Google Git
Sign in
android / platform / frameworks / base / refs/heads/main / . / services / core / java / com / android / server / pm / UserManagerService.java
blob: 06e9daba63ea8904cf5760ab092ceb486f25cee3 [file] [log] [blame]
/*
* Copyright (C) 2011 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.pm;
import static android.content.Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS;
import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK;
import static android.os.UserManager.DEV_CREATE_OVERRIDE_PROPERTY;
import static android.os.UserManager.DISALLOW_USER_SWITCH;
import static android.os.UserManager.SYSTEM_USER_MODE_EMULATION_PROPERTY;
import static android.os.UserManager.USER_OPERATION_ERROR_UNKNOWN;
import static com.android.internal.util.ConcurrentUtils.DIRECT_EXECUTOR;
import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_ABORTED;
import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_UNSPECIFIED;
import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_USER_ALREADY_AN_ADMIN;
import static com.android.server.pm.UserJourneyLogger.ERROR_CODE_USER_IS_NOT_AN_ADMIN;
import static com.android.server.pm.UserJourneyLogger.USER_JOURNEY_GRANT_ADMIN;
import static com.android.server.pm.UserJourneyLogger.USER_JOURNEY_REVOKE_ADMIN;
import static com.android.server.pm.UserJourneyLogger.USER_JOURNEY_USER_CREATE;
import static com.android.server.pm.UserJourneyLogger.USER_JOURNEY_USER_LIFECYCLE;
import static com.android.server.pm.UserJourneyLogger.USER_JOURNEY_USER_REMOVE;
import android.Manifest;
import android.accounts.Account;
import android.accounts.AccountManager;
import android.annotation.ColorRes;
import android.annotation.DrawableRes;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.StringRes;
import android.annotation.UserIdInt;
import android.app.ActivityManager;
import android.app.ActivityManagerInternal;
import android.app.ActivityManagerNative;
import android.app.BroadcastOptions;
import android.app.IActivityManager;
import android.app.IStopUserCallback;
import android.app.KeyguardManager;
import android.app.PendingIntent;
import android.app.StatsManager;
import android.app.admin.DevicePolicyEventLogger;
import android.app.admin.DevicePolicyManagerInternal;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.IIntentReceiver;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.IntentSender;
import android.content.pm.LauncherUserInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.PackageManagerInternal;
import android.content.pm.PackagePartitions;
import android.content.pm.ShortcutServiceInternal;
import android.content.pm.UserInfo;
import android.content.pm.UserInfo.UserInfoFlag;
import android.content.pm.UserPackage;
import android.content.pm.UserProperties;
import android.content.pm.parsing.FrameworkParsingPackageUtils;
import android.content.res.Configuration;
import android.content.res.Resources;
import android.graphics.Bitmap;
import android.multiuser.Flags;
import android.os.Binder;
import android.os.Build;
import android.os.Bundle;
import android.os.Debug;
import android.os.Environment;
import android.os.FileUtils;
import android.os.Handler;
import android.os.IBinder;
import android.os.IProgressListener;
import android.os.IUserManager;
import android.os.IUserRestrictionsListener;
import android.os.Message;
import android.os.ParcelFileDescriptor;
import android.os.Parcelable;
import android.os.PersistableBundle;
import android.os.Process;
import android.os.RemoteException;
import android.os.ResultReceiver;
import android.os.SELinux;
import android.os.ServiceManager;
import android.os.ServiceSpecificException;
import android.os.ShellCallback;
import android.os.SystemClock;
import android.os.SystemProperties;
import android.os.UserHandle;
import android.os.UserManager;
import android.os.UserManager.EnforcingUser;
import android.os.UserManager.QuietModeFlag;
import android.os.storage.StorageManager;
import android.os.storage.StorageManagerInternal;
import android.provider.Settings;
import android.service.voice.VoiceInteractionManagerInternal;
import android.stats.devicepolicy.DevicePolicyEnums;
import android.telecom.TelecomManager;
import android.text.TextUtils;
import android.util.ArrayMap;
import android.util.ArraySet;
import android.util.AtomicFile;
import android.util.IndentingPrintWriter;
import android.util.IntArray;
import android.util.Pair;
import android.util.Slog;
import android.util.SparseArray;
import android.util.SparseBooleanArray;
import android.util.SparseIntArray;
import android.util.StatsEvent;
import android.util.TimeUtils;
import android.util.TypedValue;
import android.util.Xml;
import com.android.internal.R;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.app.IAppOpsService;
import com.android.internal.logging.MetricsLogger;
import com.android.internal.os.BackgroundThread;
import com.android.internal.os.RoSystemProperties;
import com.android.internal.util.DumpUtils;
import com.android.internal.util.FrameworkStatsLog;
import com.android.internal.util.Preconditions;
import com.android.internal.util.XmlUtils;
import com.android.internal.widget.LockPatternUtils;
import com.android.modules.utils.TypedXmlPullParser;
import com.android.modules.utils.TypedXmlSerializer;
import com.android.server.BundleUtils;
import com.android.server.LocalServices;
import com.android.server.LockGuard;
import com.android.server.SystemService;
import com.android.server.am.UserState;
import com.android.server.pm.UserManagerInternal.UserLifecycleListener;
import com.android.server.pm.UserManagerInternal.UserRestrictionsListener;
import com.android.server.storage.DeviceStorageMonitorInternal;
import com.android.server.utils.Slogf;
import com.android.server.utils.TimingsTraceAndSlog;
import com.android.server.wm.ActivityTaskManagerInternal;
import libcore.io.IoUtils;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import java.io.File;
import java.io.FileDescriptor;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
/**
* Service for {@link UserManager}.
*
* Method naming convention:
* <ul>
* <li> Methods suffixed with "LAr" should be called within the {@link #mAppRestrictionsLock} lock.
