned managed profile on the parent profile. 768 * When it is set by a device owner, it applies globally. When it is set by a profile owner 769 * on the primary user or by a profile owner of an organization-owned managed profile on 770 * the parent profile, it disables the primary user from configuring mobile networks. 771 * 772 * <p>The default value is <code>false</code>. 773 * 774 * <p>This restriction has no effect on secondary users and managed profiles since only the 775 * primary user can configure mobile networks. 776 * 777 * <p>Key for user restrictions. 778 * <p>Type: Boolean 779 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 780 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 781 * @see #getUserRestrictions() 782 */ 783 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks"; 784 785 /** 786 * Specifies if a user is disallowed from modifying 787 * applications in Settings or launchers. The following actions will not be allowed when this 788 * restriction is enabled: 789 * <li>uninstalling apps</li> 790 * <li>disabling apps</li> 791 * <li>clearing app caches</li> 792 * <li>clearing app data</li> 793 * <li>force stopping apps</li> 794 * <li>clearing app defaults</li> 795 * <p> 796 * The default value is <code>false</code>. 797 * 798 * <p><strong>Note:</strong> The user will still be able to perform those actions via other 799 * means (such as adb). Third party apps will also be able to uninstall apps via the 800 * {@link android.content.pm.PackageInstaller}. {@link #DISALLOW_UNINSTALL_APPS} or 801 * {@link DevicePolicyManager#setUninstallBlocked(ComponentName, String, boolean)} should be 802 * used to prevent the user from uninstalling apps completely, and 803 * {@link DevicePolicyManager#addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName)} 804 * to add a default intent handler for a given intent filter. 805 * 806 * <p>Key for user restrictions. 807 * <p>Type: Boolean 808 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 809 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 810 * @see #getUserRestrictions() 811 */ 812 public static final String DISALLOW_APPS_CONTROL = "no_control_apps"; 813 814 /** 815 * Specifies if a user is disallowed from mounting physical external media. 816 * 817 * <p>This restriction can only be set by a device owner, a profile owner on the primary 818 * user or a profile owner of an organization-owned managed profile on the parent profile. 819 * When it is set by a device owner, it applies globally. When it is set by a profile owner 820 * on the primary user or by a profile owner of an organization-owned managed profile on 821 * the parent profile, it disables the primary user from mounting physical external media. 822 * 823 * <p>The default value is <code>false</code>. 824 * 825 * <p>Key for user restrictions. 826 * <p>Type: Boolean 827 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 828 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 829 * @see #getUserRestrictions() 830 */ 831 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media"; 832 833 /** 834 * Specifies if a user is disallowed from adjusting microphone volume. If set, the microphone 835 * will be muted. 836 * 837 * <p>A device owner and a profile owner can set this restriction, although the restriction has 838 * no effect in a managed profile. When it is set by a device owner, it applies globally. When 839 * it is set by a profile owner on the primary user or by a profile owner of an 840 * organization-owned managed profile on the parent profile, it will disallow the primary user 841 * from adjusting the microphone volume. 842 * 843 * <p>The default value is <code>false</code>. 844 * 845 * <p>Key for user restrictions. 846 * <p>Type: Boolean 847 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 848 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 849 * @see #getUserRestrictions() 850 */ 851 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone"; 852 853 /** 854 * Specifies if a user is disallowed from adjusting the global volume. If set, the global volume 855 * will be muted. This can be set by device owners from API 21 and profile owners from API 24. 856 * The default value is <code>false</code>. 857 * 858 * <p>When the restriction is set by profile owners, then it only applies to relevant 859 * profiles. 860 * 861 * <p>This restriction has no effect on managed profiles. 862 * <p>Key for user restrictions. 863 * <p>Type: Boolean 864 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 865 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 866 * @see #getUserRestrictions() 867 */ 868 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume"; 869 870 /** 871 * Specifies that the user is not allowed to make outgoing phone calls. Emergency calls are 872 * still permitted. 873 * 874 * <p>A device owner and a profile owner can set this restriction, although the restriction has 875 * no effect in a managed profile. When it is set by a device owner, a profile owner on the 876 * primary user or by a profile owner of an organization-owned managed profile on the parent 877 * profile, it disallows the primary user from making outgoing phone calls. 878 * 879 * <p>The default value is <code>false</code>. 880 * 881 * <p>Key for user restrictions. 882 * <p>Type: Boolean 883 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 884 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 885 * @see #getUserRestrictions() 886 */ 887 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls"; 888 889 /** 890 * Specifies that the user is not allowed to send or receive SMS messages. 891 * 892 * <p>This restriction can only be set by a device owner, a profile owner on the primary 893 * user or a profile owner of an organization-owned managed profile on the parent profile. 894 * When it is set by a device owner, it applies globally. When it is set by a profile owner 895 * on the primary user or by a profile owner of an organization-owned managed profile on 896 * the parent profile, it disables the primary user from sending or receiving SMS messages. 897 * 898 * <p>The default value is <code>false</code>. 899 * 900 * <p>Key for user restrictions. 901 * <p>Type: Boolean 902 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 903 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 904 * @see #getUserRestrictions() 905 */ 906 public static final String DISALLOW_SMS = "no_sms"; 907 908 /** 909 * Specifies if the user is not allowed to have fun. In some cases, the 910 * device owner may wish to prevent the user from experiencing amusement or 911 * joy while using the device. The default value is <code>false</code>. 912 * 913 * <p>Key for user restrictions. 914 * <p>Type: Boolean 915 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 916 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 917 * @see #getUserRestrictions() 918 */ 919 public static final String DISALLOW_FUN = "no_fun"; 920 921 /** 922 * Specifies that windows besides app windows should not be 923 * created. This will block the creation of the following types of windows. 924 * <li>{@link LayoutParams#TYPE_TOAST}</li> 925 * <li>{@link LayoutParams#TYPE_PHONE}</li> 926 * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li> 927 * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li> 928 * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li> 929 * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li> 930 * <li>{@link LayoutParams#TYPE_APPLICATION_OVERLAY}</li> 931 * 932 * <p>This can only be set by device owners and profile owners on the primary user. 933 * The default value is <code>false</code>. 934 * 935 * <p>Key for user restrictions. 936 * <p>Type: Boolean 937 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 938 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 939 * @see #getUserRestrictions() 940 */ 941 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows"; 942 943 /** 944 * Specifies that system error dialogs for crashed or unresponsive apps should not be shown. 945 * In this case, the system will force-stop the app as if the user chooses the "close app" 946 * option on the UI. A feedback report isn't collected as there is no way for the user to 947 * provide explicit consent. The default value is <code>false</code>. 948 * 949 * <p>When this user restriction is set by device owners, it's applied to all users. When set by 950 * the profile owner of the primary user or a secondary user, the restriction affects only the 951 * calling user. This user restriction has no effect on managed profiles. 952 * 953 * <p>Key for user restrictions. 954 * <p>Type: Boolean 955 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 956 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 957 * @see #getUserRestrictions() 958 */ 959 public static final String DISALLOW_SYSTEM_ERROR_DIALOGS = "no_system_error_dialogs"; 960 961 /** 962 * Specifies if the clipboard contents can be exported by pasting the data into other users or 963 * profiles. This restriction doesn't prevent import, such as someone pasting clipboard data 964 * from other profiles or users. The default value is {@code false}. 965 * 966 * <p><strong>Note</strong>: Because it's possible to extract data from screenshots using 967 * optical character recognition (OCR), we strongly recommend combining this user restriction 968 * with {@link DevicePolicyManager#setScreenCaptureDisabled(ComponentName, boolean)}. 969 * 970 * <p>Key for user restrictions. 971 * <p>Type: Boolean 972 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 973 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 974 * @see #getUserRestrictions() 975 */ 976 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste"; 977 978 /** 979 * Specifies if the user is not allowed to use NFC to beam out data from apps. 980 * The default value is <code>false</code>. 981 * 982 * <p>Key for user restrictions. 983 * <p>Type: Boolean 984 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 985 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 986 * @see #getUserRestrictions() 987 */ 988 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam"; 989 990 /** 991 * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction 992 * generally means that wallpapers are not supported for the particular user. This user 993 * restriction is always set for managed profiles, because such profiles don't have wallpapers. 994 * @hide 995 * @see #DISALLOW_SET_WALLPAPER 996 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 997 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 998 * @see #getUserRestrictions() 999 */ 1000 public static final String DISALLOW_WALLPAPER = "no_wallpaper"; 1001 1002 /** 1003 * User restriction to disallow setting a wallpaper. Profile owner and device owner 1004 * are able to set wallpaper regardless of this restriction. 1005 * The default value is <code>false</code>. 1006 * 1007 * <p>Key for user restrictions. 1008 * <p>Type: Boolean 1009 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1010 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1011 * @see #getUserRestrictions() 1012 */ 1013 public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper"; 1014 1015 /** 1016 * Specifies if the user is not allowed to reboot the device into safe boot mode. 1017 * 1018 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1019 * user or a profile owner of an organization-owned managed profile on the parent profile. 1020 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1021 * on the primary user or by a profile owner of an organization-owned managed profile on 1022 * the parent profile, it disables the primary user from rebooting the device into safe 1023 * boot mode. 1024 * 1025 * <p>The default value is <code>false</code>. 1026 * 1027 * <p>Key for user restrictions. 1028 * <p>Type: Boolean 1029 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1030 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1031 * @see #getUserRestrictions() 1032 */ 1033 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot"; 1034 1035 /** 1036 * Specifies if a user is not allowed to record audio. This restriction is always enabled for 1037 * background users. The default value is <code>false</code>. 1038 * 1039 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1040 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1041 * @see #getUserRestrictions() 1042 * @hide 1043 */ 1044 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) 1045 public static final String DISALLOW_RECORD_AUDIO = "no_record_audio"; 1046 1047 /** 1048 * Specifies if a user is not allowed to run in the background and should be stopped during 1049 * user switch. The default value is <code>false</code>. 1050 * 1051 * <p>This restriction can be set by device owners and profile owners. 1052 * 1053 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1054 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1055 * @see #getUserRestrictions() 1056 * @hide 1057 */ 1058 @SystemApi 1059 public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background"; 1060 1061 /** 1062 * Specifies if a user is not allowed to use the camera. 1063 * 1064 * <p>A device owner and a profile owner can set this restriction. When it is set by a 1065 * device owner, it applies globally - i.e., it disables the use of camera on the entire device 1066 * and all users are affected. When it is set by a profile owner on the primary user or by a 1067 * profile owner of an organization-owned managed profile on the parent profile, it disables 1068 * the primary user from using camera. 1069 * 1070 * <p>The default value is <code>false</code>. 1071 * 1072 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1073 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1074 * @see #getUserRestrictions() 1075 * @hide 1076 */ 1077 public static final String DISALLOW_CAMERA = "no_camera"; 1078 1079 /** 1080 * Specifies if a user is not allowed to unmute the device's global volume. 1081 * 1082 * @see DevicePolicyManager#setMasterVolumeMuted(ComponentName, boolean) 1083 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1084 * @see #getUserRestrictions() 1085 * @hide 1086 */ 1087 public static final String DISALLOW_UNMUTE_DEVICE = "disallow_unmute_device"; 1088 1089 /** 1090 * Specifies if a user is not allowed to use cellular data when roaming. 1091 * 1092 * <p>This restriction can only be set by a device owner, a profile owner on the primary 1093 * user or a profile owner of an organization-owned managed profile on the parent profile. 1094 * When it is set by a device owner, it applies globally. When it is set by a profile owner 1095 * on the primary user or by a profile owner of an organization-owned managed profile on 1096 * the parent profile, it disables the primary user from using cellular data when roaming. 1097 * 1098 * <p>The default value is <code>false</code>. 1099 * 1100 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1101 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1102 * @see #getUserRestrictions() 1103 */ 1104 public static final String DISALLOW_DATA_ROAMING = "no_data_roaming"; 1105 1106 /** 1107 * Specifies if a user is not allowed to change their icon. Device owner and profile owner 1108 * can set this restriction. When it is set by device owner, only the target user will be 1109 * affected. The default value is <code>false</code>. 1110 * 1111 * <p>Key for user restrictions. 1112 * <p>Type: Boolean 1113 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1114 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1115 * @see #getUserRestrictions() 1116 */ 1117 public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon"; 1118 1119 /** 1120 * Specifies if a user is not allowed to enable the oem unlock setting. The default value is 1121 * <code>false</code>. Setting this restriction has no effect if the bootloader is already 1122 * unlocked. 1123 * 1124 * <p>Not for use by third-party applications. 1125 * 1126 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1127 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1128 * @see #getUserRestrictions() 1129 * @deprecated use {@link OemLockManager#setOemUnlockAllowedByCarrier(boolean, byte[])} instead. 1130 * @hide 1131 */ 1132 @Deprecated 1133 @SystemApi 1134 public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock"; 1135 1136 /** 1137 * Specifies that the managed profile is not allowed to have unified lock screen challenge with 1138 * the primary user. 1139 * 1140 * <p><strong>Note:</strong> Setting this restriction alone doesn't automatically set a 1141 * separate challenge. Profile owner can ask the user to set a new password using 1142 * {@link DevicePolicyManager#ACTION_SET_NEW_PASSWORD} and verify it using 1143 * {@link DevicePolicyManager#isUsingUnifiedPassword(ComponentName)}. 1144 * 1145 * <p>Can be set by profile owners. It only has effect on managed profiles when set by managed 1146 * profile owner. Has no effect on non-managed profiles or users. 1147 * <p>Key for user restrictions. 1148 * <p>Type: Boolean 1149 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1150 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1151 * @see #getUserRestrictions() 1152 */ 1153 public static final String DISALLOW_UNIFIED_PASSWORD = "no_unified_password"; 1154 1155 /** 1156 * Allows apps in the parent profile to handle web links from the managed profile. 1157 * 1158 * This user restriction has an effect only in a managed profile. 1159 * If set: 1160 * Intent filters of activities in the parent profile with action 1161 * {@link android.content.Intent#ACTION_VIEW}, 1162 * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which 1163 * define a host can handle intents from the managed profile. 1164 * The default value is <code>false</code>. 1165 * 1166 * <p>Key for user restrictions. 1167 * <p>Type: Boolean 1168 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1169 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1170 * @see #getUserRestrictions() 1171 */ 1172 public static final String ALLOW_PARENT_PROFILE_APP_LINKING 1173 = "allow_parent_profile_app_linking"; 1174 1175 /** 1176 * Specifies if a user is not allowed to use Autofill Services. 1177 * 1178 * <p>Device owner and profile owner can set this restriction. When it is set by device owner, 1179 * only the target user will be affected. 1180 * 1181 * <p>The default value is <code>false</code>. 1182 * 1183 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1184 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1185 * @see #getUserRestrictions() 1186 */ 1187 public static final String DISALLOW_AUTOFILL = "no_autofill"; 1188 1189 /** 1190 * Specifies if the contents of a user's screen is not allowed to be captured for artificial 1191 * intelligence purposes. 1192 * 1193 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 1194 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 1195 * managed profile on the parent profile, it disables the primary user's screen from being 1196 * captured for artificial intelligence purposes. 1197 * 1198 * <p>The default value is <code>false</code>. 