Home | History | Annotate | Download | only in os
      1 /*
      2  * Copyright (C) 2012 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package android.os;
     18 
     19 import android.Manifest;
     20 import android.accounts.AccountManager;
     21 import android.annotation.IntDef;
     22 import android.annotation.Nullable;
     23 import android.annotation.RequiresPermission;
     24 import android.annotation.SystemApi;
     25 import android.annotation.UserIdInt;
     26 import android.app.Activity;
     27 import android.app.ActivityManager;
     28 import android.app.ActivityManagerNative;
     29 import android.app.admin.DevicePolicyManager;
     30 import android.content.ComponentName;
     31 import android.content.Context;
     32 import android.content.Intent;
     33 import android.content.IntentSender;
     34 import android.content.pm.UserInfo;
     35 import android.content.res.Resources;
     36 import android.graphics.Bitmap;
     37 import android.graphics.BitmapFactory;
     38 import android.graphics.Rect;
     39 import android.graphics.drawable.Drawable;
     40 import android.provider.Settings;
     41 import android.telephony.TelephonyManager;
     42 import android.view.WindowManager.LayoutParams;
     43 
     44 import com.android.internal.R;
     45 
     46 import java.io.IOException;
     47 import java.lang.annotation.Retention;
     48 import java.lang.annotation.RetentionPolicy;
     49 import java.util.ArrayList;
     50 import java.util.List;
     51 
     52 /**
     53  * Manages users and user details on a multi-user system. There are two major categories of
     54  * users: fully customizable users with their own login, and managed profiles that share a workspace
     55  * with a related user.
     56  * <p>
     57  * Users are different from accounts, which are managed by
     58  * {@link AccountManager}. Each user can have their own set of accounts.
     59  * <p>
     60  * See {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} for more on managed profiles.
     61  */
     62 public class UserManager {
     63 
     64     private static String TAG = "UserManager";
     65     private final IUserManager mService;
     66     private final Context mContext;
     67 
     68     /**
     69      * @hide
     70      * No user restriction.
     71      */
     72     @SystemApi
     73     public static final int RESTRICTION_NOT_SET = 0x0;
     74 
     75     /**
     76      * @hide
     77      * User restriction set by system/user.
     78      */
     79     @SystemApi
     80     public static final int RESTRICTION_SOURCE_SYSTEM = 0x1;
     81 
     82     /**
     83      * @hide
     84      * User restriction set by a device owner.
     85      */
     86     @SystemApi
     87     public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 0x2;
     88 
     89     /**
     90      * @hide
     91      * User restriction set by a profile owner.
     92      */
     93     @SystemApi
     94     public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 0x4;
     95 
     96     /** @hide */
     97     @Retention(RetentionPolicy.SOURCE)
     98     @IntDef(flag=true, value={RESTRICTION_NOT_SET, RESTRICTION_SOURCE_SYSTEM,
     99             RESTRICTION_SOURCE_DEVICE_OWNER, RESTRICTION_SOURCE_PROFILE_OWNER})
    100     @SystemApi
    101     public @interface UserRestrictionSource {}
    102 
    103     /**
    104      * Specifies if a user is disallowed from adding and removing accounts, unless they are
    105      * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by
    106      * Authenticator.
    107      * The default value is <code>false</code>.
    108      *
    109      * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still
    110      * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account
    111      * management is disallowed.
    112      *
    113      * <p>Key for user restrictions.
    114      * <p>Type: Boolean
    115      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    116      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    117      * @see #getUserRestrictions()
    118      */
    119     public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";
    120 
    121     /**
    122      * Specifies if a user is disallowed from changing Wi-Fi
    123      * access points. The default value is <code>false</code>.
    124      * <p>This restriction has no effect in a managed profile.
    125      *
    126      * <p>Key for user restrictions.
    127      * <p>Type: Boolean
    128      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    129      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    130      * @see #getUserRestrictions()
    131      */
    132     public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi";
    133 
    134     /**
    135      * Specifies if a user is disallowed from installing applications.
    136      * The default value is <code>false</code>.
    137      *
    138      * <p>Key for user restrictions.
    139      * <p>Type: Boolean
    140      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    141      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    142      * @see #getUserRestrictions()
    143      */
    144     public static final String DISALLOW_INSTALL_APPS = "no_install_apps";
    145 
    146     /**
    147      * Specifies if a user is disallowed from uninstalling applications.
    148      * The default value is <code>false</code>.
    149      *
    150      * <p>Key for user restrictions.
    151      * <p>Type: Boolean
    152      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    153      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    154      * @see #getUserRestrictions()
    155      */
    156     public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps";
    157 
    158     /**
    159      * Specifies if a user is disallowed from turning on location sharing.
    160      * The default value is <code>false</code>.
    161      * <p>In a managed profile, location sharing always reflects the primary user's setting, but
    162      * can be overridden and forced off by setting this restriction to true in the managed profile.
    163      *
    164      * <p>Key for user restrictions.
    165      * <p>Type: Boolean
    166      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    167      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    168      * @see #getUserRestrictions()
    169      */
    170     public static final String DISALLOW_SHARE_LOCATION = "no_share_location";
    171 
    172     /**
    173      * Specifies if a user is disallowed from enabling the
    174      * "Unknown Sources" setting, that allows installation of apps from unknown sources.
    175      * The default value is <code>false</code>.
    176      *
    177      * <p>Key for user restrictions.
    178      * <p>Type: Boolean
    179      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    180      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    181      * @see #getUserRestrictions()
    182      */
    183     public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources";
    184 
    185     /**
    186      * Specifies if a user is disallowed from configuring bluetooth.
    187      * This does <em>not</em> restrict the user from turning bluetooth on or off.
    188      * The default value is <code>false</code>.
    189      * <p>This restriction has no effect in a managed profile.
    190      *
    191      * <p>Key for user restrictions.
    192      * <p>Type: Boolean
    193      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    194      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    195      * @see #getUserRestrictions()
    196      */
    197     public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth";
    198 
    199     /**
    200      * Specifies if a user is disallowed from transferring files over
    201      * USB. This can only be set by device owners and profile owners on the primary user.
    202      * The default value is <code>false</code>.
    203      *
    204      * <p>Key for user restrictions.
    205      * <p>Type: Boolean
    206      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    207      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    208      * @see #getUserRestrictions()
    209      */
    210     public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer";
    211 
    212     /**
    213      * Specifies if a user is disallowed from configuring user
    214      * credentials. The default value is <code>false</code>.
    215      *
    216      * <p>Key for user restrictions.
    217      * <p>Type: Boolean
    218      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    219      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    220      * @see #getUserRestrictions()
    221      */
    222     public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials";
    223 
    224     /**
    225      * When set on the primary user this specifies if the user can remove other users.
    226      * When set on a secondary user, this specifies if the user can remove itself.
    227      * This restriction has no effect on managed profiles.
    228      * The default value is <code>false</code>.
    229      *
    230      * <p>Key for user restrictions.
    231      * <p>Type: Boolean
    232      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    233      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    234      * @see #getUserRestrictions()
    235      */
    236     public static final String DISALLOW_REMOVE_USER = "no_remove_user";
    237 
    238     /**
    239      * Specifies if a user is disallowed from enabling or
    240      * accessing debugging features. The default value is <code>false</code>.
    241      *
    242      * <p>Key for user restrictions.
    243      * <p>Type: Boolean
    244      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    245      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    246      * @see #getUserRestrictions()
    247      */
    248     public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features";
    249 
    250     /**
    251      * Specifies if a user is disallowed from configuring VPN.
    252      * The default value is <code>false</code>.
    253      * This restriction has an effect in a managed profile only from
    254      * {@link android.os.Build.VERSION_CODES#M}
    255      *
    256      * <p>Key for user restrictions.
    257      * <p>Type: Boolean
    258      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    259      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    260      * @see #getUserRestrictions()
    261      */
    262     public static final String DISALLOW_CONFIG_VPN = "no_config_vpn";
    263 
    264     /**
    265      * Specifies if a user is disallowed from configuring Tethering
    266      * & portable hotspots. This can only be set by device owners and profile owners on the
    267      * primary user. The default value is <code>false</code>.
    268      *
    269      * <p>Key for user restrictions.
    270      * <p>Type: Boolean
    271      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    272      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    273      * @see #getUserRestrictions()
    274      */
    275     public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering";
    276 
    277     /**
    278      * Specifies if a user is disallowed from resetting network settings
    279      * from Settings. This can only be set by device owners and profile owners on the primary user.
    280      * The default value is <code>false</code>.
    281      * <p>This restriction has no effect on secondary users and managed profiles since only the
    282      * primary user can reset the network settings of the device.
    283      *
    284      * <p>Key for user restrictions.
    285      * <p>Type: Boolean
    286      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    287      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    288      * @see #getUserRestrictions()
    289      */
    290     public static final String DISALLOW_NETWORK_RESET = "no_network_reset";
    291 
    292     /**
    293      * Specifies if a user is disallowed from factory resetting
    294      * from Settings. This can only be set by device owners and profile owners on the primary user.
    295      * The default value is <code>false</code>.
    296      * <p>This restriction has no effect on secondary users and managed profiles since only the
    297      * primary user can factory reset the device.
    298      *
    299      * <p>Key for user restrictions.
    300      * <p>Type: Boolean
    301      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    302      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    303      * @see #getUserRestrictions()
    304      */
    305     public static final String DISALLOW_FACTORY_RESET = "no_factory_reset";
    306 
    307     /**
    308      * Specifies if a user is disallowed from adding new users and
    309      * profiles. This can only be set by device owners and profile owners on the primary user.
