1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.os; 18 19 import android.Manifest; 20 import android.accounts.AccountManager; 21 import android.annotation.IntDef; 22 import android.annotation.NonNull; 23 import android.annotation.Nullable; 24 import android.annotation.RequiresPermission; 25 import android.annotation.SystemApi; 26 import android.annotation.SystemService; 27 import android.annotation.TestApi; 28 import android.annotation.UnsupportedAppUsage; 29 import android.annotation.UserIdInt; 30 import android.annotation.WorkerThread; 31 import android.app.Activity; 32 import android.app.ActivityManager; 33 import android.app.admin.DevicePolicyManager; 34 import android.content.ComponentName; 35 import android.content.Context; 36 import android.content.Intent; 37 import android.content.IntentFilter; 38 import android.content.IntentSender; 39 import android.content.pm.UserInfo; 40 import android.content.res.Configuration; 41 import android.content.res.Resources; 42 import android.graphics.Bitmap; 43 import android.graphics.BitmapFactory; 44 import android.graphics.Rect; 45 import android.graphics.drawable.Drawable; 46 import android.provider.Settings; 47 import android.telephony.TelephonyManager; 48 import android.view.WindowManager.LayoutParams; 49 50 import com.android.internal.R; 51 import com.android.internal.os.RoSystemProperties; 52 53 import java.io.IOException; 54 import java.lang.annotation.Retention; 55 import java.lang.annotation.RetentionPolicy; 56 import java.util.ArrayList; 57 import java.util.List; 58 59 /** 60 * Manages users and user details on a multi-user system. There are two major categories of 61 * users: fully customizable users with their own login, and managed profiles that share a workspace 62 * with a related user. 63 * <p> 64 * Users are different from accounts, which are managed by 65 * {@link AccountManager}. Each user can have their own set of accounts. 66 * <p> 67 * See {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} for more on managed profiles. 68 */ 69 @SystemService(Context.USER_SERVICE) 70 public class UserManager { 71 72 private static final String TAG = "UserManager"; 73 @UnsupportedAppUsage 74 private final IUserManager mService; 75 private final Context mContext; 76 77 private Boolean mIsManagedProfileCached; 78 79 /** 80 * @hide 81 * No user restriction. 82 */ 83 @SystemApi 84 public static final int RESTRICTION_NOT_SET = 0x0; 85 86 /** 87 * @hide 88 * User restriction set by system/user. 89 */ 90 @SystemApi 91 public static final int RESTRICTION_SOURCE_SYSTEM = 0x1; 92 93 /** 94 * @hide 95 * User restriction set by a device owner. 96 */ 97 @SystemApi 98 public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 0x2; 99 100 /** 101 * @hide 102 * User restriction set by a profile owner. 103 */ 104 @SystemApi 105 public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 0x4; 106 107 /** @hide */ 108 @Retention(RetentionPolicy.SOURCE) 109 @IntDef(flag = true, prefix = { "RESTRICTION_" }, value = { 110 RESTRICTION_NOT_SET, 111 RESTRICTION_SOURCE_SYSTEM, 112 RESTRICTION_SOURCE_DEVICE_OWNER, 113 RESTRICTION_SOURCE_PROFILE_OWNER 114 }) 115 @SystemApi 116 public @interface UserRestrictionSource {} 117 118 /** 119 * Specifies if a user is disallowed from adding and removing accounts, unless they are 120 * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by 121 * Authenticator. 122 * The default value is <code>false</code>. 123 * 124 * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still 125 * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account 126 * management is disallowed. 127 * 128 * <p>Key for user restrictions. 129 * <p>Type: Boolean 130 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 131 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 132 * @see #getUserRestrictions() 133 */ 134 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 135 136 /** 137 * Specifies if a user is disallowed from changing Wi-Fi 138 * access points. The default value is <code>false</code>. 139 * <p>This restriction has no effect in a managed profile. 140 * 141 * <p>Key for user restrictions. 142 * <p>Type: Boolean 143 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 144 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 145 * @see #getUserRestrictions() 146 */ 147 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 148 149 /** 150 * Specifies if a user is disallowed from changing the device 151 * language. The default value is <code>false</code>. 152 * 153 * <p>Key for user restrictions. 154 * <p>Type: Boolean 155 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 156 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 157 * @see #getUserRestrictions() 158 */ 159 public static final String DISALLOW_CONFIG_LOCALE = "no_config_locale"; 160 161 /** 162 * Specifies if a user is disallowed from installing applications. This user restriction also 163 * prevents device owners and profile owners installing apps. The default value is 164 * {@code false}. 165 * 166 * <p>Key for user restrictions. 167 * <p>Type: Boolean 168 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 169 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 170 * @see #getUserRestrictions() 171 */ 172 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 173 174 /** 175 * Specifies if a user is disallowed from uninstalling applications. 176 * The default value is <code>false</code>. 177 * 178 * <p>Key for user restrictions. 179 * <p>Type: Boolean 180 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 181 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 182 * @see #getUserRestrictions() 183 */ 184 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 185 186 /** 187 * Specifies if a user is disallowed from turning on location sharing. 188 * The default value is <code>false</code>. 189 * <p>In a managed profile, location sharing always reflects the primary user's setting, but 190 * can be overridden and forced off by setting this restriction to true in the managed profile. 191 * 192 * <p>Key for user restrictions. 193 * <p>Type: Boolean 194 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 195 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 196 * @see #getUserRestrictions() 197 */ 198 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 199 200 /** 201 * Specifies if airplane mode is disallowed on the device. 202 * 203 * <p> This restriction can only be set by the device owner and the profile owner on the 204 * primary user and it applies globally - i.e. it disables airplane mode on the entire device. 205 * <p>The default value is <code>false</code>. 206 * 207 * <p>Key for user restrictions. 208 * <p>Type: Boolean 209 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 210 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 211 * @see #getUserRestrictions() 212 */ 213 public static final String DISALLOW_AIRPLANE_MODE = "no_airplane_mode"; 214 215 /** 216 * Specifies if a user is disallowed from configuring brightness. When device owner sets it, 217 * it'll only be applied on the target(system) user. 218 * 219 * <p>The default value is <code>false</code>. 220 * 221 * <p>This user restriction has no effect on managed profiles. 222 * <p>Key for user restrictions. 223 * <p>Type: Boolean 224 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 225 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 226 * @see #getUserRestrictions() 227 */ 228 public static final String DISALLOW_CONFIG_BRIGHTNESS = "no_config_brightness"; 229 230 /** 231 * Specifies if ambient display is disallowed for the user. 232 * 233 * <p>The default value is <code>false</code>. 234 * 235 * <p>This user restriction has no effect on managed profiles. 236 * <p>Key for user restrictions. 237 * <p>Type: Boolean 238 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 239 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 240 * @see #getUserRestrictions() 241 */ 242 public static final String DISALLOW_AMBIENT_DISPLAY = "no_ambient_display"; 243 244 /** 245 * Specifies if a user is disallowed from changing screen off timeout. 246 * 247 * <p>The default value is <code>false</code>. 248 * 249 * <p>This user restriction has no effect on managed profiles. 250 * <p>Key for user restrictions. 251 * <p>Type: Boolean 252 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 253 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 254 * @see #getUserRestrictions() 255 */ 256 public static final String DISALLOW_CONFIG_SCREEN_TIMEOUT = "no_config_screen_timeout"; 257 258 /** 259 * Specifies if a user is disallowed from enabling the 260 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 261 * Unknown sources exclude adb and special apps such as trusted app stores. 262 * The default value is <code>false</code>. 263 * 264 * <p>Key for user restrictions. 265 * <p>Type: Boolean 266 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 267 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 268 * @see #getUserRestrictions() 269 */ 270 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 271 272 /** 273 * This restriction is a device-wide version of {@link #DISALLOW_INSTALL_UNKNOWN_SOURCES}. 274 * 275 * Specifies if all users on the device are disallowed from enabling the 276 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 277 * 278 * This restriction can be enabled by the profile owner, in which case all accounts and 279 * profiles will be affected. 280 * 281 * The default value is <code>false</code>. 282 * 283 * <p>Key for user restrictions. 284 * <p>Type: Boolean 285 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 286 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 287 * @see #getUserRestrictions() 288 */ 289 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY = 290 "no_install_unknown_sources_globally"; 291 292 /** 293 * Specifies if a user is disallowed from configuring bluetooth. 294 * This does <em>not</em> restrict the user from turning bluetooth on or off. 295 * The default value is <code>false</code>. 296 * <p>This restriction doesn't prevent the user from using bluetooth. For disallowing usage of 297 * bluetooth completely on the device, use {@link #DISALLOW_BLUETOOTH}. 298 * <p>This restriction has no effect in a managed profile. 299 * 300 * <p>Key for user restrictions. 301 * <p>Type: Boolean 302 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 303 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 304 * @see #getUserRestrictions() 305 */ 306 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 307 308 /** 309 * Specifies if bluetooth is disallowed on the device. 310 * 311 * <p> This restriction can only be set by the device owner and the profile owner on the 312 * primary user and it applies globally - i.e. it disables bluetooth on the entire device. 313 * <p>The default value is <code>false</code>. 314 * <p>Key for user restrictions. 315 * <p>Type: Boolean 316 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 317 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 318 * @see #getUserRestrictions() 319 */ 320 public static final String DISALLOW_BLUETOOTH = "no_bluetooth"; 321 322 /** 323 * Specifies if outgoing bluetooth sharing is disallowed on the device. Device owner and profile 324 * owner can set this restriction. When it is set by device owner, all users on this device will 325 * be affected. 326 * 327 * <p>Default is <code>true</code> for managed profiles and false for otherwise. When a device 328 * upgrades to {@link android.os.Build.VERSION_CODES#O}, the system sets it for all existing 329 * managed profiles. 330 * 331 * <p>Key for user restrictions. 332 * <p>Type: Boolean 333 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 334 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 335 * @see #getUserRestrictions() 336 */ 337 public static final String DISALLOW_BLUETOOTH_SHARING = "no_bluetooth_sharing"; 338 339 /** 340 * Specifies if a user is disallowed from transferring files over 341 * USB. This can only be set by device owners and profile owners on the primary user. 342 * The default value is <code>false</code>. 343 * 344 * <p>Key for user restrictions. 345 * <p>Type: Boolean 346 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 347 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 348 * @see #getUserRestrictions() 349 */ 350 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 351 352 /** 353 * Specifies if a user is disallowed from configuring user 354 * credentials. The default value is <code>false</code>. 355 * 356 * <p>Key for user restrictions. 357 * <p>Type: Boolean 358 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 359 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 360 * @see #getUserRestrictions() 361 */ 362 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 363 364 /** 365 * When set on the primary user this specifies if the user can remove other users. 366 * When set on a secondary user, this specifies if the user can remove itself. 367 * This restriction has no effect on managed profiles. 368 * The default value is <code>false</code>. 369 * 370 * <p>Key for user restrictions. 371 * <p>Type: Boolean 372 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 373 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 374 * @see #getUserRestrictions() 375 */ 376 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 377 378 /** 379 * Specifies if managed profiles of this user can be removed, other than by its profile owner. 380 * The default value is <code>false</code>. 381 * <p> 382 * This restriction has no effect on managed profiles. 383 * 384 * <p>Key for user restrictions. 385 * <p>Type: Boolean 386 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 387 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 388 * @see #getUserRestrictions() 389 */ 390 public static final String DISALLOW_REMOVE_MANAGED_PROFILE = "no_remove_managed_profile"; 391 392 /** 393 * Specifies if a user is disallowed from enabling or accessing debugging features. When set on 394 * the primary user, disables debugging features altogether, including USB debugging. When set 395 * on a managed profile or a secondary user, blocks debugging for that user only, including 396 * starting activities, making service calls, accessing content providers, sending broadcasts, 397 * installing/uninstalling packages, clearing user data, etc. 398 * The default value is <code>false</code>. 399 * 400 * <p>Key for user restrictions. 