1199 * 1200 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1201 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1202 * @see #getUserRestrictions() 1203 */ 1204 public static final String DISALLOW_CONTENT_CAPTURE = "no_content_capture"; 1205 1206 /** 1207 * Specifies if the current user is able to receive content suggestions for selections based on 1208 * the contents of their screen. 1209 * 1210 * <p>A device owner and a profile owner can set this restriction. When it is set by a device 1211 * owner, a profile owner on the primary user or by a profile owner of an organization-owned 1212 * managed profile on the parent profile, it disables the primary user from receiving content 1213 * suggestions for selections based on the contents of their screen. 1214 * 1215 * <p>The default value is <code>false</code>. 1216 * 1217 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1218 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1219 * @see #getUserRestrictions() 1220 */ 1221 public static final String DISALLOW_CONTENT_SUGGESTIONS = "no_content_suggestions"; 1222 1223 /** 1224 * Specifies if user switching is blocked on the current user. 1225 * 1226 * <p> This restriction can only be set by the device owner, it will be applied to all users. 1227 * Device owner can still switch user via 1228 * {@link DevicePolicyManager#switchUser(ComponentName, UserHandle)} when this restriction is 1229 * set. 1230 * 1231 * <p>The default value is <code>false</code>. 1232 * 1233 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1234 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1235 * @see #getUserRestrictions() 1236 */ 1237 public static final String DISALLOW_USER_SWITCH = "no_user_switch"; 1238 1239 /** 1240 * Specifies whether the user can share file / picture / data from the primary user into the 1241 * managed profile, either by sending them from the primary side, or by picking up data within 1242 * an app in the managed profile. 1243 * <p> 1244 * When a managed profile is created, the system allows the user to send data from the primary 1245 * side to the profile by setting up certain default cross profile intent filters. If 1246 * this is undesired, this restriction can be set to disallow it. Note that this restriction 1247 * will not block any sharing allowed by explicit 1248 * {@link DevicePolicyManager#addCrossProfileIntentFilter} calls by the profile owner. 1249 * <p> 1250 * This restriction is only meaningful when set by profile owner. When it is set by device 1251 * owner, it does not have any effect. 1252 * <p> 1253 * The default value is <code>false</code>. 1254 * 1255 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1256 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1257 * @see #getUserRestrictions() 1258 */ 1259 public static final String DISALLOW_SHARE_INTO_MANAGED_PROFILE = "no_sharing_into_profile"; 1260 1261 /** 1262 * Specifies whether the user is allowed to print. 1263 * 1264 * This restriction can be set by device or profile owner. 1265 * 1266 * The default value is {@code false}. 1267 * 1268 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1269 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1270 * @see #getUserRestrictions() 1271 */ 1272 public static final String DISALLOW_PRINTING = "no_printing"; 1273 1274 /** 1275 * Specifies whether the user is allowed to modify private DNS settings. 1276 * 1277 * <p>This restriction can only be set by a device owner or a profile owner of an 1278 * organization-owned managed profile on the parent profile. When it is set by either of these 1279 * owners, it applies globally. 1280 * 1281 * <p>The default value is <code>false</code>. 1282 * 1283 * <p>Key for user restrictions. 1284 * <p>Type: Boolean 1285 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1286 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1287 * @see #getUserRestrictions() 1288 */ 1289 public static final String DISALLOW_CONFIG_PRIVATE_DNS = 1290 "disallow_config_private_dns"; 1291 1292 /** 1293 * Specifies whether the microphone toggle is available to the user. If this restriction is set, 1294 * the user will not be able to block microphone access via the system toggle. If microphone 1295 * access is blocked when the restriction is added, it will be automatically re-enabled. 1296 * 1297 * This restriction can only be set by a device owner. 1298 * 1299 * <p>The default value is <code>false</code>. 1300 * 1301 * @see android.hardware.SensorPrivacyManager 1302 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1303 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1304 * @see #getUserRestrictions() 1305 */ 1306 public static final String DISALLOW_MICROPHONE_TOGGLE = 1307 "disallow_microphone_toggle"; 1308 1309 /** 1310 * Specifies whether the camera toggle is available to the user. If this restriction is set, 1311 * the user will not be able to block camera access via the system toggle. If camera 1312 * access is blocked when the restriction is added, it will be automatically re-enabled. 1313 * 1314 * This restriction can only be set by a device owner. 1315 * 1316 * <p>The default value is <code>false</code>. 1317 * 1318 * @see android.hardware.SensorPrivacyManager 1319 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1320 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1321 * @see #getUserRestrictions() 1322 */ 1323 public static final String DISALLOW_CAMERA_TOGGLE = 1324 "disallow_camera_toggle"; 1325 1326 /** 1327 * This is really not a user restriction in the normal sense. This can't be set to a user, 1328 * via UserManager nor via DevicePolicyManager. This is not even set in UserSettingsUtils. 1329 * This is defined here purely for convenience within the settings app. 1330 * 1331 * TODO(b/191306258): Refactor the Settings app to remove the need for this field, and delete it 1332 * 1333 * Specifies whether biometrics are available to the user. This is used internally only, 1334 * as a means of communications between biometric settings and 1335 * {@link com.android.settingslib.enterprise.ActionDisabledByAdminControllerFactory}. 1336 * 1337 * @see {@link android.hardware.biometrics.ParentalControlsUtilsInternal} 1338 * @see {@link com.android.settings.biometrics.ParentalControlsUtils} 1339 * 1340 * @hide 1341 */ 1342 public static final String DISALLOW_BIOMETRIC = "disallow_biometric"; 1343 1344 /** 1345 * Application restriction key that is used to indicate the pending arrival 1346 * of real restrictions for the app. 1347 * 1348 * <p> 1349 * Applications that support restrictions should check for the presence of this key. 1350 * A <code>true</code> value indicates that restrictions may be applied in the near 1351 * future but are not available yet. It is the responsibility of any 1352 * management application that sets this flag to update it when the final 1353 * restrictions are enforced. 1354 * 1355 * <p>Key for application restrictions. 1356 * <p>Type: Boolean 1357 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions( 1358 * android.content.ComponentName, String, Bundle) 1359 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions( 1360 * android.content.ComponentName, String) 1361 */ 1362 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending"; 1363 1364 /** 1365 * List of key values that can be passed into the various user restriction related methods 1366 * in {@link UserManager} & {@link DevicePolicyManager}. 1367 * Note: This is slightly different from the real set of user restrictions listed in {@link 1368 * com.android.server.pm.UserRestrictionsUtils#USER_RESTRICTIONS}. For example 1369 * {@link #KEY_RESTRICTIONS_PENDING} is not a real user restriction, but is a legitimate 1370 * value that can be passed into {@link #hasUserRestriction(String)}. 1371 * @hide 1372 */ 1373 @StringDef(value = { 1374 DISALLOW_MODIFY_ACCOUNTS, 1375 DISALLOW_CONFIG_WIFI, 1376 DISALLOW_CONFIG_LOCALE, 1377 DISALLOW_INSTALL_APPS, 1378 DISALLOW_UNINSTALL_APPS, 1379 DISALLOW_SHARE_LOCATION, 1380 DISALLOW_AIRPLANE_MODE, 1381 DISALLOW_CONFIG_BRIGHTNESS, 1382 DISALLOW_AMBIENT_DISPLAY, 1383 DISALLOW_CONFIG_SCREEN_TIMEOUT, 1384 DISALLOW_INSTALL_UNKNOWN_SOURCES, 1385 DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, 1386 DISALLOW_CONFIG_BLUETOOTH, 1387 DISALLOW_BLUETOOTH, 1388 DISALLOW_BLUETOOTH_SHARING, 1389 DISALLOW_USB_FILE_TRANSFER, 1390 DISALLOW_CONFIG_CREDENTIALS, 1391 DISALLOW_REMOVE_USER, 1392 DISALLOW_REMOVE_MANAGED_PROFILE, 1393 DISALLOW_DEBUGGING_FEATURES, 1394 DISALLOW_CONFIG_VPN, 1395 DISALLOW_CONFIG_LOCATION, 1396 DISALLOW_CONFIG_DATE_TIME, 1397 DISALLOW_CONFIG_TETHERING, 1398 DISALLOW_NETWORK_RESET, 1399 DISALLOW_FACTORY_RESET, 1400 DISALLOW_ADD_USER, 1401 DISALLOW_ADD_MANAGED_PROFILE, 1402 ENSURE_VERIFY_APPS, 1403 DISALLOW_CONFIG_CELL_BROADCASTS, 1404 DISALLOW_CONFIG_MOBILE_NETWORKS, 1405 DISALLOW_APPS_CONTROL, 1406 DISALLOW_MOUNT_PHYSICAL_MEDIA, 1407 DISALLOW_UNMUTE_MICROPHONE, 1408 DISALLOW_ADJUST_VOLUME, 1409 DISALLOW_OUTGOING_CALLS, 1410 DISALLOW_SMS, 1411 DISALLOW_FUN, 1412 DISALLOW_CREATE_WINDOWS, 1413 DISALLOW_SYSTEM_ERROR_DIALOGS, 1414 DISALLOW_CROSS_PROFILE_COPY_PASTE, 1415 DISALLOW_OUTGOING_BEAM, 1416 DISALLOW_WALLPAPER, 1417 DISALLOW_SET_WALLPAPER, 1418 DISALLOW_SAFE_BOOT, 1419 DISALLOW_RECORD_AUDIO, 1420 DISALLOW_RUN_IN_BACKGROUND, 1421 DISALLOW_CAMERA, 1422 DISALLOW_UNMUTE_DEVICE, 1423 DISALLOW_DATA_ROAMING, 1424 DISALLOW_SET_USER_ICON, 1425 DISALLOW_OEM_UNLOCK, 1426 DISALLOW_UNIFIED_PASSWORD, 1427 ALLOW_PARENT_PROFILE_APP_LINKING, 1428 DISALLOW_AUTOFILL, 1429 DISALLOW_CONTENT_CAPTURE, 1430 DISALLOW_CONTENT_SUGGESTIONS, 1431 DISALLOW_USER_SWITCH, 1432 DISALLOW_SHARE_INTO_MANAGED_PROFILE, 1433 DISALLOW_PRINTING, 1434 DISALLOW_CONFIG_PRIVATE_DNS, 1435 DISALLOW_MICROPHONE_TOGGLE, 1436 DISALLOW_CAMERA_TOGGLE, 1437 KEY_RESTRICTIONS_PENDING, 1438 DISALLOW_BIOMETRIC, 1439 }) 1440 @Retention(RetentionPolicy.SOURCE) 1441 public @interface UserRestrictionKey {} 1442 1443 private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER"; 1444 1445 /** 1446 * Extra containing a name for the user being created. Optional parameter passed to 1447 * ACTION_CREATE_USER activity. 1448 * @hide 1449 */ 1450 public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME"; 1451 1452 /** 1453 * Extra containing account name for the user being created. Optional parameter passed to 1454 * ACTION_CREATE_USER activity. 1455 * @hide 1456 */ 1457 public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME"; 1458 1459 /** 1460 * Extra containing account type for the user being created. Optional parameter passed to 1461 * ACTION_CREATE_USER activity. 1462 * @hide 1463 */ 1464 public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE"; 1465 1466 /** 1467 * Extra containing account-specific data for the user being created. Optional parameter passed 1468 * to ACTION_CREATE_USER activity. 1469 * @hide 1470 */ 1471 public static final String EXTRA_USER_ACCOUNT_OPTIONS 1472 = "android.os.extra.USER_ACCOUNT_OPTIONS"; 1473 1474 /** @hide */ 1475 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 1476 /** @hide */ 1477 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 1478 /** @hide */ 1479 public static final int PIN_VERIFICATION_SUCCESS = -1; 1480 1481 /** 1482 * Sent when user restrictions have changed. 1483 * 1484 * @hide 1485 */ 1486 @SystemApi // To allow seeing it from CTS. 1487 public static final String ACTION_USER_RESTRICTIONS_CHANGED = 1488 "android.os.action.USER_RESTRICTIONS_CHANGED"; 1489 1490 /** 1491 * Error result indicating that this user is not allowed to add other users on this device. 1492 * This is a result code returned from the activity created by the intent 1493 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 1494 */ 1495 public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER; 1496 1497 /** 1498 * Error result indicating that no more users can be created on this device. 1499 * This is a result code returned from the activity created by the intent 1500 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 1501 */ 1502 public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1; 1503 1504 /** 1505 * Indicates that users are switchable. 1506 * @hide 1507 */ 1508 @SystemApi 1509 public static final int SWITCHABILITY_STATUS_OK = 0; 1510 1511 /** 1512 * Indicated that the user is in a phone call. 1513 * @hide 1514 */ 1515 @SystemApi 1516 public static final int SWITCHABILITY_STATUS_USER_IN_CALL = 1 << 0; 1517 1518 /** 1519 * Indicates that user switching is disallowed ({@link #DISALLOW_USER_SWITCH} is set). 1520 * @hide 1521 */ 1522 @SystemApi 1523 public static final int SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED = 1 << 1; 1524 1525 /** 1526 * Indicates that the system user is locked and user switching is not allowed. 1527 * @hide 1528 */ 1529 @SystemApi 1530 public static final int SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED = 1 << 2; 1531 1532 /** 1533 * Result returned in {@link #getUserSwitchability()} indicating user swichability. 1534 * @hide 1535 */ 1536 @Retention(RetentionPolicy.SOURCE) 1537 @IntDef(flag = true, prefix = { "SWITCHABILITY_STATUS_" }, value = { 1538 SWITCHABILITY_STATUS_OK, 1539 SWITCHABILITY_STATUS_USER_IN_CALL, 1540 SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED, 1541 SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED 1542 }) 1543 public @interface UserSwitchabilityResult {} 1544 1545 /** 1546 * A response code from {@link #removeUserOrSetEphemeral(int)} indicating that the specified 1547 * user has been successfully removed. 1548 * @hide 1549 */ 1550 public static final int REMOVE_RESULT_REMOVED = 0; 1551 1552 /** 1553 * A response code from {@link #removeUserOrSetEphemeral(int)} indicating that the specified 1554 * user has had its {@link UserInfo#FLAG_EPHEMERAL} flag set to {@code true}, so that it will be 1555 * removed when the user is stopped or on boot. 1556 * @hide 1557 */ 1558 public static final int REMOVE_RESULT_SET_EPHEMERAL = 1; 1559 1560 /** 1561 * A response code from {@link #removeUserOrSetEphemeral(int)} indicating that the specified 1562 * user is already in the process of being removed. 1563 * @hide 1564 */ 1565 public static final int REMOVE_RESULT_ALREADY_BEING_REMOVED = 2; 1566 1567 /** 1568 * A response code from {@link #removeUserOrSetEphemeral(int)} indicating that an error occurred 1569 * that prevented the user from being removed or set as ephemeral. 1570 * @hide 1571 */ 1572 public static final int REMOVE_RESULT_ERROR = 3; 1573 1574 /** 1575 * Possible response codes from {@link #removeUserOrSetEphemeral(int)}. 1576 * @hide 1577 */ 1578 @IntDef(prefix = { "REMOVE_RESULT_" }, value = { 1579 REMOVE_RESULT_REMOVED, 1580 REMOVE_RESULT_SET_EPHEMERAL, 1581 REMOVE_RESULT_ALREADY_BEING_REMOVED, 1582 REMOVE_RESULT_ERROR, 1583 }) 1584 @Retention(RetentionPolicy.SOURCE) 1585 public @interface RemoveResult {} 1586 1587 /** 1588 * Indicates user operation is successful. 1589 */ 1590 public static final int USER_OPERATION_SUCCESS = 0; 1591 1592 /** 1593 * Indicates user operation failed for unknown reason. 1594 */ 1595 public static final int USER_OPERATION_ERROR_UNKNOWN = 1; 1596 1597 /** 1598 * Indicates user operation failed because target user is a managed profile. 1599 */ 1600 public static final int USER_OPERATION_ERROR_MANAGED_PROFILE = 2; 1601 1602 /** 1603 * Indicates user operation failed because maximum running user limit has been reached. 1604 */ 1605 public static final int USER_OPERATION_ERROR_MAX_RUNNING_USERS = 3; 1606 1607 /** 1608 * Indicates user operation failed because the target user is in the foreground. 1609 */ 1610 public static final int USER_OPERATION_ERROR_CURRENT_USER = 4; 1611 1612 /** 1613 * Indicates user operation failed because device has low data storage. 1614 */ 1615 public static final int USER_OPERATION_ERROR_LOW_STORAGE = 5; 1616 1617 /** 1618 * Indicates user operation failed because maximum user limit has been reached. 1619 */ 1620 public static final int USER_OPERATION_ERROR_MAX_USERS = 6; 1621 1622 /** 1623 * Result returned from various user operations. 1624 * 1625 * @hide 1626 */ 1627 @Retention(RetentionPolicy.SOURCE) 1628 @IntDef(prefix = { "USER_OPERATION_" }, value = { 1629 USER_OPERATION_SUCCESS, 1630 USER_OPERATION_ERROR_UNKNOWN, 1631 USER_OPERATION_ERROR_MANAGED_PROFILE, 1632 USER_OPERATION_ERROR_MAX_RUNNING_USERS, 1633 USER_OPERATION_ERROR_CURRENT_USER, 1634 USER_OPERATION_ERROR_LOW_STORAGE, 1635 USER_OPERATION_ERROR_MAX_USERS 1636 }) 1637 public @interface UserOperationResult {} 1638 1639 /** 1640 * Thrown to indicate user operation failed. 1641 */ 1642 public static class UserOperationException extends RuntimeException { 1643 private final @UserOperationResult int mUserOperationResult; 1644 1645 /** 1646 * Constructs a UserOperationException with specific result code. 1647 * 1648 * @param message the detail message 1649 * @param userOperationResult the result code 1650 * @hide 1651 */ UserOperationException(String message, @UserOperationResult int userOperationResult)1652 public UserOperationException(String message, 1653 @UserOperationResult int userOperationResult) { 1654 super(message); 1655 mUserOperationResult = userOperationResult; 1656 } 1657 1658 /** 1659 * Returns the operation result code. 1660 */ getUserOperationResult()1661 public @UserOperationResult int getUserOperationResult() { 1662 return mUserOperationResult; 1663 } 1664 1665 /** 1666 * Returns a UserOperationException containing the same message and error code. 1667 * @hide 1668 */ from(ServiceSpecificException exception)1669 public static UserOperationException from(ServiceSpecificException exception) { 1670 return new UserOperationException(exception.getMessage(), exception.errorCode); 1671 } 1672 } 1673 1674 /** 1675 * Converts the ServiceSpecificException into a UserOperationException or throws null; 1676 * 1677 * @param exception exception to convert. 1678 * @param throwInsteadOfNull if an exception should be thrown or null returned. 1679 * @return null if chosen not to throw exception. 1680 * @throws UserOperationException 1681 */ returnNullOrThrowUserOperationException(ServiceSpecificException exception, boolean throwInsteadOfNull)1682 private <T> T returnNullOrThrowUserOperationException(ServiceSpecificException exception, 1683 boolean throwInsteadOfNull) throws UserOperationException { 1684 if (throwInsteadOfNull) { 1685 throw UserOperationException.from(exception); 1686 } else { 1687 return null; 1688 } 1689 } 1690 1691 /** 1692 * Thrown to indicate user operation failed. (Checked exception) 1693 * @hide 1694 */ 1695 public static class CheckedUserOperationException extends AndroidException { 1696 private final @UserOperationResult int mUserOperationResult; 1697 1698 /** 1699 * Constructs a CheckedUserOperationException with specific result code. 1700 * 1701 * @param message the detail message 1702 * @param userOperationResult the result code 1703 * @hide 1704 */ CheckedUserOperationException(String message, @UserOperationResult int userOperationResult)1705 public CheckedUserOperationException(String message, 1706 @UserOperationResult int userOperationResult) { 1707 super(message); 1708 mUserOperationResult = userOperationResult; 1709 } 1710 1711 /** Returns the operation result code. */ getUserOperationResult()1712 public @UserOperationResult int getUserOperationResult() { 1713 return mUserOperationResult; 1714 } 1715 1716 /** Return a ServiceSpecificException containing the same message and error code. */ toServiceSpecificException()1717 public ServiceSpecificException toServiceSpecificException() { 1718 return new ServiceSpecificException(mUserOperationResult, getMessage()); 1719 } 1720 } 1721 1722 /** @hide */ 1723 @UnsupportedAppUsage get(Context context)1724 public static UserManager get(Context context) { 1725 return (UserManager) context.getSystemService(Context.USER_SERVICE); 1726 } 1727 1728 /** @hide */ UserManager(Context context, IUserManager service)1729 public UserManager(Context context, IUserManager service) { 1730 mService = service; 1731 mContext = context.getApplicationContext(); 1732 mUserId = context.getUserId(); 1733 } 1734 1735 /** 1736 * Returns whether this device supports multiple users with their own login and customizable 1737 * space. 