    310      * The default value is <code>false</code>.
    311      * <p>This restriction has no effect on secondary users and managed profiles since only the
    312      * primary user can add other users.
    313      *
    314      * <p>Key for user restrictions.
    315      * <p>Type: Boolean
    316      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    317      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    318      * @see #getUserRestrictions()
    319      */
    320     public static final String DISALLOW_ADD_USER = "no_add_user";
    321 
    322     /**
    323      * Specifies if a user is disallowed from disabling application
    324      * verification. The default value is <code>false</code>.
    325      *
    326      * <p>Key for user restrictions.
    327      * <p>Type: Boolean
    328      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    329      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    330      * @see #getUserRestrictions()
    331      */
    332     public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps";
    333 
    334     /**
    335      * Specifies if a user is disallowed from configuring cell
    336      * broadcasts. This can only be set by device owners and profile owners on the primary user.
    337      * The default value is <code>false</code>.
    338      * <p>This restriction has no effect on secondary users and managed profiles since only the
    339      * primary user can configure cell broadcasts.
    340      *
    341      * <p>Key for user restrictions.
    342      * <p>Type: Boolean
    343      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    344      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    345      * @see #getUserRestrictions()
    346      */
    347     public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts";
    348 
    349     /**
    350      * Specifies if a user is disallowed from configuring mobile
    351      * networks. This can only be set by device owners and profile owners on the primary user.
    352      * The default value is <code>false</code>.
    353      * <p>This restriction has no effect on secondary users and managed profiles since only the
    354      * primary user can configure mobile networks.
    355      *
    356      * <p>Key for user restrictions.
    357      * <p>Type: Boolean
    358      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    359      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    360      * @see #getUserRestrictions()
    361      */
    362     public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks";
    363 
    364     /**
    365      * Specifies if a user is disallowed from modifying
    366      * applications in Settings or launchers. The following actions will not be allowed when this
    367      * restriction is enabled:
    368      * <li>uninstalling apps</li>
    369      * <li>disabling apps</li>
    370      * <li>clearing app caches</li>
    371      * <li>clearing app data</li>
    372      * <li>force stopping apps</li>
    373      * <li>clearing app defaults</li>
    374      * <p>
    375      * The default value is <code>false</code>.
    376      *
    377      * <p>Key for user restrictions.
    378      * <p>Type: Boolean
    379      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    380      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    381      * @see #getUserRestrictions()
    382      */
    383     public static final String DISALLOW_APPS_CONTROL = "no_control_apps";
    384 
    385     /**
    386      * Specifies if a user is disallowed from mounting
    387      * physical external media. This can only be set by device owners and profile owners on the
    388      * primary user. The default value is <code>false</code>.
    389      *
    390      * <p>Key for user restrictions.
    391      * <p>Type: Boolean
    392      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    393      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    394      * @see #getUserRestrictions()
    395      */
    396     public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media";
    397 
    398     /**
    399      * Specifies if a user is disallowed from adjusting microphone
    400      * volume. If set, the microphone will be muted. This can only be set by device owners
    401      * and profile owners on the primary user. The default value is <code>false</code>.
    402      *
    403      * <p>Key for user restrictions.
    404      * <p>Type: Boolean
    405      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    406      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    407      * @see #getUserRestrictions()
    408      */
    409     public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone";
    410 
    411     /**
    412      * Specifies if a user is disallowed from adjusting the master
    413      * volume. If set, the master volume will be muted. This can only be set by device owners
    414      * and profile owners on the primary user. The default value is <code>false</code>.
    415      *
    416      * <p>Key for user restrictions.
    417      * <p>Type: Boolean
    418      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    419      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    420      * @see #getUserRestrictions()
    421      */
    422     public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume";
    423 
    424     /**
    425      * Specifies that the user is not allowed to make outgoing
    426      * phone calls. Emergency calls are still permitted.
    427      * The default value is <code>false</code>.
    428      * <p>This restriction has no effect on managed profiles.
    429      *
    430      * <p>Key for user restrictions.
    431      * <p>Type: Boolean
    432      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    433      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    434      * @see #getUserRestrictions()
    435      */
    436     public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls";
    437 
    438     /**
    439      * Specifies that the user is not allowed to send or receive
    440      * SMS messages. The default value is <code>false</code>.
    441      *
    442      * <p>Key for user restrictions.
    443      * <p>Type: Boolean
    444      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    445      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    446      * @see #getUserRestrictions()
    447      */
    448     public static final String DISALLOW_SMS = "no_sms";
    449 
    450     /**
    451      * Specifies if the user is not allowed to have fun. In some cases, the
    452      * device owner may wish to prevent the user from experiencing amusement or
    453      * joy while using the device. The default value is <code>false</code>.
    454      *
    455      * <p>Key for user restrictions.
    456      * <p>Type: Boolean
    457      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    458      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    459      * @see #getUserRestrictions()
    460      */
    461     public static final String DISALLOW_FUN = "no_fun";
    462 
    463     /**
    464      * Specifies that windows besides app windows should not be
    465      * created. This will block the creation of the following types of windows.
    466      * <li>{@link LayoutParams#TYPE_TOAST}</li>
    467      * <li>{@link LayoutParams#TYPE_PHONE}</li>
    468      * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li>
    469      * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li>
    470      * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li>
    471      * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li>
    472      *
    473      * <p>This can only be set by device owners and profile owners on the primary user.
    474      * The default value is <code>false</code>.
    475      *
    476      * <p>Key for user restrictions.
    477      * <p>Type: Boolean
    478      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    479      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    480      * @see #getUserRestrictions()
    481      */
    482     public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows";
    483 
    484     /**
    485      * Specifies if what is copied in the clipboard of this profile can
    486      * be pasted in related profiles. Does not restrict if the clipboard of related profiles can be
    487      * pasted in this profile.
    488      * The default value is <code>false</code>.
    489      *
    490      * <p>Key for user restrictions.
    491      * <p>Type: Boolean
    492      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    493      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    494      * @see #getUserRestrictions()
    495      */
    496     public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste";
    497 
    498     /**
    499      * Specifies if the user is not allowed to use NFC to beam out data from apps.
    500      * The default value is <code>false</code>.
    501      *
    502      * <p>Key for user restrictions.
    503      * <p>Type: Boolean
    504      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    505      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    506      * @see #getUserRestrictions()
    507      */
    508     public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam";
    509 
    510     /**
    511      * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction
    512      * generally means that wallpapers are not supported for the particular user. This user
    513      * restriction is always set for managed profiles, because such profiles don't have wallpapers.
    514      * @hide
    515      * @see #DISALLOW_SET_WALLPAPER
    516      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    517      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    518      * @see #getUserRestrictions()
    519      */
    520     public static final String DISALLOW_WALLPAPER = "no_wallpaper";
    521 
    522     /**
    523      * User restriction to disallow setting a wallpaper. Profile owner and device owner
    524      * are able to set wallpaper regardless of this restriction.
    525      * The default value is <code>false</code>.
    526      *
    527      * <p>Key for user restrictions.
    528      * <p>Type: Boolean
    529      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    530      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    531      * @see #getUserRestrictions()
    532      */
    533     public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper";
    534 
    535     /**
    536      * Specifies if the user is not allowed to reboot the device into safe boot mode.
    537      * This can only be set by device owners and profile owners on the primary user.
    538      * The default value is <code>false</code>.
    539      *
    540      * <p>Key for user restrictions.
    541      * <p>Type: Boolean
    542      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    543      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    544      * @see #getUserRestrictions()
    545      */
    546     public static final String DISALLOW_SAFE_BOOT = "no_safe_boot";
    547 
    548     /**
    549      * Specifies if a user is not allowed to record audio. This restriction is always enabled for
    550      * background users. The default value is <code>false</code>.
    551      *
    552      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    553      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    554      * @see #getUserRestrictions()
    555      * @hide
    556      */
    557     public static final String DISALLOW_RECORD_AUDIO = "no_record_audio";
    558 
    559     /**
    560      * Specifies if a user is not allowed to run in the background and should be stopped during
    561      * user switch. The default value is <code>false</code>.
    562      *
    563      * <p>This restriction can be set by device owners and profile owners.
    564      *
    565      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    566      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    567      * @see #getUserRestrictions()
    568      * @hide
    569      */
    570     public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background";
    571 
    572     /**
    573      * Specifies if a user is not allowed to use the camera.
    574      *
    575      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    576      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    577      * @see #getUserRestrictions()
    578      * @hide
    579      */
    580     public static final String DISALLOW_CAMERA = "no_camera";
    581 
    582     /**
    583      * Specifies if a user is not allowed to unmute the device's master volume.
    584      *
    585      * @see DevicePolicyManager#setMasterVolumeMuted(ComponentName, boolean)
    586      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    587      * @see #getUserRestrictions()
    588      * @hide
    589      */
    590     public static final String DISALLLOW_UNMUTE_DEVICE = "disallow_unmute_device";
    591 
    592     /**
    593      * Specifies if a user is not allowed to use cellular data when roaming. This can only be set by
    594      * device owners. The default value is <code>false</code>.
    595      *
    596      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    597      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    598      * @see #getUserRestrictions()
    599      */
    600     public static final String DISALLOW_DATA_ROAMING = "no_data_roaming";
    601 
    602     /**
    603      * Specifies if a user is not allowed to change their icon. Device owner and profile owner
    604      * can set this restriction. When it is set by device owner, only the target user will be
    605      * affected. The default value is <code>false</code>.
