1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.android.server.pm; 17 18 import android.annotation.IntDef; 19 import android.annotation.NonNull; 20 import android.annotation.Nullable; 21 import android.annotation.UserIdInt; 22 import android.content.Context; 23 import android.content.pm.UserInfo; 24 import android.graphics.Bitmap; 25 import android.os.Bundle; 26 import android.os.UserManager; 27 28 import java.lang.annotation.Retention; 29 import java.lang.annotation.RetentionPolicy; 30 import java.util.List; 31 32 /** 33 * @hide Only for use within the system server. 34 */ 35 public abstract class UserManagerInternal { 36 37 public static final int OWNER_TYPE_DEVICE_OWNER = 0; 38 public static final int OWNER_TYPE_PROFILE_OWNER = 1; 39 public static final int OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE = 2; 40 public static final int OWNER_TYPE_NO_OWNER = 3; 41 42 @Retention(RetentionPolicy.SOURCE) 43 @IntDef(value = {OWNER_TYPE_DEVICE_OWNER, OWNER_TYPE_PROFILE_OWNER, 44 OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE, OWNER_TYPE_NO_OWNER}) 45 public @interface OwnerType { 46 } 47 48 public interface UserRestrictionsListener { 49 /** 50 * Called when a user restriction changes. 51 * 52 * @param userId target user id 53 * @param newRestrictions new user restrictions 54 * @param prevRestrictions user restrictions that were previously set 55 */ onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions)56 void onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions); 57 } 58 59 /** 60 * Listener for user lifecycle events. 61 * 62 * <p><b>NOTE: </b>implementations MUST not block the current thread. 63 */ 64 public interface UserLifecycleListener { 65 66 /** 67 * Called when a new user is created. 68 * 69 * @param user new user. 70 * @param token token passed to the method that created the user. 71 */ onUserCreated(UserInfo user, @Nullable Object token)72 default void onUserCreated(UserInfo user, @Nullable Object token) {} 73 74 /** Called when an existing user is removed. */ onUserRemoved(UserInfo user)75 default void onUserRemoved(UserInfo user) {} 76 } 77 78 /** 79 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to set 80 * restrictions enforced by the user. 81 * 82 * @param originatingUserId user id of the user where the restrictions originated. 83 * @param global a bundle of global user restrictions. Global restrictions are 84 * restrictions that apply device-wide: to the managed profile, 85 * primary profile and secondary users and any profile created in 86 * any secondary user. 87 * @param local a restriction set of local user restrictions. The key is the user 88 * id of the user whom the restrictions are targeting. 89 * @param isDeviceOwner whether {@code originatingUserId} corresponds to device owner 90 * user id. 91 */ setDevicePolicyUserRestrictions(int originatingUserId, @Nullable Bundle global, @Nullable RestrictionsSet local, boolean isDeviceOwner)92 public abstract void setDevicePolicyUserRestrictions(int originatingUserId, 93 @Nullable Bundle global, @Nullable RestrictionsSet local, boolean isDeviceOwner); 94 95 /** Return a user restriction. */ getUserRestriction(int userId, String key)96 public abstract boolean getUserRestriction(int userId, String key); 97 98 /** Adds a listener to user restriction changes. */ addUserRestrictionsListener(UserRestrictionsListener listener)99 public abstract void addUserRestrictionsListener(UserRestrictionsListener listener); 100 101 /** Remove a {@link UserRestrictionsListener}. */ removeUserRestrictionsListener(UserRestrictionsListener listener)102 public abstract void removeUserRestrictionsListener(UserRestrictionsListener listener); 103 104 /** Adds a {@link UserLifecycleListener}. */ addUserLifecycleListener(UserLifecycleListener listener)105 public abstract void addUserLifecycleListener(UserLifecycleListener listener); 106 107 /** Removes a {@link UserLifecycleListener}. */ removeUserLifecycleListener(UserLifecycleListener listener)108 public abstract void removeUserLifecycleListener(UserLifecycleListener listener); 109 110 /** 111 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update 112 * whether the device is managed by device owner. 