401 * <p>Type: Boolean 402 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 403 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 404 * @see #getUserRestrictions() 405 */ 406 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features"; 407 408 /** 409 * Specifies if a user is disallowed from configuring a VPN. The default value is 410 * <code>false</code>. This restriction has an effect when set by device owners and, in Android 411 * 6.0 ({@linkplain android.os.Build.VERSION_CODES#M API level 23}) or higher, profile owners. 412 * <p>This restriction also prevents VPNs from starting. However, in Android 7.0 413 * ({@linkplain android.os.Build.VERSION_CODES#N API level 24}) or higher, the system does 414 * start always-on VPNs created by the device or profile owner. 415 * 416 * <p>Key for user restrictions. 417 * <p>Type: Boolean 418 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 419 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 420 * @see #getUserRestrictions() 421 */ 422 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn"; 423 424 /** 425 * Specifies if a user is disallowed from enabling or disabling location providers. As a 426 * result, user is disallowed from turning on or off location. Device owner and profile owners 427 * can set this restriction and it only applies on the managed user. 428 * 429 * <p>In a managed profile, location sharing is forced off when it's off on primary user, so 430 * user can still turn off location sharing on managed profile when the restriction is set by 431 * profile owner on managed profile. 432 * 433 * <p>This user restriction is different from {@link #DISALLOW_SHARE_LOCATION}, 434 * as the device owner or profile owner can still enable or disable location mode via 435 * {@link DevicePolicyManager#setSecureSetting} when this restriction is on. 436 * 437 * <p>The default value is <code>false</code>. 438 * 439 * <p>Key for user restrictions. 440 * <p>Type: Boolean 441 * @see android.location.LocationManager#isProviderEnabled(String) 442 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 443 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 444 * @see #getUserRestrictions() 445 */ 446 public static final String DISALLOW_CONFIG_LOCATION = "no_config_location"; 447 448 /** 449 * Specifies if date, time and timezone configuring is disallowed. 450 * 451 * <p>When restriction is set by device owners, it applies globally - i.e., it disables date, 452 * time and timezone setting on the entire device and all users will be affected. When it's set 453 * by profile owners, it's only applied to the managed user. 454 * <p>The default value is <code>false</code>. 455 * 456 * <p>This user restriction has no effect on managed profiles. 457 * <p>Key for user restrictions. 458 * <p>Type: Boolean 459 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 460 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 461 * @see #getUserRestrictions() 462 */ 463 public static final String DISALLOW_CONFIG_DATE_TIME = "no_config_date_time"; 464 465 /** 466 * Specifies if a user is disallowed from configuring Tethering 467 * & portable hotspots. This can only be set by device owners and profile owners on the 468 * primary user. The default value is <code>false</code>. 469 * <p>In Android 9.0 or higher, if tethering is enabled when this restriction is set, 470 * tethering will be automatically turned off. 471 * 472 * <p>Key for user restrictions. 473 * <p>Type: Boolean 474 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 475 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 476 * @see #getUserRestrictions() 477 */ 478 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering"; 479 480 /** 481 * Specifies if a user is disallowed from resetting network settings 482 * from Settings. This can only be set by device owners and profile owners on the primary user. 483 * The default value is <code>false</code>. 484 * <p>This restriction has no effect on secondary users and managed profiles since only the 485 * primary user can reset the network settings of the device. 486 * 487 * <p>Key for user restrictions. 488 * <p>Type: Boolean 489 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 490 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 491 * @see #getUserRestrictions() 492 */ 493 public static final String DISALLOW_NETWORK_RESET = "no_network_reset"; 494 495 /** 496 * Specifies if a user is disallowed from factory resetting 497 * from Settings. This can only be set by device owners and profile owners on the primary user. 498 * The default value is <code>false</code>. 499 * <p>This restriction has no effect on secondary users and managed profiles since only the 500 * primary user can factory reset the device. 501 * 502 * <p>Key for user restrictions. 503 * <p>Type: Boolean 504 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 505 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 506 * @see #getUserRestrictions() 507 */ 508 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset"; 509 510 /** 511 * Specifies if a user is disallowed from adding new users. This can only be set by device 512 * owners and profile owners on the primary user. 513 * The default value is <code>false</code>. 514 * <p>This restriction has no effect on secondary users and managed profiles since only the 515 * primary user can add other users. 516 * 517 * <p>Key for user restrictions. 518 * <p>Type: Boolean 519 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 520 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 521 * @see #getUserRestrictions() 522 */ 523 public static final String DISALLOW_ADD_USER = "no_add_user"; 524 525 /** 526 * Specifies if a user is disallowed from adding managed profiles. 527 * <p>The default value for an unmanaged user is <code>false</code>. 528 * For users with a device owner set, the default is <code>true</code>. 529 * <p>This restriction has no effect on managed profiles. 530 * 531 * <p>Key for user restrictions. 532 * <p>Type: Boolean 533 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 534 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 535 * @see #getUserRestrictions() 536 */ 537 public static final String DISALLOW_ADD_MANAGED_PROFILE = "no_add_managed_profile"; 538 539 /** 540 * Specifies if a user is disallowed from disabling application verification. The default 541 * value is <code>false</code>. 542 * 543 * <p>In Android 8.0 ({@linkplain android.os.Build.VERSION_CODES#O API level 26}) and higher, 544 * this is a global user restriction. If a device owner or profile owner sets this restriction, 545 * the system enforces app verification across all users on the device. Running in earlier 546 * Android versions, this restriction affects only the profile that sets it. 547 * 548 * <p>Key for user restrictions. 549 * <p>Type: Boolean 550 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 551 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 552 * @see #getUserRestrictions() 553 */ 554 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps"; 555 556 /** 557 * Specifies if a user is disallowed from configuring cell 558 * broadcasts. This can only be set by device owners and profile owners on the primary user. 559 * The default value is <code>false</code>. 560 * <p>This restriction has no effect on secondary users and managed profiles since only the 561 * primary user can configure cell broadcasts. 562 * 563 * <p>Key for user restrictions. 564 * <p>Type: Boolean 565 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 566 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 567 * @see #getUserRestrictions() 568 */ 569 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts"; 570 571 /** 572 * Specifies if a user is disallowed from configuring mobile 573 * networks. This can only be set by device owners and profile owners on the primary user. 574 * The default value is <code>false</code>. 575 * <p>This restriction has no effect on secondary users and managed profiles since only the 576 * primary user can configure mobile networks. 577 * 578 * <p>Key for user restrictions. 579 * <p>Type: Boolean 580 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 581 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 582 * @see #getUserRestrictions() 583 */ 584 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks"; 585 586 /** 587 * Specifies if a user is disallowed from modifying 588 * applications in Settings or launchers. The following actions will not be allowed when this 589 * restriction is enabled: 590 * <li>uninstalling apps</li> 591 * <li>disabling apps</li> 592 * <li>clearing app caches</li> 593 * <li>clearing app data</li> 594 * <li>force stopping apps</li> 595 * <li>clearing app defaults</li> 596 * <p> 597 * The default value is <code>false</code>. 598 * 599 * <p><strong>Note:</strong> The user will still be able to perform those actions via other 600 * means (such as adb). Third party apps will also be able to uninstall apps via the 601 * {@link android.content.pm.PackageInstaller}. {@link #DISALLOW_UNINSTALL_APPS} or 602 * {@link DevicePolicyManager#setUninstallBlocked(ComponentName, String, boolean)} should be 603 * used to prevent the user from uninstalling apps completely, and 604 * {@link DevicePolicyManager#addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName)} 605 * to add a default intent handler for a given intent filter. 606 * 607 * <p>Key for user restrictions. 608 * <p>Type: Boolean 609 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 610 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 611 * @see #getUserRestrictions() 612 */ 613 public static final String DISALLOW_APPS_CONTROL = "no_control_apps"; 614 615 /** 616 * Specifies if a user is disallowed from mounting 617 * physical external media. This can only be set by device owners and profile owners on the 618 * primary user. The default value is <code>false</code>. 619 * 620 * <p>Key for user restrictions. 621 * <p>Type: Boolean 622 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 623 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 624 * @see #getUserRestrictions() 625 */ 626 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media"; 627 628 /** 629 * Specifies if a user is disallowed from adjusting microphone volume. If set, the microphone 630 * will be muted. This can be set by device owners and profile owners. The default value is 631 * <code>false</code>. 632 * 633 * <p>This restriction has no effect on managed profiles. 634 * <p>Key for user restrictions. 635 * <p>Type: Boolean 636 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 637 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 638 * @see #getUserRestrictions() 639 */ 640 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone"; 641 642 /** 643 * Specifies if a user is disallowed from adjusting the master volume. If set, the master volume 644 * will be muted. This can be set by device owners from API 21 and profile owners from API 24. 645 * The default value is <code>false</code>. 646 * 647 * <p>When the restriction is set by profile owners, then it only applies to relevant 648 * profiles. 649 * 650 * <p>This restriction has no effect on managed profiles. 651 * <p>Key for user restrictions. 652 * <p>Type: Boolean 653 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 654 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 655 * @see #getUserRestrictions() 656 */ 657 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume"; 658 659 /** 660 * Specifies that the user is not allowed to make outgoing 661 * phone calls. Emergency calls are still permitted. 662 * The default value is <code>false</code>. 663 * <p>This restriction has no effect on managed profiles. 664 * 665 * <p>Key for user restrictions. 666 * <p>Type: Boolean 667 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 668 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 669 * @see #getUserRestrictions() 670 */ 671 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls"; 672 673 /** 674 * Specifies that the user is not allowed to send or receive 675 * SMS messages. The default value is <code>false</code>. 676 * 677 * <p>Key for user restrictions. 678 * <p>Type: Boolean 679 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 680 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 681 * @see #getUserRestrictions() 682 */ 683 public static final String DISALLOW_SMS = "no_sms"; 684 685 /** 686 * Specifies if the user is not allowed to have fun. In some cases, the 687 * device owner may wish to prevent the user from experiencing amusement or 688 * joy while using the device. The default value is <code>false</code>. 689 * 690 * <p>Key for user restrictions. 691 * <p>Type: Boolean 692 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 693 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 694 * @see #getUserRestrictions() 695 */ 696 public static final String DISALLOW_FUN = "no_fun"; 697 698 /** 699 * Specifies that windows besides app windows should not be 700 * created. This will block the creation of the following types of windows. 701 * <li>{@link LayoutParams#TYPE_TOAST}</li> 702 * <li>{@link LayoutParams#TYPE_PHONE}</li> 703 * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li> 704 * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li> 705 * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li> 706 * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li> 707 * <li>{@link LayoutParams#TYPE_APPLICATION_OVERLAY}</li> 708 * 709 * <p>This can only be set by device owners and profile owners on the primary user. 710 * The default value is <code>false</code>. 711 * 712 * <p>Key for user restrictions. 713 * <p>Type: Boolean 714 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 715 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 716 * @see #getUserRestrictions() 717 */ 718 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows"; 719 720 /** 721 * Specifies that system error dialogs for crashed or unresponsive apps should not be shown. 722 * In this case, the system will force-stop the app as if the user chooses the "close app" 723 * option on the UI. A feedback report isn't collected as there is no way for the user to 724 * provide explicit consent. The default value is <code>false</code>. 725 * 726 * <p>When this user restriction is set by device owners, it's applied to all users. When set by 727 * the profile owner of the primary user or a secondary user, the restriction affects only the 728 * calling user. This user restriction has no effect on managed profiles. 729 * 730 * <p>Key for user restrictions. 