    606      *
    607      * <p>Key for user restrictions.
    608      * <p>Type: Boolean
    609      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    610      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    611      * @see #getUserRestrictions()
    612      */
    613     public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon";
    614 
    615     /**
    616      * Specifies if a user is not allowed to enable the oem unlock setting. The default value is
    617      * <code>false</code>. Setting this restriction has no effect if the bootloader is already
    618      * unlocked.
    619      *
    620      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    621      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    622      * @see #getUserRestrictions()
    623      * @hide
    624      */
    625     public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock";
    626 
    627     /**
    628      * Allows apps in the parent profile to handle web links from the managed profile.
    629      *
    630      * This user restriction has an effect only in a managed profile.
    631      * If set:
    632      * Intent filters of activities in the parent profile with action
    633      * {@link android.content.Intent#ACTION_VIEW},
    634      * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which
    635      * define a host can handle intents from the managed profile.
    636      * The default value is <code>false</code>.
    637      *
    638      * <p>Key for user restrictions.
    639      * <p>Type: Boolean
    640      * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
    641      * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
    642      * @see #getUserRestrictions()
    643      */
    644     public static final String ALLOW_PARENT_PROFILE_APP_LINKING
    645             = "allow_parent_profile_app_linking";
    646 
    647     /**
    648      * Application restriction key that is used to indicate the pending arrival
    649      * of real restrictions for the app.
    650      *
    651      * <p>
    652      * Applications that support restrictions should check for the presence of this key.
    653      * A <code>true</code> value indicates that restrictions may be applied in the near
    654      * future but are not available yet. It is the responsibility of any
    655      * management application that sets this flag to update it when the final
    656      * restrictions are enforced.
    657      *
    658      * <p>Key for application restrictions.
    659      * <p>Type: Boolean
    660      * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions(
    661      *      android.content.ComponentName, String, Bundle)
    662      * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions(
    663      *      android.content.ComponentName, String)
    664      */
    665     public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending";
    666 
    667     private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER";
    668 
    669     /**
    670      * Extra containing a name for the user being created. Optional parameter passed to
    671      * ACTION_CREATE_USER activity.
    672      * @hide
    673      */
    674     public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME";
    675 
    676     /**
    677      * Extra containing account name for the user being created. Optional parameter passed to
    678      * ACTION_CREATE_USER activity.
    679      * @hide
    680      */
    681     public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME";
    682 
    683     /**
    684      * Extra containing account type for the user being created. Optional parameter passed to
    685      * ACTION_CREATE_USER activity.
    686      * @hide
    687      */
    688     public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE";
    689 
    690     /**
    691      * Extra containing account-specific data for the user being created. Optional parameter passed
    692      * to ACTION_CREATE_USER activity.
    693      * @hide
    694      */
    695     public static final String EXTRA_USER_ACCOUNT_OPTIONS
    696             = "android.os.extra.USER_ACCOUNT_OPTIONS";
    697 
    698     /** @hide */
    699     public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;
    700     /** @hide */
    701     public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2;
    702     /** @hide */
    703     public static final int PIN_VERIFICATION_SUCCESS = -1;
    704 
    705     /**
    706      * Error result indicating that this user is not allowed to add other users on this device.
    707      * This is a result code returned from the activity created by the intent
    708      * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}.
    709      */
    710     public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER;
    711 
    712     /**
    713      * Error result indicating that no more users can be created on this device.
    714      * This is a result code returned from the activity created by the intent
    715      * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}.
    716      */
    717     public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1;
    718 
    719     /** @hide */
    720     public static UserManager get(Context context) {
    721         return (UserManager) context.getSystemService(Context.USER_SERVICE);
    722     }
    723 
    724     /** @hide */
    725     public UserManager(Context context, IUserManager service) {
    726         mService = service;
    727         mContext = context;
    728     }
    729 
    730     /**
    731      * Returns whether this device supports multiple users with their own login and customizable
    732      * space.
    733      * @return whether the device supports multiple users.
    734      */
    735     public static boolean supportsMultipleUsers() {
    736         return getMaxSupportedUsers() > 1
    737                 && SystemProperties.getBoolean("fw.show_multiuserui",
    738                 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI));
    739     }
    740 
    741     /**
    742      * @hide
    743      * @return Whether the device is running with split system user. It means the system user and
    744      * primary user are two separate users. Previously system user and primary user are combined as
    745      * a single owner user.  see @link {android.os.UserHandle#USER_OWNER}
    746      */
    747     public static boolean isSplitSystemUser() {
    748         return SystemProperties.getBoolean("ro.fw.system_user_split", false);
    749     }
    750 
    751     /**
    752      * Returns whether switching users is currently allowed.
    753      * <p>For instance switching users is not allowed if the current user is in a phone call,
    754      * or system user hasn't been unlocked yet
    755      * @hide
    756      */
    757     public boolean canSwitchUsers() {
    758         boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt(
    759                 mContext.getContentResolver(),
    760                 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0;
    761         boolean isSystemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM);
    762         boolean inCall = TelephonyManager.getDefault().getCallState()
    763                 != TelephonyManager.CALL_STATE_IDLE;
    764         return (allowUserSwitchingWhenSystemUserLocked || isSystemUserUnlocked) && !inCall;
    765     }
    766 
    767     /**
    768      * Returns the user handle for the user that this process is running under.
    769      *
    770      * @return the user handle of this process.
    771      * @hide
    772      */
    773     public @UserIdInt int getUserHandle() {
    774         return UserHandle.myUserId();
    775     }
    776 
    777     /**
    778      * Returns the user name of the user making this call.  This call is only
    779      * available to applications on the system image; it requires the
    780      * MANAGE_USERS permission.
    781      * @return the user name
    782      */
    783     public String getUserName() {
    784         try {
    785             return mService.getUserInfo(getUserHandle()).name;
    786         } catch (RemoteException re) {
    787             throw re.rethrowFromSystemServer();
    788         }
    789     }
    790 
    791     /**
    792      * Used to determine whether the user making this call is subject to
    793      * teleportations.
    794      *
    795      * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can
    796      * now automatically identify goats using advanced goat recognition technology.</p>
    797      *
    798      * @return Returns true if the user making this call is a goat.
    799      */
    800     public boolean isUserAGoat() {
    801         return mContext.getPackageManager()
    802                 .isPackageAvailable("com.coffeestainstudios.goatsimulator");
    803     }
    804 
    805     /**
    806      * Used to check if this process is running under the primary user. The primary user
    807      * is the first human user on a device.
    808      *
    809      * @return whether this process is running under the primary user.
    810      * @hide
    811      */
    812     public boolean isPrimaryUser() {
    813         UserInfo user = getUserInfo(UserHandle.myUserId());
    814         return user != null && user.isPrimary();
    815     }
    816 
    817     /**
    818      * Used to check if this process is running under the system user. The system user
    819      * is the initial user that is implicitly created on first boot and hosts most of the
    820      * system services.
    821      *
    822      * @return whether this process is running under the system user.
    823      */
    824     public boolean isSystemUser() {
    825         return UserHandle.myUserId() == UserHandle.USER_SYSTEM;
    826     }
    827 
    828     /**
    829      * @hide
    830      * Returns whether the caller is running as an admin user. There can be more than one admin
    831      * user.
    832      */
    833     public boolean isAdminUser() {
    834         return isUserAdmin(UserHandle.myUserId());
    835     }
    836 
    837     /**
    838      * @hide
    839      * Returns whether the provided user is an admin user. There can be more than one admin
    840      * user.
    841      */
    842     public boolean isUserAdmin(@UserIdInt int userId) {
    843         UserInfo user = getUserInfo(userId);
    844         return user != null && user.isAdmin();
    845     }
    846 
    847     /**
    848      * Used to check if the user making this call is linked to another user. Linked users may have
    849      * a reduced number of available apps, app restrictions and account restrictions.
    850      * @return whether the user making this call is a linked user
    851      * @hide
    852      */
    853     public boolean isLinkedUser() {
    854         try {
    855             return mService.isRestricted();
    856         } catch (RemoteException re) {
    857             throw re.rethrowFromSystemServer();
    858         }
    859     }
    860 
    861     /**
    862      * Checks if specified user can have restricted profile.
    863      * @hide
    864      */
    865     public boolean canHaveRestrictedProfile(@UserIdInt int userId) {
    866         try {
    867             return mService.canHaveRestrictedProfile(userId);
    868         } catch (RemoteException re) {
    869             throw re.rethrowFromSystemServer();
    870         }
    871     }
    872 
    873     /**
    874      * Checks if the calling app is running as a guest user.
    875      * @return whether the caller is a guest user.
    876      * @hide
    877      */
    878     public boolean isGuestUser() {
    879         UserInfo user = getUserInfo(UserHandle.myUserId());
    880         return user != null && user.isGuest();
    881     }
    882 
    883     /**
    884      * Checks if the calling app is running in a demo user. When running in a demo user,
    885      * apps can be more helpful to the user, or explain their features in more detail.
    886      *
    887      * @return whether the caller is a demo user.
    888      */
    889     public boolean isDemoUser() {
    890         try {
    891             return mService.isDemoUser(UserHandle.myUserId());
    892         } catch (RemoteException re) {
    893             throw re.rethrowFromSystemServer();
    894         }
    895     }
    896 
    897     /**
    898      * Checks if the calling app is running in a managed profile.
    899      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
    900      *
    901      * @return whether the caller is in a managed profile.