* <li> Methods suffixed with "LP" should be called within the {@link #mPackagesLock} lock.
* <li> Methods suffixed with "LR" should be called within the {@link #mRestrictionsLock} lock.
* <li> Methods suffixed with "LU" should be called within the {@link #mUsersLock} lock.
* </ul>
*/
public class UserManagerService extends IUserManager.Stub {
private static final String LOG_TAG = "UserManagerService";
static final boolean DBG = false; // DO NOT SUBMIT WITH TRUE
// For Multiple Users on Multiple Displays
static final boolean DBG_MUMD = false; // DO NOT SUBMIT WITH TRUE
private static final boolean DBG_WITH_STACKTRACE = false; // DO NOT SUBMIT WITH TRUE
// Can be used for manual testing of id recycling
private static final boolean RELEASE_DELETED_USER_ID = false; // DO NOT SUBMIT WITH TRUE
private static final String TAG_NAME = "name";
private static final String TAG_ACCOUNT = "account";
private static final String ATTR_FLAGS = "flags";
private static final String ATTR_TYPE = "type"; // userType
private static final String ATTR_ICON_PATH = "icon";
private static final String ATTR_ID = "id";
private static final String ATTR_CREATION_TIME = "created";
private static final String ATTR_LAST_LOGGED_IN_TIME = "lastLoggedIn";
private static final String ATTR_LAST_LOGGED_IN_FINGERPRINT = "lastLoggedInFingerprint";
private static final String ATTR_LAST_ENTERED_FOREGROUND_TIME = "lastEnteredForeground";
private static final String ATTR_SERIAL_NO = "serialNumber";
private static final String ATTR_NEXT_SERIAL_NO = "nextSerialNumber";
private static final String ATTR_PARTIAL = "partial";
private static final String ATTR_PRE_CREATED = "preCreated";
private static final String ATTR_CONVERTED_FROM_PRE_CREATED = "convertedFromPreCreated";
private static final String ATTR_GUEST_TO_REMOVE = "guestToRemove";
private static final String ATTR_USER_VERSION = "version";
private static final String ATTR_USER_TYPE_VERSION = "userTypeConfigVersion";
private static final String ATTR_PROFILE_GROUP_ID = "profileGroupId";
private static final String ATTR_PROFILE_BADGE = "profileBadge";
private static final String ATTR_RESTRICTED_PROFILE_PARENT_ID = "restrictedProfileParentId";
private static final String ATTR_SEED_ACCOUNT_NAME = "seedAccountName";
private static final String ATTR_SEED_ACCOUNT_TYPE = "seedAccountType";
private static final String TAG_GUEST_RESTRICTIONS = "guestRestrictions";
private static final String TAG_USERS = "users";
private static final String TAG_USER = "user";
private static final String TAG_RESTRICTIONS = "restrictions";
private static final String TAG_DEVICE_POLICY_RESTRICTIONS = "device_policy_restrictions";
private static final String TAG_DEVICE_POLICY_LOCAL_RESTRICTIONS =
"device_policy_local_restrictions";
private static final String TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS =
"device_policy_global_restrictions";
/** Legacy name for device owner id tag. */
private static final String TAG_GLOBAL_RESTRICTION_OWNER_ID = "globalRestrictionOwnerUserId";
private static final String TAG_DEVICE_OWNER_USER_ID = "deviceOwnerUserId";
private static final String TAG_ENTRY = "entry";
private static final String TAG_VALUE = "value";
private static final String TAG_SEED_ACCOUNT_OPTIONS = "seedAccountOptions";
private static final String TAG_USER_PROPERTIES = "userProperties";
private static final String TAG_LAST_REQUEST_QUIET_MODE_ENABLED_CALL =
"lastRequestQuietModeEnabledCall";
private static final String TAG_IGNORE_PREPARE_STORAGE_ERRORS =
"ignorePrepareStorageErrors";
private static final String ATTR_KEY = "key";
private static final String ATTR_VALUE_TYPE = "type";
private static final String ATTR_MULTIPLE = "m";
private static final String ATTR_TYPE_STRING_ARRAY = "sa";
private static final String ATTR_TYPE_STRING = "s";
private static final String ATTR_TYPE_BOOLEAN = "b";
private static final String ATTR_TYPE_INTEGER = "i";
private static final String ATTR_TYPE_BUNDLE = "B";
private static final String ATTR_TYPE_BUNDLE_ARRAY = "BA";
private static final String USER_INFO_DIR = "system" + File.separator + "users";
private static final String USER_LIST_FILENAME = "userlist.xml";
private static final String USER_PHOTO_FILENAME = "photo.png";
private static final String USER_PHOTO_FILENAME_TMP = USER_PHOTO_FILENAME + ".tmp";
private static final String RESTRICTIONS_FILE_PREFIX = "res_";
private static final String XML_SUFFIX = ".xml";
private static final int ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION =
UserInfo.FLAG_MANAGED_PROFILE
| UserInfo.FLAG_PROFILE
| UserInfo.FLAG_EPHEMERAL
| UserInfo.FLAG_RESTRICTED
| UserInfo.FLAG_GUEST
| UserInfo.FLAG_DEMO
| UserInfo.FLAG_FULL
| UserInfo.FLAG_FOR_TESTING;
@VisibleForTesting
static final int MIN_USER_ID = UserHandle.MIN_SECONDARY_USER_ID;
// We need to keep process uid within Integer.MAX_VALUE.