731 * <p>Type: Boolean 732 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 733 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 734 * @see #getUserRestrictions() 735 */ 736 public static final String DISALLOW_SYSTEM_ERROR_DIALOGS = "no_system_error_dialogs"; 737 738 /** 739 * Specifies if the clipboard contents can be exported by pasting the data into other users or 740 * profiles. This restriction doesn't prevent import, such as someone pasting clipboard data 741 * from other profiles or users. The default value is {@code false}. 742 * 743 * <p><strong>Note</strong>: Because it's possible to extract data from screenshots using 744 * optical character recognition (OCR), we strongly recommend combining this user restriction 745 * with {@link DevicePolicyManager#setScreenCaptureDisabled(ComponentName, boolean)}. 746 * 747 * <p>Key for user restrictions. 748 * <p>Type: Boolean 749 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 750 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 751 * @see #getUserRestrictions() 752 */ 753 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste"; 754 755 /** 756 * Specifies if the user is not allowed to use NFC to beam out data from apps. 757 * The default value is <code>false</code>. 758 * 759 * <p>Key for user restrictions. 760 * <p>Type: Boolean 761 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 762 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 763 * @see #getUserRestrictions() 764 */ 765 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam"; 766 767 /** 768 * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction 769 * generally means that wallpapers are not supported for the particular user. This user 770 * restriction is always set for managed profiles, because such profiles don't have wallpapers. 771 * @hide 772 * @see #DISALLOW_SET_WALLPAPER 773 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 774 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 775 * @see #getUserRestrictions() 776 */ 777 public static final String DISALLOW_WALLPAPER = "no_wallpaper"; 778 779 /** 780 * User restriction to disallow setting a wallpaper. Profile owner and device owner 781 * are able to set wallpaper regardless of this restriction. 782 * The default value is <code>false</code>. 783 * 784 * <p>Key for user restrictions. 785 * <p>Type: Boolean 786 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 787 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 788 * @see #getUserRestrictions() 789 */ 790 public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper"; 791 792 /** 793 * Specifies if the user is not allowed to reboot the device into safe boot mode. 794 * This can only be set by device owners and profile owners on the primary user. 795 * The default value is <code>false</code>. 796 * 797 * <p>Key for user restrictions. 798 * <p>Type: Boolean 799 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 800 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 801 * @see #getUserRestrictions() 802 */ 803 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot"; 804 805 /** 806 * Specifies if a user is not allowed to record audio. This restriction is always enabled for 807 * background users. The default value is <code>false</code>. 808 * 809 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 810 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 811 * @see #getUserRestrictions() 812 * @hide 813 */ 814 @UnsupportedAppUsage 815 public static final String DISALLOW_RECORD_AUDIO = "no_record_audio"; 816 817 /** 818 * Specifies if a user is not allowed to run in the background and should be stopped during 819 * user switch. The default value is <code>false</code>. 820 * 821 * <p>This restriction can be set by device owners and profile owners. 822 * 823 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 824 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 825 * @see #getUserRestrictions() 826 * @hide 827 */ 828 @SystemApi 829 public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background"; 830 831 /** 832 * Specifies if a user is not allowed to use the camera. 833 * 834 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 835 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 836 * @see #getUserRestrictions() 837 * @hide 838 */ 839 public static final String DISALLOW_CAMERA = "no_camera"; 840 841 /** 842 * Specifies if a user is not allowed to unmute the device's master volume. 843 * 844 * @see DevicePolicyManager#setMasterVolumeMuted(ComponentName, boolean) 845 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 846 * @see #getUserRestrictions() 847 * @hide 848 */ 849 public static final String DISALLOW_UNMUTE_DEVICE = "disallow_unmute_device"; 850 851 /** 852 * Specifies if a user is not allowed to use cellular data when roaming. This can only be set by 853 * device owners. The default value is <code>false</code>. 854 * 855 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 856 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 857 * @see #getUserRestrictions() 858 */ 859 public static final String DISALLOW_DATA_ROAMING = "no_data_roaming"; 860 861 /** 862 * Specifies if a user is not allowed to change their icon. Device owner and profile owner 863 * can set this restriction. When it is set by device owner, only the target user will be 864 * affected. The default value is <code>false</code>. 865 * 866 * <p>Key for user restrictions. 867 * <p>Type: Boolean 868 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 869 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 870 * @see #getUserRestrictions() 871 */ 872 public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon"; 873 874 /** 875 * Specifies if a user is not allowed to enable the oem unlock setting. The default value is 876 * <code>false</code>. Setting this restriction has no effect if the bootloader is already 877 * unlocked. 878 * 879 * <p>Not for use by third-party applications. 880 * 881 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 882 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 883 * @see #getUserRestrictions() 884 * @deprecated use {@link OemLockManager#setOemUnlockAllowedByCarrier(boolean, byte[])} instead. 885 * @hide 886 */ 887 @Deprecated 888 @SystemApi 889 public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock"; 890 891 /** 892 * Specifies that the managed profile is not allowed to have unified lock screen challenge with 893 * the primary user. 894 * 895 * <p><strong>Note:</strong> Setting this restriction alone doesn't automatically set a 896 * separate challenge. Profile owner can ask the user to set a new password using 897 * {@link DevicePolicyManager#ACTION_SET_NEW_PASSWORD} and verify it using 898 * {@link DevicePolicyManager#isUsingUnifiedPassword(ComponentName)}. 899 * 900 * <p>Can be set by profile owners. It only has effect on managed profiles when set by managed 901 * profile owner. Has no effect on non-managed profiles or users. 902 * <p>Key for user restrictions. 903 * <p>Type: Boolean 904 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 905 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 906 * @see #getUserRestrictions() 907 */ 908 public static final String DISALLOW_UNIFIED_PASSWORD = "no_unified_password"; 909 910 /** 911 * Allows apps in the parent profile to handle web links from the managed profile. 912 * 913 * This user restriction has an effect only in a managed profile. 914 * If set: 915 * Intent filters of activities in the parent profile with action 916 * {@link android.content.Intent#ACTION_VIEW}, 917 * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which 918 * define a host can handle intents from the managed profile. 919 * The default value is <code>false</code>. 920 * 921 * <p>Key for user restrictions. 922 * <p>Type: Boolean 923 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 924 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 925 * @see #getUserRestrictions() 926 */ 927 public static final String ALLOW_PARENT_PROFILE_APP_LINKING 928 = "allow_parent_profile_app_linking"; 929 930 /** 931 * Specifies if a user is not allowed to use Autofill Services. 932 * 933 * <p>Device owner and profile owner can set this restriction. When it is set by device owner, 934 * only the target user will be affected. 935 * 936 * <p>The default value is <code>false</code>. 937 * 938 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 939 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 940 * @see #getUserRestrictions() 941 */ 942 public static final String DISALLOW_AUTOFILL = "no_autofill"; 943 944 /** 945 * Specifies if the contents of a user's screen is not allowed to be captured for artificial 946 * intelligence purposes. 947 * 948 * <p>Device owner and profile owner can set this restriction. When it is set by device owner, 949 * only the target user will be affected. 950 * 951 * <p>The default value is <code>false</code>. 952 * 953 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 954 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 955 * @see #getUserRestrictions() 956 */ 957 public static final String DISALLOW_CONTENT_CAPTURE = "no_content_capture"; 958 959 /** 960 * Specifies if the current user is able to receive content suggestions for selections based on 961 * the contents of their screen. 962 * 963 * <p>Device owner and profile owner can set this restriction. When it is set by device owner, 964 * only the target user will be affected. 965 * 966 * <p>The default value is <code>false</code>. 967 * 968 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 969 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 970 * @see #getUserRestrictions() 971 */ 972 public static final String DISALLOW_CONTENT_SUGGESTIONS = "no_content_suggestions"; 973 974 /** 975 * Specifies if user switching is blocked on the current user. 976 * 977 * <p> This restriction can only be set by the device owner, it will be applied to all users. 978 * Device owner can still switch user via 979 * {@link DevicePolicyManager#switchUser(ComponentName, UserHandle)} when this restriction is 980 * set. 981 * 982 * <p>The default value is <code>false</code>. 983 * 984 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 985 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 986 * @see #getUserRestrictions() 987 */ 988 public static final String DISALLOW_USER_SWITCH = "no_user_switch"; 989 990 /** 991 * Specifies whether the user can share file / picture / data from the primary user into the 992 * managed profile, either by sending them from the primary side, or by picking up data within 993 * an app in the managed profile. 994 * <p> 995 * When a managed profile is created, the system allows the user to send data from the primary 996 * side to the profile by setting up certain default cross profile intent filters. If 997 * this is undesired, this restriction can be set to disallow it. Note that this restriction 998 * will not block any sharing allowed by explicit 999 * {@link DevicePolicyManager#addCrossProfileIntentFilter} calls by the profile owner. 1000 * <p> 1001 * This restriction is only meaningful when set by profile owner. When it is set by device 1002 * owner, it does not have any effect. 1003 * <p> 1004 * The default value is <code>false</code>. 1005 * 1006 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1007 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1008 * @see #getUserRestrictions() 1009 */ 1010 public static final String DISALLOW_SHARE_INTO_MANAGED_PROFILE = "no_sharing_into_profile"; 1011 1012 /** 1013 * Specifies whether the user is allowed to print. 1014 * 1015 * This restriction can be set by device or profile owner. 1016 * 1017 * The default value is {@code false}. 1018 * 1019 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1020 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1021 * @see #getUserRestrictions() 1022 */ 1023 public static final String DISALLOW_PRINTING = "no_printing"; 1024 1025 /** 1026 * Specifies whether the user is allowed to modify private DNS settings. 1027 * 1028 * <p>The default value is <code>false</code>. 1029 * 1030 * <p>This user restriction can only be applied by the Device Owner. 1031 * <p>Key for user restrictions. 1032 * <p>Type: Boolean 1033 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 1034 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 1035 * @see #getUserRestrictions() 1036 */ 1037 public static final String DISALLOW_CONFIG_PRIVATE_DNS = 1038 "disallow_config_private_dns"; 1039 1040 /** 1041 * Application restriction key that is used to indicate the pending arrival 1042 * of real restrictions for the app. 1043 * 1044 * <p> 1045 * Applications that support restrictions should check for the presence of this key. 1046 * A <code>true</code> value indicates that restrictions may be applied in the near 1047 * future but are not available yet. It is the responsibility of any 1048 * management application that sets this flag to update it when the final 1049 * restrictions are enforced. 1050 * 1051 * <p>Key for application restrictions. 1052 * <p>Type: Boolean 1053 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions( 1054 * android.content.ComponentName, String, Bundle) 1055 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions( 1056 * android.content.ComponentName, String) 1057 */ 1058 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending"; 1059 1060 private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER"; 1061 1062 /** 1063 * Extra containing a name for the user being created. Optional parameter passed to 1064 * ACTION_CREATE_USER activity. 1065 * @hide 1066 */ 1067 public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME"; 1068 1069 /** 1070 * Extra containing account name for the user being created. Optional parameter passed to 1071 * ACTION_CREATE_USER activity. 1072 * @hide 1073 */ 1074 public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME"; 1075 1076 /** 1077 * Extra containing account type for the user being created. Optional parameter passed to 1078 * ACTION_CREATE_USER activity. 1079 * @hide 1080 */ 1081 public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE"; 1082 1083 /** 1084 * Extra containing account-specific data for the user being created. Optional parameter passed 1085 * to ACTION_CREATE_USER activity. 1086 * @hide 1087 */ 1088 public static final String EXTRA_USER_ACCOUNT_OPTIONS 1089 = "android.os.extra.USER_ACCOUNT_OPTIONS"; 1090 1091 /** @hide */ 1092 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 1093 /** @hide */ 1094 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 1095 /** @hide */ 1096 public static final int PIN_VERIFICATION_SUCCESS = -1; 1097 1098 /** 1099 * Sent when user restrictions have changed. 