    902      * @hide
    903      */
    904     @SystemApi
    905     public boolean isManagedProfile() {
    906         try {
    907             return mService.isManagedProfile(UserHandle.myUserId());
    908         } catch (RemoteException re) {
    909             throw re.rethrowFromSystemServer();
    910         }
    911     }
    912 
    913     /**
    914      * Checks if the specified user is a managed profile.
    915      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission, otherwise the caller
    916      * must be in the same profile group of specified user.
    917      *
    918      * @return whether the specified user is a managed profile.
    919      * @hide
    920      */
    921     @SystemApi
    922     public boolean isManagedProfile(@UserIdInt int userId) {
    923         try {
    924             return mService.isManagedProfile(userId);
    925         } catch (RemoteException re) {
    926             throw re.rethrowFromSystemServer();
    927         }
    928     }
    929 
    930     /**
    931      * Checks if the calling app is running as an ephemeral user.
    932      *
    933      * @return whether the caller is an ephemeral user.
    934      * @hide
    935      */
    936     public boolean isEphemeralUser() {
    937         return isUserEphemeral(UserHandle.myUserId());
    938     }
    939 
    940     /**
    941      * Returns whether the specified user is ephemeral.
    942      * @hide
    943      */
    944     public boolean isUserEphemeral(@UserIdInt int userId) {
    945         final UserInfo user = getUserInfo(userId);
    946         return user != null && user.isEphemeral();
    947     }
    948 
    949     /**
    950      * Return whether the given user is actively running.  This means that
    951      * the user is in the "started" state, not "stopped" -- it is currently
    952      * allowed to run code through scheduled alarms, receiving broadcasts,
    953      * etc.  A started user may be either the current foreground user or a
    954      * background user; the result here does not distinguish between the two.
    955      * @param user The user to retrieve the running state for.
    956      */
    957     public boolean isUserRunning(UserHandle user) {
    958         return isUserRunning(user.getIdentifier());
    959     }
    960 
    961     /** {@hide} */
    962     public boolean isUserRunning(int userId) {
    963         // TODO Switch to using UMS internal isUserRunning
    964         try {
    965             return ActivityManagerNative.getDefault().isUserRunning(userId, 0);
    966         } catch (RemoteException re) {
    967             throw re.rethrowFromSystemServer();
    968         }
    969     }
    970 
    971     /**
    972      * Return whether the given user is actively running <em>or</em> stopping.
    973      * This is like {@link #isUserRunning(UserHandle)}, but will also return
    974      * true if the user had been running but is in the process of being stopped
    975      * (but is not yet fully stopped, and still running some code).
    976      * @param user The user to retrieve the running state for.
    977      */
    978     public boolean isUserRunningOrStopping(UserHandle user) {
    979         try {
    980             // TODO: reconcile stopped vs stopping?
    981             return ActivityManagerNative.getDefault().isUserRunning(
    982                     user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED);
    983         } catch (RemoteException re) {
    984             throw re.rethrowFromSystemServer();
    985         }
    986     }
    987 
    988     /** @removed */
    989     @Deprecated
    990     public boolean isUserRunningAndLocked() {
    991         return isUserRunningAndLocked(Process.myUserHandle());
    992     }
    993 
    994     /** @removed */
    995     @Deprecated
    996     public boolean isUserRunningAndLocked(UserHandle user) {
    997         try {
    998             return ActivityManagerNative.getDefault().isUserRunning(
    999                     user.getIdentifier(), ActivityManager.FLAG_AND_LOCKED);
   1000         } catch (RemoteException re) {
   1001             throw re.rethrowFromSystemServer();
   1002         }
   1003     }
   1004 
   1005     /** @removed */
   1006     @Deprecated
   1007     public boolean isUserRunningAndUnlocked() {
   1008         return isUserRunningAndUnlocked(Process.myUserHandle());
   1009     }
   1010 
   1011     /** @removed */
   1012     @Deprecated
   1013     public boolean isUserRunningAndUnlocked(UserHandle user) {
   1014         try {
   1015             return ActivityManagerNative.getDefault().isUserRunning(
   1016                     user.getIdentifier(), ActivityManager.FLAG_AND_UNLOCKED);
   1017         } catch (RemoteException re) {
   1018             throw re.rethrowFromSystemServer();
   1019         }
   1020     }
   1021 
   1022     /**
   1023      * Return whether the calling user is running in an "unlocked" state.
   1024      * <p>
   1025      * On devices with direct boot, a user is unlocked only after they've
   1026      * entered their credentials (such as a lock pattern or PIN). On devices
   1027      * without direct boot, a user is unlocked as soon as it starts.
   1028      * <p>
   1029      * When a user is locked, only device-protected data storage is available.
   1030      * When a user is unlocked, both device-protected and credential-protected
   1031      * private app data storage is available.
   1032      *
   1033      * @see Intent#ACTION_USER_UNLOCKED
   1034      * @see Context#createDeviceProtectedStorageContext()
   1035      */
   1036     public boolean isUserUnlocked() {
   1037         return isUserUnlocked(Process.myUserHandle());
   1038     }
   1039 
   1040     /**
   1041      * Return whether the given user is running in an "unlocked" state.
   1042      * <p>
   1043      * On devices with direct boot, a user is unlocked only after they've
   1044      * entered their credentials (such as a lock pattern or PIN). On devices
   1045      * without direct boot, a user is unlocked as soon as it starts.
   1046      * <p>
   1047      * When a user is locked, only device-protected data storage is available.
   1048      * When a user is unlocked, both device-protected and credential-protected
   1049      * private app data storage is available.
   1050      *
   1051      * @param user to retrieve the unlocked state for.
   1052      * @see Intent#ACTION_USER_UNLOCKED
   1053      * @see Context#createDeviceProtectedStorageContext()
   1054      */
   1055     public boolean isUserUnlocked(UserHandle user) {
   1056         return isUserUnlocked(user.getIdentifier());
   1057     }
   1058 
   1059     /** {@hide} */
   1060     public boolean isUserUnlocked(@UserIdInt int userId) {
   1061         try {
   1062             return ActivityManagerNative.getDefault().isUserRunning(userId,
   1063                     ActivityManager.FLAG_AND_UNLOCKED);
   1064         } catch (RemoteException re) {
   1065             throw re.rethrowFromSystemServer();
   1066         }
   1067     }
   1068 
   1069     /** {@hide} */
   1070     public boolean isUserUnlockingOrUnlocked(UserHandle user) {
   1071         return isUserUnlockingOrUnlocked(user.getIdentifier());
   1072     }
   1073 
   1074     /** {@hide} */
   1075     public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) {
   1076         // TODO Switch to using UMS internal isUserUnlockingOrUnlocked
   1077         try {
   1078             return ActivityManagerNative.getDefault().isUserRunning(userId,
   1079                     ActivityManager.FLAG_AND_UNLOCKING_OR_UNLOCKED);
   1080         } catch (RemoteException re) {
   1081             throw re.rethrowFromSystemServer();
   1082         }
   1083     }
   1084 
   1085     /**
   1086      * Returns the UserInfo object describing a specific user.
   1087      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1088      * @param userHandle the user handle of the user whose information is being requested.
   1089      * @return the UserInfo object for a specific user.
   1090      * @hide
   1091      */
   1092     public UserInfo getUserInfo(@UserIdInt int userHandle) {
   1093         try {
   1094             return mService.getUserInfo(userHandle);
   1095         } catch (RemoteException re) {
   1096             throw re.rethrowFromSystemServer();
   1097         }
   1098     }
   1099 
   1100     /**
   1101      * @hide
   1102      *
   1103      * Returns who set a user restriction on a user.
   1104      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1105      * @param restrictionKey the string key representing the restriction
   1106      * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
   1107      * @return The source of user restriction. Any combination of {@link #RESTRICTION_NOT_SET},
   1108      *         {@link #RESTRICTION_SOURCE_SYSTEM}, {@link #RESTRICTION_SOURCE_DEVICE_OWNER}
   1109      *         and {@link #RESTRICTION_SOURCE_PROFILE_OWNER}
   1110      */
   1111     @SystemApi
   1112     @UserRestrictionSource
   1113     public int getUserRestrictionSource(String restrictionKey, UserHandle userHandle) {
   1114         try {
   1115             return mService.getUserRestrictionSource(restrictionKey, userHandle.getIdentifier());
   1116         } catch (RemoteException re) {
   1117             throw re.rethrowFromSystemServer();
   1118         }
   1119     }
   1120 
   1121     /**
   1122      * Returns the user-wide restrictions imposed on this user.
   1123      * @return a Bundle containing all the restrictions.
   1124      */
   1125     public Bundle getUserRestrictions() {
   1126         return getUserRestrictions(Process.myUserHandle());
   1127     }
   1128 
   1129     /**
   1130      * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>.
   1131      * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
   1132      * @return a Bundle containing all the restrictions.
   1133      */
   1134     public Bundle getUserRestrictions(UserHandle userHandle) {
   1135         try {
   1136             return mService.getUserRestrictions(userHandle.getIdentifier());
   1137         } catch (RemoteException re) {
   1138             throw re.rethrowFromSystemServer();
   1139         }
   1140     }
   1141 
   1142      /**
   1143      * @hide
   1144      * Returns whether the given user has been disallowed from performing certain actions
   1145      * or setting certain settings through UserManager. This method disregards restrictions
   1146      * set by device policy.