113 */ setDeviceManaged(boolean isManaged)114 public abstract void setDeviceManaged(boolean isManaged); 115 116 /** 117 * Returns whether the device is managed by device owner. 118 */ isDeviceManaged()119 public abstract boolean isDeviceManaged(); 120 121 /** 122 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update 123 * whether the user is managed by profile owner. 124 */ setUserManaged(int userId, boolean isManaged)125 public abstract void setUserManaged(int userId, boolean isManaged); 126 127 /** 128 * whether a profile owner manages this user. 129 */ isUserManaged(int userId)130 public abstract boolean isUserManaged(int userId); 131 132 /** 133 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to omit 134 * restriction check, because DevicePolicyManager must always be able to set user icon 135 * regardless of any restriction. 136 * Also called by {@link com.android.server.pm.UserManagerService} because the logic of setting 137 * the icon is in this method. 138 */ setUserIcon(int userId, Bitmap bitmap)139 public abstract void setUserIcon(int userId, Bitmap bitmap); 140 141 /** 142 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to inform the 143 * user manager whether all users should be created ephemeral. 144 */ setForceEphemeralUsers(boolean forceEphemeralUsers)145 public abstract void setForceEphemeralUsers(boolean forceEphemeralUsers); 146 147 /** 148 * Switches to the system user and deletes all other users. 149 * 150 * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when 151 * the force-ephemeral-users policy is toggled on to make sure there are no pre-existing 152 * non-ephemeral users left. 153 */ removeAllUsers()154 public abstract void removeAllUsers(); 155 156 /** 157 * Called by the activity manager when the ephemeral user goes to background and its removal 158 * starts as a result. 159 * 160 * <p>It marks the ephemeral user as disabled in order to prevent it from being re-entered 161 * before its removal finishes. 162 * 163 * @param userId the ID of the ephemeral user. 164 */ onEphemeralUserStop(int userId)165 public abstract void onEphemeralUserStop(int userId); 166 167 /** 168 * Same as UserManager.createUser(), but bypasses the check for 169 * {@link UserManager#DISALLOW_ADD_USER} and {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE} 170 * 171 * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when 172 * createAndManageUser is called by the device owner; it uses {@code token} to block until 173 * the user is created (as it will be passed back to it through 174 * {@link UserLifecycleListener#onUserCreated(UserInfo, Object)}); 175 */ createUserEvenWhenDisallowed(String name, String userType, int flags, String[] disallowedPackages, @Nullable Object token)176 public abstract UserInfo createUserEvenWhenDisallowed(String name, String userType, 177 int flags, String[] disallowedPackages, @Nullable Object token) 178 throws UserManager.CheckedUserOperationException; 179 180 /** 181 * Same as {@link UserManager#removeUser(int userId)}, but bypasses the check for 182 * {@link UserManager#DISALLOW_REMOVE_USER} and 183 * {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE} and does not require the 184 * {@link android.Manifest.permission#MANAGE_USERS} permission. 185 */ removeUserEvenWhenDisallowed(int userId)186 public abstract boolean removeUserEvenWhenDisallowed(int userId); 187 188 /** 189 * Return whether the given user is running in an 190 * {@code UserState.STATE_RUNNING_UNLOCKING} or 191 * {@code UserState.STATE_RUNNING_UNLOCKED} state. 192 */ isUserUnlockingOrUnlocked(int userId)193 public abstract boolean isUserUnlockingOrUnlocked(int userId); 194 195 /** 196 * Return whether the given user is running in an 197 * {@code UserState.STATE_RUNNING_UNLOCKED} state. 