1100 * 1101 * @hide 1102 */ 1103 @SystemApi 1104 @TestApi // To allow seeing it from CTS. 1105 public static final String ACTION_USER_RESTRICTIONS_CHANGED = 1106 "android.os.action.USER_RESTRICTIONS_CHANGED"; 1107 1108 /** 1109 * Error result indicating that this user is not allowed to add other users on this device. 1110 * This is a result code returned from the activity created by the intent 1111 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 1112 */ 1113 public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER; 1114 1115 /** 1116 * Error result indicating that no more users can be created on this device. 1117 * This is a result code returned from the activity created by the intent 1118 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 1119 */ 1120 public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1; 1121 1122 /** 1123 * Indicates that users are switchable. 1124 * @hide 1125 */ 1126 @SystemApi 1127 public static final int SWITCHABILITY_STATUS_OK = 0; 1128 1129 /** 1130 * Indicated that the user is in a phone call. 1131 * @hide 1132 */ 1133 @SystemApi 1134 public static final int SWITCHABILITY_STATUS_USER_IN_CALL = 1 << 0; 1135 1136 /** 1137 * Indicates that user switching is disallowed ({@link #DISALLOW_USER_SWITCH} is set). 1138 * @hide 1139 */ 1140 @SystemApi 1141 public static final int SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED = 1 << 1; 1142 1143 /** 1144 * Indicates that the system user is locked and user switching is not allowed. 1145 * @hide 1146 */ 1147 @SystemApi 1148 public static final int SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED = 1 << 2; 1149 1150 /** 1151 * Result returned in {@link #getUserSwitchability()} indicating user swichability. 1152 * @hide 1153 */ 1154 @Retention(RetentionPolicy.SOURCE) 1155 @IntDef(flag = true, prefix = { "SWITCHABILITY_STATUS_" }, value = { 1156 SWITCHABILITY_STATUS_OK, 1157 SWITCHABILITY_STATUS_USER_IN_CALL, 1158 SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED, 1159 SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED 1160 }) 1161 public @interface UserSwitchabilityResult {} 1162 1163 /** 1164 * Indicates user operation is successful. 1165 */ 1166 public static final int USER_OPERATION_SUCCESS = 0; 1167 1168 /** 1169 * Indicates user operation failed for unknown reason. 1170 */ 1171 public static final int USER_OPERATION_ERROR_UNKNOWN = 1; 1172 1173 /** 1174 * Indicates user operation failed because target user is a managed profile. 1175 */ 1176 public static final int USER_OPERATION_ERROR_MANAGED_PROFILE = 2; 1177 1178 /** 1179 * Indicates user operation failed because maximum running user limit has been reached. 1180 */ 1181 public static final int USER_OPERATION_ERROR_MAX_RUNNING_USERS = 3; 1182 1183 /** 1184 * Indicates user operation failed because the target user is in the foreground. 1185 */ 1186 public static final int USER_OPERATION_ERROR_CURRENT_USER = 4; 1187 1188 /** 1189 * Indicates user operation failed because device has low data storage. 1190 */ 1191 public static final int USER_OPERATION_ERROR_LOW_STORAGE = 5; 1192 1193 /** 1194 * Indicates user operation failed because maximum user limit has been reached. 1195 */ 1196 public static final int USER_OPERATION_ERROR_MAX_USERS = 6; 1197 1198 /** 1199 * Result returned from various user operations. 1200 * 1201 * @hide 1202 */ 1203 @Retention(RetentionPolicy.SOURCE) 1204 @IntDef(prefix = { "USER_OPERATION_" }, value = { 1205 USER_OPERATION_SUCCESS, 1206 USER_OPERATION_ERROR_UNKNOWN, 1207 USER_OPERATION_ERROR_MANAGED_PROFILE, 1208 USER_OPERATION_ERROR_MAX_RUNNING_USERS, 1209 USER_OPERATION_ERROR_CURRENT_USER, 1210 USER_OPERATION_ERROR_LOW_STORAGE, 1211 USER_OPERATION_ERROR_MAX_USERS 1212 }) 1213 public @interface UserOperationResult {} 1214 1215 /** 1216 * Thrown to indicate user operation failed. 1217 */ 1218 public static class UserOperationException extends RuntimeException { 1219 private final @UserOperationResult int mUserOperationResult; 1220 1221 /** 1222 * Constructs a UserOperationException with specific result code. 1223 * 1224 * @param message the detail message 1225 * @param userOperationResult the result code 1226 * @hide 1227 */ 1228 public UserOperationException(String message, 1229 @UserOperationResult int userOperationResult) { 1230 super(message); 1231 mUserOperationResult = userOperationResult; 1232 } 1233 1234 /** 1235 * Returns the operation result code. 1236 */ 1237 public @UserOperationResult int getUserOperationResult() { 1238 return mUserOperationResult; 1239 } 1240 } 1241 1242 /** @hide */ 1243 @UnsupportedAppUsage 1244 public static UserManager get(Context context) { 1245 return (UserManager) context.getSystemService(Context.USER_SERVICE); 1246 } 1247 1248 /** @hide */ 1249 public UserManager(Context context, IUserManager service) { 1250 mService = service; 1251 mContext = context.getApplicationContext(); 1252 } 1253 1254 /** 1255 * Returns whether this device supports multiple users with their own login and customizable 1256 * space. 1257 * @return whether the device supports multiple users. 1258 */ 1259 public static boolean supportsMultipleUsers() { 1260 return getMaxSupportedUsers() > 1 1261 && SystemProperties.getBoolean("fw.show_multiuserui", 1262 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI)); 1263 } 1264 1265 /** 1266 * @hide 1267 * @return Whether the device is running with split system user. It means the system user and 1268 * primary user are two separate users. Previously system user and primary user are combined as 1269 * a single owner user. see @link {android.os.UserHandle#USER_OWNER} 1270 */ 1271 @TestApi 1272 public static boolean isSplitSystemUser() { 1273 return RoSystemProperties.FW_SYSTEM_USER_SPLIT; 1274 } 1275 1276 /** 1277 * @return Whether guest user is always ephemeral 1278 * @hide 1279 */ 1280 public static boolean isGuestUserEphemeral() { 1281 return Resources.getSystem() 1282 .getBoolean(com.android.internal.R.bool.config_guestUserEphemeral); 1283 } 1284 1285 /** 1286 * @deprecated use {@link #getUserSwitchability()} instead. 1287 * 1288 * @removed 1289 * @hide 1290 */ 1291 @Deprecated 1292 @UnsupportedAppUsage 1293 public boolean canSwitchUsers() { 1294 boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt( 1295 mContext.getContentResolver(), 1296 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0; 1297 boolean isSystemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM); 1298 boolean inCall = TelephonyManager.getDefault().getCallState() 1299 != TelephonyManager.CALL_STATE_IDLE; 1300 boolean isUserSwitchDisallowed = hasUserRestriction(DISALLOW_USER_SWITCH); 1301 return (allowUserSwitchingWhenSystemUserLocked || isSystemUserUnlocked) && !inCall 1302 && !isUserSwitchDisallowed; 1303 } 1304 1305 /** 1306 * Returns whether switching users is currently allowed. 1307 * <p> 1308 * Switching users is not allowed in the following cases: 1309 * <li>the user is in a phone call</li> 1310 * <li>{@link #DISALLOW_USER_SWITCH} is set</li> 1311 * <li>system user hasn't been unlocked yet</li> 1312 * 1313 * @return A {@link UserSwitchabilityResult} flag indicating if the user is switchable. 1314 * @hide 1315 */ 1316 @SystemApi 1317 @RequiresPermission(allOf = {Manifest.permission.READ_PHONE_STATE, 1318 android.Manifest.permission.MANAGE_USERS, 1319 android.Manifest.permission.INTERACT_ACROSS_USERS}, conditional = true) 1320 public @UserSwitchabilityResult int getUserSwitchability() { 1321 final boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt( 1322 mContext.getContentResolver(), 1323 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0; 1324 final boolean systemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM); 1325 final TelephonyManager tm = 1326 (TelephonyManager) mContext.getSystemService(Context.TELEPHONY_SERVICE); 1327 1328 int flags = SWITCHABILITY_STATUS_OK; 1329 if (tm.getCallState() != TelephonyManager.CALL_STATE_IDLE) { 1330 flags |= SWITCHABILITY_STATUS_USER_IN_CALL; 1331 } 1332 if (hasUserRestriction(DISALLOW_USER_SWITCH)) { 1333 flags |= SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED; 1334 } 1335 if (!allowUserSwitchingWhenSystemUserLocked && !systemUserUnlocked) { 1336 flags |= SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED; 1337 } 1338 return flags; 1339 } 1340 1341 /** 1342 * Returns the user handle for the user that this process is running under. 1343 * 1344 * @return the user handle of this process. 1345 * @hide 1346 */ 1347 @UnsupportedAppUsage 1348 public @UserIdInt int getUserHandle() { 1349 return UserHandle.myUserId(); 1350 } 1351 1352 /** 1353 * Returns the user name of the user making this call. This call is only 1354 * available to applications on the system image; it requires the 1355 * {@code android.permission.MANAGE_USERS} or {@code android.permission.GET_ACCOUNTS_PRIVILEGED} 1356 * permissions. 1357 * @return the user name 1358 */ 1359 public String getUserName() { 1360 try { 1361 return mService.getUserName(); 1362 } catch (RemoteException re) { 1363 throw re.rethrowFromSystemServer(); 1364 } 1365 } 1366 1367 /** 1368 * Returns whether user name has been set. 1369 * <p>This method can be used to check that the value returned by {@link #getUserName()} was 1370 * set by the user and is not a placeholder string provided by the system. 1371 * @hide 1372 */ 1373 public boolean isUserNameSet() { 1374 try { 1375 return mService.isUserNameSet(getUserHandle()); 1376 } catch (RemoteException re) { 1377 throw re.rethrowFromSystemServer(); 1378 } 1379 } 1380 1381 /** 1382 * Used to determine whether the user making this call is subject to 1383 * teleportations. 1384 * 1385 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can 1386 * now automatically identify goats using advanced goat recognition technology.</p> 1387 * 1388 * @return Returns true if the user making this call is a goat. 1389 */ 1390 public boolean isUserAGoat() { 1391 return mContext.getPackageManager() 1392 .isPackageAvailable("com.coffeestainstudios.goatsimulator"); 1393 } 1394 1395 /** 1396 * Used to check if this process is running under the primary user. The primary user 1397 * is the first human user on a device. 1398 * 1399 * @return whether this process is running under the primary user. 1400 * @hide 1401 */ 1402 @SystemApi 1403 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1404 public boolean isPrimaryUser() { 1405 UserInfo user = getUserInfo(UserHandle.myUserId()); 1406 return user != null && user.isPrimary(); 1407 } 1408 1409 /** 1410 * Used to check if this process is running under the system user. The system user 1411 * is the initial user that is implicitly created on first boot and hosts most of the 1412 * system services. 1413 * 1414 * @return whether this process is running under the system user. 1415 */ 1416 public boolean isSystemUser() { 1417 return UserHandle.myUserId() == UserHandle.USER_SYSTEM; 1418 } 1419 1420 /** 1421 * Used to check if this process is running as an admin user. An admin user is allowed to 1422 * modify or configure certain settings that aren't available to non-admin users, 1423 * create and delete additional users, etc. There can be more than one admin users. 1424 * 1425 * @return whether this process is running under an admin user. 1426 * @hide 1427 */ 1428 @SystemApi 1429 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1430 public boolean isAdminUser() { 1431 return isUserAdmin(UserHandle.myUserId()); 1432 } 1433 1434 /** 1435 * @hide 1436 * Returns whether the provided user is an admin user. There can be more than one admin 1437 * user. 1438 */ 1439 @UnsupportedAppUsage 1440 public boolean isUserAdmin(@UserIdInt int userId) { 1441 UserInfo user = getUserInfo(userId); 1442 return user != null && user.isAdmin(); 1443 } 1444 1445 /** 1446 * @hide 1447 * @deprecated Use {@link #isRestrictedProfile()} 1448 */ 1449 @UnsupportedAppUsage 1450 @Deprecated 1451 public boolean isLinkedUser() { 1452 return isRestrictedProfile(); 1453 } 1454 1455 /** 1456 * Used to check if this process is running under a restricted profile. Restricted profiles 1457 * may have a reduced number of available apps, app restrictions, and account restrictions. 1458 * 1459 * @return whether this process is running under a restricted profile. 1460 * @hide 1461 */ 1462 @SystemApi 1463 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1464 public boolean isRestrictedProfile() { 1465 try { 1466 return mService.isRestricted(); 1467 } catch (RemoteException re) { 1468 throw re.rethrowFromSystemServer(); 1469 } 1470 } 1471 1472 /** 1473 * Check if a user is a restricted profile. Restricted profiles may have a reduced number of 1474 * available apps, app restrictions, and account restrictions. 1475 * 1476 * @param user the user to check 1477 * @return whether the user is a restricted profile. 1478 * @hide 1479 */ 1480 @SystemApi 1481 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1482 public boolean isRestrictedProfile(@NonNull UserHandle user) { 1483 try { 1484 return mService.getUserInfo(user.getIdentifier()).isRestricted(); 1485 } catch (RemoteException re) { 1486 throw re.rethrowFromSystemServer(); 1487 } 1488 } 1489 1490 /** 1491 * Checks if specified user can have restricted profile. 1492 * @hide 1493 */ 1494 public boolean canHaveRestrictedProfile(@UserIdInt int userId) { 1495 try { 1496 return mService.canHaveRestrictedProfile(userId); 1497 } catch (RemoteException re) { 1498 throw re.rethrowFromSystemServer(); 1499 } 1500 } 1501 1502 /** 1503 * Returns whether the calling user has at least one restricted profile associated with it. 1504 * @return 1505 * @hide 1506 */ 1507 @SystemApi 1508 public boolean hasRestrictedProfiles() { 1509 try { 1510 return mService.hasRestrictedProfiles(); 1511 } catch (RemoteException re) { 1512 throw re.rethrowFromSystemServer(); 1513 } 1514 } 1515 1516 /** 1517 * Checks if a user is a guest user. 1518 * @return whether user is a guest user. 1519 * @hide 1520 */ 1521 @UnsupportedAppUsage 1522 public boolean isGuestUser(int id) { 1523 UserInfo user = getUserInfo(id); 1524 return user != null && user.isGuest(); 1525 } 1526 1527 /** 1528 * Used to check if this process is running under a guest user. A guest user may be transient. 1529 * 1530 * @return whether this process is running under a guest user. 1531 * @hide 1532 */ 1533 @SystemApi 1534 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1535 public boolean isGuestUser() { 1536 UserInfo user = getUserInfo(UserHandle.myUserId()); 1537 return user != null && user.isGuest(); 1538 } 1539 1540 1541 /** 1542 * Checks if the calling app is running in a demo user. When running in a demo user, 1543 * apps can be more helpful to the user, or explain their features in more detail. 