1738 * @return whether the device supports multiple users. 1739 */ supportsMultipleUsers()1740 public static boolean supportsMultipleUsers() { 1741 return getMaxSupportedUsers() > 1 1742 && SystemProperties.getBoolean("fw.show_multiuserui", 1743 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI)); 1744 } 1745 1746 /** 1747 * @hide 1748 * @return Whether the device is running with split system user. It means the system user and 1749 * primary user are two separate users. Previously system user and primary user are combined as 1750 * a single owner user. see @link {android.os.UserHandle#USER_OWNER} 1751 */ 1752 @TestApi isSplitSystemUser()1753 public static boolean isSplitSystemUser() { 1754 return RoSystemProperties.FW_SYSTEM_USER_SPLIT; 1755 } 1756 1757 /** 1758 * @return Whether guest user is always ephemeral 1759 * @hide 1760 */ 1761 @TestApi isGuestUserEphemeral()1762 public static boolean isGuestUserEphemeral() { 1763 return Resources.getSystem() 1764 .getBoolean(com.android.internal.R.bool.config_guestUserEphemeral); 1765 } 1766 1767 /** 1768 * Checks whether the device is running in a headless system user mode. 1769 * 1770 * <p>Headless system user mode means the {@link #isSystemUser() system user} runs system 1771 * services and some system UI, but it is not associated with any real person and additional 1772 * users must be created to be associated with real persons. 1773 * 1774 * @return whether the device is running in a headless system user mode. 1775 */ isHeadlessSystemUserMode()1776 public static boolean isHeadlessSystemUserMode() { 1777 return RoSystemProperties.MULTIUSER_HEADLESS_SYSTEM_USER; 1778 } 1779 1780 /** 1781 * @deprecated use {@link #getUserSwitchability()} instead. 1782 * 1783 * @removed 1784 * @hide 1785 */ 1786 @Deprecated 1787 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) canSwitchUsers()1788 public boolean canSwitchUsers() { 1789 boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt( 1790 mContext.getContentResolver(), 1791 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0; 1792 boolean isSystemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM); 1793 boolean inCall = false; 1794 TelephonyManager telephonyManager = mContext.getSystemService(TelephonyManager.class); 1795 if (telephonyManager != null) { 1796 inCall = telephonyManager.getCallState() != TelephonyManager.CALL_STATE_IDLE; 1797 } 1798 boolean isUserSwitchDisallowed = hasUserRestriction(DISALLOW_USER_SWITCH); 1799 return (allowUserSwitchingWhenSystemUserLocked || isSystemUserUnlocked) && !inCall 1800 && !isUserSwitchDisallowed; 1801 } 1802 1803 /** 1804 * Returns whether switching users is currently allowed for the user this process is running 1805 * under. 1806 * <p> 1807 * Switching users is not allowed in the following cases: 1808 * <li>the user is in a phone call</li> 1809 * <li>{@link #DISALLOW_USER_SWITCH} is set</li> 1810 * <li>system user hasn't been unlocked yet</li> 1811 * 1812 * @return A {@link UserSwitchabilityResult} flag indicating if the user is switchable. 1813 * @hide 1814 */ 1815 @SystemApi 1816 @RequiresPermission(allOf = {Manifest.permission.READ_PHONE_STATE, 1817 android.Manifest.permission.MANAGE_USERS, 1818 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) getUserSwitchability()1819 public @UserSwitchabilityResult int getUserSwitchability() { 1820 return getUserSwitchability(Process.myUserHandle()); 1821 } 1822 1823 /** 1824 * Returns whether switching users is currently allowed for the provided user. 1825 * <p> 1826 * Switching users is not allowed in the following cases: 1827 * <li>the user is in a phone call</li> 1828 * <li>{@link #DISALLOW_USER_SWITCH} is set</li> 1829 * <li>system user hasn't been unlocked yet</li> 1830 * 1831 * @return A {@link UserSwitchabilityResult} flag indicating if the user is switchable. 1832 * @hide 1833 */ 1834 @RequiresPermission(allOf = {Manifest.permission.READ_PHONE_STATE, 1835 android.Manifest.permission.MANAGE_USERS, 1836 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) getUserSwitchability(UserHandle userHandle)1837 public @UserSwitchabilityResult int getUserSwitchability(UserHandle userHandle) { 1838 final TelephonyManager tm = 1839 (TelephonyManager) mContext.getSystemService(Context.TELEPHONY_SERVICE); 1840 1841 int flags = SWITCHABILITY_STATUS_OK; 1842 if (tm.getCallState() != TelephonyManager.CALL_STATE_IDLE) { 1843 flags |= SWITCHABILITY_STATUS_USER_IN_CALL; 1844 } 1845 if (hasUserRestriction(DISALLOW_USER_SWITCH, userHandle)) { 1846 flags |= SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED; 1847 } 1848 1849 // System User is always unlocked in Headless System User Mode, so ignore this flag 1850 if (!isHeadlessSystemUserMode()) { 1851 final boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt( 1852 mContext.getContentResolver(), 1853 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0; 1854 final boolean systemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM); 1855 1856 if (!allowUserSwitchingWhenSystemUserLocked && !systemUserUnlocked) { 1857 flags |= SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED; 1858 } 1859 } 1860 1861 return flags; 1862 } 1863 1864 /** 1865 * Returns the user handle for the user that this process is running under. 1866 * 1867 * @return the user handle of this process. 1868 * @hide 1869 */ 1870 @UnsupportedAppUsage getUserHandle()1871 public @UserIdInt int getUserHandle() { 1872 return UserHandle.myUserId(); 1873 } 1874 1875 /** 1876 * @return the user type of the context user. 1877 * @hide 1878 */ 1879 @TestApi 1880 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 1881 android.Manifest.permission.CREATE_USERS 1882 }) 1883 @UserHandleAware getUserType()1884 public @NonNull String getUserType() { 1885 UserInfo userInfo = getUserInfo(mUserId); 1886 return userInfo == null ? "" : userInfo.userType; 1887 } 1888 1889 /** 1890 * Returns the user name of the context user. This call is only available to applications on 1891 * the system image; it requires the {@code android.permission.MANAGE_USERS} or {@code 1892 * android.permission.GET_ACCOUNTS_PRIVILEGED} permissions. 1893 * 1894 * @return the user name 1895 */ 1896 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 1897 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED, 1898 android.Manifest.permission.CREATE_USERS}, conditional = true) 1899 @UserHandleAware getUserName()1900 public @NonNull String getUserName() { 1901 if (UserHandle.myUserId() == mUserId) { 1902 try { 1903 return mService.getUserName(); 1904 } catch (RemoteException re) { 1905 throw re.rethrowFromSystemServer(); 1906 } 1907 } else { 1908 UserInfo userInfo = getUserInfo(mUserId); 1909 return userInfo == null ? "" : userInfo.name; 1910 } 1911 } 1912 1913 /** 1914 * Returns whether user name has been set. 1915 * <p>This method can be used to check that the value returned by {@link #getUserName()} was 1916 * set by the user and is not a placeholder string provided by the system. 1917 * @hide 1918 */ 1919 @SystemApi 1920 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 1921 Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) isUserNameSet()1922 public boolean isUserNameSet() { 1923 try { 1924 return mService.isUserNameSet(getUserHandle()); 1925 } catch (RemoteException re) { 1926 throw re.rethrowFromSystemServer(); 1927 } 1928 } 1929 1930 /** 1931 * Used to determine whether the user making this call is subject to 1932 * teleportations. 1933 * 1934 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can 1935 * now automatically identify goats using advanced goat recognition technology.</p> 1936 * 1937 * <p>As of {@link android.os.Build.VERSION_CODES#R}, this method always returns 1938 * {@code false} in order to protect goat privacy.</p> 1939 * 1940 * @return Returns whether the user making this call is a goat. 1941 */ isUserAGoat()1942 public boolean isUserAGoat() { 1943 if (mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.R) { 1944 return false; 1945 } 1946 return mContext.getPackageManager() 1947 .isPackageAvailable("com.coffeestainstudios.goatsimulator"); 1948 } 1949 1950 /** 1951 * Used to check if this process is running under the primary user. The primary user 1952 * is the first human user on a device. This is not supported in headless system user mode. 1953 * 1954 * @return whether this process is running under the primary user. 1955 * @hide 1956 */ 1957 @SystemApi 1958 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 1959 Manifest.permission.CREATE_USERS}) isPrimaryUser()1960 public boolean isPrimaryUser() { 1961 UserInfo user = getUserInfo(UserHandle.myUserId()); 1962 return user != null && user.isPrimary(); 1963 } 1964 1965 /** 1966 * Used to check if this process is running under the system user. The system user 1967 * is the initial user that is implicitly created on first boot and hosts most of the 1968 * system services. 1969 * 1970 * @return whether this process is running under the system user. 1971 */ isSystemUser()1972 public boolean isSystemUser() { 1973 return UserHandle.myUserId() == UserHandle.USER_SYSTEM; 1974 } 1975 1976 /** 1977 * Used to check if this process is running as an admin user. An admin user is allowed to 1978 * modify or configure certain settings that aren't available to non-admin users, 1979 * create and delete additional users, etc. There can be more than one admin users. 1980 * 1981 * @return whether this process is running under an admin user. 1982 * @hide 1983 */ 1984 @SystemApi 1985 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isAdminUser()1986 public boolean isAdminUser() { 1987 return isUserAdmin(UserHandle.myUserId()); 1988 } 1989 1990 /** 1991 * @hide 1992 * Returns whether the provided user is an admin user. There can be more than one admin 1993 * user. 1994 */ 1995 @UnsupportedAppUsage 1996 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 1997 Manifest.permission.CREATE_USERS}) isUserAdmin(@serIdInt int userId)1998 public boolean isUserAdmin(@UserIdInt int userId) { 1999 UserInfo user = getUserInfo(userId); 2000 return user != null && user.isAdmin(); 2001 } 2002 2003 /** 2004 * Returns whether the context user is of the given user type. 2005 * 2006 * @param userType the name of the user's user type, e.g. 2007 * {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 2008 * @return true if the user is of the given user type. 2009 * @hide 2010 */ 2011 @SystemApi 2012 @UserHandleAware 2013 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isUserOfType(@onNull String userType)2014 public boolean isUserOfType(@NonNull String userType) { 2015 try { 2016 return mService.isUserOfType(mUserId, userType); 2017 } catch (RemoteException re) { 2018 throw re.rethrowFromSystemServer(); 2019 } 2020 } 2021 2022 /** 2023 * Returns whether the user type is a 2024 * {@link UserManager#USER_TYPE_PROFILE_MANAGED managed profile}. 2025 * @hide 2026 */ isUserTypeManagedProfile(String userType)2027 public static boolean isUserTypeManagedProfile(String userType) { 2028 return USER_TYPE_PROFILE_MANAGED.equals(userType); 2029 } 2030 2031 /** 2032 * Returns whether the user type is a {@link UserManager#USER_TYPE_FULL_GUEST guest user}. 2033 * @hide 2034 */ isUserTypeGuest(String userType)2035 public static boolean isUserTypeGuest(String userType) { 2036 return USER_TYPE_FULL_GUEST.equals(userType); 2037 } 2038 2039 /** 2040 * Returns whether the user type is a 2041 * {@link UserManager#USER_TYPE_FULL_RESTRICTED restricted user}. 2042 * @hide 2043 */ isUserTypeRestricted(String userType)2044 public static boolean isUserTypeRestricted(String userType) { 2045 return USER_TYPE_FULL_RESTRICTED.equals(userType); 2046 } 2047 2048 /** 2049 * Returns whether the user type is a {@link UserManager#USER_TYPE_FULL_DEMO demo user}. 2050 * @hide 2051 */ isUserTypeDemo(String userType)2052 public static boolean isUserTypeDemo(String userType) { 2053 return USER_TYPE_FULL_DEMO.equals(userType); 2054 } 2055 2056 /** 2057 * Returns whether the user type is a {@link UserManager#USER_TYPE_PROFILE_CLONE clone user}. 2058 * @hide 2059 */ isUserTypeCloneProfile(String userType)2060 public static boolean isUserTypeCloneProfile(String userType) { 2061 return USER_TYPE_PROFILE_CLONE.equals(userType); 2062 } 2063 2064 /** 2065 * Returns the enum defined in the statsd UserLifecycleJourneyReported atom corresponding to the 2066 * user type. 2067 * @hide 2068 */ getUserTypeForStatsd(@onNull String userType)2069 public static int getUserTypeForStatsd(@NonNull String userType) { 2070 switch (userType) { 2071 case USER_TYPE_FULL_SYSTEM: 2072 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_SYSTEM; 2073 case USER_TYPE_FULL_SECONDARY: 2074 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_SECONDARY; 2075 case USER_TYPE_FULL_GUEST: 2076 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_GUEST; 2077 case USER_TYPE_FULL_DEMO: 2078 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_DEMO; 2079 case USER_TYPE_FULL_RESTRICTED: 2080 return FrameworkStatsLog 2081 .USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__FULL_RESTRICTED; 2082 case USER_TYPE_PROFILE_MANAGED: 2083 return FrameworkStatsLog 2084 .USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__PROFILE_MANAGED; 2085 case USER_TYPE_SYSTEM_HEADLESS: 2086 return FrameworkStatsLog 2087 .USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__SYSTEM_HEADLESS; 2088 case USER_TYPE_PROFILE_CLONE: 2089 return FrameworkStatsLog 2090 .USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__PROFILE_CLONE; 2091 default: 2092 return FrameworkStatsLog.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__TYPE_UNKNOWN; 2093 } 2094 } 2095 2096 /** 2097 * @hide 2098 * @deprecated Use {@link #isRestrictedProfile()} 2099 */ 2100 @UnsupportedAppUsage 2101 @Deprecated isLinkedUser()2102 public boolean isLinkedUser() { 2103 return isRestrictedProfile(); 2104 } 2105 2106 /** 2107 * Used to check if this process is running under a restricted profile. Restricted profiles 2108 * may have a reduced number of available apps, app restrictions, and account restrictions. 2109 * 2110 * @return whether this process is running under a restricted profile. 2111 * @hide 2112 */ 2113 @SystemApi 2114 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isRestrictedProfile()2115 public boolean isRestrictedProfile() { 2116 try { 2117 return mService.isRestricted(); 2118 } catch (RemoteException re) { 2119 throw re.rethrowFromSystemServer(); 2120 } 2121 } 2122 2123 /** 2124 * Check if a user is a restricted profile. Restricted profiles may have a reduced number of 2125 * available apps, app restrictions, and account restrictions. 2126 * 2127 * @param user the user to check 2128 * @return whether the user is a restricted profile. 2129 * @hide 2130 */ 2131 @SystemApi 2132 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2133 Manifest.permission.CREATE_USERS}) isRestrictedProfile(@onNull UserHandle user)2134 public boolean isRestrictedProfile(@NonNull UserHandle user) { 2135 try { 2136 return mService.getUserInfo(user.getIdentifier()).isRestricted(); 2137 } catch (RemoteException re) { 2138 throw re.rethrowFromSystemServer(); 2139 } 2140 } 2141 2142 /** 2143 * Checks if the calling context user can have a restricted profile. 2144 * @return whether the context user can have a restricted profile. 2145 * @hide 2146 */ 2147 @SystemApi 2148 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2149 @UserHandleAware canHaveRestrictedProfile()2150 public boolean canHaveRestrictedProfile() { 2151 try { 2152 return mService.canHaveRestrictedProfile(mUserId); 2153 } catch (RemoteException re) { 2154 throw re.rethrowFromSystemServer(); 2155 } 2156 } 2157 2158 /** 2159 * Returns whether the calling user has at least one restricted profile associated with it. 2160 * @return 2161 * @hide 2162 */ 2163 @SystemApi 2164 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) hasRestrictedProfiles()2165 public boolean hasRestrictedProfiles() { 2166 try { 2167 return mService.hasRestrictedProfiles(); 2168 } catch (RemoteException re) { 2169 throw re.rethrowFromSystemServer(); 2170 } 2171 } 2172 2173 /** 2174 * Get the parent of a restricted profile. 2175 * 2176 * @return the parent of the user or {@code null} if the user is not restricted profile 2177 * @hide 2178 */ 2179 @SystemApi 2180 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2181 Manifest.permission.CREATE_USERS}) 2182 @UserHandleAware getRestrictedProfileParent()2183 public @Nullable UserHandle getRestrictedProfileParent() { 2184 final UserInfo info = getUserInfo(mUserId); 2185 if (info == null) return null; 2186 if (!info.isRestricted()) return null; 2187 final int parent = info.restrictedProfileParentId; 2188 if (parent == UserHandle.USER_NULL) return null; 2189 return UserHandle.of(parent); 2190 } 2191 2192 /** 2193 * Checks if a user is a guest user. 2194 * @return whether user is a guest user. 2195 * @hide 2196 */ 2197 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) 2198 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2199 Manifest.permission.CREATE_USERS}) isGuestUser(@serIdInt int userId)2200 public boolean isGuestUser(@UserIdInt int userId) { 2201 UserInfo user = getUserInfo(userId); 2202 return user != null && user.isGuest(); 2203 } 2204 2205 /** 2206 * Used to check if this process is running under a guest user. A guest user may be transient. 2207 * 2208 * @return whether this process is running under a guest user. 2209 * @hide 2210 */ 2211 @SystemApi 2212 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2213 Manifest.permission.CREATE_USERS}) isGuestUser()2214 public boolean isGuestUser() { 2215 UserInfo user = getUserInfo(UserHandle.myUserId()); 2216 return user != null && user.isGuest(); 2217 } 2218 2219 2220 /** 2221 * Checks if the calling app is running in a demo user. When running in a demo user, 2222 * apps can be more helpful to the user, or explain their features in more detail. 2223 * 2224 * @return whether the caller is a demo user. 2225 */ isDemoUser()2226 public boolean isDemoUser() { 2227 try { 2228 return mService.isDemoUser(UserHandle.myUserId()); 2229 } catch (RemoteException re) { 2230 throw re.rethrowFromSystemServer(); 2231 } 2232 } 2233 2234 /** 2235 * Checks if the calling context user is running in a profile. 