1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 package android.os; 17 18 import android.annotation.Nullable; 19 import android.content.Context; 20 import android.content.pm.UserInfo; 21 import android.graphics.Bitmap; 22 23 /** 24 * @hide Only for use within the system server. 25 */ 26 public abstract class UserManagerInternal { 27 public static final int CAMERA_NOT_DISABLED = 0; 28 public static final int CAMERA_DISABLED_LOCALLY = 1; 29 public static final int CAMERA_DISABLED_GLOBALLY = 2; 30 31 public interface UserRestrictionsListener { 32 /** 33 * Called when a user restriction changes. 34 * 35 * @param userId target user id 36 * @param newRestrictions new user restrictions 37 * @param prevRestrictions user restrictions that were previously set 38 */ onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions)39 void onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions); 40 } 41 42 /** 43 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to set 44 * restrictions enforced by the user. 45 * 46 * @param userId target user id for the local restrictions. 47 * @param restrictions a bundle of user restrictions. 48 * @param isDeviceOwner whether {@code userId} corresponds to device owner user id. 49 * @param cameraRestrictionScope is camera disabled and if so what is the scope of restriction. 50 * Should be one of {@link #CAMERA_NOT_DISABLED}, {@link #CAMERA_DISABLED_LOCALLY} or 51 * {@link #CAMERA_DISABLED_GLOBALLY} 52 */ setDevicePolicyUserRestrictions(int userId, @Nullable Bundle restrictions, boolean isDeviceOwner, int cameraRestrictionScope)53 public abstract void setDevicePolicyUserRestrictions(int userId, @Nullable Bundle restrictions, 54 boolean isDeviceOwner, int cameraRestrictionScope); 55 56 /** 57 * Returns the "base" user restrictions. 58 * 59 * Used by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading 60 * from MNC. 61 */ getBaseUserRestrictions(int userId)62 public abstract Bundle getBaseUserRestrictions(int userId); 63 64 /** 65 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading 66 * from MNC. 67 */ setBaseUserRestrictionsByDpmsForMigration(int userId, Bundle baseRestrictions)68 public abstract void setBaseUserRestrictionsByDpmsForMigration(int userId, 69 Bundle baseRestrictions); 70 71 /** Return a user restriction. */ getUserRestriction(int userId, String key)72 public abstract boolean getUserRestriction(int userId, String key); 73 74 /** Adds a listener to user restriction changes. */ addUserRestrictionsListener(UserRestrictionsListener listener)75 public abstract void addUserRestrictionsListener(UserRestrictionsListener listener); 76 77 /** Remove a {@link UserRestrictionsListener}. */ removeUserRestrictionsListener(UserRestrictionsListener listener)78 public abstract void removeUserRestrictionsListener(UserRestrictionsListener listener); 79 80 /** 81 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update 82 * whether the device is managed by device owner. 83 */ setDeviceManaged(boolean isManaged)84 public abstract void setDeviceManaged(boolean isManaged); 85 86 /** 87 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update 88 * whether the user is managed by profile owner. 89 */ setUserManaged(int userId, boolean isManaged)90 public abstract void setUserManaged(int userId, boolean isManaged); 91 92 /** 93 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to omit 94 * restriction check, because DevicePolicyManager must always be able to set user icon 95 * regardless of any restriction. 96 * Also called by {@link com.android.server.pm.UserManagerService} because the logic of setting 97 * the icon is in this method. 98 */ setUserIcon(int userId, Bitmap bitmap)99 public abstract void setUserIcon(int userId, Bitmap bitmap); 100 101 /** 102 * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to inform the 103 * user manager whether all users should be created ephemeral. 104 */ setForceEphemeralUsers(boolean forceEphemeralUsers)105 public abstract void setForceEphemeralUsers(boolean forceEphemeralUsers); 106 107 /** 108 * Switches to the system user and deletes all other users. 109 * 110 * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when 111 * the force-ephemeral-users policy is toggled on to make sure there are no pre-existing 112 * non-ephemeral users left. 113 */ removeAllUsers()114 public abstract void removeAllUsers(); 115 116 /** 117 * Called by the activity manager when the ephemeral user goes to background and its removal 118 * starts as a result. 