1544 * 1545 * @return whether the caller is a demo user. 1546 */ 1547 public boolean isDemoUser() { 1548 try { 1549 return mService.isDemoUser(UserHandle.myUserId()); 1550 } catch (RemoteException re) { 1551 throw re.rethrowFromSystemServer(); 1552 } 1553 } 1554 1555 /** 1556 * Checks if the calling app is running in a managed profile. 1557 * 1558 * @return whether the caller is in a managed profile. 1559 * @hide 1560 */ 1561 @SystemApi 1562 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1563 public boolean isManagedProfile() { 1564 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 1565 // Worst case we might end up calling the AIDL method multiple times but that's fine. 1566 if (mIsManagedProfileCached != null) { 1567 return mIsManagedProfileCached; 1568 } 1569 try { 1570 mIsManagedProfileCached = mService.isManagedProfile(UserHandle.myUserId()); 1571 return mIsManagedProfileCached; 1572 } catch (RemoteException re) { 1573 throw re.rethrowFromSystemServer(); 1574 } 1575 } 1576 1577 /** 1578 * Checks if the specified user is a managed profile. 1579 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission, otherwise the caller 1580 * must be in the same profile group of specified user. 1581 * 1582 * @return whether the specified user is a managed profile. 1583 * @hide 1584 */ 1585 @SystemApi 1586 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1587 public boolean isManagedProfile(@UserIdInt int userId) { 1588 if (userId == UserHandle.myUserId()) { 1589 return isManagedProfile(); 1590 } 1591 try { 1592 return mService.isManagedProfile(userId); 1593 } catch (RemoteException re) { 1594 throw re.rethrowFromSystemServer(); 1595 } 1596 } 1597 1598 /** 1599 * Gets badge for a managed profile. 1600 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission, otherwise the caller 1601 * must be in the same profile group of specified user. 1602 * 1603 * @return which badge to use for the managed profile badge id will be less than 1604 * UserManagerService.getMaxManagedProfiles() 1605 * @hide 1606 */ 1607 public int getManagedProfileBadge(@UserIdInt int userId) { 1608 try { 1609 return mService.getManagedProfileBadge(userId); 1610 } catch (RemoteException re) { 1611 throw re.rethrowFromSystemServer(); 1612 } 1613 } 1614 1615 /** 1616 * Checks if the calling app is running as an ephemeral user. 1617 * 1618 * @return whether the caller is an ephemeral user. 1619 * @hide 1620 */ 1621 public boolean isEphemeralUser() { 1622 return isUserEphemeral(UserHandle.myUserId()); 1623 } 1624 1625 /** 1626 * Returns whether the specified user is ephemeral. 1627 * @hide 1628 */ 1629 public boolean isUserEphemeral(@UserIdInt int userId) { 1630 final UserInfo user = getUserInfo(userId); 1631 return user != null && user.isEphemeral(); 1632 } 1633 1634 /** 1635 * Return whether the given user is actively running. This means that 1636 * the user is in the "started" state, not "stopped" -- it is currently 1637 * allowed to run code through scheduled alarms, receiving broadcasts, 1638 * etc. A started user may be either the current foreground user or a 1639 * background user; the result here does not distinguish between the two. 1640 * 1641 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 1642 * {@link android.os.Build.VERSION_CODES#N}, this API required a system permission 1643 * in order to check other profile's status. 1644 * Since Android Nougat MR1 (SDK version >= 25; 1645 * {@link android.os.Build.VERSION_CODES#N_MR1}), the restriction has been relaxed, and now 1646 * it'll accept any {@link android.os.UserHandle} within the same profile group as the caller. 1647 * 1648 * @param user The user to retrieve the running state for. 1649 */ 1650 // Note this requires either INTERACT_ACROSS_USERS or MANAGE_USERS. 1651 public boolean isUserRunning(UserHandle user) { 1652 return isUserRunning(user.getIdentifier()); 1653 } 1654 1655 /** {@hide} */ 1656 public boolean isUserRunning(@UserIdInt int userId) { 1657 try { 1658 return mService.isUserRunning(userId); 1659 } catch (RemoteException re) { 1660 throw re.rethrowFromSystemServer(); 1661 } 1662 } 1663 1664 /** 1665 * Return whether the given user is actively running <em>or</em> stopping. 1666 * This is like {@link #isUserRunning(UserHandle)}, but will also return 1667 * true if the user had been running but is in the process of being stopped 1668 * (but is not yet fully stopped, and still running some code). 1669 * 1670 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 1671 * {@link android.os.Build.VERSION_CODES#N}, this API required a system permission 1672 * in order to check other profile's status. 1673 * Since Android Nougat MR1 (SDK version >= 25; 1674 * {@link android.os.Build.VERSION_CODES#N_MR1}), the restriction has been relaxed, and now 1675 * it'll accept any {@link android.os.UserHandle} within the same profile group as the caller. 1676 * 1677 * @param user The user to retrieve the running state for. 1678 */ 1679 // Note this requires either INTERACT_ACROSS_USERS or MANAGE_USERS. 1680 public boolean isUserRunningOrStopping(UserHandle user) { 1681 try { 1682 // TODO: reconcile stopped vs stopping? 1683 return ActivityManager.getService().isUserRunning( 1684 user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED); 1685 } catch (RemoteException re) { 1686 throw re.rethrowFromSystemServer(); 1687 } 1688 } 1689 1690 /** 1691 * Return whether the calling user is running in an "unlocked" state. 1692 * <p> 1693 * On devices with direct boot, a user is unlocked only after they've 1694 * entered their credentials (such as a lock pattern or PIN). On devices 1695 * without direct boot, a user is unlocked as soon as it starts. 1696 * <p> 1697 * When a user is locked, only device-protected data storage is available. 1698 * When a user is unlocked, both device-protected and credential-protected 1699 * private app data storage is available. 1700 * 1701 * @see Intent#ACTION_USER_UNLOCKED 1702 * @see Context#createDeviceProtectedStorageContext() 1703 */ 1704 public boolean isUserUnlocked() { 1705 return isUserUnlocked(Process.myUserHandle()); 1706 } 1707 1708 /** 1709 * Return whether the given user is running in an "unlocked" state. 1710 * <p> 1711 * On devices with direct boot, a user is unlocked only after they've 1712 * entered their credentials (such as a lock pattern or PIN). On devices 1713 * without direct boot, a user is unlocked as soon as it starts. 1714 * <p> 1715 * When a user is locked, only device-protected data storage is available. 1716 * When a user is unlocked, both device-protected and credential-protected 1717 * private app data storage is available. 1718 * <p>Requires {@code android.permission.MANAGE_USERS} or 1719 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 1720 * must be the calling user or a managed profile associated with it. 1721 * 1722 * @param user to retrieve the unlocked state for. 1723 * @see Intent#ACTION_USER_UNLOCKED 1724 * @see Context#createDeviceProtectedStorageContext() 1725 */ 1726 public boolean isUserUnlocked(UserHandle user) { 1727 return isUserUnlocked(user.getIdentifier()); 1728 } 1729 1730 /** {@hide} */ 1731 @UnsupportedAppUsage 1732 public boolean isUserUnlocked(@UserIdInt int userId) { 1733 try { 1734 return mService.isUserUnlocked(userId); 1735 } catch (RemoteException re) { 1736 throw re.rethrowFromSystemServer(); 1737 } 1738 } 1739 1740 /** {@hide} */ 1741 public boolean isUserUnlockingOrUnlocked(UserHandle user) { 1742 return isUserUnlockingOrUnlocked(user.getIdentifier()); 1743 } 1744 1745 /** {@hide} */ 1746 public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) { 1747 try { 1748 return mService.isUserUnlockingOrUnlocked(userId); 1749 } catch (RemoteException re) { 1750 throw re.rethrowFromSystemServer(); 1751 } 1752 } 1753 1754 /** 1755 * Return the time when the calling user started in elapsed milliseconds since boot, 1756 * or 0 if not started. 1757 * 1758 * @hide 1759 */ 1760 @UnsupportedAppUsage 1761 public long getUserStartRealtime() { 1762 try { 1763 return mService.getUserStartRealtime(); 1764 } catch (RemoteException re) { 1765 throw re.rethrowFromSystemServer(); 1766 } 1767 } 1768 1769 /** 1770 * Return the time when the calling user was unlocked elapsed milliseconds since boot, 1771 * or 0 if not unlocked. 1772 * 1773 * @hide 1774 */ 1775 @UnsupportedAppUsage 1776 public long getUserUnlockRealtime() { 1777 try { 1778 return mService.getUserUnlockRealtime(); 1779 } catch (RemoteException re) { 1780 throw re.rethrowFromSystemServer(); 1781 } 1782 } 1783 1784 /** 1785 * Returns the UserInfo object describing a specific user. 1786 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1787 * @param userHandle the user handle of the user whose information is being requested. 1788 * @return the UserInfo object for a specific user. 1789 * @hide 1790 */ 1791 @UnsupportedAppUsage 1792 public UserInfo getUserInfo(@UserIdInt int userHandle) { 1793 try { 1794 return mService.getUserInfo(userHandle); 1795 } catch (RemoteException re) { 1796 throw re.rethrowFromSystemServer(); 1797 } 1798 } 1799 1800 /** 1801 * @hide 1802 * 1803 * Returns who set a user restriction on a user. 1804 * @param restrictionKey the string key representing the restriction 1805 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1806 * @return The source of user restriction. Any combination of {@link #RESTRICTION_NOT_SET}, 1807 * {@link #RESTRICTION_SOURCE_SYSTEM}, {@link #RESTRICTION_SOURCE_DEVICE_OWNER} 1808 * and {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 1809 * @deprecated use {@link #getUserRestrictionSources(String, int)} instead. 1810 */ 1811 @Deprecated 1812 @SystemApi 1813 @UserRestrictionSource 1814 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1815 public int getUserRestrictionSource(String restrictionKey, UserHandle userHandle) { 1816 try { 1817 return mService.getUserRestrictionSource(restrictionKey, userHandle.getIdentifier()); 1818 } catch (RemoteException re) { 1819 throw re.rethrowFromSystemServer(); 1820 } 1821 } 1822 1823 /** 1824 * @hide 1825 * 1826 * Returns a list of users who set a user restriction on a given user. 1827 * @param restrictionKey the string key representing the restriction 1828 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1829 * @return a list of user ids enforcing this restriction. 1830 */ 1831 @SystemApi 1832 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1833 public List<EnforcingUser> getUserRestrictionSources( 1834 String restrictionKey, UserHandle userHandle) { 1835 try { 1836 return mService.getUserRestrictionSources(restrictionKey, userHandle.getIdentifier()); 1837 } catch (RemoteException re) { 1838 throw re.rethrowFromSystemServer(); 1839 } 1840 } 1841 1842 /** 1843 * Returns the user-wide restrictions imposed on this user. 1844 * @return a Bundle containing all the restrictions. 1845 */ 1846 public Bundle getUserRestrictions() { 1847 return getUserRestrictions(Process.myUserHandle()); 1848 } 1849 1850 /** 1851 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 1852 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1853 * @return a Bundle containing all the restrictions. 1854 */ 1855 public Bundle getUserRestrictions(UserHandle userHandle) { 1856 try { 1857 return mService.getUserRestrictions(userHandle.getIdentifier()); 1858 } catch (RemoteException re) { 1859 throw re.rethrowFromSystemServer(); 1860 } 1861 } 1862 1863 /** 1864 * @hide 1865 * Returns whether the given user has been disallowed from performing certain actions 1866 * or setting certain settings through UserManager (e.g. this type of restriction would prevent 1867 * the guest user from doing certain things, such as making calls). This method disregards 1868 * restrictions set by device policy. 1869 * @param restrictionKey the string key representing the restriction 1870 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1871 */ 1872 @UnsupportedAppUsage 1873 public boolean hasBaseUserRestriction(String restrictionKey, UserHandle userHandle) { 1874 try { 1875 return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier()); 1876 } catch (RemoteException re) { 1877 throw re.rethrowFromSystemServer(); 1878 } 1879 } 1880 1881 /** 1882 * This will no longer work. Device owners and profile owners should use 1883 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 1884 */ 1885 // System apps should use UserManager.setUserRestriction() instead. 1886 @Deprecated 1887 public void setUserRestrictions(Bundle restrictions) { 1888 throw new UnsupportedOperationException("This method is no longer supported"); 1889 } 1890 1891 /** 1892 * This will no longer work. Device owners and profile owners should use 1893 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 1894 */ 1895 // System apps should use UserManager.setUserRestriction() instead. 1896 @Deprecated 1897 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 1898 throw new UnsupportedOperationException("This method is no longer supported"); 1899 } 1900 1901 /** 1902 * Sets the value of a specific restriction. 1903 * Requires the MANAGE_USERS permission. 1904 * @param key the key of the restriction 1905 * @param value the value for the restriction 1906 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 1907 * android.content.ComponentName, String)} or 1908 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 1909 * android.content.ComponentName, String)} instead. 1910 */ 1911 @Deprecated 1912 public void setUserRestriction(String key, boolean value) { 1913 setUserRestriction(key, value, Process.myUserHandle()); 1914 } 1915 1916 /** 1917 * @hide 1918 * Sets the value of a specific restriction on a specific user. 1919 * Requires the MANAGE_USERS permission. 1920 * @param key the key of the restriction 1921 * @param value the value for the restriction 1922 * @param userHandle the user whose restriction is to be changed. 1923 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 1924 * android.content.ComponentName, String)} or 1925 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 1926 * android.content.ComponentName, String)} instead. 1927 */ 1928 @Deprecated 1929 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 1930 try { 1931 mService.setUserRestriction(key, value, userHandle.getIdentifier()); 1932 } catch (RemoteException re) { 1933 throw re.rethrowFromSystemServer(); 1934 } 1935 } 1936 1937 /** 1938 * Returns whether the current user has been disallowed from performing certain actions 1939 * or setting certain settings. 