@VisibleForTesting
static final int MAX_USER_ID = UserHandle.MAX_SECONDARY_USER_ID;
// Max size of the queue of recently removed users
@VisibleForTesting
static final int MAX_RECENTLY_REMOVED_IDS_SIZE = 100;
private static final int USER_VERSION = 11;
private static final int MAX_USER_STRING_LENGTH = 500;
private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
static final int WRITE_USER_MSG = 1;
static final int WRITE_USER_LIST_MSG = 2;
static final int WRITE_USER_DELAY = 2*1000; // 2 seconds
private static final long BOOT_USER_SET_TIMEOUT_MS = 300_000;
// Tron counters
private static final String TRON_GUEST_CREATED = "users_guest_created";
private static final String TRON_USER_CREATED = "users_user_created";
private static final String TRON_DEMO_CREATED = "users_demo_created";
private final Context mContext;
private final PackageManagerService mPm;
/**
* Lock for packages. If using with {@link #mUsersLock}, {@link #mPackagesLock} should be
* acquired first.
*/
private final Object mPackagesLock;
private final UserDataPreparer mUserDataPreparer;
/**
* Short-term lock for internal state, when interaction/sync with PM is not required. If using
* with {@link #mPackagesLock}, {@link #mPackagesLock} should be acquired first.
*/
private final Object mUsersLock = LockGuard.installNewLock(LockGuard.INDEX_USER);
private final Object mRestrictionsLock = new Object();
// Used for serializing access to app restriction files
private final Object mAppRestrictionsLock = new Object();
private final Handler mHandler;
private final File mUsersDir;
private final File mUserListFile;
private final IBinder mUserRestrictionToken = new Binder();
/** Installs system packages based on user-type. */
private final UserSystemPackageInstaller mSystemPackageInstaller;
private PackageManagerInternal mPmInternal;
private DevicePolicyManagerInternal mDevicePolicyManagerInternal;
private ActivityManagerInternal mAmInternal;
/** Indicates that this is the 1st boot after the system user mode was changed by emulation. */
private boolean mUpdatingSystemUserMode;
/** Count down latch to wait while boot user is not set.*/
private final CountDownLatch mBootUserLatch = new CountDownLatch(1);
/**
* Internal non-parcelable wrapper for UserInfo that is not exposed to other system apps.
*/
@VisibleForTesting
static class UserData {
// Basic user information and properties
@NonNull UserInfo info;
// Account name used when there is a strong association between a user and an account
String account;
// Account information for seeding into a newly created user. This could also be
// used for login validation for an existing user, for updating their credentials.
// In the latter case, data may not need to be persisted as it is only valid for the
// current login session.
String seedAccountName;
String seedAccountType;
PersistableBundle seedAccountOptions;
// Whether to perist the seed account information to be available after a boot
boolean persistSeedData;
/** Properties of the user whose default values originate from its user type. */
UserProperties userProperties;
/** Elapsed realtime since boot when the user started. */
long startRealtime;
/** Elapsed realtime since boot when the user was unlocked. */
long unlockRealtime;
/** Wall clock time in millis when the user last entered the foreground. */
long mLastEnteredForegroundTimeMillis;
private long mLastRequestQuietModeEnabledMillis;
/**
* {@code true} if the system should ignore errors when preparing the
* storage directories for this user. This is {@code false} for all new
* users; it will only be {@code true} for users that already existed
* on-disk from an older version of Android.
*/
private boolean mIgnorePrepareStorageErrors;
void setLastRequestQuietModeEnabledMillis(long millis) {
mLastRequestQuietModeEnabledMillis = millis;
}
long getLastRequestQuietModeEnabledMillis() {
return mLastRequestQuietModeEnabledMillis;
}
boolean getIgnorePrepareStorageErrors() {
return mIgnorePrepareStorageErrors;
}
@SuppressWarnings("AndroidFrameworkCompatChange") // This is not an app-visible API.
void setIgnorePrepareStorageErrors() {
// This method won't be called for new users. But to fully rule out
// the possibility of mIgnorePrepareStorageErrors ever being true
// for any user on any device that launched with T or later, we also
// explicitly check that DEVICE_INITIAL_SDK_INT is below T before
// honoring the request to set mIgnorePrepareStorageErrors to true.
if (Build.VERSION.DEVICE_INITIAL_SDK_INT < Build.VERSION_CODES.TIRAMISU) {
mIgnorePrepareStorageErrors = true;
return;
}
Slog.w(LOG_TAG, "Not setting mIgnorePrepareStorageErrors to true"
+ " since this is a new device");
}
void clearSeedAccountData() {
seedAccountName = null;
seedAccountType = null;
seedAccountOptions = null;
persistSeedData = false;
}
}
@GuardedBy("mUsersLock")
private final SparseArray<UserData> mUsers;
/**
* Map of user type names to their corresponding {@link UserTypeDetails}.
* Should not be modified after UserManagerService constructor finishes.
*/
private final ArrayMap<String, UserTypeDetails> mUserTypes;
/**
* User restrictions set via UserManager. This doesn't include restrictions set by
* device owner / profile owners. Only non-empty restriction bundles are stored.
*
* DO NOT Change existing {@link Bundle} in it. When changing a restriction for a user,
* a new {@link Bundle} should always be created and set. This is because a {@link Bundle}
* maybe shared between {@link #mBaseUserRestrictions} and
* {@link #mCachedEffectiveUserRestrictions}, but they should always updated separately.
* (Otherwise we won't be able to detect what restrictions have changed in
* {@link #updateUserRestrictionsInternalLR}.
*/
@GuardedBy("mRestrictionsLock")
private final RestrictionsSet mBaseUserRestrictions = new RestrictionsSet();
/**
* Cached user restrictions that are in effect -- i.e. {@link #mBaseUserRestrictions} combined
* with device / profile owner restrictions. We'll initialize it lazily; use
* {@link #getEffectiveUserRestrictions} to access it.