2236 * 2237 * Requires {@link android.Manifest.permission#MANAGE_USERS} or 2238 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the 2239 * caller must be in the same profile group of specified user. 2240 * 2241 * @return whether the caller is in a profile. 2242 * @hide 2243 */ 2244 @SystemApi 2245 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2246 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) 2247 @UserHandleAware isProfile()2248 public boolean isProfile() { 2249 return isProfile(mUserId); 2250 } 2251 isProfile(@serIdInt int userId)2252 private boolean isProfile(@UserIdInt int userId) { 2253 if (userId == UserHandle.myUserId()) { 2254 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 2255 // Worst case we might end up calling the AIDL method multiple times but that's fine. 2256 if (mIsProfileCached != null) { 2257 return mIsProfileCached; 2258 } 2259 try { 2260 mIsProfileCached = mService.isProfile(userId); 2261 return mIsProfileCached; 2262 } catch (RemoteException re) { 2263 throw re.rethrowFromSystemServer(); 2264 } 2265 } else { 2266 try { 2267 return mService.isProfile(userId); 2268 } catch (RemoteException re) { 2269 throw re.rethrowFromSystemServer(); 2270 } 2271 } 2272 } 2273 2274 /** 2275 * Checks if the calling app is running in a managed profile. 2276 * 2277 * @return whether the caller is in a managed profile. 2278 */ isManagedProfile()2279 public boolean isManagedProfile() { 2280 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 2281 // Worst case we might end up calling the AIDL method multiple times but that's fine. 2282 if (mIsManagedProfileCached != null) { 2283 return mIsManagedProfileCached; 2284 } 2285 try { 2286 mIsManagedProfileCached = mService.isManagedProfile(UserHandle.myUserId()); 2287 return mIsManagedProfileCached; 2288 } catch (RemoteException re) { 2289 throw re.rethrowFromSystemServer(); 2290 } 2291 } 2292 2293 /** 2294 * Checks if the specified user is a managed profile. 2295 * Requires {@link android.Manifest.permission#MANAGE_USERS} or 2296 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the caller 2297 * must be in the same profile group of specified user. 2298 * 2299 * @return whether the specified user is a managed profile. 2300 * @hide 2301 */ 2302 @SystemApi 2303 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2304 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isManagedProfile(@serIdInt int userId)2305 public boolean isManagedProfile(@UserIdInt int userId) { 2306 if (userId == UserHandle.myUserId()) { 2307 return isManagedProfile(); 2308 } 2309 try { 2310 return mService.isManagedProfile(userId); 2311 } catch (RemoteException re) { 2312 throw re.rethrowFromSystemServer(); 2313 } 2314 } 2315 2316 /** 2317 * Checks if the context user is a clone profile. 2318 * 2319 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} or 2320 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the caller 2321 * must be in the same profile group of the user. 2322 * 2323 * @return whether the context user is a clone profile. 2324 * 2325 * @see android.os.UserManager#USER_TYPE_PROFILE_CLONE 2326 * @hide 2327 */ 2328 @SystemApi 2329 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2330 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) 2331 @UserHandleAware 2332 @SuppressAutoDoc isCloneProfile()2333 public boolean isCloneProfile() { 2334 try { 2335 return mService.isCloneProfile(mUserId); 2336 } catch (RemoteException re) { 2337 throw re.rethrowFromSystemServer(); 2338 } 2339 } 2340 2341 /** 2342 * Checks if the calling app is running as an ephemeral user. 2343 * 2344 * @return whether the caller is an ephemeral user. 2345 * @hide 2346 */ 2347 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2348 Manifest.permission.CREATE_USERS}) isEphemeralUser()2349 public boolean isEphemeralUser() { 2350 return isUserEphemeral(UserHandle.myUserId()); 2351 } 2352 2353 /** 2354 * Returns whether the specified user is ephemeral. 2355 * @hide 2356 */ 2357 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2358 Manifest.permission.CREATE_USERS}) isUserEphemeral(@serIdInt int userId)2359 public boolean isUserEphemeral(@UserIdInt int userId) { 2360 final UserInfo user = getUserInfo(userId); 2361 return user != null && user.isEphemeral(); 2362 } 2363 2364 /** 2365 * Return whether the given user is actively running. This means that 2366 * the user is in the "started" state, not "stopped" -- it is currently 2367 * allowed to run code through scheduled alarms, receiving broadcasts, 2368 * etc. A started user may be either the current foreground user or a 2369 * background user; the result here does not distinguish between the two. 2370 * 2371 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 2372 * {@link android.os.Build.VERSION_CODES#N}, this API required a system permission 2373 * in order to check other profile's status. 2374 * Since Android Nougat MR1 (SDK version >= 25; 2375 * {@link android.os.Build.VERSION_CODES#N_MR1}), the restriction has been relaxed, and now 2376 * it'll accept any {@link android.os.UserHandle} within the same profile group as the caller. 2377 * 2378 * @param user The user to retrieve the running state for. 2379 */ 2380 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2381 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunning(UserHandle user)2382 public boolean isUserRunning(UserHandle user) { 2383 return isUserRunning(user.getIdentifier()); 2384 } 2385 2386 /** {@hide} */ 2387 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2388 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunning(@serIdInt int userId)2389 public boolean isUserRunning(@UserIdInt int userId) { 2390 try { 2391 return mService.isUserRunning(userId); 2392 } catch (RemoteException re) { 2393 throw re.rethrowFromSystemServer(); 2394 } 2395 } 2396 2397 /** 2398 * Return whether the given user is actively running <em>or</em> stopping. 2399 * This is like {@link #isUserRunning(UserHandle)}, but will also return 2400 * true if the user had been running but is in the process of being stopped 2401 * (but is not yet fully stopped, and still running some code). 2402 * 2403 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 2404 * {@link android.os.Build.VERSION_CODES#N}, this API required a system permission 2405 * in order to check other profile's status. 2406 * Since Android Nougat MR1 (SDK version >= 25; 2407 * {@link android.os.Build.VERSION_CODES#N_MR1}), the restriction has been relaxed, and now 2408 * it'll accept any {@link android.os.UserHandle} within the same profile group as the caller. 2409 * 2410 * @param user The user to retrieve the running state for. 2411 */ 2412 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2413 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserRunningOrStopping(UserHandle user)2414 public boolean isUserRunningOrStopping(UserHandle user) { 2415 try { 2416 // TODO: reconcile stopped vs stopping? 2417 return ActivityManager.getService().isUserRunning( 2418 user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED); 2419 } catch (RemoteException re) { 2420 throw re.rethrowFromSystemServer(); 2421 } 2422 } 2423 2424 /** 2425 * Checks if the context user is running in the foreground. 2426 * 2427 * @return whether the context user is running in the foreground. 2428 */ 2429 @UserHandleAware isUserForeground()2430 public boolean isUserForeground() { 2431 try { 2432 return mService.isUserForeground(mUserId); 2433 } catch (RemoteException re) { 2434 throw re.rethrowFromSystemServer(); 2435 } 2436 } 2437 2438 /** 2439 * Return whether the calling user is running in an "unlocked" state. 2440 * <p> 2441 * On devices with direct boot, a user is unlocked only after they've 2442 * entered their credentials (such as a lock pattern or PIN). On devices 2443 * without direct boot, a user is unlocked as soon as it starts. 2444 * <p> 2445 * When a user is locked, only device-protected data storage is available. 2446 * When a user is unlocked, both device-protected and credential-protected 2447 * private app data storage is available. 2448 * 2449 * @see Intent#ACTION_USER_UNLOCKED 2450 * @see Context#createDeviceProtectedStorageContext() 2451 */ isUserUnlocked()2452 public boolean isUserUnlocked() { 2453 return isUserUnlocked(Process.myUserHandle()); 2454 } 2455 2456 /** 2457 * Return whether the given user is running in an "unlocked" state. 2458 * <p> 2459 * On devices with direct boot, a user is unlocked only after they've 2460 * entered their credentials (such as a lock pattern or PIN). On devices 2461 * without direct boot, a user is unlocked as soon as it starts. 2462 * <p> 2463 * When a user is locked, only device-protected data storage is available. 2464 * When a user is unlocked, both device-protected and credential-protected 2465 * private app data storage is available. 2466 * <p>Requires {@code android.permission.MANAGE_USERS} or 2467 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 2468 * must be the calling user or a profile associated with it. 2469 * 2470 * @param user to retrieve the unlocked state for. 2471 * @see Intent#ACTION_USER_UNLOCKED 2472 * @see Context#createDeviceProtectedStorageContext() 2473 */ 2474 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2475 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlocked(UserHandle user)2476 public boolean isUserUnlocked(UserHandle user) { 2477 return isUserUnlocked(user.getIdentifier()); 2478 } 2479 2480 private static final String CACHE_KEY_IS_USER_UNLOCKED_PROPERTY = 2481 "cache_key.is_user_unlocked"; 2482 2483 private final PropertyInvalidatedCache<Integer, Boolean> mIsUserUnlockedCache = 2484 new PropertyInvalidatedCache<Integer, Boolean>( 2485 32, CACHE_KEY_IS_USER_UNLOCKED_PROPERTY) { 2486 @Override 2487 protected Boolean recompute(Integer query) { 2488 try { 2489 return mService.isUserUnlocked(query); 2490 } catch (RemoteException re) { 2491 throw re.rethrowFromSystemServer(); 2492 } 2493 } 2494 }; 2495 2496 // Uses IS_USER_UNLOCKED_PROPERTY for invalidation as the APIs have the same dependencies. 2497 private final PropertyInvalidatedCache<Integer, Boolean> mIsUserUnlockingOrUnlockedCache = 2498 new PropertyInvalidatedCache<Integer, Boolean>( 2499 32, CACHE_KEY_IS_USER_UNLOCKED_PROPERTY) { 2500 @Override 2501 protected Boolean recompute(Integer query) { 2502 try { 2503 return mService.isUserUnlockingOrUnlocked(query); 2504 } catch (RemoteException re) { 2505 throw re.rethrowFromSystemServer(); 2506 } 2507 } 2508 }; 2509 2510 /** {@hide} */ 2511 @UnsupportedAppUsage 2512 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2513 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlocked(@serIdInt int userId)2514 public boolean isUserUnlocked(@UserIdInt int userId) { 2515 return mIsUserUnlockedCache.query(userId); 2516 } 2517 2518 /** {@hide} */ disableIsUserUnlockedCache()2519 public void disableIsUserUnlockedCache() { 2520 mIsUserUnlockedCache.disableLocal(); 2521 mIsUserUnlockingOrUnlockedCache.disableLocal(); 2522 } 2523 2524 /** {@hide} */ invalidateIsUserUnlockedCache()2525 public static final void invalidateIsUserUnlockedCache() { 2526 PropertyInvalidatedCache.invalidateCache(CACHE_KEY_IS_USER_UNLOCKED_PROPERTY); 2527 } 2528 2529 /** 2530 * Return whether the provided user is already running in an 2531 * "unlocked" state or in the process of unlocking. 2532 * <p> 2533 * On devices with direct boot, a user is unlocked only after they've 2534 * entered their credentials (such as a lock pattern or PIN). On devices 2535 * without direct boot, a user is unlocked as soon as it starts. 2536 * <p> 2537 * When a user is locked, only device-protected data storage is available. 2538 * When a user is unlocked, both device-protected and credential-protected 2539 * private app data storage is available. 2540 * 2541 * <p>Requires {@code android.permission.MANAGE_USERS} or 2542 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 2543 * must be the calling user or a profile associated with it. 2544 * 2545 * @hide 2546 */ 2547 @SystemApi 2548 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2549 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlockingOrUnlocked(@onNull UserHandle user)2550 public boolean isUserUnlockingOrUnlocked(@NonNull UserHandle user) { 2551 return isUserUnlockingOrUnlocked(user.getIdentifier()); 2552 } 2553 2554 /** {@hide} */ 2555 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2556 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) isUserUnlockingOrUnlocked(@serIdInt int userId)2557 public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) { 2558 return mIsUserUnlockingOrUnlockedCache.query(userId); 2559 } 2560 2561 /** 2562 * Return the time when the calling user started in elapsed milliseconds since boot, 2563 * or 0 if not started. 2564 * 2565 * @hide 2566 */ 2567 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) getUserStartRealtime()2568 public long getUserStartRealtime() { 2569 try { 2570 return mService.getUserStartRealtime(); 2571 } catch (RemoteException re) { 2572 throw re.rethrowFromSystemServer(); 2573 } 2574 } 2575 2576 /** 2577 * Return the time when the calling user was unlocked elapsed milliseconds since boot, 2578 * or 0 if not unlocked. 2579 * 2580 * @hide 2581 */ 2582 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) getUserUnlockRealtime()2583 public long getUserUnlockRealtime() { 2584 try { 2585 return mService.getUserUnlockRealtime(); 2586 } catch (RemoteException re) { 2587 throw re.rethrowFromSystemServer(); 2588 } 2589 } 2590 2591 /** 2592 * Returns the UserInfo object describing a specific user. 2593 * @param userId the user handle of the user whose information is being requested. 2594 * @return the UserInfo object for a specific user. 2595 * @hide 2596 */ 2597 @UnsupportedAppUsage 2598 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2599 Manifest.permission.CREATE_USERS}) getUserInfo(@serIdInt int userId)2600 public UserInfo getUserInfo(@UserIdInt int userId) { 2601 try { 2602 return mService.getUserInfo(userId); 2603 } catch (RemoteException re) { 2604 throw re.rethrowFromSystemServer(); 2605 } 2606 } 2607 2608 /** 2609 * @hide 2610 * 2611 * Returns who set a user restriction on a user. 2612 * @param restrictionKey the string key representing the restriction 2613 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2614 * @return The source of user restriction. Any combination of {@link #RESTRICTION_NOT_SET}, 2615 * {@link #RESTRICTION_SOURCE_SYSTEM}, {@link #RESTRICTION_SOURCE_DEVICE_OWNER} 2616 * and {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 2617 * @deprecated use {@link #getUserRestrictionSources(String, int)} instead. 2618 */ 2619 @Deprecated 2620 @SystemApi 2621 @UserRestrictionSource 2622 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getUserRestrictionSource(@serRestrictionKey String restrictionKey, UserHandle userHandle)2623 public int getUserRestrictionSource(@UserRestrictionKey String restrictionKey, 2624 UserHandle userHandle) { 2625 try { 2626 return mService.getUserRestrictionSource(restrictionKey, userHandle.getIdentifier()); 2627 } catch (RemoteException re) { 2628 throw re.rethrowFromSystemServer(); 2629 } 2630 } 2631 2632 /** 2633 * @hide 2634 * 2635 * Returns a list of users who set a user restriction on a given user. 2636 * @param restrictionKey the string key representing the restriction 2637 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2638 * @return a list of user ids enforcing this restriction. 2639 */ 2640 @SystemApi 2641 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getUserRestrictionSources( @serRestrictionKey String restrictionKey, UserHandle userHandle)2642 public List<EnforcingUser> getUserRestrictionSources( 2643 @UserRestrictionKey String restrictionKey, UserHandle userHandle) { 2644 try { 2645 return mService.getUserRestrictionSources(restrictionKey, userHandle.getIdentifier()); 2646 } catch (RemoteException re) { 2647 throw re.rethrowFromSystemServer(); 2648 } 2649 } 2650 2651 /** 2652 * Returns the user-wide restrictions imposed on this user. 2653 * @return a Bundle containing all the restrictions. 2654 */ getUserRestrictions()2655 public Bundle getUserRestrictions() { 2656 return getUserRestrictions(Process.myUserHandle()); 2657 } 2658 2659 /** 2660 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 2661 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2662 * @return a Bundle containing all the restrictions. 2663 * 2664 * <p>Requires {@code android.permission.MANAGE_USERS} or 2665 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 2666 * must be the calling user or a profile associated with it. 2667 */ 2668 @RequiresPermission(anyOf = { 2669 android.Manifest.permission.MANAGE_USERS, 2670 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) getUserRestrictions(UserHandle userHandle)2671 public Bundle getUserRestrictions(UserHandle userHandle) { 2672 try { 2673 return mService.getUserRestrictions(userHandle.getIdentifier()); 2674 } catch (RemoteException re) { 2675 throw re.rethrowFromSystemServer(); 2676 } 2677 } 2678 2679 /** 2680 * @hide 2681 * Returns whether the given user has been disallowed from performing certain actions 2682 * or setting certain settings through UserManager (e.g. this type of restriction would prevent 2683 * the guest user from doing certain things, such as making calls). This method disregards 2684 * restrictions set by device policy. 2685 * @param restrictionKey the string key representing the restriction 2686 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2687 */ 2688 @TestApi 2689 @UnsupportedAppUsage 2690 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2691 Manifest.permission.CREATE_USERS}) hasBaseUserRestriction(@serRestrictionKey @onNull String restrictionKey, @NonNull UserHandle userHandle)2692 public boolean hasBaseUserRestriction(@UserRestrictionKey @NonNull String restrictionKey, 2693 @NonNull UserHandle userHandle) { 2694 try { 2695 return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier()); 2696 } catch (RemoteException re) { 2697 throw re.rethrowFromSystemServer(); 2698 } 2699 } 2700 2701 /** 2702 * This will no longer work. Device owners and profile owners should use 2703 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 2704 */ 2705 // System apps should use UserManager.setUserRestriction() instead. 2706 @Deprecated setUserRestrictions(Bundle restrictions)2707 public void setUserRestrictions(Bundle restrictions) { 2708 throw new UnsupportedOperationException("This method is no longer supported"); 2709 } 2710 2711 /** 2712 * This will no longer work. Device owners and profile owners should use 2713 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 2714 */ 2715 // System apps should use UserManager.setUserRestriction() instead. 2716 @Deprecated setUserRestrictions(Bundle restrictions, UserHandle userHandle)2717 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 2718 throw new UnsupportedOperationException("This method is no longer supported"); 2719 } 2720 2721 /** 2722 * Sets the value of a specific restriction. 2723 * Requires the MANAGE_USERS permission. 