   1147      * @param restrictionKey the string key representing the restriction
   1148      * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
   1149      */
   1150     public boolean hasBaseUserRestriction(String restrictionKey, UserHandle userHandle) {
   1151         try {
   1152             return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier());
   1153         } catch (RemoteException re) {
   1154             throw re.rethrowFromSystemServer();
   1155         }
   1156     }
   1157 
   1158     /**
   1159      * This will no longer work.  Device owners and profile owners should use
   1160      * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead.
   1161      */
   1162     // System apps should use UserManager.setUserRestriction() instead.
   1163     @Deprecated
   1164     public void setUserRestrictions(Bundle restrictions) {
   1165         throw new UnsupportedOperationException("This method is no longer supported");
   1166     }
   1167 
   1168     /**
   1169      * This will no longer work.  Device owners and profile owners should use
   1170      * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead.
   1171      */
   1172     // System apps should use UserManager.setUserRestriction() instead.
   1173     @Deprecated
   1174     public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) {
   1175         throw new UnsupportedOperationException("This method is no longer supported");
   1176     }
   1177 
   1178     /**
   1179      * Sets the value of a specific restriction.
   1180      * Requires the MANAGE_USERS permission.
   1181      * @param key the key of the restriction
   1182      * @param value the value for the restriction
   1183      * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(
   1184      * android.content.ComponentName, String)} or
   1185      * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(
   1186      * android.content.ComponentName, String)} instead.
   1187      */
   1188     @Deprecated
   1189     public void setUserRestriction(String key, boolean value) {
   1190         setUserRestriction(key, value, Process.myUserHandle());
   1191     }
   1192 
   1193     /**
   1194      * @hide
   1195      * Sets the value of a specific restriction on a specific user.
   1196      * Requires the MANAGE_USERS permission.
   1197      * @param key the key of the restriction
   1198      * @param value the value for the restriction
   1199      * @param userHandle the user whose restriction is to be changed.
   1200      * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(
   1201      * android.content.ComponentName, String)} or
   1202      * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(
   1203      * android.content.ComponentName, String)} instead.
   1204      */
   1205     @Deprecated
   1206     public void setUserRestriction(String key, boolean value, UserHandle userHandle) {
   1207         try {
   1208             mService.setUserRestriction(key, value, userHandle.getIdentifier());
   1209         } catch (RemoteException re) {
   1210             throw re.rethrowFromSystemServer();
   1211         }
   1212     }
   1213 
   1214     /**
   1215      * Returns whether the current user has been disallowed from performing certain actions
   1216      * or setting certain settings.
   1217      *
   1218      * @param restrictionKey The string key representing the restriction.
   1219      * @return {@code true} if the current user has the given restriction, {@code false} otherwise.
   1220      */
   1221     public boolean hasUserRestriction(String restrictionKey) {
   1222         return hasUserRestriction(restrictionKey, Process.myUserHandle());
   1223     }
   1224 
   1225     /**
   1226      * @hide
   1227      * Returns whether the given user has been disallowed from performing certain actions
   1228      * or setting certain settings.
   1229      * @param restrictionKey the string key representing the restriction
   1230      * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
   1231      */
   1232     public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) {
   1233         try {
   1234             return mService.hasUserRestriction(restrictionKey,
   1235                     userHandle.getIdentifier());
   1236         } catch (RemoteException re) {
   1237             throw re.rethrowFromSystemServer();
   1238         }
   1239     }
   1240 
   1241     /**
   1242      * Return the serial number for a user.  This is a device-unique
   1243      * number assigned to that user; if the user is deleted and then a new
   1244      * user created, the new users will not be given the same serial number.
   1245      * @param user The user whose serial number is to be retrieved.
   1246      * @return The serial number of the given user; returns -1 if the
   1247      * given UserHandle does not exist.
   1248      * @see #getUserForSerialNumber(long)
   1249      */
   1250     public long getSerialNumberForUser(UserHandle user) {
   1251         return getUserSerialNumber(user.getIdentifier());
   1252     }
   1253 
   1254     /**
   1255      * Return the user associated with a serial number previously
   1256      * returned by {@link #getSerialNumberForUser(UserHandle)}.
   1257      * @param serialNumber The serial number of the user that is being
   1258      * retrieved.
   1259      * @return Return the user associated with the serial number, or null
   1260      * if there is not one.
   1261      * @see #getSerialNumberForUser(UserHandle)
   1262      */
   1263     public UserHandle getUserForSerialNumber(long serialNumber) {
   1264         int ident = getUserHandle((int) serialNumber);
   1265         return ident >= 0 ? new UserHandle(ident) : null;
   1266     }
   1267 
   1268     /**
   1269      * Creates a user with the specified name and options. For non-admin users, default user
   1270      * restrictions are going to be applied.
   1271      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1272      *
   1273      * @param name the user's name
   1274      * @param flags flags that identify the type of user and other properties.
   1275      * @see UserInfo
   1276      *
   1277      * @return the UserInfo object for the created user, or null if the user could not be created.
   1278      * @hide
   1279      */
   1280     public UserInfo createUser(String name, int flags) {
   1281         UserInfo user = null;
   1282         try {
   1283             user = mService.createUser(name, flags);
   1284             // TODO: Keep this in sync with
   1285             // UserManagerService.LocalService.createUserEvenWhenDisallowed
   1286             if (user != null && !user.isAdmin()) {
   1287                 mService.setUserRestriction(DISALLOW_SMS, true, user.id);
   1288                 mService.setUserRestriction(DISALLOW_OUTGOING_CALLS, true, user.id);
   1289             }
   1290         } catch (RemoteException re) {
   1291             throw re.rethrowFromSystemServer();
   1292         }
   1293         return user;
   1294     }
   1295 
   1296     /**
   1297      * Creates a guest user and configures it.
   1298      * @param context an application context
   1299      * @param name the name to set for the user
   1300      * @hide
   1301      */
   1302     public UserInfo createGuest(Context context, String name) {
   1303         UserInfo guest = null;
   1304         try {
   1305             guest = mService.createUser(name, UserInfo.FLAG_GUEST);
   1306             if (guest != null) {
   1307                 Settings.Secure.putStringForUser(context.getContentResolver(),
   1308                         Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id);
   1309             }
   1310         } catch (RemoteException re) {
   1311             throw re.rethrowFromSystemServer();
   1312         }
   1313         return guest;
   1314     }
   1315 
   1316     /**
   1317      * Creates a user with the specified name and options as a profile of another user.
   1318      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1319      *
   1320      * @param name the user's name
   1321      * @param flags flags that identify the type of user and other properties.
   1322      * @see UserInfo
   1323      * @param userHandle new user will be a profile of this use.
   1324      *
   1325      * @return the UserInfo object for the created user, or null if the user could not be created.
   1326      * @hide
   1327      */
   1328     public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle) {
   1329         try {
   1330             return mService.createProfileForUser(name, flags, userHandle);
   1331         } catch (RemoteException re) {
   1332             throw re.rethrowFromSystemServer();
   1333         }
   1334     }
   1335 
   1336     /**
   1337      * Creates a restricted profile with the specified name. This method also sets necessary
   1338      * restrictions and adds shared accounts.
   1339      *
   1340      * @param name profile's name
   1341      * @return UserInfo object for the created user, or null if the user could not be created.
   1342      * @hide
   1343      */
   1344     public UserInfo createRestrictedProfile(String name) {
   1345         try {
   1346             UserHandle parentUserHandle = Process.myUserHandle();
   1347             UserInfo user = mService.createRestrictedProfile(name,
   1348                     parentUserHandle.getIdentifier());
   1349             if (user != null) {
   1350                 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle,
   1351                         UserHandle.of(user.id));
   1352             }
   1353             return user;
   1354         } catch (RemoteException re) {
   1355             throw re.rethrowFromSystemServer();
   1356         }
   1357     }
   1358 
   1359     /**
   1360      * Returns an intent to create a user for the provided name and account name. The name
   1361      * and account name will be used when the setup process for the new user is started.
   1362      * <p>
   1363      * The intent should be launched using startActivityForResult and the return result will
   1364      * indicate if the user consented to adding a new user and if the operation succeeded. Any
   1365      * errors in creating the user will be returned in the result code. If the user cancels the
   1366      * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the
   1367      * result code will be {@link Activity#RESULT_OK}.
   1368      * <p>
   1369      * Use {@link #supportsMultipleUsers()} to first check if the device supports this operation
   1370      * at all.
   1371      * <p>
   1372      * The new user is created but not initialized. After switching into the user for the first
   1373      * time, the preferred user name and account information are used by the setup process for that
   1374      * user.
   1375      *
   1376      * @param userName Optional name to assign to the user.
   1377      * @param accountName Optional account name that will be used by the setup wizard to initialize
   1378      *                    the user.
   1379      * @param accountType Optional account type for the account to be created. This is required
   1380      *                    if the account name is specified.
   1381      * @param accountOptions Optional bundle of data to be passed in during account creation in the
   1382      *                       new user via {@link AccountManager#addAccount(String, String, String[],
   1383      *                       Bundle, android.app.Activity, android.accounts.AccountManagerCallback,
   1384      *                       Handler)}.
   1385      * @return An Intent that can be launched from an Activity.