*
* DO NOT Change existing {@link Bundle} in it. When changing a restriction for a user,
* a new {@link Bundle} should always be created and set. This is because a {@link Bundle}
* maybe shared between {@link #mBaseUserRestrictions} and
* {@link #mCachedEffectiveUserRestrictions}, but they should always updated separately.
* (Otherwise we won't be able to detect what restrictions have changed in
* {@link #updateUserRestrictionsInternalLR}.
*/
@GuardedBy("mRestrictionsLock")
private final RestrictionsSet mCachedEffectiveUserRestrictions = new RestrictionsSet();
/**
* User restrictions that have already been applied in
* {@link #updateUserRestrictionsInternalLR(Bundle, int)}. We use it to detect restrictions
* that have changed since the last
* {@link #updateUserRestrictionsInternalLR(Bundle, int)} call.
*/
@GuardedBy("mRestrictionsLock")
private final RestrictionsSet mAppliedUserRestrictions = new RestrictionsSet();
/**
* User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService}
* for each user. Restrictions that apply to all users (global) are represented by
* {@link com.android.os.UserHandle.USER_ALL}.
* The key is the user id of the user whom the restrictions are targeting.
*/
@GuardedBy("mRestrictionsLock")
private final RestrictionsSet mDevicePolicyUserRestrictions = new RestrictionsSet();
@GuardedBy("mGuestRestrictions")
private final Bundle mGuestRestrictions = new Bundle();
/**
* Set of user IDs that are being removed or were removed during the current boot. User IDs in
* this set aren't reused until the device is rebooted, unless MAX_USER_ID is reached. Some
* services don't fully clear out in-memory user state upon user removal; this behavior is
* intended to mitigate such issues by limiting user ID reuse. This array applies to any type
* of user (including pre-created users) when they are removed. Use {@link
* #addRemovingUserIdLocked(int)} to add elements to this array.
*/
@GuardedBy("mUsersLock")
private final SparseBooleanArray mRemovingUserIds = new SparseBooleanArray();
/**
* Queue of recently removed userIds. Used for recycling of userIds
*/
@GuardedBy("mUsersLock")
private final LinkedList<Integer> mRecentlyRemovedIds = new LinkedList<>();
@GuardedBy("mUsersLock")
private int[] mUserIds;
@GuardedBy("mUsersLock")
private int[] mUserIdsIncludingPreCreated;
@GuardedBy("mPackagesLock")
private int mNextSerialNumber;
private int mUserVersion = 0;
private int mUserTypeVersion = 0;
private IAppOpsService mAppOpsService;
private final LocalService mLocalService;
@GuardedBy("mUsersLock")
private boolean mIsDeviceManaged;
@GuardedBy("mUsersLock")
private final SparseBooleanArray mIsUserManaged = new SparseBooleanArray();
@GuardedBy("mUserRestrictionsListeners")
private final ArrayList<UserRestrictionsListener> mUserRestrictionsListeners =
new ArrayList<>();
@GuardedBy("mUserLifecycleListeners")
private final ArrayList<UserLifecycleListener> mUserLifecycleListeners = new ArrayList<>();
private final UserJourneyLogger mUserJourneyLogger = new UserJourneyLogger();
private final LockPatternUtils mLockPatternUtils;
private final String ACTION_DISABLE_QUIET_MODE_AFTER_UNLOCK =
"com.android.server.pm.DISABLE_QUIET_MODE_AFTER_UNLOCK";
private final BroadcastReceiver mDisableQuietModeCallback = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (!ACTION_DISABLE_QUIET_MODE_AFTER_UNLOCK.equals(intent.getAction())) {
return;
}
final IntentSender target = intent.getParcelableExtra(Intent.EXTRA_INTENT, android.content.IntentSender.class);
final int userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.USER_NULL);
final String callingPackage = intent.getStringExtra(Intent.EXTRA_PACKAGE_NAME);
// Call setQuietModeEnabled on bg thread to avoid ANR
BackgroundThread.getHandler().post(() ->
setQuietModeEnabled(userId, false, target, callingPackage));
}
};
/**
* Cache the owner name string, since it could be read repeatedly on a critical code path
* but hit by slow IO. This could be eliminated once we have the cached UserInfo in place.
*/
private final AtomicReference<String> mOwnerName = new AtomicReference<>();
private final TypedValue mOwnerNameTypedValue = new TypedValue();
private final Configuration mLastConfiguration = new Configuration();
private final BroadcastReceiver mConfigurationChangeReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (!Intent.ACTION_CONFIGURATION_CHANGED.equals(intent.getAction())) {
return;
}
invalidateOwnerNameIfNecessary(context.getResources(), false /* forceUpdate */);
}
};
// TODO(b/161915546): remove once userWithName() is fixed / removed
// Use to debug / dump when user 0 is allocated at userWithName()
public static final boolean DBG_ALLOCATION = false; // DO NOT SUBMIT WITH TRUE
public final AtomicInteger mUser0Allocations;
/**
* Start an {@link IntentSender} when user is unlocked after disabling quiet mode.
*
* @see #requestQuietModeEnabled(String, boolean, int, IntentSender, int)
*/
private class DisableQuietModeUserUnlockedCallback extends IProgressListener.Stub {
private final IntentSender mTarget;
public DisableQuietModeUserUnlockedCallback(IntentSender target) {
Objects.requireNonNull(target);
mTarget = target;
}
@Override
public void onStarted(int id, Bundle extras) {}
@Override
public void onProgress(int id, int progress, Bundle extras) {}
@Override
public void onFinished(int id, Bundle extras) {
mHandler.post(() -> {
try {
mContext.startIntentSender(mTarget, null, 0, 0, 0);
} catch (IntentSender.SendIntentException e) {
Slog.e(LOG_TAG, "Failed to start the target in the callback", e);
}
});
}
}
/**
* Whether all users should be created ephemeral.