2724 * @param key the key of the restriction 2725 * @param value the value for the restriction 2726 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 2727 * android.content.ComponentName, String)} or 2728 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 2729 * android.content.ComponentName, String)} instead. 2730 */ 2731 @Deprecated 2732 @RequiresPermission(Manifest.permission.MANAGE_USERS) setUserRestriction(String key, boolean value)2733 public void setUserRestriction(String key, boolean value) { 2734 setUserRestriction(key, value, Process.myUserHandle()); 2735 } 2736 2737 /** 2738 * @hide 2739 * Sets the value of a specific restriction on a specific user. 2740 * @param key the key of the restriction 2741 * @param value the value for the restriction 2742 * @param userHandle the user whose restriction is to be changed. 2743 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 2744 * android.content.ComponentName, String)} or 2745 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 2746 * android.content.ComponentName, String)} instead. 2747 */ 2748 @Deprecated 2749 @RequiresPermission(Manifest.permission.MANAGE_USERS) setUserRestriction(String key, boolean value, UserHandle userHandle)2750 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 2751 try { 2752 mService.setUserRestriction(key, value, userHandle.getIdentifier()); 2753 } catch (RemoteException re) { 2754 throw re.rethrowFromSystemServer(); 2755 } 2756 } 2757 2758 /** 2759 * Returns whether the current user has been disallowed from performing certain actions 2760 * or setting certain settings. 2761 * 2762 * @param restrictionKey The string key representing the restriction. 2763 * @return {@code true} if the current user has the given restriction, {@code false} otherwise. 2764 */ hasUserRestriction(@serRestrictionKey String restrictionKey)2765 public boolean hasUserRestriction(@UserRestrictionKey String restrictionKey) { 2766 return hasUserRestrictionForUser(restrictionKey, Process.myUserHandle()); 2767 } 2768 2769 /** 2770 * @hide 2771 * Returns whether the given user has been disallowed from performing certain actions 2772 * or setting certain settings. 2773 * @param restrictionKey the string key representing the restriction 2774 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2775 */ 2776 @UnsupportedAppUsage hasUserRestriction(@serRestrictionKey String restrictionKey, UserHandle userHandle)2777 public boolean hasUserRestriction(@UserRestrictionKey String restrictionKey, 2778 UserHandle userHandle) { 2779 return hasUserRestrictionForUser(restrictionKey, userHandle); 2780 } 2781 2782 /** 2783 * Returns whether the given user has been disallowed from performing certain actions 2784 * or setting certain settings. 2785 * @param restrictionKey the string key representing the restriction 2786 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 2787 * 2788 * <p>Requires {@code android.permission.MANAGE_USERS} or 2789 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 2790 * must be the calling user or a profile associated with it. 2791 * 2792 * @hide 2793 */ 2794 @SystemApi 2795 @RequiresPermission(anyOf = { 2796 android.Manifest.permission.MANAGE_USERS, 2797 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) hasUserRestrictionForUser(@onNull @serRestrictionKey String restrictionKey, @NonNull UserHandle userHandle)2798 public boolean hasUserRestrictionForUser(@NonNull @UserRestrictionKey String restrictionKey, 2799 @NonNull UserHandle userHandle) { 2800 try { 2801 return mService.hasUserRestriction(restrictionKey, userHandle.getIdentifier()); 2802 } catch (RemoteException re) { 2803 throw re.rethrowFromSystemServer(); 2804 } 2805 } 2806 2807 /** 2808 * @hide 2809 * Returns whether any user on the device has the given user restriction set. 2810 */ hasUserRestrictionOnAnyUser(@serRestrictionKey String restrictionKey)2811 public boolean hasUserRestrictionOnAnyUser(@UserRestrictionKey String restrictionKey) { 2812 try { 2813 return mService.hasUserRestrictionOnAnyUser(restrictionKey); 2814 } catch (RemoteException re) { 2815 throw re.rethrowFromSystemServer(); 2816 } 2817 } 2818 2819 /** 2820 * @hide 2821 * 2822 * Checks whether changing the given setting to the given value is prohibited 2823 * by the corresponding user restriction in the given user. 2824 * 2825 * May only be called by the OS itself. 2826 * 2827 * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. 2828 */ isSettingRestrictedForUser(String setting, @UserIdInt int userId, String value, int callingUid)2829 public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId, 2830 String value, int callingUid) { 2831 try { 2832 return mService.isSettingRestrictedForUser(setting, userId, value, callingUid); 2833 } catch (RemoteException re) { 2834 throw re.rethrowFromSystemServer(); 2835 } 2836 } 2837 2838 /** 2839 * @hide 2840 * Register a binder callback for user restrictions changes. 2841 * May only be called by the OS itself. 2842 */ addUserRestrictionsListener(final IUserRestrictionsListener listener)2843 public void addUserRestrictionsListener(final IUserRestrictionsListener listener) { 2844 try { 2845 mService.addUserRestrictionsListener(listener); 2846 } catch (RemoteException re) { 2847 throw re.rethrowFromSystemServer(); 2848 } 2849 } 2850 2851 /** 2852 * Return the serial number for a user. This is a device-unique 2853 * number assigned to that user; if the user is deleted and then a new 2854 * user created, the new users will not be given the same serial number. 2855 * @param user The user whose serial number is to be retrieved. 2856 * @return The serial number of the given user; returns -1 if the 2857 * given UserHandle does not exist. 2858 * @see #getUserForSerialNumber(long) 2859 */ getSerialNumberForUser(UserHandle user)2860 public long getSerialNumberForUser(UserHandle user) { 2861 return getUserSerialNumber(user.getIdentifier()); 2862 } 2863 2864 /** 2865 * Return the user associated with a serial number previously 2866 * returned by {@link #getSerialNumberForUser(UserHandle)}. 2867 * @param serialNumber The serial number of the user that is being 2868 * retrieved. 2869 * @return Return the user associated with the serial number, or null 2870 * if there is not one. 2871 * @see #getSerialNumberForUser(UserHandle) 2872 */ getUserForSerialNumber(long serialNumber)2873 public UserHandle getUserForSerialNumber(long serialNumber) { 2874 int ident = getUserHandle((int) serialNumber); 2875 return ident >= 0 ? new UserHandle(ident) : null; 2876 } 2877 2878 /** 2879 * Creates a user with the specified name and options. 2880 * Default user restrictions will be applied. 2881 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2882 * 2883 * @param name the user's name 2884 * @param flags UserInfo flags that identify the type of user and other properties. 2885 * @see UserInfo 2886 * 2887 * @return the UserInfo object for the created user, or null if the user could not be created. 2888 * @throws IllegalArgumentException if flags do not correspond to a valid user type. 2889 * @deprecated Use {@link #createUser(String, String, int)} instead. 2890 * @hide 2891 */ 2892 @UnsupportedAppUsage 2893 @Deprecated createUser(@ullable String name, @UserInfoFlag int flags)2894 public @Nullable UserInfo createUser(@Nullable String name, @UserInfoFlag int flags) { 2895 return createUser(name, UserInfo.getDefaultUserType(flags), flags); 2896 } 2897 2898 /** 2899 * Creates a user with the specified name and options. 2900 * Default user restrictions will be applied. 2901 * 2902 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 2903 * {@link android.Manifest.permission#CREATE_USERS} suffices if flags are in 2904 * com.android.server.pm.UserManagerService#ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION}. 2905 * 2906 * @param name the user's name 2907 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_GUEST}. 2908 * @param flags UserInfo flags that specify user properties. 2909 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 2910 * could not be created. 2911 * 2912 * @see UserInfo 2913 * 2914 * @hide 2915 */ 2916 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2917 Manifest.permission.CREATE_USERS}) 2918 @TestApi createUser(@ullable String name, @NonNull String userType, @UserInfoFlag int flags)2919 public @Nullable UserInfo createUser(@Nullable String name, @NonNull String userType, 2920 @UserInfoFlag int flags) { 2921 try { 2922 return mService.createUserWithThrow(name, userType, flags); 2923 } catch (ServiceSpecificException e) { 2924 return null; 2925 } catch (RemoteException re) { 2926 throw re.rethrowFromSystemServer(); 2927 } 2928 } 2929 2930 /** 2931 * Pre-creates a user of the specified type. Default user restrictions will be applied. 2932 * 2933 * <p>This method can be used by OEMs to "warm" up the user creation by pre-creating some users 2934 * at the first boot, so they when the "real" user is created (for example, 2935 * by {@link #createUser(String, String, int)} or {@link #createGuest(Context, String)}), it 2936 * takes less time. 2937 * 2938 * <p>This method completes the majority of work necessary for user creation: it 2939 * creates user data, CE and DE encryption keys, app data directories, initializes the user and 2940 * grants default permissions. When pre-created users become "real" users, only then are 2941 * components notified of new user creation by firing user creation broadcasts. 2942 * 2943 * <p>All pre-created users are removed during system upgrade. 2944 * 2945 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 2946 * {@link android.Manifest.permission#CREATE_USERS} suffices if flags are in 2947 * com.android.server.pm.UserManagerService#ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION}. 2948 * 2949 * @param userType the type of user, such as {@link UserManager#USER_TYPE_FULL_GUEST}. 2950 * @return the {@link UserInfo} object for the created user. 2951 * 2952 * @throws UserOperationException if the user could not be created. 2953 * @hide 2954 */ 2955 @TestApi 2956 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2957 Manifest.permission.CREATE_USERS}) preCreateUser(@onNull String userType)2958 public @NonNull UserInfo preCreateUser(@NonNull String userType) 2959 throws UserOperationException { 2960 try { 2961 return mService.preCreateUserWithThrow(userType); 2962 } catch (ServiceSpecificException e) { 2963 throw UserOperationException.from(e); 2964 } catch (RemoteException re) { 2965 throw re.rethrowFromSystemServer(); 2966 } 2967 } 2968 2969 /** 2970 * Creates a guest user and configures it. 2971 * @param context an application context 2972 * @param name the name to set for the user 2973 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 2974 * could not be created. 2975 * 2976 * @hide 2977 */ 2978 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2979 Manifest.permission.CREATE_USERS}) createGuest(Context context, String name)2980 public UserInfo createGuest(Context context, String name) { 2981 UserInfo guest = null; 2982 try { 2983 guest = mService.createUserWithThrow(name, USER_TYPE_FULL_GUEST, 0); 2984 if (guest != null) { 2985 Settings.Secure.putStringForUser(context.getContentResolver(), 2986 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id); 2987 } 2988 } catch (ServiceSpecificException e) { 2989 return null; 2990 } catch (RemoteException re) { 2991 throw re.rethrowFromSystemServer(); 2992 } 2993 return guest; 2994 } 2995 2996 /** 2997 * Gets the existing guest user if it exists. This does not include guest users that are dying. 2998 * @return The existing guest user if it exists. Null otherwise. 2999 * @hide 3000 */ 3001 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) findCurrentGuestUser()3002 public UserInfo findCurrentGuestUser() { 3003 try { 3004 return mService.findCurrentGuestUser(); 3005 } catch (RemoteException re) { 3006 throw re.rethrowFromSystemServer(); 3007 } 3008 } 3009 3010 /** 3011 * Creates a user with the specified name and options as a profile of the context's user. 3012 * 3013 * @param name the user's name. 3014 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 3015 * @param disallowedPackages packages to not install for this profile. 3016 * 3017 * @return the {@link android.os.UserHandle} object for the created user, 3018 * or throws {@link UserOperationException} if the user could not be created 3019 * and calling app is targeting {@link android.os.Build.VERSION_CODES#R} or above 3020 * (otherwise returns {@code null}). 3021 * 3022 * @throws UserOperationException if the user could not be created and the calling app is 3023 * targeting {@link android.os.Build.VERSION_CODES#R} or above. 3024 * 3025 * @hide 3026 */ 3027 @SystemApi 3028 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3029 Manifest.permission.CREATE_USERS}) 3030 @UserHandleAware createProfile(@onNull String name, @NonNull String userType, @NonNull Set<String> disallowedPackages)3031 public @Nullable UserHandle createProfile(@NonNull String name, @NonNull String userType, 3032 @NonNull Set<String> disallowedPackages) throws UserOperationException { 3033 try { 3034 return mService.createProfileForUserWithThrow(name, userType, 0, 3035 mUserId, disallowedPackages.toArray( 3036 new String[disallowedPackages.size()])).getUserHandle(); 3037 } catch (ServiceSpecificException e) { 3038 return returnNullOrThrowUserOperationException(e, 3039 mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.R); 3040 } catch (RemoteException re) { 3041 throw re.rethrowFromSystemServer(); 3042 } 3043 } 3044 3045 /** 3046 * Creates a user with the specified name and options as a profile of another user. 3047 * <p>Requires MANAGE_USERS. CREATE_USERS suffices for ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION 3048 * 3049 * @param name the user's name 3050 * @param flags flags that identify the type of user and other properties. 3051 * @param userId new user will be a profile of this user. 3052 * 3053 * @return the {@link UserInfo} object for the created user, or null if the user 3054 * could not be created. 3055 * @throws IllegalArgumentException if flags do not correspond to a valid user type. 3056 * @deprecated Use {@link #createProfileForUser(String, String, int, int)} instead. 3057 * @hide 3058 */ 3059 @UnsupportedAppUsage 3060 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3061 Manifest.permission.CREATE_USERS}) 3062 @Deprecated createProfileForUser(String name, @UserInfoFlag int flags, @UserIdInt int userId)3063 public UserInfo createProfileForUser(String name, @UserInfoFlag int flags, 3064 @UserIdInt int userId) { 3065 return createProfileForUser(name, UserInfo.getDefaultUserType(flags), flags, 3066 userId, null); 3067 } 3068 3069 /** 3070 * Creates a user with the specified name and options as a profile of another user. 3071 * 3072 * @param name the user's name 3073 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 3074 * @param flags UserInfo flags that specify user properties. 3075 * @param userId new user will be a profile of this user. 3076 * 3077 * @return the {@link UserInfo} object for the created user, or null if the user 3078 * could not be created. 3079 * @hide 3080 */ 3081 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3082 Manifest.permission.CREATE_USERS}) createProfileForUser(String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId)3083 public UserInfo createProfileForUser(String name, @NonNull String userType, 3084 @UserInfoFlag int flags, @UserIdInt int userId) { 3085 return createProfileForUser(name, userType, flags, userId, null); 3086 } 3087 3088 /** 3089 * Version of {@link #createProfileForUser(String, String, int, int)} that allows you to specify 3090 * any packages that should not be installed in the new profile by default, these packages can 3091 * still be installed later by the user if needed. 3092 * 3093 * @param name the user's name 3094 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 3095 * @param flags UserInfo flags that specify user properties. 3096 * @param userId new user will be a profile of this user. 3097 * @param disallowedPackages packages that will not be installed in the profile being created. 3098 * 3099 * @return the {@link UserInfo} object for the created user, or {@code null} if the user could 3100 * not be created. 3101 * 3102 * @hide 3103 */ 3104 @TestApi 3105 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3106 Manifest.permission.CREATE_USERS}) createProfileForUser(@ullable String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, @Nullable String[] disallowedPackages)3107 public @Nullable UserInfo createProfileForUser(@Nullable String name, @NonNull String userType, 3108 @UserInfoFlag int flags, @UserIdInt int userId, @Nullable String[] disallowedPackages) { 3109 try { 3110 return mService.createProfileForUserWithThrow(name, userType, flags, userId, 3111 disallowedPackages); 3112 } catch (ServiceSpecificException e) { 3113 return null; 3114 } catch (RemoteException re) { 3115 throw re.rethrowFromSystemServer(); 3116 } 3117 } 3118 3119 /** 3120 * Similar to {@link #createProfileForUser(String, String, int, int, String[])} 3121 * except bypassing the checking of {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}. 3122 * 3123 * @see #createProfileForUser(String, String, int, int, String[]) 3124 * @hide 3125 */ 3126 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3127 Manifest.permission.CREATE_USERS}) createProfileForUserEvenWhenDisallowed(String name, @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, String[] disallowedPackages)3128 public UserInfo createProfileForUserEvenWhenDisallowed(String name, 3129 @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int userId, 3130 String[] disallowedPackages) { 3131 try { 3132 return mService.createProfileForUserEvenWhenDisallowedWithThrow(name, userType, flags, 3133 userId, disallowedPackages); 3134 } catch (ServiceSpecificException e) { 3135 return null; 3136 } catch (RemoteException re) { 3137 throw re.rethrowFromSystemServer(); 3138 } 3139 } 3140 3141 /** 3142 * Creates a restricted profile with the specified name. This method also sets necessary 3143 * restrictions and adds shared accounts. 3144 * 3145 * @param name profile's name 3146 * @return the {@link UserInfo} object for the created user, or {@code null} if the user 3147 * could not be created. 3148 * 3149 * @hide 3150 */ 3151 @TestApi 3152 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3153 Manifest.permission.CREATE_USERS}) createRestrictedProfile(@ullable String name)3154 public @Nullable UserInfo createRestrictedProfile(@Nullable String name) { 3155 try { 3156 UserHandle parentUserHandle = Process.myUserHandle(); 3157 UserInfo user = mService.createRestrictedProfileWithThrow(name, 3158 parentUserHandle.getIdentifier()); 3159 if (user != null) { 3160 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle, 3161 UserHandle.of(user.id)); 3162 } 3163 return user; 3164 } catch (ServiceSpecificException e) { 3165 return null; 3166 } catch (RemoteException re) { 3167 throw re.rethrowFromSystemServer(); 3168 } 3169 } 3170 3171 /** 3172 * Returns an intent to create a user for the provided name and account name. The name 3173 * and account name will be used when the setup process for the new user is started. 