1940 * 1941 * @param restrictionKey The string key representing the restriction. 1942 * @return {@code true} if the current user has the given restriction, {@code false} otherwise. 1943 */ 1944 public boolean hasUserRestriction(String restrictionKey) { 1945 return hasUserRestriction(restrictionKey, Process.myUserHandle()); 1946 } 1947 1948 /** 1949 * @hide 1950 * Returns whether the given user has been disallowed from performing certain actions 1951 * or setting certain settings. 1952 * @param restrictionKey the string key representing the restriction 1953 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1954 */ 1955 @UnsupportedAppUsage 1956 public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) { 1957 try { 1958 return mService.hasUserRestriction(restrictionKey, 1959 userHandle.getIdentifier()); 1960 } catch (RemoteException re) { 1961 throw re.rethrowFromSystemServer(); 1962 } 1963 } 1964 1965 /** 1966 * @hide 1967 * Returns whether any user on the device has the given user restriction set. 1968 */ 1969 public boolean hasUserRestrictionOnAnyUser(String restrictionKey) { 1970 try { 1971 return mService.hasUserRestrictionOnAnyUser(restrictionKey); 1972 } catch (RemoteException re) { 1973 throw re.rethrowFromSystemServer(); 1974 } 1975 } 1976 1977 /** 1978 * Return the serial number for a user. This is a device-unique 1979 * number assigned to that user; if the user is deleted and then a new 1980 * user created, the new users will not be given the same serial number. 1981 * @param user The user whose serial number is to be retrieved. 1982 * @return The serial number of the given user; returns -1 if the 1983 * given UserHandle does not exist. 1984 * @see #getUserForSerialNumber(long) 1985 */ 1986 public long getSerialNumberForUser(UserHandle user) { 1987 return getUserSerialNumber(user.getIdentifier()); 1988 } 1989 1990 /** 1991 * Return the user associated with a serial number previously 1992 * returned by {@link #getSerialNumberForUser(UserHandle)}. 1993 * @param serialNumber The serial number of the user that is being 1994 * retrieved. 1995 * @return Return the user associated with the serial number, or null 1996 * if there is not one. 1997 * @see #getSerialNumberForUser(UserHandle) 1998 */ 1999 public UserHandle getUserForSerialNumber(long serialNumber) { 2000 int ident = getUserHandle((int) serialNumber); 2001 return ident >= 0 ? new UserHandle(ident) : null; 2002 } 2003 2004 /** 2005 * Creates a user with the specified name and options. For non-admin users, default user 2006 * restrictions are going to be applied. 2007 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2008 * 2009 * @param name the user's name 2010 * @param flags flags that identify the type of user and other properties. 2011 * @see UserInfo 2012 * 2013 * @return the UserInfo object for the created user, or null if the user could not be created. 2014 * @hide 2015 */ 2016 @UnsupportedAppUsage 2017 public UserInfo createUser(String name, int flags) { 2018 UserInfo user = null; 2019 try { 2020 user = mService.createUser(name, flags); 2021 // TODO: Keep this in sync with 2022 // UserManagerService.LocalService.createUserEvenWhenDisallowed 2023 if (user != null && !user.isAdmin() && !user.isDemo()) { 2024 mService.setUserRestriction(DISALLOW_SMS, true, user.id); 2025 mService.setUserRestriction(DISALLOW_OUTGOING_CALLS, true, user.id); 2026 } 2027 } catch (RemoteException re) { 2028 throw re.rethrowFromSystemServer(); 2029 } 2030 return user; 2031 } 2032 2033 /** 2034 * Creates a guest user and configures it. 2035 * @param context an application context 2036 * @param name the name to set for the user 2037 * @hide 2038 */ 2039 public UserInfo createGuest(Context context, String name) { 2040 UserInfo guest = null; 2041 try { 2042 guest = mService.createUser(name, UserInfo.FLAG_GUEST); 2043 if (guest != null) { 2044 Settings.Secure.putStringForUser(context.getContentResolver(), 2045 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id); 2046 } 2047 } catch (RemoteException re) { 2048 throw re.rethrowFromSystemServer(); 2049 } 2050 return guest; 2051 } 2052 2053 /** 2054 * Creates a user with the specified name and options as a profile of another user. 2055 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2056 * 2057 * @param name the user's name 2058 * @param flags flags that identify the type of user and other properties. 2059 * @param userHandle new user will be a profile of this user. 2060 * 2061 * @return the {@link UserInfo} object for the created user, or null if the user 2062 * could not be created. 2063 * @hide 2064 */ 2065 @UnsupportedAppUsage 2066 public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle) { 2067 return createProfileForUser(name, flags, userHandle, null); 2068 } 2069 2070 /** 2071 * Version of {@link #createProfileForUser(String, int, int)} that allows you to specify 2072 * any packages that should not be installed in the new profile by default, these packages can 2073 * still be installed later by the user if needed. 2074 * 2075 * @param name the user's name 2076 * @param flags flags that identify the type of user and other properties. 2077 * @param userHandle new user will be a profile of this user. 2078 * @param disallowedPackages packages that will not be installed in the profile being created. 2079 * 2080 * @return the {@link UserInfo} object for the created user, or null if the user 2081 * could not be created. 2082 * @hide 2083 */ 2084 public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle, 2085 String[] disallowedPackages) { 2086 try { 2087 return mService.createProfileForUser(name, flags, userHandle, disallowedPackages); 2088 } catch (RemoteException re) { 2089 throw re.rethrowFromSystemServer(); 2090 } 2091 } 2092 2093 /** 2094 * Similar to {@link #createProfileForUser(String, int, int, String[])} 2095 * except bypassing the checking of {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}. 2096 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2097 * 2098 * @see #createProfileForUser(String, int, int, String[]) 2099 * @hide 2100 */ 2101 public UserInfo createProfileForUserEvenWhenDisallowed(String name, int flags, 2102 @UserIdInt int userHandle, String[] disallowedPackages) { 2103 try { 2104 return mService.createProfileForUserEvenWhenDisallowed(name, flags, userHandle, 2105 disallowedPackages); 2106 } catch (RemoteException re) { 2107 throw re.rethrowFromSystemServer(); 2108 } 2109 } 2110 2111 /** 2112 * Creates a restricted profile with the specified name. This method also sets necessary 2113 * restrictions and adds shared accounts. 2114 * 2115 * @param name profile's name 2116 * @return UserInfo object for the created user, or null if the user could not be created. 2117 * @hide 2118 */ 2119 public UserInfo createRestrictedProfile(String name) { 2120 try { 2121 UserHandle parentUserHandle = Process.myUserHandle(); 2122 UserInfo user = mService.createRestrictedProfile(name, 2123 parentUserHandle.getIdentifier()); 2124 if (user != null) { 2125 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle, 2126 UserHandle.of(user.id)); 2127 } 2128 return user; 2129 } catch (RemoteException re) { 2130 throw re.rethrowFromSystemServer(); 2131 } 2132 } 2133 2134 /** 2135 * Returns an intent to create a user for the provided name and account name. The name 2136 * and account name will be used when the setup process for the new user is started. 2137 * <p> 2138 * The intent should be launched using startActivityForResult and the return result will 2139 * indicate if the user consented to adding a new user and if the operation succeeded. Any 2140 * errors in creating the user will be returned in the result code. If the user cancels the 2141 * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the 2142 * result code will be {@link Activity#RESULT_OK}. 2143 * <p> 2144 * Use {@link #supportsMultipleUsers()} to first check if the device supports this operation 2145 * at all. 2146 * <p> 2147 * The new user is created but not initialized. After switching into the user for the first 2148 * time, the preferred user name and account information are used by the setup process for that 2149 * user. 2150 * 2151 * @param userName Optional name to assign to the user. 2152 * @param accountName Optional account name that will be used by the setup wizard to initialize 2153 * the user. 2154 * @param accountType Optional account type for the account to be created. This is required 2155 * if the account name is specified. 2156 * @param accountOptions Optional bundle of data to be passed in during account creation in the 2157 * new user via {@link AccountManager#addAccount(String, String, String[], 2158 * Bundle, android.app.Activity, android.accounts.AccountManagerCallback, 2159 * Handler)}. 2160 * @return An Intent that can be launched from an Activity. 2161 * @see #USER_CREATION_FAILED_NOT_PERMITTED 2162 * @see #USER_CREATION_FAILED_NO_MORE_USERS 2163 * @see #supportsMultipleUsers 2164 */ 2165 public static Intent createUserCreationIntent(@Nullable String userName, 2166 @Nullable String accountName, 2167 @Nullable String accountType, @Nullable PersistableBundle accountOptions) { 2168 Intent intent = new Intent(ACTION_CREATE_USER); 2169 if (userName != null) { 2170 intent.putExtra(EXTRA_USER_NAME, userName); 2171 } 2172 if (accountName != null && accountType == null) { 2173 throw new IllegalArgumentException("accountType must be specified if accountName is " 2174 + "specified"); 2175 } 2176 if (accountName != null) { 2177 intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName); 2178 } 2179 if (accountType != null) { 2180 intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType); 2181 } 2182 if (accountOptions != null) { 2183 intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions); 2184 } 2185 return intent; 2186 } 2187 2188 /** 2189 * @hide 2190 * 2191 * Returns the preferred account name for user creation. 2192 */ 2193 @SystemApi 2194 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2195 public String getSeedAccountName() { 2196 try { 2197 return mService.getSeedAccountName(); 2198 } catch (RemoteException re) { 2199 throw re.rethrowFromSystemServer(); 2200 } 2201 } 2202 2203 /** 2204 * @hide 2205 * 2206 * Returns the preferred account type for user creation. 2207 */ 2208 @SystemApi 2209 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2210 public String getSeedAccountType() { 2211 try { 2212 return mService.getSeedAccountType(); 2213 } catch (RemoteException re) { 2214 throw re.rethrowFromSystemServer(); 2215 } 2216 } 2217 2218 /** 2219 * @hide 2220 * 2221 * Returns the preferred account's options bundle for user creation. 2222 * @return Any options set by the requestor that created the user. 2223 */ 2224 @SystemApi 2225 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2226 public PersistableBundle getSeedAccountOptions() { 2227 try { 2228 return mService.getSeedAccountOptions(); 2229 } catch (RemoteException re) { 2230 throw re.rethrowFromSystemServer(); 2231 } 2232 } 2233 2234 /** 2235 * @hide 2236 * 2237 * Called by a system activity to set the seed account information of a user created 2238 * through the user creation intent. 2239 * @param userId 2240 * @param accountName 2241 * @param accountType 2242 * @param accountOptions 2243 * @see #createUserCreationIntent(String, String, String, PersistableBundle) 2244 */ 2245 public void setSeedAccountData(int userId, String accountName, String accountType, 2246 PersistableBundle accountOptions) { 2247 try { 2248 mService.setSeedAccountData(userId, accountName, accountType, accountOptions, 2249 /* persist= */ true); 2250 } catch (RemoteException re) { 2251 throw re.rethrowFromSystemServer(); 2252 } 2253 } 2254 2255 /** 2256 * @hide 2257 * Clears the seed information used to create this user. 2258 */ 2259 @SystemApi 2260 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2261 public void clearSeedAccountData() { 2262 try { 2263 mService.clearSeedAccountData(); 2264 } catch (RemoteException re) { 2265 throw re.rethrowFromSystemServer(); 2266 } 2267 } 2268 2269 /** 2270 * @hide 2271 * Marks the guest user for deletion to allow a new guest to be created before deleting 2272 * the current user who is a guest. 2273 * @param userHandle 2274 * @return 2275 */ 2276 public boolean markGuestForDeletion(@UserIdInt int userHandle) { 2277 try { 2278 return mService.markGuestForDeletion(userHandle); 2279 } catch (RemoteException re) { 2280 throw re.rethrowFromSystemServer(); 2281 } 2282 } 2283 2284 /** 2285 * Sets the user as enabled, if such an user exists. 2286 * 2287 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2288 * 2289 * <p>Note that the default is true, it's only that managed profiles might not be enabled. 2290 * Also ephemeral users can be disabled to indicate that their removal is in progress and they 2291 * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled. 2292 * 2293 * @param userId the id of the profile to enable 2294 * @hide 2295 */ 2296 public void setUserEnabled(@UserIdInt int userId) { 2297 try { 2298 mService.setUserEnabled(userId); 2299 } catch (RemoteException re) { 2300 throw re.rethrowFromSystemServer(); 2301 } 2302 } 2303 2304 /** 2305 * Assigns admin privileges to the user, if such a user exists. 2306 * 2307 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} and 2308 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} permissions. 2309 * 2310 * @param userHandle the id of the user to become admin 2311 * @hide 2312 */ 2313 @RequiresPermission(allOf = { 2314 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 2315 Manifest.permission.MANAGE_USERS 2316 }) 2317 public void setUserAdmin(@UserIdInt int userHandle) { 2318 try { 2319 mService.setUserAdmin(userHandle); 2320 } catch (RemoteException re) { 2321 throw re.rethrowFromSystemServer(); 2322 } 2323 } 2324 2325 /** 2326 * Evicts the user's credential encryption key from memory by stopping and restarting the user. 2327 * 2328 * @hide 2329 */ 2330 public void evictCredentialEncryptionKey(@UserIdInt int userHandle) { 2331 try { 2332 mService.evictCredentialEncryptionKey(userHandle); 2333 } catch (RemoteException re) { 2334 throw re.rethrowFromSystemServer(); 2335 } 2336 } 2337 2338 /** 2339 * Return the number of users currently created on the device. 2340 */ 2341 public int getUserCount() { 2342 List<UserInfo> users = getUsers(); 2343 return users != null ? users.size() : 1; 2344 } 2345 2346 /** 2347 * Returns information for all users on this device, including ones marked for deletion. 