*/
@GuardedBy("mUsersLock")
private boolean mForceEphemeralUsers;
/**
* The member mUserStates affects the return value of isUserUnlocked.
* If any value in mUserStates changes, then the binder cache for
* isUserUnlocked must be invalidated. When adding mutating methods to
* WatchedUserStates, be sure to invalidate the cache in the new
* methods.
*/
private class WatchedUserStates {
final SparseIntArray states;
public WatchedUserStates() {
states = new SparseIntArray();
invalidateIsUserUnlockedCache();
}
public int get(@UserIdInt int userId) {
return states.get(userId);
}
public int get(@UserIdInt int userId, int fallback) {
return states.indexOfKey(userId) >= 0 ? states.get(userId) : fallback;
}
public void put(@UserIdInt int userId, int state) {
states.put(userId, state);
invalidateIsUserUnlockedCache();
}
public void delete(@UserIdInt int userId) {
states.delete(userId);
invalidateIsUserUnlockedCache();
}
public boolean has(@UserIdInt int userId) {
return states.get(userId, UserHandle.USER_NULL) != UserHandle.USER_NULL;
}
@Override
public String toString() {
return states.toString();
}
private void invalidateIsUserUnlockedCache() {
UserManager.invalidateIsUserUnlockedCache();
}
}
@GuardedBy("mUserStates")
private final WatchedUserStates mUserStates = new WatchedUserStates();
private final UserVisibilityMediator mUserVisibilityMediator;
@GuardedBy("mUsersLock")
private @UserIdInt int mBootUser = UserHandle.USER_NULL;
private static UserManagerService sInstance;
public static UserManagerService getInstance() {
synchronized (UserManagerService.class) {
return sInstance;
}
}
public static class LifeCycle extends SystemService {
private UserManagerService mUms;
/**
* @param context
*/
public LifeCycle(Context context) {
super(context);
}
@Override
public void onStart() {
mUms = UserManagerService.getInstance();
publishBinderService(Context.USER_SERVICE, mUms);
}
@Override
public void onBootPhase(int phase) {
if (phase == SystemService.PHASE_ACTIVITY_MANAGER_READY) {
mUms.cleanupPartialUsers();
if (mUms.mPm.isDeviceUpgrading()) {
mUms.cleanupPreCreatedUsers();
}
mUms.registerStatsCallbacks();
}
}
@Override
public void onUserStarting(@NonNull TargetUser targetUser) {
synchronized (mUms.mUsersLock) {
final UserData user = mUms.getUserDataLU(targetUser.getUserIdentifier());
if (user != null) {
user.startRealtime = SystemClock.elapsedRealtime();
if (targetUser.getUserIdentifier() == UserHandle.USER_SYSTEM
&& targetUser.isFull()) {
mUms.setLastEnteredForegroundTimeToNow(user);
}
}
}
}
@Override
public void onUserUnlocking(@NonNull TargetUser targetUser) {
synchronized (mUms.mUsersLock) {
final UserData user = mUms.getUserDataLU(targetUser.getUserIdentifier());
if (user != null) {
user.unlockRealtime = SystemClock.elapsedRealtime();
}
}
if (targetUser.getUserIdentifier() == UserHandle.USER_SYSTEM
&& UserManager.isCommunalProfileEnabled()) {
mUms.startCommunalProfile();
}
}
@Override
public void onUserSwitching(@NonNull TargetUser from, @NonNull TargetUser to) {
synchronized (mUms.mUsersLock) {
final UserData user = mUms.getUserDataLU(to.getUserIdentifier());
if (user != null) {
mUms.setLastEnteredForegroundTimeToNow(user);
}
}
}
@Override
public void onUserStopping(@NonNull TargetUser targetUser) {
synchronized (mUms.mUsersLock) {
final UserData user = mUms.getUserDataLU(targetUser.getUserIdentifier());
if (user != null) {
user.startRealtime = 0;
user.unlockRealtime = 0;
}
}
}
}
// TODO(b/28848102) Add support for test dependencies injection
@VisibleForTesting
UserManagerService(Context context) {
this(context, /* pm= */ null, /* userDataPreparer= */ null,
/* packagesLock= */ new Object(), context.getCacheDir(), /* users= */ null);
}
/**
* Called by package manager to create the service. This is closely
* associated with the package manager, and the given lock is the
* package manager's own lock.
*/
UserManagerService(Context context, PackageManagerService pm, UserDataPreparer userDataPreparer,
Object packagesLock) {
this(context, pm, userDataPreparer, packagesLock, Environment.getDataDirectory(),
/* users= */ null);
}
@VisibleForTesting
UserManagerService(Context context, PackageManagerService pm,
UserDataPreparer userDataPreparer, Object packagesLock, File dataDir,
SparseArray<UserData> users) {
mContext = context;
mPm = pm;
mPackagesLock = packagesLock;
mUsers = users != null ? users : new SparseArray<>();
mHandler = new MainHandler();
mUserVisibilityMediator = new UserVisibilityMediator(mHandler);
mUserDataPreparer = userDataPreparer;
mUserTypes = UserTypeFactory.getUserTypes();
invalidateOwnerNameIfNecessary(context.getResources(), true /* forceUpdate */);
synchronized (mPackagesLock) {
mUsersDir = new File(dataDir, USER_INFO_DIR);
mUsersDir.mkdirs();
// Make zeroth user directory, for services to migrate their files to that location
File userZeroDir = new File(mUsersDir, String.valueOf(UserHandle.USER_SYSTEM));
userZeroDir.mkdirs();
FileUtils.setPermissions(mUsersDir.toString(),
FileUtils.S_IRWXU | FileUtils.S_IRWXG | FileUtils.S_IROTH | FileUtils.S_IXOTH,
-1, -1);
mUserListFile = new File(mUsersDir, USER_LIST_FILENAME);
initDefaultGuestRestrictions();
readUserListLP();
sInstance = this;
}
mSystemPackageInstaller = new UserSystemPackageInstaller(this, mUserTypes);
mLocalService = new LocalService();
LocalServices.addService(UserManagerInternal.class, mLocalService);
mLockPatternUtils = new LockPatternUtils(mContext);
mUserStates.put(UserHandle.USER_SYSTEM, UserState.STATE_BOOTING);
mUser0Allocations = DBG_ALLOCATION ? new AtomicInteger() : null;
emulateSystemUserModeIfNeeded();
}
void systemReady() {
mAppOpsService = IAppOpsService.Stub.asInterface(
ServiceManager.getService(Context.APP_OPS_SERVICE));
synchronized (mRestrictionsLock) {
applyUserRestrictionsLR(UserHandle.USER_SYSTEM);
}
mContext.registerReceiver(mDisableQuietModeCallback,
new IntentFilter(ACTION_DISABLE_QUIET_MODE_AFTER_UNLOCK),
null, mHandler);
mContext.registerReceiver(mConfigurationChangeReceiver,
new IntentFilter(Intent.ACTION_CONFIGURATION_CHANGED),
null, mHandler);
markEphemeralUsersForRemoval();
}
/**
* This method retrieves the {@link UserManagerInternal} only for the purpose of
* PackageManagerService construction.