   1386      * @see #USER_CREATION_FAILED_NOT_PERMITTED
   1387      * @see #USER_CREATION_FAILED_NO_MORE_USERS
   1388      * @see #supportsMultipleUsers
   1389      */
   1390     public static Intent createUserCreationIntent(@Nullable String userName,
   1391             @Nullable String accountName,
   1392             @Nullable String accountType, @Nullable PersistableBundle accountOptions) {
   1393         Intent intent = new Intent(ACTION_CREATE_USER);
   1394         if (userName != null) {
   1395             intent.putExtra(EXTRA_USER_NAME, userName);
   1396         }
   1397         if (accountName != null && accountType == null) {
   1398             throw new IllegalArgumentException("accountType must be specified if accountName is "
   1399                     + "specified");
   1400         }
   1401         if (accountName != null) {
   1402             intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName);
   1403         }
   1404         if (accountType != null) {
   1405             intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType);
   1406         }
   1407         if (accountOptions != null) {
   1408             intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions);
   1409         }
   1410         return intent;
   1411     }
   1412 
   1413     /**
   1414      * @hide
   1415      *
   1416      * Returns the preferred account name for user creation. Requires MANAGE_USERS permission.
   1417      */
   1418     @SystemApi
   1419     public String getSeedAccountName() {
   1420         try {
   1421             return mService.getSeedAccountName();
   1422         } catch (RemoteException re) {
   1423             throw re.rethrowFromSystemServer();
   1424         }
   1425     }
   1426 
   1427     /**
   1428      * @hide
   1429      *
   1430      * Returns the preferred account type for user creation. Requires MANAGE_USERS permission.
   1431      */
   1432     @SystemApi
   1433     public String getSeedAccountType() {
   1434         try {
   1435             return mService.getSeedAccountType();
   1436         } catch (RemoteException re) {
   1437             throw re.rethrowFromSystemServer();
   1438         }
   1439     }
   1440 
   1441     /**
   1442      * @hide
   1443      *
   1444      * Returns the preferred account's options bundle for user creation. Requires MANAGE_USERS
   1445      * permission.
   1446      * @return Any options set by the requestor that created the user.
   1447      */
   1448     @SystemApi
   1449     public PersistableBundle getSeedAccountOptions() {
   1450         try {
   1451             return mService.getSeedAccountOptions();
   1452         } catch (RemoteException re) {
   1453             throw re.rethrowFromSystemServer();
   1454         }
   1455     }
   1456 
   1457     /**
   1458      * @hide
   1459      *
   1460      * Called by a system activity to set the seed account information of a user created
   1461      * through the user creation intent.
   1462      * @param userId
   1463      * @param accountName
   1464      * @param accountType
   1465      * @param accountOptions
   1466      * @see #createUserCreationIntent(String, String, String, PersistableBundle)
   1467      */
   1468     public void setSeedAccountData(int userId, String accountName, String accountType,
   1469             PersistableBundle accountOptions) {
   1470         try {
   1471             mService.setSeedAccountData(userId, accountName, accountType, accountOptions,
   1472                     /* persist= */ true);
   1473         } catch (RemoteException re) {
   1474             throw re.rethrowFromSystemServer();
   1475         }
   1476     }
   1477 
   1478     /**
   1479      * @hide
   1480      * Clears the seed information used to create this user. Requires MANAGE_USERS permission.
   1481      */
   1482     @SystemApi
   1483     public void clearSeedAccountData() {
   1484         try {
   1485             mService.clearSeedAccountData();
   1486         } catch (RemoteException re) {
   1487             throw re.rethrowFromSystemServer();
   1488         }
   1489     }
   1490 
   1491     /**
   1492      * @hide
   1493      * Marks the guest user for deletion to allow a new guest to be created before deleting
   1494      * the current user who is a guest.
   1495      * @param userHandle
   1496      * @return
   1497      */
   1498     public boolean markGuestForDeletion(@UserIdInt int userHandle) {
   1499         try {
   1500             return mService.markGuestForDeletion(userHandle);
   1501         } catch (RemoteException re) {
   1502             throw re.rethrowFromSystemServer();
   1503         }
   1504     }
   1505 
   1506     /**
   1507      * Sets the user as enabled, if such an user exists.
   1508      *
   1509      * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1510      *
   1511      * <p>Note that the default is true, it's only that managed profiles might not be enabled.
   1512      * Also ephemeral users can be disabled to indicate that their removal is in progress and they
   1513      * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled.
   1514      *
   1515      * @param userHandle the id of the profile to enable
   1516      * @hide
   1517      */
   1518     public void setUserEnabled(@UserIdInt int userHandle) {
   1519         try {
   1520             mService.setUserEnabled(userHandle);
   1521         } catch (RemoteException re) {
   1522             throw re.rethrowFromSystemServer();
   1523         }
   1524     }
   1525 
   1526     /**
   1527      * Return the number of users currently created on the device.
   1528      */
   1529     public int getUserCount() {
   1530         List<UserInfo> users = getUsers();
   1531         return users != null ? users.size() : 1;
   1532     }
   1533 
   1534     /**
   1535      * Returns information for all users on this device, including ones marked for deletion.
   1536      * To retrieve only users that are alive, use {@link #getUsers(boolean)}.
   1537      * <p>
   1538      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1539      * @return the list of users that exist on the device.
   1540      * @hide
   1541      */
   1542     public List<UserInfo> getUsers() {
   1543         try {
   1544             return mService.getUsers(false);
   1545         } catch (RemoteException re) {
   1546             throw re.rethrowFromSystemServer();
   1547         }
   1548     }
   1549 
   1550     /**
   1551      * Returns serial numbers of all users on this device.
   1552      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1553      *
   1554      * @param excludeDying specify if the list should exclude users being removed.
   1555      * @return the list of serial numbers of users that exist on the device.
   1556      * @hide
   1557      */
   1558     @SystemApi
   1559     public long[] getSerialNumbersOfUsers(boolean excludeDying) {
   1560         try {
   1561             List<UserInfo> users = mService.getUsers(excludeDying);
   1562             long[] result = new long[users.size()];
   1563             for (int i = 0; i < result.length; i++) {
   1564                 result[i] = users.get(i).serialNumber;
   1565             }
   1566             return result;
   1567         } catch (RemoteException re) {
   1568             throw re.rethrowFromSystemServer();
   1569         }
   1570     }
   1571 
   1572     /**
   1573      * @return the user's account name, null if not found.
   1574      * @hide
   1575      */
   1576     @RequiresPermission( allOf = {
   1577             Manifest.permission.INTERACT_ACROSS_USERS_FULL,
   1578             Manifest.permission.MANAGE_USERS
   1579     })
   1580     public @Nullable String getUserAccount(@UserIdInt int userHandle) {
   1581         try {
   1582             return mService.getUserAccount(userHandle);
   1583         } catch (RemoteException re) {
   1584             throw re.rethrowFromSystemServer();
   1585         }
   1586     }
   1587 
   1588     /**
   1589      * Set account name for the given user.
   1590      * @hide
   1591      */
   1592     @RequiresPermission( allOf = {
   1593             Manifest.permission.INTERACT_ACROSS_USERS_FULL,
   1594             Manifest.permission.MANAGE_USERS
   1595     })
   1596     public void setUserAccount(@UserIdInt int userHandle, @Nullable String accountName) {
   1597         try {
   1598             mService.setUserAccount(userHandle, accountName);
   1599         } catch (RemoteException re) {
   1600             throw re.rethrowFromSystemServer();
   1601         }
   1602     }
   1603 
   1604     /**
   1605      * Returns information for Primary user.
   1606      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1607      *
   1608      * @return the Primary user, null if not found.
   1609      * @hide
   1610      */
   1611     public @Nullable UserInfo getPrimaryUser() {
   1612         try {
   1613             return mService.getPrimaryUser();
   1614         } catch (RemoteException re) {
   1615             throw re.rethrowFromSystemServer();
   1616         }
   1617     }
   1618 
   1619     /**
   1620      * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS
   1621      * permission.
   1622      *
   1623      * @return true if more users can be added, false if limit has been reached.
   1624      * @hide
   1625      */
   1626     public boolean canAddMoreUsers() {
   1627         final List<UserInfo> users = getUsers(true);
   1628         final int totalUserCount = users.size();
   1629         int aliveUserCount = 0;
   1630         for (int i = 0; i < totalUserCount; i++) {
   1631             UserInfo user = users.get(i);
   1632             if (!user.isGuest()) {
   1633                 aliveUserCount++;
   1634             }
   1635         }
   1636         return aliveUserCount < getMaxSupportedUsers();
   1637     }
   1638 
   1639     /**
   1640      * Checks whether it's possible to add more managed profiles. Caller must hold the MANAGE_USERS
   1641      * permission.
   1642      * if allowedToRemoveOne is true and if the user already has a managed profile, then return if
   1643      * we could add a new managed profile to this user after removing the existing one.
   1644      *
   1645      * @return true if more managed profiles can be added, false if limit has been reached.
   1646      * @hide
   1647      */
   1648     public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) {
   1649         try {
   1650             return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne);
   1651         } catch (RemoteException re) {
   1652             throw re.rethrowFromSystemServer();
   1653         }
   1654     }
   1655 
   1656     /**
   1657      * Returns list of the profiles of userHandle including
   1658      * userHandle itself.
   1659      * Note that this returns both enabled and not enabled profiles. See
   1660      * {@link #getEnabledProfiles(int)} if you need only the enabled ones.
   1661      *
   1662      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1663      * @param userHandle profiles of this user will be returned.
   1664      * @return the list of profiles.
   1665      * @hide
   1666      */
   1667     public List<UserInfo> getProfiles(@UserIdInt int userHandle) {
   1668         try {
   1669             return mService.getProfiles(userHandle, false /* enabledOnly */);
   1670         } catch (RemoteException re) {
   1671             throw re.rethrowFromSystemServer();
   1672         }
   1673     }
   1674 
   1675     /**
   1676      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1677      * @param userId one of the two user ids to check.