3174 * <p> 3175 * The intent should be launched using startActivityForResult and the return result will 3176 * indicate if the user consented to adding a new user and if the operation succeeded. Any 3177 * errors in creating the user will be returned in the result code. If the user cancels the 3178 * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the 3179 * result code will be {@link Activity#RESULT_OK}. 3180 * <p> 3181 * Use {@link #supportsMultipleUsers()} to first check if the device supports this operation 3182 * at all. 3183 * <p> 3184 * The new user is created but not initialized. After switching into the user for the first 3185 * time, the preferred user name and account information are used by the setup process for that 3186 * user. 3187 * 3188 * @param userName Optional name to assign to the user. 3189 * @param accountName Optional account name that will be used by the setup wizard to initialize 3190 * the user. 3191 * @param accountType Optional account type for the account to be created. This is required 3192 * if the account name is specified. 3193 * @param accountOptions Optional bundle of data to be passed in during account creation in the 3194 * new user via {@link AccountManager#addAccount(String, String, String[], 3195 * Bundle, android.app.Activity, android.accounts.AccountManagerCallback, 3196 * Handler)}. 3197 * @return An Intent that can be launched from an Activity. 3198 * @see #USER_CREATION_FAILED_NOT_PERMITTED 3199 * @see #USER_CREATION_FAILED_NO_MORE_USERS 3200 * @see #supportsMultipleUsers 3201 */ createUserCreationIntent(@ullable String userName, @Nullable String accountName, @Nullable String accountType, @Nullable PersistableBundle accountOptions)3202 public static Intent createUserCreationIntent(@Nullable String userName, 3203 @Nullable String accountName, 3204 @Nullable String accountType, @Nullable PersistableBundle accountOptions) { 3205 Intent intent = new Intent(ACTION_CREATE_USER); 3206 if (userName != null) { 3207 intent.putExtra(EXTRA_USER_NAME, userName); 3208 } 3209 if (accountName != null && accountType == null) { 3210 throw new IllegalArgumentException("accountType must be specified if accountName is " 3211 + "specified"); 3212 } 3213 if (accountName != null) { 3214 intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName); 3215 } 3216 if (accountType != null) { 3217 intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType); 3218 } 3219 if (accountOptions != null) { 3220 intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions); 3221 } 3222 return intent; 3223 } 3224 3225 /** 3226 * Returns the list of the system packages that would be installed on this type of user upon 3227 * its creation. 3228 * 3229 * Returns {@code null} if all system packages would be installed. 3230 * 3231 * @hide 3232 */ 3233 @TestApi 3234 @SuppressLint("NullableCollection") 3235 @RequiresPermission(anyOf = { 3236 android.Manifest.permission.MANAGE_USERS, 3237 android.Manifest.permission.CREATE_USERS 3238 }) getPreInstallableSystemPackages(@onNull String userType)3239 public @Nullable Set<String> getPreInstallableSystemPackages(@NonNull String userType) { 3240 try { 3241 final String[] installableSystemPackages 3242 = mService.getPreInstallableSystemPackages(userType); 3243 if (installableSystemPackages == null) { 3244 return null; 3245 } 3246 return new ArraySet<>(installableSystemPackages); 3247 } catch (RemoteException re) { 3248 throw re.rethrowFromSystemServer(); 3249 } 3250 } 3251 3252 /** 3253 * @hide 3254 * 3255 * Returns the preferred account name for user creation. 3256 */ 3257 @SystemApi 3258 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getSeedAccountName()3259 public String getSeedAccountName() { 3260 try { 3261 return mService.getSeedAccountName(); 3262 } catch (RemoteException re) { 3263 throw re.rethrowFromSystemServer(); 3264 } 3265 } 3266 3267 /** 3268 * @hide 3269 * 3270 * Returns the preferred account type for user creation. 3271 */ 3272 @SystemApi 3273 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getSeedAccountType()3274 public String getSeedAccountType() { 3275 try { 3276 return mService.getSeedAccountType(); 3277 } catch (RemoteException re) { 3278 throw re.rethrowFromSystemServer(); 3279 } 3280 } 3281 3282 /** 3283 * @hide 3284 * 3285 * Returns the preferred account's options bundle for user creation. 3286 * @return Any options set by the requestor that created the user. 3287 */ 3288 @SystemApi 3289 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getSeedAccountOptions()3290 public PersistableBundle getSeedAccountOptions() { 3291 try { 3292 return mService.getSeedAccountOptions(); 3293 } catch (RemoteException re) { 3294 throw re.rethrowFromSystemServer(); 3295 } 3296 } 3297 3298 /** 3299 * @hide 3300 * 3301 * Called by a system activity to set the seed account information of a user created 3302 * through the user creation intent. 3303 * @param userId 3304 * @param accountName 3305 * @param accountType 3306 * @param accountOptions 3307 * @see #createUserCreationIntent(String, String, String, PersistableBundle) 3308 */ 3309 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setSeedAccountData(int userId, String accountName, String accountType, PersistableBundle accountOptions)3310 public void setSeedAccountData(int userId, String accountName, String accountType, 3311 PersistableBundle accountOptions) { 3312 try { 3313 mService.setSeedAccountData(userId, accountName, accountType, accountOptions, 3314 /* persist= */ true); 3315 } catch (RemoteException re) { 3316 throw re.rethrowFromSystemServer(); 3317 } 3318 } 3319 3320 /** 3321 * @hide 3322 * Clears the seed information used to create this user. 3323 */ 3324 @SystemApi 3325 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) clearSeedAccountData()3326 public void clearSeedAccountData() { 3327 try { 3328 mService.clearSeedAccountData(); 3329 } catch (RemoteException re) { 3330 throw re.rethrowFromSystemServer(); 3331 } 3332 } 3333 3334 /** 3335 * @hide 3336 * Marks the guest user for deletion to allow a new guest to be created before deleting 3337 * the current user who is a guest. 3338 * @param userId 3339 * @return 3340 */ 3341 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) markGuestForDeletion(@serIdInt int userId)3342 public boolean markGuestForDeletion(@UserIdInt int userId) { 3343 try { 3344 return mService.markGuestForDeletion(userId); 3345 } catch (RemoteException re) { 3346 throw re.rethrowFromSystemServer(); 3347 } 3348 } 3349 3350 /** 3351 * Sets the user as enabled, if such an user exists. 3352 * 3353 * <p>Note that the default is true, it's only that managed profiles might not be enabled. 3354 * Also ephemeral users can be disabled to indicate that their removal is in progress and they 3355 * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled. 3356 * 3357 * @param userId the id of the profile to enable 3358 * @hide 3359 */ 3360 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserEnabled(@serIdInt int userId)3361 public void setUserEnabled(@UserIdInt int userId) { 3362 try { 3363 mService.setUserEnabled(userId); 3364 } catch (RemoteException re) { 3365 throw re.rethrowFromSystemServer(); 3366 } 3367 } 3368 3369 /** 3370 * Assigns admin privileges to the user, if such a user exists. 3371 * 3372 * <p>Note that this does not alter the user's pre-existing user restrictions. 3373 * 3374 * @param userId the id of the user to become admin 3375 * @hide 3376 */ 3377 @RequiresPermission(allOf = { 3378 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 3379 Manifest.permission.MANAGE_USERS 3380 }) setUserAdmin(@serIdInt int userId)3381 public void setUserAdmin(@UserIdInt int userId) { 3382 try { 3383 mService.setUserAdmin(userId); 3384 } catch (RemoteException re) { 3385 throw re.rethrowFromSystemServer(); 3386 } 3387 } 3388 3389 /** 3390 * Evicts the user's credential encryption key from memory by stopping and restarting the user. 3391 * 3392 * @hide 3393 */ 3394 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) evictCredentialEncryptionKey(@serIdInt int userId)3395 public void evictCredentialEncryptionKey(@UserIdInt int userId) { 3396 try { 3397 mService.evictCredentialEncryptionKey(userId); 3398 } catch (RemoteException re) { 3399 throw re.rethrowFromSystemServer(); 3400 } 3401 } 3402 3403 /** 3404 * Return the number of users currently created on the device. 3405 */ 3406 @RequiresPermission(anyOf = { 3407 android.Manifest.permission.MANAGE_USERS, 3408 android.Manifest.permission.CREATE_USERS 3409 }) getUserCount()3410 public int getUserCount() { 3411 List<UserInfo> users = getUsers(); 3412 return users != null ? users.size() : 1; 3413 } 3414 3415 /** 3416 * Returns information for all fully-created users on this device, including ones marked for 3417 * deletion. 3418 * 3419 * <p>To retrieve only users that are not marked for deletion, use {@link #getAliveUsers()}. 3420 * 3421 * <p>To retrieve *all* users (including partial and pre-created users), use 3422 * {@link #getUsers(boolean, boolean, boolean)) getUsers(false, false, false)}. 3423 * 3424 * <p>To retrieve a more specific list of users, use 3425 * {@link #getUsers(boolean, boolean, boolean)}. 3426 * 3427 * @return the list of users that were created. 3428 * 3429 * @hide 3430 */ 3431 @UnsupportedAppUsage 3432 @RequiresPermission(anyOf = { 3433 android.Manifest.permission.MANAGE_USERS, 3434 android.Manifest.permission.CREATE_USERS 3435 }) getUsers()3436 public List<UserInfo> getUsers() { 3437 return getUsers(/*excludePartial= */ true, /* excludeDying= */ false, 3438 /* excludePreCreated= */ true); 3439 } 3440 3441 /** 3442 * Returns information for all "usable" users on this device (i.e, it excludes users that are 3443 * marked for deletion, pre-created users, etc...). 3444 * 3445 * <p>To retrieve all fully-created users, use {@link #getUsers()}. 3446 * 3447 * <p>To retrieve a more specific list of users, use 3448 * {@link #getUsers(boolean, boolean, boolean)}. 3449 * 3450 * @return the list of users that were created. 3451 * @hide 3452 */ 3453 @RequiresPermission(anyOf = { 3454 android.Manifest.permission.MANAGE_USERS, 3455 android.Manifest.permission.CREATE_USERS 3456 }) getAliveUsers()3457 public @NonNull List<UserInfo> getAliveUsers() { 3458 return getUsers(/*excludePartial= */ true, /* excludeDying= */ true, 3459 /* excludePreCreated= */ true); 3460 } 3461 3462 /** 3463 * @deprecated use {@link #getAliveUsers()} for {@code getUsers(true)}, or 3464 * {@link #getUsers()} for @code getUsers(false)}. 3465 * 3466 * @hide 3467 */ 3468 @Deprecated 3469 @UnsupportedAppUsage 3470 @RequiresPermission(anyOf = { 3471 android.Manifest.permission.MANAGE_USERS, 3472 android.Manifest.permission.CREATE_USERS 3473 }) getUsers(boolean excludeDying)3474 public @NonNull List<UserInfo> getUsers(boolean excludeDying) { 3475 return getUsers(/*excludePartial= */ true, excludeDying, 3476 /* excludePreCreated= */ true); 3477 } 3478 3479 /** 3480 * Returns information for all users on this device, based on the filtering parameters. 3481 * 3482 * @hide 3483 */ 3484 @TestApi 3485 @RequiresPermission(anyOf = { 3486 android.Manifest.permission.MANAGE_USERS, 3487 android.Manifest.permission.CREATE_USERS 3488 }) getUsers(boolean excludePartial, boolean excludeDying, boolean excludePreCreated)3489 public @NonNull List<UserInfo> getUsers(boolean excludePartial, boolean excludeDying, 3490 boolean excludePreCreated) { 3491 try { 3492 return mService.getUsers(excludePartial, excludeDying, excludePreCreated); 3493 } catch (RemoteException re) { 3494 throw re.rethrowFromSystemServer(); 3495 } 3496 } 3497 3498 /** 3499 * Returns the user handles for all users on this device, based on the filtering parameters. 3500 * 3501 * @param excludeDying specify if the list should exclude users being removed. 3502 * @return the list of user handles. 3503 * @hide 3504 */ 3505 @SystemApi 3506 @RequiresPermission(anyOf = { 3507 android.Manifest.permission.MANAGE_USERS, 3508 android.Manifest.permission.CREATE_USERS 3509 }) getUserHandles(boolean excludeDying)3510 public @NonNull List<UserHandle> getUserHandles(boolean excludeDying) { 3511 List<UserInfo> users = getUsers(/* excludePartial= */ true, excludeDying, 3512 /* excludePreCreated= */ true); 3513 List<UserHandle> result = new ArrayList<>(users.size()); 3514 for (UserInfo user : users) { 3515 result.add(user.getUserHandle()); 3516 } 3517 return result; 3518 } 3519 3520 /** 3521 * Returns serial numbers of all users on this device. 3522 * 3523 * @param excludeDying specify if the list should exclude users being removed. 3524 * @return the list of serial numbers of users that exist on the device. 3525 * @hide 3526 */ 3527 @SystemApi 3528 @RequiresPermission(anyOf = { 3529 android.Manifest.permission.MANAGE_USERS, 3530 android.Manifest.permission.CREATE_USERS 3531 }) getSerialNumbersOfUsers(boolean excludeDying)3532 public long[] getSerialNumbersOfUsers(boolean excludeDying) { 3533 List<UserInfo> users = getUsers(/* excludePartial= */ true, excludeDying, 3534 /* excludePreCreated= */ true); 3535 long[] result = new long[users.size()]; 3536 for (int i = 0; i < result.length; i++) { 3537 result[i] = users.get(i).serialNumber; 3538 } 3539 return result; 3540 } 3541 3542 /** 3543 * @return the user's account name, null if not found. 3544 * @hide 3545 */ 3546 @RequiresPermission( allOf = { 3547 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 3548 Manifest.permission.MANAGE_USERS 3549 }) getUserAccount(@serIdInt int userId)3550 public @Nullable String getUserAccount(@UserIdInt int userId) { 3551 try { 3552 return mService.getUserAccount(userId); 3553 } catch (RemoteException re) { 3554 throw re.rethrowFromSystemServer(); 3555 } 3556 } 3557 3558 /** 3559 * Set account name for the given user. 3560 * @hide 3561 */ 3562 @RequiresPermission( allOf = { 3563 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 3564 Manifest.permission.MANAGE_USERS 3565 }) setUserAccount(@serIdInt int userId, @Nullable String accountName)3566 public void setUserAccount(@UserIdInt int userId, @Nullable String accountName) { 3567 try { 3568 mService.setUserAccount(userId, accountName); 3569 } catch (RemoteException re) { 3570 throw re.rethrowFromSystemServer(); 3571 } 3572 } 3573 3574 /** 3575 * Returns information for Primary user. 3576 * 3577 * @return the Primary user, null if not found. 3578 * @hide 3579 */ 3580 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getPrimaryUser()3581 public @Nullable UserInfo getPrimaryUser() { 3582 try { 3583 return mService.getPrimaryUser(); 3584 } catch (RemoteException re) { 3585 throw re.rethrowFromSystemServer(); 3586 } 3587 } 3588 3589 /** 3590 * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS 3591 * permission. 3592 * 3593 * @return true if more users can be added, false if limit has been reached. 3594 * @hide 3595 */ 3596 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) canAddMoreUsers()3597 public boolean canAddMoreUsers() { 3598 // TODO(b/142482943): UMS has different logic, excluding Demo and Profile from counting. Why 3599 // not here? The logic is inconsistent. See UMS.canAddMoreManagedProfiles 3600 final List<UserInfo> users = getAliveUsers(); 3601 final int totalUserCount = users.size(); 3602 int aliveUserCount = 0; 3603 for (int i = 0; i < totalUserCount; i++) { 3604 UserInfo user = users.get(i); 3605 if (!user.isGuest()) { 3606 aliveUserCount++; 3607 } 3608 } 3609 return aliveUserCount < getMaxSupportedUsers(); 3610 } 3611 3612 /** 3613 * Checks whether it's possible to add more managed profiles. Caller must hold the MANAGE_USERS 3614 * permission. 3615 * if allowedToRemoveOne is true and if the user already has a managed profile, then return if 3616 * we could add a new managed profile to this user after removing the existing one. 3617 * 3618 * @return true if more managed profiles can be added, false if limit has been reached. 3619 * @hide 3620 */ 3621 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) canAddMoreManagedProfiles(@serIdInt int userId, boolean allowedToRemoveOne)3622 public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) { 3623 try { 3624 return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne); 3625 } catch (RemoteException re) { 3626 throw re.rethrowFromSystemServer(); 3627 } 3628 } 3629 3630 /** 3631 * Checks whether it's possible to add more profiles of the given type to the given user. 3632 * 3633 * @param userType the type of user, such as {@link UserManager#USER_TYPE_PROFILE_MANAGED}. 3634 * @return true if more profiles can be added, false if limit has been reached. 3635 * @hide 3636 */ 3637 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) canAddMoreProfilesToUser(@onNull String userType, @UserIdInt int userId)3638 public boolean canAddMoreProfilesToUser(@NonNull String userType, @UserIdInt int userId) { 3639 try { 3640 return mService.canAddMoreProfilesToUser(userType, userId, false); 3641 } catch (RemoteException re) { 3642 throw re.rethrowFromSystemServer(); 3643 } 3644 } 3645 3646 /** 3647 * Returns list of the profiles of userId including userId itself. 3648 * Note that this returns both enabled and not enabled profiles. See 3649 * {@link #getEnabledProfiles(int)} if you need only the enabled ones. 3650 * <p>Note that this includes all profile types (not including Restricted profiles). 3651 * 3652 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 3653 * {@link android.Manifest.permission#CREATE_USERS} suffices if userId is the calling user. 3654 * @param userId profiles of this user will be returned. 3655 * @return the list of profiles. 3656 * @hide 3657 */ 3658 @UnsupportedAppUsage 3659 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3660 Manifest.permission.CREATE_USERS}, conditional = true) getProfiles(@serIdInt int userId)3661 public List<UserInfo> getProfiles(@UserIdInt int userId) { 3662 try { 3663 return mService.getProfiles(userId, false /* enabledOnly */); 3664 } catch (RemoteException re) { 3665 throw re.rethrowFromSystemServer(); 3666 } 3667 } 3668 3669 /** 3670 * Checks if the 2 provided user handles belong to the same profile group. 3671 * 3672 * @param user one of the two user handles to check. 3673 * @param otherUser one of the two user handles to check. 3674 * @return true if the two users are in the same profile group. 3675 * 3676 * @hide 3677 */ 3678 @SystemApi 3679 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isSameProfileGroup(@onNull UserHandle user, @NonNull UserHandle otherUser)3680 public boolean isSameProfileGroup(@NonNull UserHandle user, @NonNull UserHandle otherUser) { 3681 return isSameProfileGroup(user.getIdentifier(), otherUser.getIdentifier()); 3682 } 3683 3684 /** 3685 * Checks if the 2 provided user ids belong to the same profile group. 3686 * @param userId one of the two user ids to check. 3687 * @param otherUserId one of the two user ids to check. 3688 * @return true if the two user ids are in the same profile group. 3689 * @hide 3690 */ 3691 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) isSameProfileGroup(@serIdInt int userId, int otherUserId)3692 public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) { 3693 try { 3694 return mService.isSameProfileGroup(userId, otherUserId); 3695 } catch (RemoteException re) { 3696 throw re.rethrowFromSystemServer(); 3697 } 3698 } 3699 3700 /** 3701 * Returns list of the profiles of userId including userId itself. 