*/
UserManagerInternal getInternalForInjectorOnly() {
return mLocalService;
}
private void startCommunalProfile() {
final int communalProfileId = getCommunalProfileIdUnchecked();
if (communalProfileId != UserHandle.USER_NULL) {
Slogf.d(LOG_TAG, "Starting the Communal Profile");
boolean started = false;
try {
started = ActivityManager.getService().startProfile(communalProfileId);
} catch (RemoteException e) {
// Should not happen - same process
e.rethrowAsRuntimeException();
}
if (!started) {
Slogf.wtf(LOG_TAG,
"Failed to start communal profile userId=%d", communalProfileId);
}
} else {
Slogf.w(LOG_TAG, "Cannot start Communal Profile because there isn't one");
}
}
/** Marks all ephemeral users as slated for deletion. **/
private void markEphemeralUsersForRemoval() {
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
final UserInfo ui = mUsers.valueAt(i).info;
if (ui.isEphemeral() && !ui.preCreated && ui.id != UserHandle.USER_SYSTEM) {
addRemovingUserIdLocked(ui.id);
ui.partial = true;
ui.flags |= UserInfo.FLAG_DISABLED;
}
}
}
}
/* Prunes out any partially created or partially removed users. */
private void cleanupPartialUsers() {
ArrayList<UserInfo> partials = new ArrayList<>();
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
UserInfo ui = mUsers.valueAt(i).info;
if ((ui.partial || ui.guestToRemove) && ui.id != UserHandle.USER_SYSTEM) {
partials.add(ui);
if (!mRemovingUserIds.get(ui.id)) {
addRemovingUserIdLocked(ui.id);
}
ui.partial = true;
}
}
}
final int partialsSize = partials.size();
for (int i = 0; i < partialsSize; i++) {
UserInfo ui = partials.get(i);
Slog.w(LOG_TAG, "Removing partially created user " + ui.id
+ " (name=" + ui.name + ")");
removeUserState(ui.id);
}
}
/**
* Removes any pre-created users from the system. Should be invoked after OTAs, to ensure
* pre-created users are not stale. New pre-created pool can be re-created after the update.
*/
private void cleanupPreCreatedUsers() {
final ArrayList<UserInfo> preCreatedUsers;
synchronized (mUsersLock) {
final int userSize = mUsers.size();
preCreatedUsers = new ArrayList<>(userSize);
for (int i = 0; i < userSize; i++) {
UserInfo ui = mUsers.valueAt(i).info;
if (ui.preCreated) {
preCreatedUsers.add(ui);
addRemovingUserIdLocked(ui.id);
ui.flags |= UserInfo.FLAG_DISABLED;
ui.partial = true;
}
}
}
final int preCreatedSize = preCreatedUsers.size();
for (int i = 0; i < preCreatedSize; i++) {
UserInfo ui = preCreatedUsers.get(i);
Slog.i(LOG_TAG, "Removing pre-created user " + ui.id);
removeUserState(ui.id);
}
}
@Override
public String getUserAccount(@UserIdInt int userId) {
checkManageUserAndAcrossUsersFullPermission("get user account");
synchronized (mUsersLock) {
return mUsers.get(userId).account;
}
}
@Override
public void setUserAccount(@UserIdInt int userId, String accountName) {
checkManageUserAndAcrossUsersFullPermission("set user account");
UserData userToUpdate = null;
synchronized (mPackagesLock) {
synchronized (mUsersLock) {
final UserData userData = mUsers.get(userId);
if (userData == null) {
Slog.e(LOG_TAG, "User not found for setting user account: u" + userId);
return;
}
String currentAccount = userData.account;
if (!Objects.equals(currentAccount, accountName)) {
userData.account = accountName;
userToUpdate = userData;
}
}
if (userToUpdate != null) {
writeUserLP(userToUpdate);
}
}
}
@Override
public UserInfo getPrimaryUser() {
checkManageUsersPermission("query users");
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
UserInfo ui = mUsers.valueAt(i).info;
if (ui.isPrimary() && !mRemovingUserIds.get(ui.id)) {
return ui;
}
}
}
return null;
}
@Override
public @UserIdInt int getMainUserId() {
checkQueryOrCreateUsersPermission("get main user id");
return getMainUserIdUnchecked();
}
private @UserIdInt int getMainUserIdUnchecked() {
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
final UserInfo user = mUsers.valueAt(i).info;
if (user.isMain() && !mRemovingUserIds.get(user.id)) {
return user.id;
}
}
}
return UserHandle.USER_NULL;
}
@Override
public void setBootUser(@UserIdInt int userId) {
checkCreateUsersPermission("Set boot user");
synchronized (mUsersLock) {
// TODO(b/263381643): Change to EventLog.