   1678      * @param otherUserId one of the two user ids to check.
   1679      * @return true if the two user ids are in the same profile group.
   1680      * @hide
   1681      */
   1682     public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) {
   1683         try {
   1684             return mService.isSameProfileGroup(userId, otherUserId);
   1685         } catch (RemoteException re) {
   1686             throw re.rethrowFromSystemServer();
   1687         }
   1688     }
   1689 
   1690     /**
   1691      * Returns list of the profiles of userHandle including
   1692      * userHandle itself.
   1693      * Note that this returns only enabled.
   1694      *
   1695      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1696      * @param userHandle profiles of this user will be returned.
   1697      * @return the list of profiles.
   1698      * @hide
   1699      */
   1700     public List<UserInfo> getEnabledProfiles(@UserIdInt int userHandle) {
   1701         try {
   1702             return mService.getProfiles(userHandle, true /* enabledOnly */);
   1703         } catch (RemoteException re) {
   1704             throw re.rethrowFromSystemServer();
   1705         }
   1706     }
   1707 
   1708     /**
   1709      * Returns a list of UserHandles for profiles associated with the user that the calling process
   1710      * is running on, including the user itself.
   1711      *
   1712      * @return A non-empty list of UserHandles associated with the calling user.
   1713      */
   1714     public List<UserHandle> getUserProfiles() {
   1715         int[] userIds = getProfileIds(UserHandle.myUserId(), true /* enabledOnly */);
   1716         List<UserHandle> result = new ArrayList<>(userIds.length);
   1717         for (int userId : userIds) {
   1718             result.add(UserHandle.of(userId));
   1719         }
   1720         return result;
   1721     }
   1722 
   1723     /**
   1724      * Returns a list of ids for profiles associated with the specified user including the user
   1725      * itself.
   1726      *
   1727      * @param userId      id of the user to return profiles for
   1728      * @param enabledOnly whether return only {@link UserInfo#isEnabled() enabled} profiles
   1729      * @return A non-empty list of ids of profiles associated with the specified user.
   1730      *
   1731      * @hide
   1732      */
   1733     public int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) {
   1734         try {
   1735             return mService.getProfileIds(userId, enabledOnly);
   1736         } catch (RemoteException re) {
   1737             throw re.rethrowFromSystemServer();
   1738         }
   1739     }
   1740 
   1741     /**
   1742      * @see #getProfileIds(int, boolean)
   1743      * @hide
   1744      */
   1745     public int[] getProfileIdsWithDisabled(@UserIdInt int userId) {
   1746         return getProfileIds(userId, false /* enabledOnly */);
   1747     }
   1748 
   1749     /**
   1750      * @see #getProfileIds(int, boolean)
   1751      * @hide
   1752      */
   1753     public int[] getEnabledProfileIds(@UserIdInt int userId) {
   1754         return getProfileIds(userId, true /* enabledOnly */);
   1755     }
   1756 
   1757     /**
   1758      * Returns the device credential owner id of the profile from
   1759      * which this method is called, or userHandle if called from a user that
   1760      * is not a profile.
   1761      *
   1762      * @hide
   1763      */
   1764     public int getCredentialOwnerProfile(@UserIdInt int userHandle) {
   1765         try {
   1766             return mService.getCredentialOwnerProfile(userHandle);
   1767         } catch (RemoteException re) {
   1768             throw re.rethrowFromSystemServer();
   1769         }
   1770     }
   1771 
   1772     /**
   1773      * Returns the parent of the profile which this method is called from
   1774      * or null if called from a user that is not a profile.
   1775      *
   1776      * @hide
   1777      */
   1778     public UserInfo getProfileParent(@UserIdInt int userHandle) {
   1779         try {
   1780             return mService.getProfileParent(userHandle);
   1781         } catch (RemoteException re) {
   1782             throw re.rethrowFromSystemServer();
   1783         }
   1784     }
   1785 
   1786     /**
   1787      * Set quiet mode of a managed profile.
   1788      *
   1789      * @param userHandle The user handle of the profile.
   1790      * @param enableQuietMode Whether quiet mode should be enabled or disabled.
   1791      * @hide
   1792      */
   1793     public void setQuietModeEnabled(@UserIdInt int userHandle, boolean enableQuietMode) {
   1794         try {
   1795             mService.setQuietModeEnabled(userHandle, enableQuietMode);
   1796         } catch (RemoteException re) {
   1797             throw re.rethrowFromSystemServer();
   1798         }
   1799     }
   1800 
   1801     /**
   1802      * Returns whether the given profile is in quiet mode or not.
   1803      * Notes: Quiet mode is only supported for managed profiles.
   1804      *
   1805      * @param userHandle The user handle of the profile to be queried.
   1806      * @return true if the profile is in quiet mode, false otherwise.
   1807      */
   1808     public boolean isQuietModeEnabled(UserHandle userHandle) {
   1809         try {
   1810             return mService.isQuietModeEnabled(userHandle.getIdentifier());
   1811         } catch (RemoteException re) {
   1812             throw re.rethrowFromSystemServer();
   1813         }
   1814     }
   1815 
   1816     /**
   1817      * Tries disabling quiet mode for a given user. If the user is still locked, we unlock the user
   1818      * first by showing the confirm credentials screen and disable quiet mode upon successful
   1819      * unlocking. If the user is already unlocked, we call through to {@link #setQuietModeEnabled}
   1820      * directly.
   1821      *
   1822      * @return true if the quiet mode was disabled immediately
   1823      * @hide
   1824      */
   1825     public boolean trySetQuietModeDisabled(@UserIdInt int userHandle, IntentSender target) {
   1826         try {
   1827             return mService.trySetQuietModeDisabled(userHandle, target);
   1828         } catch (RemoteException re) {
   1829             throw re.rethrowFromSystemServer();
   1830         }
   1831     }
   1832 
   1833     /**
   1834      * If the target user is a managed profile of the calling user or the caller
   1835      * is itself a managed profile, then this returns a badged copy of the given
   1836      * icon to be able to distinguish it from the original icon. For badging an
   1837      * arbitrary drawable use {@link #getBadgedDrawableForUser(
   1838      * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}.
   1839      * <p>
   1840      * If the original drawable is a BitmapDrawable and the backing bitmap is
   1841      * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging
   1842      * is performed in place and the original drawable is returned.
   1843      * </p>
   1844      *
   1845      * @param icon The icon to badge.
   1846      * @param user The target user.
   1847      * @return A drawable that combines the original icon and a badge as
   1848      *         determined by the system.
   1849      * @removed
   1850      */
   1851     public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) {
   1852         return mContext.getPackageManager().getUserBadgedIcon(icon, user);
   1853     }
   1854 
   1855     /**
   1856      * If the target user is a managed profile of the calling user or the caller
   1857      * is itself a managed profile, then this returns a badged copy of the given
   1858      * drawable allowing the user to distinguish it from the original drawable.
   1859      * The caller can specify the location in the bounds of the drawable to be
   1860      * badged where the badge should be applied as well as the density of the
   1861      * badge to be used.
   1862      * <p>
   1863      * If the original drawable is a BitmapDrawable and the backing bitmap is
   1864      * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging
   1865      * is performed in place and the original drawable is returned.
   1866      * </p>
   1867      *
   1868      * @param badgedDrawable The drawable to badge.
   1869      * @param user The target user.
   1870      * @param badgeLocation Where in the bounds of the badged drawable to place
   1871      *         the badge. If it's {@code null}, the badge is applied on top of the entire
   1872      *         drawable being badged.
   1873      * @param badgeDensity The optional desired density for the badge as per
   1874      *         {@link android.util.DisplayMetrics#densityDpi}. If it's not positive,
   1875      *         the density of the display is used.
   1876      * @return A drawable that combines the original drawable and a badge as
   1877      *         determined by the system.
   1878      * @removed
   1879      */
   1880     public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user,
   1881             Rect badgeLocation, int badgeDensity) {
   1882         return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user,
   1883                 badgeLocation, badgeDensity);
   1884     }
   1885 
   1886     /**
   1887      * If the target user is a managed profile of the calling user or the caller
   1888      * is itself a managed profile, then this returns a copy of the label with
   1889      * badging for accessibility services like talkback. E.g. passing in "Email"
   1890      * and it might return "Work Email" for Email in the work profile.
   1891      *
   1892      * @param label The label to change.
   1893      * @param user The target user.
   1894      * @return A label that combines the original label and a badge as
   1895      *         determined by the system.
   1896      * @removed
   1897      */
   1898     public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) {
   1899         return mContext.getPackageManager().getUserBadgedLabel(label, user);
   1900     }
   1901 
   1902     /**
   1903      * Returns information for all users on this device. Requires
   1904      * {@link android.Manifest.permission#MANAGE_USERS} permission.
   1905      *
   1906      * @param excludeDying specify if the list should exclude users being
   1907      *            removed.
   1908      * @return the list of users that were created.
   1909      * @hide
   1910      */
   1911     public List<UserInfo> getUsers(boolean excludeDying) {
   1912         try {
   1913             return mService.getUsers(excludeDying);
   1914         } catch (RemoteException re) {
   1915             throw re.rethrowFromSystemServer();
   1916         }
   1917     }
   1918 
   1919     /**
   1920      * Removes a user and all associated data.
   1921      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1922      * @param userHandle the integer handle of the user, where 0 is the primary user.