3702 * Note that this returns only enabled. 3703 * <p>Note that this includes all profile types (not including Restricted profiles). 3704 * 3705 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS}. 3706 * {@link android.Manifest.permission#CREATE_USERS} suffices if userId is the calling user. 3707 * @param userId profiles of this user will be returned. 3708 * @return the list of profiles. 3709 * @hide 3710 */ 3711 @UnsupportedAppUsage 3712 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3713 Manifest.permission.CREATE_USERS}, conditional = true) getEnabledProfiles(@serIdInt int userId)3714 public List<UserInfo> getEnabledProfiles(@UserIdInt int userId) { 3715 try { 3716 return mService.getProfiles(userId, true /* enabledOnly */); 3717 } catch (RemoteException re) { 3718 throw re.rethrowFromSystemServer(); 3719 } 3720 } 3721 3722 /** 3723 * Returns a list of UserHandles for profiles associated with the user that the calling process 3724 * is running on, including the user itself. 3725 * <p>Note that this includes all profile types (not including Restricted profiles). 3726 * 3727 * @return A non-empty list of UserHandles associated with the calling user. 3728 */ getUserProfiles()3729 public List<UserHandle> getUserProfiles() { 3730 int[] userIds = getProfileIds(UserHandle.myUserId(), true /* enabledOnly */); 3731 List<UserHandle> result = new ArrayList<>(userIds.length); 3732 for (int userId : userIds) { 3733 result.add(UserHandle.of(userId)); 3734 } 3735 return result; 3736 } 3737 3738 /** 3739 * Returns a list of ids for enabled profiles associated with the context user including the 3740 * user itself. 3741 * <p>Note that this includes all profile types (not including Restricted profiles). 3742 * 3743 * @return A non-empty list of UserHandles associated with the calling user. 3744 * @hide 3745 */ 3746 @SystemApi 3747 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3748 Manifest.permission.CREATE_USERS}, conditional = true) 3749 @UserHandleAware getEnabledProfiles()3750 public @NonNull List<UserHandle> getEnabledProfiles() { 3751 return getProfiles(true); 3752 } 3753 3754 /** 3755 * Returns a list of ids for all profiles associated with the context user including the user 3756 * itself. 3757 * <p>Note that this includes all profile types (not including Restricted profiles). 3758 * 3759 * @return A non-empty list of UserHandles associated with the calling user. 3760 * @hide 3761 */ 3762 @SystemApi 3763 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3764 Manifest.permission.CREATE_USERS}, conditional = true) 3765 @UserHandleAware getAllProfiles()3766 public @NonNull List<UserHandle> getAllProfiles() { 3767 return getProfiles(false); 3768 } 3769 3770 /** 3771 * Returns a list of ids for profiles associated with the context user including the user 3772 * itself. 3773 * <p>Note that this includes all profile types (not including Restricted profiles). 3774 * 3775 * @param enabledOnly whether to return only {@link UserInfo#isEnabled() enabled} profiles 3776 * @return A non-empty list of UserHandles associated with the calling user. 3777 */ 3778 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3779 Manifest.permission.CREATE_USERS}, conditional = true) 3780 @UserHandleAware getProfiles(boolean enabledOnly)3781 private @NonNull List<UserHandle> getProfiles(boolean enabledOnly) { 3782 final int[] userIds = getProfileIds(mUserId, enabledOnly); 3783 final List<UserHandle> result = new ArrayList<>(userIds.length); 3784 for (int userId : userIds) { 3785 result.add(UserHandle.of(userId)); 3786 } 3787 return result; 3788 } 3789 3790 /** 3791 * Returns a list of ids for profiles associated with the specified user including the user 3792 * itself. 3793 * <p>Note that this includes all profile types (not including Restricted profiles). 3794 * 3795 * @param userId id of the user to return profiles for 3796 * @param enabledOnly whether return only {@link UserInfo#isEnabled() enabled} profiles 3797 * @return A non-empty list of ids of profiles associated with the specified user. 3798 * 3799 * @hide 3800 */ 3801 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3802 Manifest.permission.CREATE_USERS}, conditional = true) getProfileIds(@serIdInt int userId, boolean enabledOnly)3803 public @NonNull int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) { 3804 try { 3805 return mService.getProfileIds(userId, enabledOnly); 3806 } catch (RemoteException re) { 3807 throw re.rethrowFromSystemServer(); 3808 } 3809 } 3810 3811 /** 3812 * @see #getProfileIds(int, boolean) 3813 * @hide 3814 */ 3815 @UnsupportedAppUsage 3816 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3817 Manifest.permission.CREATE_USERS}, conditional = true) getProfileIdsWithDisabled(@serIdInt int userId)3818 public int[] getProfileIdsWithDisabled(@UserIdInt int userId) { 3819 return getProfileIds(userId, false /* enabledOnly */); 3820 } 3821 3822 /** 3823 * @see #getProfileIds(int, boolean) 3824 * @hide 3825 */ 3826 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 3827 Manifest.permission.CREATE_USERS}, conditional = true) getEnabledProfileIds(@serIdInt int userId)3828 public int[] getEnabledProfileIds(@UserIdInt int userId) { 3829 return getProfileIds(userId, true /* enabledOnly */); 3830 } 3831 3832 /** 3833 * Returns the device credential owner id of the profile from 3834 * which this method is called, or userId if called from a user that 3835 * is not a profile. 3836 * 3837 * @hide 3838 */ 3839 @RequiresPermission(Manifest.permission.MANAGE_USERS) getCredentialOwnerProfile(@serIdInt int userId)3840 public int getCredentialOwnerProfile(@UserIdInt int userId) { 3841 try { 3842 return mService.getCredentialOwnerProfile(userId); 3843 } catch (RemoteException re) { 3844 throw re.rethrowFromSystemServer(); 3845 } 3846 } 3847 3848 /** 3849 * Returns the parent of the profile which this method is called from 3850 * or null if called from a user that is not a profile. 3851 * 3852 * @hide 3853 */ 3854 @UnsupportedAppUsage 3855 @RequiresPermission(anyOf = { 3856 android.Manifest.permission.MANAGE_USERS, 3857 android.Manifest.permission.INTERACT_ACROSS_USERS 3858 }) getProfileParent(@serIdInt int userId)3859 public UserInfo getProfileParent(@UserIdInt int userId) { 3860 try { 3861 return mService.getProfileParent(userId); 3862 } catch (RemoteException re) { 3863 throw re.rethrowFromSystemServer(); 3864 } 3865 } 3866 3867 /** 3868 * Get the parent of a user profile. 3869 * 3870 * @param user the handle of the user profile 3871 * 3872 * @return the parent of the user or {@code null} if the user is not profile 3873 * 3874 * @hide 3875 */ 3876 @SystemApi 3877 @RequiresPermission(anyOf = { 3878 android.Manifest.permission.MANAGE_USERS, 3879 android.Manifest.permission.INTERACT_ACROSS_USERS 3880 }) getProfileParent(@onNull UserHandle user)3881 public @Nullable UserHandle getProfileParent(@NonNull UserHandle user) { 3882 UserInfo info = getProfileParent(user.getIdentifier()); 3883 3884 if (info == null) { 3885 return null; 3886 } 3887 3888 return UserHandle.of(info.id); 3889 } 3890 3891 /** 3892 * Enables or disables quiet mode for a managed profile. If quiet mode is enabled, apps in a 3893 * managed profile don't run, generate notifications, or consume data or battery. 3894 * <p> 3895 * If a user's credential is needed to turn off quiet mode, a confirm credential screen will be 3896 * shown to the user. 3897 * <p> 3898 * The change may not happen instantly, however apps can listen for 3899 * {@link Intent#ACTION_MANAGED_PROFILE_AVAILABLE} and 3900 * {@link Intent#ACTION_MANAGED_PROFILE_UNAVAILABLE} broadcasts in order to be notified of 3901 * the change of the quiet mode. Apps can also check the current state of quiet mode by 3902 * calling {@link #isQuietModeEnabled(UserHandle)}. 3903 * <p> 3904 * The caller must either be the foreground default launcher or have one of these permissions: 3905 * {@code MANAGE_USERS} or {@code MODIFY_QUIET_MODE}. 3906 * 3907 * @param enableQuietMode whether quiet mode should be enabled or disabled 3908 * @param userHandle user handle of the profile 3909 * @return {@code false} if user's credential is needed in order to turn off quiet mode, 3910 * {@code true} otherwise 3911 * @throws SecurityException if the caller is invalid 3912 * @throws IllegalArgumentException if {@code userHandle} is not a managed profile 3913 * 3914 * @see #isQuietModeEnabled(UserHandle) 3915 */ 3916 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 3917 Manifest.permission.MODIFY_QUIET_MODE}, conditional = true) requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle)3918 public boolean requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle) { 3919 return requestQuietModeEnabled(enableQuietMode, userHandle, null); 3920 } 3921 3922 /** 3923 * Perform the same operation as {@link #requestQuietModeEnabled(boolean, UserHandle)}, but 3924 * with a flag to tweak the behavior of the request. 3925 * 3926 * @param enableQuietMode whether quiet mode should be enabled or disabled 3927 * @param userHandle user handle of the profile 3928 * @param flags Can be 0 or {@link #QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED}. 3929 * @return {@code false} if user's credential is needed in order to turn off quiet mode, 3930 * {@code true} otherwise 3931 * @throws SecurityException if the caller is invalid 3932 * @throws IllegalArgumentException if {@code userHandle} is not a managed profile 3933 * 3934 * @see #isQuietModeEnabled(UserHandle) 3935 */ requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle, @QuietModeFlag int flags)3936 public boolean requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle, 3937 @QuietModeFlag int flags) { 3938 return requestQuietModeEnabled(enableQuietMode, userHandle, null, flags); 3939 } 3940 3941 /** 3942 * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify 3943 * a target to start when user is unlocked. If {@code target} is specified, caller must have 3944 * the {@link android.Manifest.permission#MANAGE_USERS} permission. 3945 * 3946 * @see {@link #requestQuietModeEnabled(boolean, UserHandle)} 3947 * @hide 3948 */ 3949 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) requestQuietModeEnabled( boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target)3950 public boolean requestQuietModeEnabled( 3951 boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target) { 3952 return requestQuietModeEnabled(enableQuietMode, userHandle, target, 0); 3953 } 3954 3955 /** 3956 * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify 3957 * a target to start when user is unlocked. If {@code target} is specified, caller must have 3958 * the {@link android.Manifest.permission#MANAGE_USERS} permission. 3959 * 3960 * @see #requestQuietModeEnabled(boolean, UserHandle) 3961 * @hide 3962 */ requestQuietModeEnabled( boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target, int flags)3963 public boolean requestQuietModeEnabled( 3964 boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target, 3965 int flags) { 3966 try { 3967 return mService.requestQuietModeEnabled( 3968 mContext.getPackageName(), enableQuietMode, userHandle.getIdentifier(), target, 3969 flags); 3970 } catch (RemoteException re) { 3971 throw re.rethrowFromSystemServer(); 3972 } 3973 } 3974 3975 /** 3976 * Returns whether the given profile is in quiet mode or not. 3977 * Notes: Quiet mode is only supported for managed profiles. 3978 * 3979 * @param userHandle The user handle of the profile to be queried. 3980 * @return true if the profile is in quiet mode, false otherwise. 3981 */ isQuietModeEnabled(UserHandle userHandle)3982 public boolean isQuietModeEnabled(UserHandle userHandle) { 3983 try { 3984 return mService.isQuietModeEnabled(userHandle.getIdentifier()); 3985 } catch (RemoteException re) { 3986 throw re.rethrowFromSystemServer(); 3987 } 3988 } 3989 3990 /** 3991 * Returns whether the given user has a badge (generally to put on profiles' icons). 3992 * 3993 * @param userId userId of the user in question 3994 * @return true if the user's icons should display a badge; false otherwise. 3995 * 3996 * @see #getBadgedIconForUser more information about badging in general 3997 * @hide 3998 */ hasBadge(@serIdInt int userId)3999 public boolean hasBadge(@UserIdInt int userId) { 4000 if (!isProfile(userId)) { 4001 // Since currently only profiles actually have badges, we can do this optimization. 4002 return false; 4003 } 4004 try { 4005 return mService.hasBadge(userId); 4006 } catch (RemoteException re) { 4007 throw re.rethrowFromSystemServer(); 4008 } 4009 } 4010 4011 /** 4012 * Returns whether the user associated with the context has a badge (generally to put on 4013 * profiles' icons). 4014 * 4015 * @return true if the user's icons should display a badge; false otherwise. 4016 * @see #getBadgedIconForUser more information about badging in general 4017 * @hide 4018 */ 4019 @UserHandleAware hasBadge()4020 public boolean hasBadge() { 4021 return hasBadge(mUserId); 4022 } 4023 4024 /** 4025 * Returns the light theme badge color for the given user (generally to color a profile's 4026 * icon's badge). 4027 * 4028 * <p>To check whether a badge color is expected for the user, first call {@link #hasBadge}. 4029 * 4030 * @return the color (not the resource ID) to be used for the user's badge 4031 * @throws Resources.NotFoundException if no valid badge color exists for this user 4032 * 4033 * @see #getBadgedIconForUser more information about badging in general 4034 * @hide 4035 */ getUserBadgeColor(@serIdInt int userId)4036 public @ColorInt int getUserBadgeColor(@UserIdInt int userId) { 4037 try { 4038 final int resourceId = mService.getUserBadgeColorResId(userId); 4039 return Resources.getSystem().getColor(resourceId, null); 4040 } catch (RemoteException re) { 4041 throw re.rethrowFromSystemServer(); 4042 } 4043 } 4044 4045 /** 4046 * Returns the dark theme badge color for the given user (generally to color a profile's icon's 4047 * badge). 4048 * 4049 * <p>To check whether a badge color is expected for the user, first call {@link #hasBadge}. 4050 * 4051 * @return the color (not the resource ID) to be used for the user's badge 4052 * @throws Resources.NotFoundException if no valid badge color exists for this user 4053 * 4054 * @see #getBadgedIconForUser more information about badging in general 4055 * @hide 4056 */ getUserBadgeDarkColor(@serIdInt int userId)4057 public @ColorInt int getUserBadgeDarkColor(@UserIdInt int userId) { 4058 try { 4059 final int resourceId = mService.getUserBadgeDarkColorResId(userId); 4060 return Resources.getSystem().getColor(resourceId, null); 4061 } catch (RemoteException re) { 4062 throw re.rethrowFromSystemServer(); 4063 } 4064 } 4065 4066 /** 4067 * Returns the Resource ID of the user's icon badge. 4068 * 4069 * @return the Resource ID of the user's icon badge if it has one; otherwise 4070 * {@link Resources#ID_NULL}. 4071 * 4072 * @see #getBadgedIconForUser more information about badging in general 4073 * @hide 4074 */ getUserIconBadgeResId(@serIdInt int userId)4075 public @DrawableRes int getUserIconBadgeResId(@UserIdInt int userId) { 4076 try { 4077 return mService.getUserIconBadgeResId(userId); 4078 } catch (RemoteException re) { 4079 throw re.rethrowFromSystemServer(); 4080 } 4081 } 4082 4083 /** 4084 * Returns the Resource ID of the user's badge. 4085 * 4086 * @return the Resource ID of the user's badge if it has one; otherwise 4087 * {@link Resources#ID_NULL}. 4088 * 4089 * @see #getBadgedIconForUser more information about badging in general 4090 * @hide 4091 */ getUserBadgeResId(@serIdInt int userId)4092 public @DrawableRes int getUserBadgeResId(@UserIdInt int userId) { 4093 try { 4094 return mService.getUserBadgeResId(userId); 4095 } catch (RemoteException re) { 4096 throw re.rethrowFromSystemServer(); 4097 } 4098 } 4099 4100 /** 4101 * Returns the Resource ID of the user's badge without a background. 4102 * 4103 * @return the Resource ID of the user's no-background badge if it has one; otherwise 4104 * {@link Resources#ID_NULL}. 4105 * 4106 * @see #getBadgedIconForUser more information about badging in general 4107 * @hide 4108 */ getUserBadgeNoBackgroundResId(@serIdInt int userId)4109 public @DrawableRes int getUserBadgeNoBackgroundResId(@UserIdInt int userId) { 4110 try { 4111 return mService.getUserBadgeNoBackgroundResId(userId); 4112 } catch (RemoteException re) { 4113 throw re.rethrowFromSystemServer(); 4114 } 4115 } 4116 4117 /** 4118 * If the target user is a profile of the calling user or the caller 4119 * is itself a profile, then this returns a badged copy of the given 4120 * icon to be able to distinguish it from the original icon. For badging an 4121 * arbitrary drawable use {@link #getBadgedDrawableForUser( 4122 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}. 4123 * <p> 4124 * If the original drawable is a BitmapDrawable and the backing bitmap is 4125 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 4126 * is performed in place and the original drawable is returned. 4127 * </p> 4128 * 4129 * @param icon The icon to badge. 4130 * @param user The target user. 4131 * @return A drawable that combines the original icon and a badge as 4132 * determined by the system. 4133 * @removed 4134 */ getBadgedIconForUser(Drawable icon, UserHandle user)4135 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) { 4136 return mContext.getPackageManager().getUserBadgedIcon(icon, user); 4137 } 4138 4139 /** 4140 * If the target user is a profile of the calling user or the caller 4141 * is itself a profile, then this returns a badged copy of the given 4142 * drawable allowing the user to distinguish it from the original drawable. 4143 * The caller can specify the location in the bounds of the drawable to be 4144 * badged where the badge should be applied as well as the density of the 4145 * badge to be used. 4146 * <p> 4147 * If the original drawable is a BitmapDrawable and the backing bitmap is 4148 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 4149 * is performed in place and the original drawable is returned. 4150 * </p> 4151 * 4152 * @param badgedDrawable The drawable to badge. 4153 * @param user The target user. 4154 * @param badgeLocation Where in the bounds of the badged drawable to place 4155 * the badge. If it's {@code null}, the badge is applied on top of the entire 4156 * drawable being badged. 4157 * @param badgeDensity The optional desired density for the badge as per 4158 * {@link android.util.DisplayMetrics#densityDpi}. If it's not positive, 4159 * the density of the display is used. 4160 * @return A drawable that combines the original drawable and a badge as 4161 * determined by the system. 4162 * @removed 4163 */ getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, Rect badgeLocation, int badgeDensity)4164 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, 4165 Rect badgeLocation, int badgeDensity) { 4166 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user, 4167 badgeLocation, badgeDensity); 4168 } 4169 4170 /** 4171 * If the target user is a profile of the calling user or the caller 4172 * is itself a profile, then this returns a copy of the label with 4173 * badging for accessibility services like talkback. E.g. passing in "Email" 4174 * and it might return "Work Email" for Email in the work profile. 