Slogf.i(LOG_TAG, "setBootUser %d", userId);
mBootUser = userId;
}
mBootUserLatch.countDown();
}
@Override
public @UserIdInt int getBootUser() {
checkCreateUsersPermission("Get boot user");
try {
return getBootUserUnchecked();
} catch (UserManager.CheckedUserOperationException e) {
throw e.toServiceSpecificException();
}
}
private @UserIdInt int getBootUserUnchecked() throws UserManager.CheckedUserOperationException {
synchronized (mUsersLock) {
if (mBootUser != UserHandle.USER_NULL) {
final UserData userData = mUsers.get(mBootUser);
if (userData != null && userData.info.supportsSwitchToByUser()) {
Slogf.i(LOG_TAG, "Using provided boot user: %d", mBootUser);
return mBootUser;
} else {
Slogf.w(LOG_TAG,
"Provided boot user cannot be switched to: %d", mBootUser);
}
}
}
if (isHeadlessSystemUserMode()) {
// Return the previous foreground user, if there is one.
final int previousUser = getPreviousFullUserToEnterForeground();
if (previousUser != UserHandle.USER_NULL) {
Slogf.i(LOG_TAG, "Boot user is previous user %d", previousUser);
return previousUser;
}
// No previous user. Return the first switchable user if there is one.
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
final UserData userData = mUsers.valueAt(i);
if (userData.info.supportsSwitchToByUser()) {
int firstSwitchable = userData.info.id;
Slogf.i(LOG_TAG,
"Boot user is first switchable user %d", firstSwitchable);
return firstSwitchable;
}
}
}
// No switchable users found. Uh oh!
throw new UserManager.CheckedUserOperationException(
"No switchable users found", USER_OPERATION_ERROR_UNKNOWN);
}
// Not HSUM, return system user.
return UserHandle.USER_SYSTEM;
}
@Override
public int getPreviousFullUserToEnterForeground() {
checkQueryOrCreateUsersPermission("get previous user");
int previousUser = UserHandle.USER_NULL;
long latestEnteredTime = 0;
final int currentUser = getCurrentUserId();
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
final UserData userData = mUsers.valueAt(i);
final int userId = userData.info.id;
if (userId != currentUser && userData.info.isFull() && !userData.info.partial
&& userData.info.isEnabled() && !mRemovingUserIds.get(userId)) {
final long userEnteredTime = userData.mLastEnteredForegroundTimeMillis;
if (userEnteredTime > latestEnteredTime) {
latestEnteredTime = userEnteredTime;
previousUser = userId;
}
}
}
}
return previousUser;
}
@Override
public @UserIdInt int getCommunalProfileId() {
checkQueryOrCreateUsersPermission("get communal profile user id");
return getCommunalProfileIdUnchecked();
}
/** Returns the currently-designated communal profile, or USER_NULL if not present. */
private @UserIdInt int getCommunalProfileIdUnchecked() {
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
final UserInfo user = mUsers.valueAt(i).info;
if (user.isCommunalProfile() && !mRemovingUserIds.get(user.id)) {
return user.id;
}
}
}
return UserHandle.USER_NULL;
}
public @NonNull List<UserInfo> getUsers(boolean excludeDying) {
return getUsers(/*excludePartial= */ true, excludeDying, /* excludePreCreated= */
true);
}
@Override
public @NonNull List<UserInfo> getUsers(boolean excludePartial, boolean excludeDying,
boolean excludePreCreated) {
checkCreateUsersPermission("query users");
return getUsersInternal(excludePartial, excludeDying, excludePreCreated);
}
private @NonNull List<UserInfo> getUsersInternal(boolean excludePartial, boolean excludeDying,
boolean excludePreCreated) {
synchronized (mUsersLock) {
ArrayList<UserInfo> users = new ArrayList<>(mUsers.size());
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
UserInfo ui = mUsers.valueAt(i).info;
if ((excludePartial && ui.partial)
|| (excludeDying && mRemovingUserIds.get(ui.id))
|| (excludePreCreated && ui.preCreated)) {
continue;
}
users.add(userWithName(ui));
}
return users;
}
}
@Override
public List<UserInfo> getProfiles(@UserIdInt int userId, boolean enabledOnly) {
boolean returnFullInfo;
if (userId != UserHandle.getCallingUserId()) {
checkQueryOrCreateUsersPermission("getting profiles related to user " + userId);
returnFullInfo = true;
} else {
returnFullInfo = hasCreateUsersPermission();
}
final long ident = Binder.clearCallingIdentity();
try {
synchronized (mUsersLock) {
return getProfilesLU(userId, /* userType */ null, enabledOnly, returnFullInfo);
}
} finally {
Binder.restoreCallingIdentity(ident);
}
}
// TODO(b/142482943): Will probably need a getProfiles(userType). But permissions may vary.
@Override
public int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) {
return getProfileIds(userId, null, enabledOnly);
}
// TODO(b/142482943): Probably @Override and make this accessible in UserManager.
/**
* Returns all the users of type userType that are in the same profile group as userId
* (including userId itself, if it is of the appropriate user type).
*
* <p>If userType is non-{@code null}, only returns users that are of type userType.
* If enabledOnly, only returns users that are not {@link UserInfo#FLAG_DISABLED}.