198 */ isUserUnlocked(int userId)199 public abstract boolean isUserUnlocked(int userId); 200 201 /** 202 * Returns whether the given user is running 203 */ isUserRunning(int userId)204 public abstract boolean isUserRunning(int userId); 205 206 /** 207 * Returns whether the given user is initialized 208 */ isUserInitialized(int userId)209 public abstract boolean isUserInitialized(int userId); 210 211 /** 212 * Returns whether the given user exists 213 */ exists(int userId)214 public abstract boolean exists(int userId); 215 216 /** 217 * Set user's running state 218 */ setUserState(int userId, int userState)219 public abstract void setUserState(int userId, int userState); 220 221 /** 222 * Remove user's running state 223 */ removeUserState(int userId)224 public abstract void removeUserState(int userId); 225 226 /** 227 * Returns an array of user ids. This array is cached in UserManagerService and passed as a 228 * reference, so do not modify the returned array. 229 * 230 * @return the array of user ids. 231 */ getUserIds()232 public abstract int[] getUserIds(); 233 234 /** 235 * Internal implementation of getUsers does not check permissions. 236 * This improves performance for calls from inside system server which already have permissions 237 * checked. 238 */ getUsers(boolean excludeDying)239 public abstract @NonNull List<UserInfo> getUsers(boolean excludeDying); 240 241 /** 242 * Internal implementation of getUsers does not check permissions. 243 * This improves performance for calls from inside system server which already have permissions 244 * checked. 245 */ getUsers(boolean excludePartial, boolean excludeDying, boolean excludePreCreated)246 public abstract @NonNull List<UserInfo> getUsers(boolean excludePartial, boolean excludeDying, 247 boolean excludePreCreated); 248 249 /** 250 * Checks if the {@code callingUserId} and {@code targetUserId} are same or in same group 251 * and that the {@code callingUserId} is not a profile and {@code targetUserId} is enabled. 252 * 253 * @return TRUE if the {@code callingUserId} can access {@code targetUserId}. FALSE 254 * otherwise 255 * 256 * @throws SecurityException if the calling user and {@code targetUser} are not in the same 257 * group and {@code throwSecurityException} is true, otherwise if will simply return false. 258 */ isProfileAccessible(int callingUserId, int targetUserId, String debugMsg, boolean throwSecurityException)259 public abstract boolean isProfileAccessible(int callingUserId, int targetUserId, 260 String debugMsg, boolean throwSecurityException); 261 262 /** 263 * If {@code userId} is of a profile, return the parent user ID. Otherwise return itself. 264 */ getProfileParentId(int userId)265 public abstract int getProfileParentId(int userId); 266 267 /** 268 * Checks whether changing a setting to a value is prohibited by the corresponding user 269 * restriction. 270 * 271 * <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction( 272 * Context, int, String, boolean)}, which should be in sync with this method. 273 * 274 * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. 275 * 276 * @hide 277 */ isSettingRestrictedForUser(String setting, int userId, String value, int callingUid)278 public abstract boolean isSettingRestrictedForUser(String setting, int userId, String value, 279 int callingUid); 280 281 /** @return a specific user restriction that's in effect currently. */ hasUserRestriction(String restriction, int userId)282 public abstract boolean hasUserRestriction(String restriction, int userId); 283 284 /** 285 * Gets a {@link UserInfo} for the given {@code userId}, or {@code null} if not found. 286 */ getUserInfo(@serIdInt int userId)287 public abstract @Nullable UserInfo getUserInfo(@UserIdInt int userId); 288 289 /** 290 * Gets all {@link UserInfo UserInfos}. 291 */ getUserInfos()292 public abstract @NonNull UserInfo[] getUserInfos(); 293 294 /** 295 * Sets all default cross profile intent filters between {@code parentUserId} and 296 * {@code profileUserId}. 297 */ setDefaultCrossProfileIntentFilters( @serIdInt int parentUserId, @UserIdInt int profileUserId)298 public abstract void setDefaultCrossProfileIntentFilters( 299 @UserIdInt int parentUserId, @UserIdInt int profileUserId); 300 301 /** 302 * Returns {@code true} if the system should ignore errors when preparing 303 * the storage directories for the user with ID {@code userId}. This will 304 * return {@code false} for all new users; it will only return {@code true} 305 * for users that already existed on-disk from an older version of Android. 306 */ shouldIgnorePrepareStorageErrors(int userId)307 public abstract boolean shouldIgnorePrepareStorageErrors(int userId); 308 } 309