119 * 120 * <p>It marks the ephemeral user as disabled in order to prevent it from being re-entered 121 * before its removal finishes. 122 * 123 * @param userId the ID of the ephemeral user. 124 */ onEphemeralUserStop(int userId)125 public abstract void onEphemeralUserStop(int userId); 126 127 /** 128 * Same as UserManager.createUser(), but bypasses the check for 129 * {@link UserManager#DISALLOW_ADD_USER} and {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE} 130 * 131 * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when 132 * createAndManageUser is called by the device owner. 133 */ createUserEvenWhenDisallowed(String name, int flags, String[] disallowedPackages)134 public abstract UserInfo createUserEvenWhenDisallowed(String name, int flags, 135 String[] disallowedPackages); 136 137 /** 138 * Same as {@link UserManager#removeUser(int userHandle)}, but bypasses the check for 139 * {@link UserManager#DISALLOW_REMOVE_USER} and 140 * {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE} and does not require the 141 * {@link android.Manifest.permission#MANAGE_USERS} permission. 142 */ removeUserEvenWhenDisallowed(int userId)143 public abstract boolean removeUserEvenWhenDisallowed(int userId); 144 145 /** 146 * Return whether the given user is running in an 147 * {@code UserState.STATE_RUNNING_UNLOCKING} or 148 * {@code UserState.STATE_RUNNING_UNLOCKED} state. 149 */ isUserUnlockingOrUnlocked(int userId)150 public abstract boolean isUserUnlockingOrUnlocked(int userId); 151 152 /** 153 * Return whether the given user is running in an 154 * {@code UserState.STATE_RUNNING_UNLOCKED} state. 155 */ isUserUnlocked(int userId)156 public abstract boolean isUserUnlocked(int userId); 157 158 /** 159 * Returns whether the given user is running 160 */ isUserRunning(int userId)161 public abstract boolean isUserRunning(int userId); 162 163 /** 164 * Returns whether the given user is initialized 165 */ isUserInitialized(int userId)166 public abstract boolean isUserInitialized(int userId); 167 168 /** 169 * Returns whether the given user exists 170 */ exists(int userId)171 public abstract boolean exists(int userId); 172 173 /** 174 * Set user's running state 175 */ setUserState(int userId, int userState)176 public abstract void setUserState(int userId, int userState); 177 178 /** 179 * Remove user's running state 180 */ removeUserState(int userId)181 public abstract void removeUserState(int userId); 182 183 /** 184 * Returns an array of user ids. This array is cached in UserManagerService and passed as a 185 * reference, so do not modify the returned array. 186 * 187 * @return the array of user ids. 188 */ getUserIds()189 public abstract int[] getUserIds(); 190 191 /** 192 * Checks if the {@code callingUserId} and {@code targetUserId} are same or in same group 193 * and that the {@code callingUserId} is not a managed profile and 194 * {@code targetUserId} is enabled. 195 * 196 * @return TRUE if the {@code callingUserId} can access {@code targetUserId}. FALSE 197 * otherwise 198 * 199 * @throws SecurityException if the calling user and {@code targetUser} are not in the same 200 * group and {@code throwSecurityException} is true, otherwise if will simply return false. 201 */ isProfileAccessible(int callingUserId, int targetUserId, String debugMsg, boolean throwSecurityException)202 public abstract boolean isProfileAccessible(int callingUserId, int targetUserId, 203 String debugMsg, boolean throwSecurityException); 204 205 /** 206 * If {@code userId} is of a managed profile, return the parent user ID. Otherwise return 207 * itself. 208 */ getProfileParentId(int userId)209 public abstract int getProfileParentId(int userId); 210 211 /** 212 * Checks whether changing a setting to a value is prohibited by the corresponding user 213 * restriction. 214 * 215 * <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction( 216 * Context, int, String, boolean)}, which should be in sync with this method. 217 * 218 * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. 219 * 220 * @hide 221 */ isSettingRestrictedForUser(String setting, int userId, String value, int callingUid)222 public abstract boolean isSettingRestrictedForUser(String setting, int userId, String value, 223 int callingUid); 224 } 225