2348 * To retrieve only users that are alive, use {@link #getUsers(boolean)}. 2349 * <p> 2350 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2351 * @return the list of users that exist on the device. 2352 * @hide 2353 */ 2354 @UnsupportedAppUsage 2355 public List<UserInfo> getUsers() { 2356 try { 2357 return mService.getUsers(false); 2358 } catch (RemoteException re) { 2359 throw re.rethrowFromSystemServer(); 2360 } 2361 } 2362 2363 /** 2364 * Returns serial numbers of all users on this device. 2365 * 2366 * @param excludeDying specify if the list should exclude users being removed. 2367 * @return the list of serial numbers of users that exist on the device. 2368 * @hide 2369 */ 2370 @SystemApi 2371 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2372 public long[] getSerialNumbersOfUsers(boolean excludeDying) { 2373 try { 2374 List<UserInfo> users = mService.getUsers(excludeDying); 2375 long[] result = new long[users.size()]; 2376 for (int i = 0; i < result.length; i++) { 2377 result[i] = users.get(i).serialNumber; 2378 } 2379 return result; 2380 } catch (RemoteException re) { 2381 throw re.rethrowFromSystemServer(); 2382 } 2383 } 2384 2385 /** 2386 * @return the user's account name, null if not found. 2387 * @hide 2388 */ 2389 @RequiresPermission( allOf = { 2390 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 2391 Manifest.permission.MANAGE_USERS 2392 }) 2393 public @Nullable String getUserAccount(@UserIdInt int userHandle) { 2394 try { 2395 return mService.getUserAccount(userHandle); 2396 } catch (RemoteException re) { 2397 throw re.rethrowFromSystemServer(); 2398 } 2399 } 2400 2401 /** 2402 * Set account name for the given user. 2403 * @hide 2404 */ 2405 @RequiresPermission( allOf = { 2406 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 2407 Manifest.permission.MANAGE_USERS 2408 }) 2409 public void setUserAccount(@UserIdInt int userHandle, @Nullable String accountName) { 2410 try { 2411 mService.setUserAccount(userHandle, accountName); 2412 } catch (RemoteException re) { 2413 throw re.rethrowFromSystemServer(); 2414 } 2415 } 2416 2417 /** 2418 * Returns information for Primary user. 2419 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2420 * 2421 * @return the Primary user, null if not found. 2422 * @hide 2423 */ 2424 public @Nullable UserInfo getPrimaryUser() { 2425 try { 2426 return mService.getPrimaryUser(); 2427 } catch (RemoteException re) { 2428 throw re.rethrowFromSystemServer(); 2429 } 2430 } 2431 2432 /** 2433 * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS 2434 * permission. 2435 * 2436 * @return true if more users can be added, false if limit has been reached. 2437 * @hide 2438 */ 2439 public boolean canAddMoreUsers() { 2440 final List<UserInfo> users = getUsers(true); 2441 final int totalUserCount = users.size(); 2442 int aliveUserCount = 0; 2443 for (int i = 0; i < totalUserCount; i++) { 2444 UserInfo user = users.get(i); 2445 if (!user.isGuest()) { 2446 aliveUserCount++; 2447 } 2448 } 2449 return aliveUserCount < getMaxSupportedUsers(); 2450 } 2451 2452 /** 2453 * Checks whether it's possible to add more managed profiles. Caller must hold the MANAGE_USERS 2454 * permission. 2455 * if allowedToRemoveOne is true and if the user already has a managed profile, then return if 2456 * we could add a new managed profile to this user after removing the existing one. 2457 * 2458 * @return true if more managed profiles can be added, false if limit has been reached. 2459 * @hide 2460 */ 2461 public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) { 2462 try { 2463 return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne); 2464 } catch (RemoteException re) { 2465 throw re.rethrowFromSystemServer(); 2466 } 2467 } 2468 2469 /** 2470 * Returns list of the profiles of userHandle including 2471 * userHandle itself. 2472 * Note that this returns both enabled and not enabled profiles. See 2473 * {@link #getEnabledProfiles(int)} if you need only the enabled ones. 2474 * 2475 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2476 * @param userHandle profiles of this user will be returned. 2477 * @return the list of profiles. 2478 * @hide 2479 */ 2480 @UnsupportedAppUsage 2481 public List<UserInfo> getProfiles(@UserIdInt int userHandle) { 2482 try { 2483 return mService.getProfiles(userHandle, false /* enabledOnly */); 2484 } catch (RemoteException re) { 2485 throw re.rethrowFromSystemServer(); 2486 } 2487 } 2488 2489 /** 2490 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2491 * @param userId one of the two user ids to check. 2492 * @param otherUserId one of the two user ids to check. 2493 * @return true if the two user ids are in the same profile group. 2494 * @hide 2495 */ 2496 public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) { 2497 try { 2498 return mService.isSameProfileGroup(userId, otherUserId); 2499 } catch (RemoteException re) { 2500 throw re.rethrowFromSystemServer(); 2501 } 2502 } 2503 2504 /** 2505 * Returns list of the profiles of userHandle including 2506 * userHandle itself. 2507 * Note that this returns only enabled. 2508 * 2509 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2510 * @param userHandle profiles of this user will be returned. 2511 * @return the list of profiles. 2512 * @hide 2513 */ 2514 @UnsupportedAppUsage 2515 public List<UserInfo> getEnabledProfiles(@UserIdInt int userHandle) { 2516 try { 2517 return mService.getProfiles(userHandle, true /* enabledOnly */); 2518 } catch (RemoteException re) { 2519 throw re.rethrowFromSystemServer(); 2520 } 2521 } 2522 2523 /** 2524 * Returns a list of UserHandles for profiles associated with the user that the calling process 2525 * is running on, including the user itself. 2526 * 2527 * @return A non-empty list of UserHandles associated with the calling user. 2528 */ 2529 public List<UserHandle> getUserProfiles() { 2530 int[] userIds = getProfileIds(UserHandle.myUserId(), true /* enabledOnly */); 2531 List<UserHandle> result = new ArrayList<>(userIds.length); 2532 for (int userId : userIds) { 2533 result.add(UserHandle.of(userId)); 2534 } 2535 return result; 2536 } 2537 2538 /** 2539 * Returns a list of ids for profiles associated with the specified user including the user 2540 * itself. 2541 * 2542 * @param userId id of the user to return profiles for 2543 * @param enabledOnly whether return only {@link UserInfo#isEnabled() enabled} profiles 2544 * @return A non-empty list of ids of profiles associated with the specified user. 2545 * 2546 * @hide 2547 */ 2548 @RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS, 2549 Manifest.permission.CREATE_USERS}, conditional = true) 2550 public @NonNull int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) { 2551 try { 2552 return mService.getProfileIds(userId, enabledOnly); 2553 } catch (RemoteException re) { 2554 throw re.rethrowFromSystemServer(); 2555 } 2556 } 2557 2558 /** 2559 * @see #getProfileIds(int, boolean) 2560 * @hide 2561 */ 2562 @UnsupportedAppUsage 2563 public int[] getProfileIdsWithDisabled(@UserIdInt int userId) { 2564 return getProfileIds(userId, false /* enabledOnly */); 2565 } 2566 2567 /** 2568 * @see #getProfileIds(int, boolean) 2569 * @hide 2570 */ 2571 public int[] getEnabledProfileIds(@UserIdInt int userId) { 2572 return getProfileIds(userId, true /* enabledOnly */); 2573 } 2574 2575 /** 2576 * Returns the device credential owner id of the profile from 2577 * which this method is called, or userHandle if called from a user that 2578 * is not a profile. 2579 * 2580 * @hide 2581 */ 2582 public int getCredentialOwnerProfile(@UserIdInt int userHandle) { 2583 try { 2584 return mService.getCredentialOwnerProfile(userHandle); 2585 } catch (RemoteException re) { 2586 throw re.rethrowFromSystemServer(); 2587 } 2588 } 2589 2590 /** 2591 * Returns the parent of the profile which this method is called from 2592 * or null if called from a user that is not a profile. 2593 * 2594 * @hide 2595 */ 2596 @UnsupportedAppUsage 2597 public UserInfo getProfileParent(@UserIdInt int userHandle) { 2598 try { 2599 return mService.getProfileParent(userHandle); 2600 } catch (RemoteException re) { 2601 throw re.rethrowFromSystemServer(); 2602 } 2603 } 2604 2605 /** 2606 * Get the parent of a user profile. 2607 * 2608 * @param user the handle of the user profile 2609 * 2610 * @return the parent of the user or {@code null} if the user is not profile 2611 * 2612 * @hide 2613 */ 2614 @SystemApi 2615 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2616 public @Nullable UserHandle getProfileParent(@NonNull UserHandle user) { 2617 UserInfo info = getProfileParent(user.getIdentifier()); 2618 2619 if (info == null) { 2620 return null; 2621 } 2622 2623 return UserHandle.of(info.id); 2624 } 2625 2626 /** 2627 * Enables or disables quiet mode for a managed profile. If quiet mode is enabled, apps in a 2628 * managed profile don't run, generate notifications, or consume data or battery. 2629 * <p> 2630 * If a user's credential is needed to turn off quiet mode, a confirm credential screen will be 2631 * shown to the user. 2632 * <p> 2633 * The change may not happen instantly, however apps can listen for 2634 * {@link Intent#ACTION_MANAGED_PROFILE_AVAILABLE} and 2635 * {@link Intent#ACTION_MANAGED_PROFILE_UNAVAILABLE} broadcasts in order to be notified of 2636 * the change of the quiet mode. Apps can also check the current state of quiet mode by 2637 * calling {@link #isQuietModeEnabled(UserHandle)}. 2638 * <p> 2639 * The caller must either be the foreground default launcher or have one of these permissions: 2640 * {@code MANAGE_USERS} or {@code MODIFY_QUIET_MODE}. 2641 * 2642 * @param enableQuietMode whether quiet mode should be enabled or disabled 2643 * @param userHandle user handle of the profile 2644 * @return {@code false} if user's credential is needed in order to turn off quiet mode, 2645 * {@code true} otherwise 2646 * @throws SecurityException if the caller is invalid 2647 * @throws IllegalArgumentException if {@code userHandle} is not a managed profile 2648 * 2649 * @see #isQuietModeEnabled(UserHandle) 2650 */ 2651 public boolean requestQuietModeEnabled(boolean enableQuietMode, @NonNull UserHandle userHandle) { 2652 return requestQuietModeEnabled(enableQuietMode, userHandle, null); 2653 } 2654 2655 /** 2656 * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify 2657 * a target to start when user is unlocked. If {@code target} is specified, caller must have 2658 * the {@link android.Manifest.permission#MANAGE_USERS} permission. 2659 * 2660 * @see {@link #requestQuietModeEnabled(boolean, UserHandle)} 2661 * @hide 2662 */ 2663 public boolean requestQuietModeEnabled( 2664 boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target) { 2665 try { 2666 return mService.requestQuietModeEnabled( 2667 mContext.getPackageName(), enableQuietMode, userHandle.getIdentifier(), target); 2668 } catch (RemoteException re) { 2669 throw re.rethrowFromSystemServer(); 2670 } 2671 } 2672 2673 /** 2674 * Returns whether the given profile is in quiet mode or not. 2675 * Notes: Quiet mode is only supported for managed profiles. 2676 * 2677 * @param userHandle The user handle of the profile to be queried. 2678 * @return true if the profile is in quiet mode, false otherwise. 2679 */ 2680 public boolean isQuietModeEnabled(UserHandle userHandle) { 2681 try { 2682 return mService.isQuietModeEnabled(userHandle.getIdentifier()); 2683 } catch (RemoteException re) { 2684 throw re.rethrowFromSystemServer(); 2685 } 2686 } 2687 2688 /** 2689 * If the target user is a managed profile of the calling user or the caller 2690 * is itself a managed profile, then this returns a badged copy of the given 2691 * icon to be able to distinguish it from the original icon. For badging an 2692 * arbitrary drawable use {@link #getBadgedDrawableForUser( 2693 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}. 2694 * <p> 2695 * If the original drawable is a BitmapDrawable and the backing bitmap is 2696 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 2697 * is performed in place and the original drawable is returned. 2698 * </p> 2699 * 2700 * @param icon The icon to badge. 2701 * @param user The target user. 2702 * @return A drawable that combines the original icon and a badge as 2703 * determined by the system. 2704 * @removed 2705 */ 2706 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) { 2707 return mContext.getPackageManager().getUserBadgedIcon(icon, user); 2708 } 2709 2710 /** 2711 * If the target user is a managed profile of the calling user or the caller 2712 * is itself a managed profile, then this returns a badged copy of the given 2713 * drawable allowing the user to distinguish it from the original drawable. 2714 * The caller can specify the location in the bounds of the drawable to be 2715 * badged where the badge should be applied as well as the density of the 2716 * badge to be used. 2717 * <p> 2718 * If the original drawable is a BitmapDrawable and the backing bitmap is 2719 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 2720 * is performed in place and the original drawable is returned. 2721 * </p> 2722 * 2723 * @param badgedDrawable The drawable to badge. 2724 * @param user The target user. 2725 * @param badgeLocation Where in the bounds of the badged drawable to place 2726 * the badge. If it's {@code null}, the badge is applied on top of the entire 2727 * drawable being badged. 2728 * @param badgeDensity The optional desired density for the badge as per 2729 * {@link android.util.DisplayMetrics#densityDpi}. If it's not positive, 2730 * the density of the display is used. 2731 * @return A drawable that combines the original drawable and a badge as 2732 * determined by the system. 2733 * @removed 2734 */ 2735 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, 2736 Rect badgeLocation, int badgeDensity) { 2737 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user, 2738 badgeLocation, badgeDensity); 2739 } 2740 2741 /** 2742 * If the target user is a managed profile of the calling user or the caller 2743 * is itself a managed profile, then this returns a copy of the label with 2744 * badging for accessibility services like talkback. E.g. passing in "Email" 2745 * and it might return "Work Email" for Email in the work profile. 2746 * 2747 * @param label The label to change. 2748 * @param user The target user. 2749 * @return A label that combines the original label and a badge as 2750 * determined by the system. 