4175 * 4176 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} or 4177 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the caller 4178 * must be in the same profile group of specified user. 4179 * 4180 * @param label The label to change. 4181 * @param user The target user. 4182 * @return A label that combines the original label and a badge as 4183 * determined by the system. 4184 * @removed 4185 */ getBadgedLabelForUser(CharSequence label, UserHandle user)4186 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) { 4187 final int userId = user.getIdentifier(); 4188 if (!hasBadge(userId)) { 4189 return label; 4190 } 4191 try { 4192 final int resourceId = mService.getUserBadgeLabelResId(userId); 4193 return Resources.getSystem().getString(resourceId, label); 4194 } catch (RemoteException re) { 4195 throw re.rethrowFromSystemServer(); 4196 } 4197 } 4198 4199 /** 4200 * If the user is a {@link UserManager#isProfile profile}, checks if the user 4201 * shares media with its parent user (the user that created this profile). 4202 * Returns false for any other type of user. 4203 * 4204 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} or 4205 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS} permission, otherwise the 4206 * caller must be in the same profile group as the user. 4207 * 4208 * @return true if the user shares media with its parent user, false otherwise. 4209 * @hide 4210 */ 4211 @SystemApi 4212 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 4213 Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) 4214 @UserHandleAware 4215 @SuppressAutoDoc isMediaSharedWithParent()4216 public boolean isMediaSharedWithParent() { 4217 try { 4218 return mService.isMediaSharedWithParent(mUserId); 4219 } catch (RemoteException re) { 4220 throw re.rethrowFromSystemServer(); 4221 } 4222 } 4223 4224 /** 4225 * Removes a user and all associated data. 4226 * @param userId the integer handle of the user. 4227 * @hide 4228 */ 4229 @UnsupportedAppUsage 4230 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4231 Manifest.permission.CREATE_USERS}) removeUser(@serIdInt int userId)4232 public boolean removeUser(@UserIdInt int userId) { 4233 try { 4234 return mService.removeUser(userId); 4235 } catch (RemoteException re) { 4236 throw re.rethrowFromSystemServer(); 4237 } 4238 } 4239 4240 /** 4241 * Removes a user and all associated data. 4242 * 4243 * @param user the user that needs to be removed. 4244 * @return {@code true} if the user was successfully removed, {@code false} otherwise. 4245 * @throws IllegalArgumentException if {@code user} is {@code null} 4246 * @hide 4247 */ 4248 @SystemApi 4249 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4250 Manifest.permission.CREATE_USERS}) removeUser(@onNull UserHandle user)4251 public boolean removeUser(@NonNull UserHandle user) { 4252 if (user == null) { 4253 throw new IllegalArgumentException("user cannot be null"); 4254 } 4255 return removeUser(user.getIdentifier()); 4256 } 4257 4258 4259 /** 4260 * Similar to {@link #removeUser(int)} except bypassing the checking of 4261 * {@link UserManager#DISALLOW_REMOVE_USER} 4262 * or {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE}. 4263 * 4264 * @see {@link #removeUser(int)} 4265 * @hide 4266 */ 4267 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4268 Manifest.permission.CREATE_USERS}) removeUserEvenWhenDisallowed(@serIdInt int userId)4269 public boolean removeUserEvenWhenDisallowed(@UserIdInt int userId) { 4270 try { 4271 return mService.removeUserEvenWhenDisallowed(userId); 4272 } catch (RemoteException re) { 4273 throw re.rethrowFromSystemServer(); 4274 } 4275 } 4276 4277 /** 4278 * Immediately removes the user or, if the user cannot be removed, such as when the user is 4279 * the current user, then set the user as ephemeral so that it will be removed when it is 4280 * stopped. 4281 * 4282 * @param evenWhenDisallowed when {@code true}, user is removed even if the caller user has the 4283 * {@link #DISALLOW_REMOVE_USER} or {@link #DISALLOW_REMOVE_MANAGED_PROFILE} restriction 4284 * 4285 * @return the {@link RemoveResult} code 4286 * @hide 4287 */ 4288 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 4289 Manifest.permission.CREATE_USERS}) removeUserOrSetEphemeral(@serIdInt int userId, boolean evenWhenDisallowed)4290 public @RemoveResult int removeUserOrSetEphemeral(@UserIdInt int userId, 4291 boolean evenWhenDisallowed) { 4292 try { 4293 return mService.removeUserOrSetEphemeral(userId, evenWhenDisallowed); 4294 } catch (RemoteException re) { 4295 throw re.rethrowFromSystemServer(); 4296 } 4297 } 4298 4299 /** 4300 * Updates the user's name. 4301 * 4302 * @param userId the user's integer id 4303 * @param name the new name for the user 4304 * @hide 4305 */ 4306 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserName(@serIdInt int userId, String name)4307 public void setUserName(@UserIdInt int userId, String name) { 4308 try { 4309 mService.setUserName(userId, name); 4310 } catch (RemoteException re) { 4311 throw re.rethrowFromSystemServer(); 4312 } 4313 } 4314 4315 /** 4316 * Updates the context user's name. 4317 * 4318 * @param name the new name for the user 4319 * @hide 4320 */ 4321 @SystemApi 4322 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 4323 @UserHandleAware setUserName(@ullable String name)4324 public void setUserName(@Nullable String name) { 4325 setUserName(mUserId, name); 4326 } 4327 4328 /** 4329 * Sets the user's photo. 4330 * @param userId the user for whom to change the photo. 4331 * @param icon the bitmap to set as the photo. 4332 * 4333 * @hide 4334 */ 4335 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setUserIcon(@serIdInt int userId, @NonNull Bitmap icon)4336 public void setUserIcon(@UserIdInt int userId, @NonNull Bitmap icon) { 4337 try { 4338 mService.setUserIcon(userId, icon); 4339 } catch (ServiceSpecificException e) { 4340 return; 4341 } catch (RemoteException re) { 4342 throw re.rethrowFromSystemServer(); 4343 } 4344 } 4345 4346 /** 4347 * Sets the context user's photo. 4348 * 4349 * @param icon the bitmap to set as the photo. 4350 * 4351 * @throws UserOperationException according to the function signature, but may not actually 4352 * throw it in practice. Catch RuntimeException instead. 4353 * 4354 * @hide 4355 */ 4356 @SystemApi 4357 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 4358 @UserHandleAware setUserIcon(@onNull Bitmap icon)4359 public void setUserIcon(@NonNull Bitmap icon) throws UserOperationException { 4360 setUserIcon(mUserId, icon); 4361 } 4362 4363 /** 4364 * Returns a bitmap of the user's photo 4365 * @param userId the user whose photo we want to read. 4366 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 4367 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 4368 * @hide 4369 */ 4370 @UnsupportedAppUsage 4371 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 4372 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) getUserIcon(@serIdInt int userId)4373 public Bitmap getUserIcon(@UserIdInt int userId) { 4374 try { 4375 ParcelFileDescriptor fd = mService.getUserIcon(userId); 4376 if (fd != null) { 4377 try { 4378 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor()); 4379 } finally { 4380 try { 4381 fd.close(); 4382 } catch (IOException e) { 4383 } 4384 } 4385 } 4386 } catch (RemoteException re) { 4387 throw re.rethrowFromSystemServer(); 4388 } 4389 return null; 4390 } 4391 4392 /** 4393 * Returns a Bitmap for the context user's photo. 4394 * 4395 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 4396 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 4397 * @hide 4398 */ 4399 @SystemApi 4400 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 4401 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) 4402 @UserHandleAware getUserIcon()4403 public @Nullable Bitmap getUserIcon() { 4404 return getUserIcon(mUserId); 4405 } 4406 4407 /** 4408 * Returns the maximum number of users that can be created on this device. A return value 4409 * of 1 means that it is a single user device. 4410 * @hide 4411 * @return a value greater than or equal to 1 4412 */ 4413 @UnsupportedAppUsage getMaxSupportedUsers()4414 public static int getMaxSupportedUsers() { 4415 // Don't allow multiple users on certain builds 4416 if (android.os.Build.ID.startsWith("JVP")) return 1; 4417 return SystemProperties.getInt("fw.max_users", 4418 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 4419 } 4420 4421 /** 4422 * Returns true if the user switcher is enabled (regardless of whether there is anything 4423 * interesting for it to show). 4424 * 4425 * @return true if user switcher is enabled 4426 * @hide 4427 */ isUserSwitcherEnabled()4428 public boolean isUserSwitcherEnabled() { 4429 return isUserSwitcherEnabled(true); 4430 } 4431 4432 /** 4433 * Returns true if the user switcher should be shown. 4434 * 4435 * @param showEvenIfNotActionable value to return if the feature is enabled but there is nothing 4436 * actionable for the user to do anyway 4437 * @return true if user switcher should be shown. 4438 * @hide 4439 */ isUserSwitcherEnabled(boolean showEvenIfNotActionable)4440 public boolean isUserSwitcherEnabled(boolean showEvenIfNotActionable) { 4441 if (!supportsMultipleUsers()) { 4442 return false; 4443 } 4444 if (hasUserRestriction(DISALLOW_USER_SWITCH)) { 4445 return false; 4446 } 4447 // If Demo Mode is on, don't show user switcher 4448 if (isDeviceInDemoMode(mContext)) { 4449 return false; 4450 } 4451 // Check the Settings.Global.USER_SWITCHER_ENABLED that the user can toggle on/off. 4452 final boolean userSwitcherSettingOn = Settings.Global.getInt(mContext.getContentResolver(), 4453 Settings.Global.USER_SWITCHER_ENABLED, 4454 Resources.getSystem().getBoolean(R.bool.config_showUserSwitcherByDefault) ? 1 : 0) 4455 != 0; 4456 if (!userSwitcherSettingOn) { 4457 return false; 4458 } 4459 4460 // The feature is enabled. But is it worth showing? 4461 return showEvenIfNotActionable 4462 || areThereUsersToWhichToSwitch() // There are switchable users. 4463 || !hasUserRestriction(UserManager.DISALLOW_ADD_USER); // New users can be added. 4464 } 4465 4466 /** Returns whether there are any users (other than the current user) to which to switch. */ areThereUsersToWhichToSwitch()4467 private boolean areThereUsersToWhichToSwitch() { 4468 final List<UserInfo> users = getAliveUsers(); 4469 if (users == null) { 4470 return false; 4471 } 4472 int switchableUserCount = 0; 4473 for (UserInfo user : users) { 4474 if (user.supportsSwitchToByUser()) { 4475 ++switchableUserCount; 4476 } 4477 } 4478 return switchableUserCount > 1; 4479 } 4480 4481 /** 4482 * @hide 4483 */ 4484 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) isDeviceInDemoMode(Context context)4485 public static boolean isDeviceInDemoMode(Context context) { 4486 return Settings.Global.getInt(context.getContentResolver(), 4487 Settings.Global.DEVICE_DEMO_MODE, 0) > 0; 4488 } 4489 4490 /** 4491 * Returns a serial number on this device for a given userId. User handles can be recycled 4492 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 4493 * @param userId 4494 * @return a serial number associated with that user, or -1 if the userId is not valid. 4495 * @hide 4496 */ 4497 @UnsupportedAppUsage getUserSerialNumber(@serIdInt int userId)4498 public int getUserSerialNumber(@UserIdInt int userId) { 4499 try { 4500 return mService.getUserSerialNumber(userId); 4501 } catch (RemoteException re) { 4502 throw re.rethrowFromSystemServer(); 4503 } 4504 } 4505 4506 /** 4507 * Returns a userId on this device for a given user serial number. User handles can be 4508 * recycled when deleting and creating users, but serial numbers are not reused until the device 4509 * is wiped. 4510 * @param userSerialNumber 4511 * @return the userId associated with that user serial number, or -1 if the serial number 4512 * is not valid. 4513 * @hide 4514 */ 4515 @UnsupportedAppUsage getUserHandle(int userSerialNumber)4516 public @UserIdInt int getUserHandle(int userSerialNumber) { 4517 try { 4518 return mService.getUserHandle(userSerialNumber); 4519 } catch (RemoteException re) { 4520 throw re.rethrowFromSystemServer(); 4521 } 4522 } 4523 4524 /** 4525 * Returns a {@link Bundle} containing any saved application restrictions for this user, for the 4526 * given package name. Only an application with this package name can call this method. 4527 * 4528 * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application, 4529 * where the types of values may be: 4530 * <ul> 4531 * <li>{@code boolean} 4532 * <li>{@code int} 4533 * <li>{@code String} or {@code String[]} 4534 * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]} 4535 * </ul> 4536 * 4537 * <p>NOTE: The method performs disk I/O and shouldn't be called on the main thread 4538 * 4539 * @param packageName the package name of the calling application 4540 * @return a {@link Bundle} with the restrictions for that package, or an empty {@link Bundle} 4541 * if there are no saved restrictions. 4542 * 4543 * @see #KEY_RESTRICTIONS_PENDING 4544 */ 4545 @WorkerThread getApplicationRestrictions(String packageName)4546 public Bundle getApplicationRestrictions(String packageName) { 4547 try { 4548 return mService.getApplicationRestrictions(packageName); 4549 } catch (RemoteException re) { 4550 throw re.rethrowFromSystemServer(); 4551 } 4552 } 4553 4554 /** 4555 * @hide 4556 */ 4557 @WorkerThread getApplicationRestrictions(String packageName, UserHandle user)4558 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 4559 try { 4560 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 4561 } catch (RemoteException re) { 4562 throw re.rethrowFromSystemServer(); 4563 } 4564 } 4565 4566 /** 4567 * @hide 4568 */ 4569 @WorkerThread setApplicationRestrictions(String packageName, Bundle restrictions, UserHandle user)4570 public void setApplicationRestrictions(String packageName, Bundle restrictions, 4571 UserHandle user) { 4572 try { 4573 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 4574 } catch (RemoteException re) { 4575 throw re.rethrowFromSystemServer(); 4576 } 4577 } 4578 4579 /** 4580 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed 4581 * apps and requires the MANAGE_USERS permission. 4582 * @param newPin the PIN to use for challenge dialogs. 4583 * @return Returns true if the challenge PIN was set successfully. 4584 * @deprecated The restrictions PIN functionality is no longer provided by the system. 4585 * This method is preserved for backwards compatibility reasons and always returns false. 4586 */ 4587 @Deprecated setRestrictionsChallenge(String newPin)4588 public boolean setRestrictionsChallenge(String newPin) { 4589 return false; 4590 } 4591 4592 /** 4593 * @hide 4594 * Set restrictions that should apply to any future guest user that's created. 4595 */ 4596 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) setDefaultGuestRestrictions(Bundle restrictions)4597 public void setDefaultGuestRestrictions(Bundle restrictions) { 4598 try { 4599 mService.setDefaultGuestRestrictions(restrictions); 4600 } catch (RemoteException re) { 4601 throw re.rethrowFromSystemServer(); 4602 } 4603 } 4604 4605 /** 4606 * @hide 4607 * Gets the default guest restrictions. 4608 */ 4609 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) getDefaultGuestRestrictions()4610 public Bundle getDefaultGuestRestrictions() { 4611 try { 4612 return mService.getDefaultGuestRestrictions(); 4613 } catch (RemoteException re) { 4614 throw re.rethrowFromSystemServer(); 4615 } 4616 } 4617 4618 /** 4619 * Returns creation time of the given user. The given user must be the calling user or 4620 * a profile associated with it. 4621 * @param userHandle user handle of the calling user or a profile associated with the 4622 * calling user. 4623 * @return creation time in milliseconds since Epoch time. 4624 */ getUserCreationTime(UserHandle userHandle)4625 public long getUserCreationTime(UserHandle userHandle) { 4626 try { 4627 return mService.getUserCreationTime(userHandle.getIdentifier()); 4628 } catch (RemoteException re) { 4629 throw re.rethrowFromSystemServer(); 4630 } 4631 } 4632 4633 /** 4634 * @hide 4635 * Checks if any uninitialized user has the specific seed account name and type. 4636 * 4637 * @param accountName The account name to check for 4638 * @param accountType The account type of the account to check for 4639 * @return whether the seed account was found 4640 */ 4641 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) someUserHasSeedAccount(String accountName, String accountType)4642 public boolean someUserHasSeedAccount(String accountName, String accountType) { 4643 try { 4644 return mService.someUserHasSeedAccount(accountName, accountType); 4645 } catch (RemoteException re) { 4646 throw re.rethrowFromSystemServer(); 4647 } 4648 } 4649 4650 /** 4651 * @hide 4652 * User that enforces a restriction. 4653 * 4654 * @see #getUserRestrictionSources(String, UserHandle) 4655 */ 4656 @SystemApi 4657 public static final class EnforcingUser implements Parcelable { 4658 private final @UserIdInt int userId; 4659 private final @UserRestrictionSource int userRestrictionSource; 4660 4661 /** 4662 * @hide 4663 */ EnforcingUser( @serIdInt int userId, @UserRestrictionSource int userRestrictionSource)4664 public EnforcingUser( 4665 @UserIdInt int userId, @UserRestrictionSource int userRestrictionSource) { 4666 this.userId = userId; 4667 this.userRestrictionSource = userRestrictionSource; 4668 } 4669 EnforcingUser(Parcel in)4670 private EnforcingUser(Parcel in) { 4671 userId = in.readInt(); 4672 userRestrictionSource = in.readInt(); 4673 } 4674 4675 public static final @android.annotation.NonNull Creator<EnforcingUser> CREATOR = new Creator<EnforcingUser>() { 4676 @Override 4677 public EnforcingUser createFromParcel(Parcel in) { 4678 return new EnforcingUser(in); 4679 } 4680 4681 @Override 4682 public EnforcingUser[] newArray(int size) { 4683 return new EnforcingUser[size]; 4684 } 4685 }; 4686 4687 @Override describeContents()4688 public int describeContents() { 4689 return 0; 4690 } 4691 4692 @Override writeToParcel(Parcel dest, int flags)4693 public void writeToParcel(Parcel dest, int flags) { 4694 dest.writeInt(userId); 4695 dest.writeInt(userRestrictionSource); 4696 } 4697 4698 /** 4699 * Returns an id of the enforcing user. 4700 * 4701 * <p> Will be UserHandle.USER_NULL when restriction is set by the system. 4702 */ getUserHandle()4703 public UserHandle getUserHandle() { 4704 return UserHandle.of(userId); 4705 } 4706 4707 /** 4708 * Returns the status of the enforcing user. 4709 * 4710 * <p> One of {@link #RESTRICTION_SOURCE_SYSTEM}, 4711 * {@link #RESTRICTION_SOURCE_DEVICE_OWNER} and 4712 * {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 4713 */ getUserRestrictionSource()4714 public @UserRestrictionSource int getUserRestrictionSource() { 4715 return userRestrictionSource; 4716 } 4717 } 4718 } 4719