   1923      * @hide
   1924      */
   1925     public boolean removeUser(@UserIdInt int userHandle) {
   1926         try {
   1927             return mService.removeUser(userHandle);
   1928         } catch (RemoteException re) {
   1929             throw re.rethrowFromSystemServer();
   1930         }
   1931     }
   1932 
   1933     /**
   1934      * Updates the user's name.
   1935      * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
   1936      *
   1937      * @param userHandle the user's integer handle
   1938      * @param name the new name for the user
   1939      * @hide
   1940      */
   1941     public void setUserName(@UserIdInt int userHandle, String name) {
   1942         try {
   1943             mService.setUserName(userHandle, name);
   1944         } catch (RemoteException re) {
   1945             throw re.rethrowFromSystemServer();
   1946         }
   1947     }
   1948 
   1949     /**
   1950      * Sets the user's photo.
   1951      * @param userHandle the user for whom to change the photo.
   1952      * @param icon the bitmap to set as the photo.
   1953      * @hide
   1954      */
   1955     public void setUserIcon(@UserIdInt int userHandle, Bitmap icon) {
   1956         try {
   1957             mService.setUserIcon(userHandle, icon);
   1958         } catch (RemoteException re) {
   1959             throw re.rethrowFromSystemServer();
   1960         }
   1961     }
   1962 
   1963     /**
   1964      * Returns a file descriptor for the user's photo. PNG data can be read from this file.
   1965      * @param userHandle the user whose photo we want to read.
   1966      * @return a {@link Bitmap} of the user's photo, or null if there's no photo.
   1967      * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default.
   1968      * @hide
   1969      */
   1970     public Bitmap getUserIcon(@UserIdInt int userHandle) {
   1971         try {
   1972             ParcelFileDescriptor fd = mService.getUserIcon(userHandle);
   1973             if (fd != null) {
   1974                 try {
   1975                     return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor());
   1976                 } finally {
   1977                     try {
   1978                         fd.close();
   1979                     } catch (IOException e) {
   1980                     }
   1981                 }
   1982             }
   1983         } catch (RemoteException re) {
   1984             throw re.rethrowFromSystemServer();
   1985         }
   1986         return null;
   1987     }
   1988 
   1989     /**
   1990      * Returns the maximum number of users that can be created on this device. A return value
   1991      * of 1 means that it is a single user device.
   1992      * @hide
   1993      * @return a value greater than or equal to 1
   1994      */
   1995     public static int getMaxSupportedUsers() {
   1996         // Don't allow multiple users on certain builds
   1997         if (android.os.Build.ID.startsWith("JVP")) return 1;
   1998         // Svelte devices don't get multi-user.
   1999         if (ActivityManager.isLowRamDeviceStatic()) return 1;
   2000         return SystemProperties.getInt("fw.max_users",
   2001                 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers));
   2002     }
   2003 
   2004     /**
   2005      * Returns true if the user switcher should be shown, this will be if device supports multi-user
   2006      * and there are at least 2 users available that are not managed profiles.
   2007      * @hide
   2008      * @return true if user switcher should be shown.
   2009      */
   2010     public boolean isUserSwitcherEnabled() {
   2011         if (!supportsMultipleUsers()) {
   2012             return false;
   2013         }
   2014         // If Demo Mode is on, don't show user switcher
   2015         if (isDeviceInDemoMode(mContext)) {
   2016             return false;
   2017         }
   2018         List<UserInfo> users = getUsers(true);
   2019         if (users == null) {
   2020            return false;
   2021         }
   2022         int switchableUserCount = 0;
   2023         for (UserInfo user : users) {
   2024             if (user.supportsSwitchToByUser()) {
   2025                 ++switchableUserCount;
   2026             }
   2027         }
   2028         final boolean guestEnabled = !mContext.getSystemService(DevicePolicyManager.class)
   2029                 .getGuestUserDisabled(null);
   2030         return switchableUserCount > 1 || guestEnabled;
   2031     }
   2032 
   2033     /**
   2034      * @hide
   2035      */
   2036     public static boolean isDeviceInDemoMode(Context context) {
   2037         return Settings.Global.getInt(context.getContentResolver(),
   2038                 Settings.Global.DEVICE_DEMO_MODE, 0) > 0;
   2039     }
   2040 
   2041     /**
   2042      * Returns a serial number on this device for a given userHandle. User handles can be recycled
   2043      * when deleting and creating users, but serial numbers are not reused until the device is wiped.
   2044      * @param userHandle
   2045      * @return a serial number associated with that user, or -1 if the userHandle is not valid.
   2046      * @hide
   2047      */
   2048     public int getUserSerialNumber(@UserIdInt int userHandle) {
   2049         try {
   2050             return mService.getUserSerialNumber(userHandle);
   2051         } catch (RemoteException re) {
   2052             throw re.rethrowFromSystemServer();
   2053         }
   2054     }
   2055 
   2056     /**
   2057      * Returns a userHandle on this device for a given user serial number. User handles can be
   2058      * recycled when deleting and creating users, but serial numbers are not reused until the device
   2059      * is wiped.
   2060      * @param userSerialNumber
   2061      * @return the userHandle associated with that user serial number, or -1 if the serial number
   2062      * is not valid.
   2063      * @hide
   2064      */
   2065     public @UserIdInt int getUserHandle(int userSerialNumber) {
   2066         try {
   2067             return mService.getUserHandle(userSerialNumber);
   2068         } catch (RemoteException re) {
   2069             throw re.rethrowFromSystemServer();
   2070         }
   2071     }
   2072 
   2073     /**
   2074      * Returns a {@link Bundle} containing any saved application restrictions for this user, for the
   2075      * given package name. Only an application with this package name can call this method.
   2076      *
   2077      * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application,
   2078      * where the types of values may be:
   2079      * <ul>
   2080      * <li>{@code boolean}
   2081      * <li>{@code int}
   2082      * <li>{@code String} or {@code String[]}
   2083      * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]}
   2084      * </ul>
   2085      *
   2086      * @param packageName the package name of the calling application
   2087      * @return a {@link Bundle} with the restrictions for that package, or an empty {@link Bundle}
   2088      * if there are no saved restrictions.
   2089      *
   2090      * @see #KEY_RESTRICTIONS_PENDING
   2091      */
   2092     public Bundle getApplicationRestrictions(String packageName) {
   2093         try {
   2094             return mService.getApplicationRestrictions(packageName);
   2095         } catch (RemoteException re) {
   2096             throw re.rethrowFromSystemServer();
   2097         }
   2098     }
   2099 
   2100     /**
   2101      * @hide
   2102      */
   2103     public Bundle getApplicationRestrictions(String packageName, UserHandle user) {
   2104         try {
   2105             return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier());
   2106         } catch (RemoteException re) {
   2107             throw re.rethrowFromSystemServer();
   2108         }
   2109     }
   2110 
   2111     /**
   2112      * @hide
   2113      */
   2114     public void setApplicationRestrictions(String packageName, Bundle restrictions,
   2115             UserHandle user) {
   2116         try {
   2117             mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier());
   2118         } catch (RemoteException re) {
   2119             throw re.rethrowFromSystemServer();
   2120         }
   2121     }
   2122 
   2123     /**
   2124      * Sets a new challenge PIN for restrictions. This is only for use by pre-installed
   2125      * apps and requires the MANAGE_USERS permission.
   2126      * @param newPin the PIN to use for challenge dialogs.
   2127      * @return Returns true if the challenge PIN was set successfully.
   2128      * @deprecated The restrictions PIN functionality is no longer provided by the system.
   2129      * This method is preserved for backwards compatibility reasons and always returns false.
   2130      */
   2131     public boolean setRestrictionsChallenge(String newPin) {
   2132         return false;
   2133     }
   2134 
   2135     /**
   2136      * @hide
   2137      * Set restrictions that should apply to any future guest user that's created.
   2138      */
   2139     public void setDefaultGuestRestrictions(Bundle restrictions) {
   2140         try {
   2141             mService.setDefaultGuestRestrictions(restrictions);
   2142         } catch (RemoteException re) {
   2143             throw re.rethrowFromSystemServer();
   2144         }
   2145     }
   2146 
   2147     /**
   2148      * @hide
   2149      * Gets the default guest restrictions.
   2150      */
   2151     public Bundle getDefaultGuestRestrictions() {
   2152         try {
   2153             return mService.getDefaultGuestRestrictions();
   2154         } catch (RemoteException re) {
   2155             throw re.rethrowFromSystemServer();
   2156         }
   2157     }
   2158 
   2159     /**
   2160      * Returns creation time of the user or of a managed profile associated with the calling user.
   2161      * @param userHandle user handle of the user or a managed profile associated with the
   2162      *                   calling user.
   2163      * @return creation time in milliseconds since Epoch time.
   2164      */
   2165     public long getUserCreationTime(UserHandle userHandle) {
   2166         try {
   2167             return mService.getUserCreationTime(userHandle.getIdentifier());
   2168         } catch (RemoteException re) {
   2169             throw re.rethrowFromSystemServer();
   2170         }
   2171     }
   2172 
   2173     /**
   2174      * @hide
   2175      * Checks if any uninitialized user has the specific seed account name and type.
   2176      *
   2177      * @param mAccountName The account name to check for
   2178      * @param mAccountType The account type of the account to check for
   2179      * @return whether the seed account was found
   2180      */
   2181     public boolean someUserHasSeedAccount(String accountName, String accountType) {
   2182         try {
   2183             return mService.someUserHasSeedAccount(accountName, accountType);
   2184         } catch (RemoteException re) {
   2185             throw re.rethrowFromSystemServer();
   2186         }
   2187     }
   2188 }
   2189