2751 * @removed 2752 */ 2753 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) { 2754 return mContext.getPackageManager().getUserBadgedLabel(label, user); 2755 } 2756 2757 /** 2758 * Returns information for all users on this device. Requires 2759 * {@link android.Manifest.permission#MANAGE_USERS} permission. 2760 * 2761 * @param excludeDying specify if the list should exclude users being 2762 * removed. 2763 * @return the list of users that were created. 2764 * @hide 2765 */ 2766 @UnsupportedAppUsage 2767 public @NonNull List<UserInfo> getUsers(boolean excludeDying) { 2768 try { 2769 return mService.getUsers(excludeDying); 2770 } catch (RemoteException re) { 2771 throw re.rethrowFromSystemServer(); 2772 } 2773 } 2774 2775 /** 2776 * Removes a user and all associated data. 2777 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2778 * @param userHandle the integer handle of the user, where 0 is the primary user. 2779 * @hide 2780 */ 2781 @UnsupportedAppUsage 2782 public boolean removeUser(@UserIdInt int userHandle) { 2783 try { 2784 return mService.removeUser(userHandle); 2785 } catch (RemoteException re) { 2786 throw re.rethrowFromSystemServer(); 2787 } 2788 } 2789 2790 /** 2791 * Removes a user and all associated data. 2792 * 2793 * @param user the user that needs to be removed. 2794 * @return {@code true} if the user was successfully removed, {@code false} otherwise. 2795 * @throws IllegalArgumentException if {@code user} is {@code null} 2796 * @hide 2797 */ 2798 @SystemApi 2799 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2800 public boolean removeUser(@NonNull UserHandle user) { 2801 if (user == null) { 2802 throw new IllegalArgumentException("user cannot be null"); 2803 } 2804 return removeUser(user.getIdentifier()); 2805 } 2806 2807 2808 /** 2809 * Similar to {@link #removeUser(int)} except bypassing the checking of 2810 * {@link UserManager#DISALLOW_REMOVE_USER} 2811 * or {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE}. 2812 * 2813 * @see {@link #removeUser(int)} 2814 * @hide 2815 */ 2816 public boolean removeUserEvenWhenDisallowed(@UserIdInt int userHandle) { 2817 try { 2818 return mService.removeUserEvenWhenDisallowed(userHandle); 2819 } catch (RemoteException re) { 2820 throw re.rethrowFromSystemServer(); 2821 } 2822 } 2823 2824 /** 2825 * Updates the user's name. 2826 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2827 * 2828 * @param userHandle the user's integer handle 2829 * @param name the new name for the user 2830 * @hide 2831 */ 2832 public void setUserName(@UserIdInt int userHandle, String name) { 2833 try { 2834 mService.setUserName(userHandle, name); 2835 } catch (RemoteException re) { 2836 throw re.rethrowFromSystemServer(); 2837 } 2838 } 2839 2840 /** 2841 * Updates the calling user's name. 2842 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2843 * 2844 * @param name the new name for the user 2845 * @hide 2846 */ 2847 @SystemApi 2848 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2849 public void setUserName(@Nullable String name) { 2850 setUserName(getUserHandle(), name); 2851 } 2852 2853 /** 2854 * Sets the user's photo. 2855 * @param userHandle the user for whom to change the photo. 2856 * @param icon the bitmap to set as the photo. 2857 * @hide 2858 */ 2859 public void setUserIcon(@UserIdInt int userHandle, Bitmap icon) { 2860 try { 2861 mService.setUserIcon(userHandle, icon); 2862 } catch (RemoteException re) { 2863 throw re.rethrowFromSystemServer(); 2864 } 2865 } 2866 2867 /** 2868 * Sets the calling user's photo. 2869 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2870 * 2871 * @param icon the bitmap to set as the photo. 2872 * @hide 2873 */ 2874 @SystemApi 2875 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 2876 public void setUserIcon(@NonNull Bitmap icon) { 2877 setUserIcon(getUserHandle(), icon); 2878 } 2879 2880 /** 2881 * Returns a file descriptor for the user's photo. PNG data can be read from this file. 2882 * @param userHandle the user whose photo we want to read. 2883 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 2884 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 2885 * @hide 2886 */ 2887 @UnsupportedAppUsage 2888 public Bitmap getUserIcon(@UserIdInt int userHandle) { 2889 try { 2890 ParcelFileDescriptor fd = mService.getUserIcon(userHandle); 2891 if (fd != null) { 2892 try { 2893 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor()); 2894 } finally { 2895 try { 2896 fd.close(); 2897 } catch (IOException e) { 2898 } 2899 } 2900 } 2901 } catch (RemoteException re) { 2902 throw re.rethrowFromSystemServer(); 2903 } 2904 return null; 2905 } 2906 2907 /** 2908 * Returns a Bitmap for the calling user's photo. 2909 * Requires {@link android.Manifest.permission#MANAGE_USERS} 2910 * or {@link android.Manifest.permission#GET_ACCOUNTS_PRIVILEGED} permissions. 2911 * 2912 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 2913 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 2914 * @hide 2915 */ 2916 @SystemApi 2917 @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS, 2918 android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED}) 2919 public @Nullable Bitmap getUserIcon() { 2920 return getUserIcon(getUserHandle()); 2921 } 2922 2923 /** 2924 * Returns the maximum number of users that can be created on this device. A return value 2925 * of 1 means that it is a single user device. 2926 * @hide 2927 * @return a value greater than or equal to 1 2928 */ 2929 @UnsupportedAppUsage 2930 public static int getMaxSupportedUsers() { 2931 // Don't allow multiple users on certain builds 2932 if (android.os.Build.ID.startsWith("JVP")) return 1; 2933 if (ActivityManager.isLowRamDeviceStatic()) { 2934 // Low-ram devices are Svelte. Most of the time they don't get multi-user. 2935 if ((Resources.getSystem().getConfiguration().uiMode & Configuration.UI_MODE_TYPE_MASK) 2936 != Configuration.UI_MODE_TYPE_TELEVISION) { 2937 return 1; 2938 } 2939 } 2940 return SystemProperties.getInt("fw.max_users", 2941 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 2942 } 2943 2944 /** 2945 * Returns true if the user switcher should be shown, this will be if device supports multi-user 2946 * and there are at least 2 users available that are not managed profiles. 2947 * @hide 2948 * @return true if user switcher should be shown. 2949 */ 2950 public boolean isUserSwitcherEnabled() { 2951 if (!supportsMultipleUsers()) { 2952 return false; 2953 } 2954 if (hasUserRestriction(DISALLOW_USER_SWITCH)) { 2955 return false; 2956 } 2957 // If Demo Mode is on, don't show user switcher 2958 if (isDeviceInDemoMode(mContext)) { 2959 return false; 2960 } 2961 // If user disabled this feature, don't show switcher 2962 final boolean userSwitcherEnabled = Settings.Global.getInt(mContext.getContentResolver(), 2963 Settings.Global.USER_SWITCHER_ENABLED, 1) != 0; 2964 if (!userSwitcherEnabled) { 2965 return false; 2966 } 2967 List<UserInfo> users = getUsers(true); 2968 if (users == null) { 2969 return false; 2970 } 2971 int switchableUserCount = 0; 2972 for (UserInfo user : users) { 2973 if (user.supportsSwitchToByUser()) { 2974 ++switchableUserCount; 2975 } 2976 } 2977 final boolean guestEnabled = !mContext.getSystemService(DevicePolicyManager.class) 2978 .getGuestUserDisabled(null); 2979 return switchableUserCount > 1 || guestEnabled; 2980 } 2981 2982 /** 2983 * @hide 2984 */ 2985 @UnsupportedAppUsage 2986 public static boolean isDeviceInDemoMode(Context context) { 2987 return Settings.Global.getInt(context.getContentResolver(), 2988 Settings.Global.DEVICE_DEMO_MODE, 0) > 0; 2989 } 2990 2991 /** 2992 * Returns a serial number on this device for a given userHandle. User handles can be recycled 2993 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 2994 * @param userHandle 2995 * @return a serial number associated with that user, or -1 if the userHandle is not valid. 2996 * @hide 2997 */ 2998 @UnsupportedAppUsage 2999 public int getUserSerialNumber(@UserIdInt int userHandle) { 3000 try { 3001 return mService.getUserSerialNumber(userHandle); 3002 } catch (RemoteException re) { 3003 throw re.rethrowFromSystemServer(); 3004 } 3005 } 3006 3007 /** 3008 * Returns a userHandle on this device for a given user serial number. User handles can be 3009 * recycled when deleting and creating users, but serial numbers are not reused until the device 3010 * is wiped. 3011 * @param userSerialNumber 3012 * @return the userHandle associated with that user serial number, or -1 if the serial number 3013 * is not valid. 3014 * @hide 3015 */ 3016 @UnsupportedAppUsage 3017 public @UserIdInt int getUserHandle(int userSerialNumber) { 3018 try { 3019 return mService.getUserHandle(userSerialNumber); 3020 } catch (RemoteException re) { 3021 throw re.rethrowFromSystemServer(); 3022 } 3023 } 3024 3025 /** 3026 * Returns a {@link Bundle} containing any saved application restrictions for this user, for the 3027 * given package name. Only an application with this package name can call this method. 3028 * 3029 * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application, 3030 * where the types of values may be: 3031 * <ul> 3032 * <li>{@code boolean} 3033 * <li>{@code int} 3034 * <li>{@code String} or {@code String[]} 3035 * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]} 3036 * </ul> 3037 * 3038 * <p>NOTE: The method performs disk I/O and shouldn't be called on the main thread 3039 * 3040 * @param packageName the package name of the calling application 3041 * @return a {@link Bundle} with the restrictions for that package, or an empty {@link Bundle} 3042 * if there are no saved restrictions. 3043 * 3044 * @see #KEY_RESTRICTIONS_PENDING 3045 */ 3046 @WorkerThread 3047 public Bundle getApplicationRestrictions(String packageName) { 3048 try { 3049 return mService.getApplicationRestrictions(packageName); 3050 } catch (RemoteException re) { 3051 throw re.rethrowFromSystemServer(); 3052 } 3053 } 3054 3055 /** 3056 * @hide 3057 */ 3058 @WorkerThread 3059 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 3060 try { 3061 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 3062 } catch (RemoteException re) { 3063 throw re.rethrowFromSystemServer(); 3064 } 3065 } 3066 3067 /** 3068 * @hide 3069 */ 3070 @WorkerThread 3071 public void setApplicationRestrictions(String packageName, Bundle restrictions, 3072 UserHandle user) { 3073 try { 3074 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 3075 } catch (RemoteException re) { 3076 throw re.rethrowFromSystemServer(); 3077 } 3078 } 3079 3080 /** 3081 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed 3082 * apps and requires the MANAGE_USERS permission. 3083 * @param newPin the PIN to use for challenge dialogs. 3084 * @return Returns true if the challenge PIN was set successfully. 3085 * @deprecated The restrictions PIN functionality is no longer provided by the system. 3086 * This method is preserved for backwards compatibility reasons and always returns false. 3087 */ 3088 @Deprecated 3089 public boolean setRestrictionsChallenge(String newPin) { 3090 return false; 3091 } 3092 3093 /** 3094 * @hide 3095 * Set restrictions that should apply to any future guest user that's created. 3096 */ 3097 public void setDefaultGuestRestrictions(Bundle restrictions) { 3098 try { 3099 mService.setDefaultGuestRestrictions(restrictions); 3100 } catch (RemoteException re) { 3101 throw re.rethrowFromSystemServer(); 3102 } 3103 } 3104 3105 /** 3106 * @hide 3107 * Gets the default guest restrictions. 3108 */ 3109 public Bundle getDefaultGuestRestrictions() { 3110 try { 3111 return mService.getDefaultGuestRestrictions(); 3112 } catch (RemoteException re) { 3113 throw re.rethrowFromSystemServer(); 3114 } 3115 } 3116 3117 /** 3118 * Returns creation time of the user or of a managed profile associated with the calling user. 3119 * @param userHandle user handle of the user or a managed profile associated with the 3120 * calling user. 3121 * @return creation time in milliseconds since Epoch time. 3122 */ 3123 public long getUserCreationTime(UserHandle userHandle) { 3124 try { 3125 return mService.getUserCreationTime(userHandle.getIdentifier()); 3126 } catch (RemoteException re) { 3127 throw re.rethrowFromSystemServer(); 3128 } 3129 } 3130 3131 /** 3132 * @hide 3133 * Checks if any uninitialized user has the specific seed account name and type. 3134 * 3135 * @param accountName The account name to check for 3136 * @param accountType The account type of the account to check for 3137 * @return whether the seed account was found 3138 */ 3139 public boolean someUserHasSeedAccount(String accountName, String accountType) { 3140 try { 3141 return mService.someUserHasSeedAccount(accountName, accountType); 3142 } catch (RemoteException re) { 3143 throw re.rethrowFromSystemServer(); 3144 } 3145 } 3146 3147 /** 3148 * @hide 3149 * User that enforces a restriction. 3150 * 3151 * @see #getUserRestrictionSources(String, UserHandle) 3152 */ 3153 @SystemApi 3154 public static final class EnforcingUser implements Parcelable { 3155 private final @UserIdInt int userId; 3156 private final @UserRestrictionSource int userRestrictionSource; 3157 3158 /** 3159 * @hide 3160 */ 3161 public EnforcingUser( 3162 @UserIdInt int userId, @UserRestrictionSource int userRestrictionSource) { 3163 this.userId = userId; 3164 this.userRestrictionSource = userRestrictionSource; 3165 } 3166 3167 private EnforcingUser(Parcel in) { 3168 userId = in.readInt(); 3169 userRestrictionSource = in.readInt(); 3170 } 3171 3172 public static final @android.annotation.NonNull Creator<EnforcingUser> CREATOR = new Creator<EnforcingUser>() { 3173 @Override 3174 public EnforcingUser createFromParcel(Parcel in) { 3175 return new EnforcingUser(in); 3176 } 3177 3178 @Override 3179 public EnforcingUser[] newArray(int size) { 3180 return new EnforcingUser[size]; 3181 } 3182 }; 3183 3184 @Override 3185 public int describeContents() { 3186 return 0; 3187 } 3188 3189 @Override 3190 public void writeToParcel(Parcel dest, int flags) { 3191 dest.writeInt(userId); 3192 dest.writeInt(userRestrictionSource); 3193 } 3194 3195 /** 3196 * Returns an id of the enforcing user. 3197 * 3198 * <p> Will be UserHandle.USER_NULL when restriction is set by the system. 3199 */ 3200 public UserHandle getUserHandle() { 3201 return UserHandle.of(userId); 3202 } 3203 3204 /** 3205 * Returns the status of the enforcing user. 3206 * 3207 * <p> One of {@link #RESTRICTION_SOURCE_SYSTEM}, 3208 * {@link #RESTRICTION_SOURCE_DEVICE_OWNER} and 3209 * {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 3210 */ 3211 public @UserRestrictionSource int getUserRestrictionSource() { 3212 return userRestrictionSource; 3213 } 3214 } 3215 } 3216