*/
public int[] getProfileIds(@UserIdInt int userId, @Nullable String userType,
boolean enabledOnly) {
if (userId != UserHandle.getCallingUserId()) {
checkQueryOrCreateUsersPermission("getting profiles related to user " + userId);
}
final long ident = Binder.clearCallingIdentity();
try {
synchronized (mUsersLock) {
return getProfileIdsLU(userId, userType, enabledOnly).toArray();
}
} finally {
Binder.restoreCallingIdentity(ident);
}
}
/** Assume permissions already checked and caller's identity cleared */
@GuardedBy("mUsersLock")
private List<UserInfo> getProfilesLU(@UserIdInt int userId, @Nullable String userType,
boolean enabledOnly, boolean fullInfo) {
IntArray profileIds = getProfileIdsLU(userId, userType, enabledOnly);
ArrayList<UserInfo> users = new ArrayList<>(profileIds.size());
for (int i = 0; i < profileIds.size(); i++) {
int profileId = profileIds.get(i);
UserInfo userInfo = mUsers.get(profileId).info;
// If full info is not required - clear PII data to prevent 3P apps from reading it
if (!fullInfo) {
userInfo = new UserInfo(userInfo);
userInfo.name = null;
userInfo.iconPath = null;
} else {
userInfo = userWithName(userInfo);
}
users.add(userInfo);
}
return users;
}
/**
* Assume permissions already checked and caller's identity cleared
* <p>If userType is {@code null}, returns all profiles for user; else, only returns
* profiles of that type.
*/
@GuardedBy("mUsersLock")
private IntArray getProfileIdsLU(@UserIdInt int userId, @Nullable String userType,
boolean enabledOnly) {
UserInfo user = getUserInfoLU(userId);
IntArray result = new IntArray(mUsers.size());
if (user == null) {
// Probably a dying user
return result;
}
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
UserInfo profile = mUsers.valueAt(i).info;
if (!isProfileOf(user, profile)) {
continue;
}
if (enabledOnly && !profile.isEnabled()) {
continue;
}
if (mRemovingUserIds.get(profile.id)) {
continue;
}
if (profile.partial) {
continue;
}
if (userType != null && !userType.equals(profile.userType)) {
continue;
}
result.add(profile.id);
}
return result;
}
@Override
public int getCredentialOwnerProfile(@UserIdInt int userId) {
checkManageUsersPermission("get the credential owner");
if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
synchronized (mUsersLock) {
UserInfo profileParent = getProfileParentLU(userId);
if (profileParent != null) {
return profileParent.id;
}
}
}
return userId;
}
@Override
public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) {
if (userId == otherUserId) return true;
checkQueryUsersPermission("check if in the same profile group");
return isSameProfileGroupNoChecks(userId, otherUserId);
}
/**
* Returns whether users are in the same non-empty profile group.
* Currently, false if empty profile group, even if they are the same user, for whatever reason.
*/
private boolean isSameProfileGroupNoChecks(@UserIdInt int userId, int otherUserId) {
synchronized (mUsersLock) {
UserInfo userInfo = getUserInfoLU(userId);
if (userInfo == null || userInfo.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID) {
return false;
}
UserInfo otherUserInfo = getUserInfoLU(otherUserId);
if (otherUserInfo == null
|| otherUserInfo.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID) {
return false;
}
return userInfo.profileGroupId == otherUserInfo.profileGroupId;
}
}
/**
* Returns whether users are in the same profile group, or if the target is a communal profile.
*/
private boolean isSameUserOrProfileGroupOrTargetIsCommunal(UserInfo asker, UserInfo target) {
if (asker.id == target.id) return true;
if (android.multiuser.Flags.supportCommunalProfile()) {
if (target.isCommunalProfile()) return true;
}
return (asker.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID
&& asker.profileGroupId == target.profileGroupId);
}
@Override
public UserInfo getProfileParent(@UserIdInt int userId) {
if (!hasManageUsersOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS)) {
throw new SecurityException(
"You need MANAGE_USERS or INTERACT_ACROSS_USERS permission to get the "
+ "profile parent");
}
synchronized (mUsersLock) {
return getProfileParentLU(userId);
}
}
@Override
public int getProfileParentId(@UserIdInt int userId) {
checkManageUsersPermission("get the profile parent");
return getProfileParentIdUnchecked(userId);
}
private @UserIdInt int getProfileParentIdUnchecked(@UserIdInt int userId) {
synchronized (mUsersLock) {
UserInfo profileParent = getProfileParentLU(userId);
if (profileParent == null) {
return userId;
}
return profileParent.id;
}
}
@GuardedBy("mUsersLock")
private UserInfo getProfileParentLU(@UserIdInt int userId) {
UserInfo profile = getUserInfoLU(userId);
if (profile == null) {
return null;
}
int parentUserId = profile.profileGroupId;
if (parentUserId == userId || parentUserId == UserInfo.NO_PROFILE_GROUP_ID) {
return null;
} else {
return getUserInfoLU(parentUserId);
}
}
private static boolean isProfileOf(UserInfo user, UserInfo profile) {
return user.id == profile.id ||
(user.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID
&& user.profileGroupId == profile.profileGroupId);
}
private String getAvailabilityIntentAction(boolean enableQuietMode, boolean useManagedActions) {
return useManagedActions ?
enableQuietMode ?
Intent.ACTION_MANAGED_PROFILE_UNAVAILABLE
: Intent.ACTION_MANAGED_PROFILE_AVAILABLE
: enableQuietMode ?
Intent.ACTION_PROFILE_UNAVAILABLE
: Intent.ACTION_PROFILE_AVAILABLE;
}
private void broadcastProfileAvailabilityChanges(UserInfo profileInfo,
UserHandle parentHandle, boolean enableQuietMode, boolean useManagedActions) {
Intent availabilityIntent = new Intent();
availabilityIntent.setAction(
getAvailabilityIntentAction(enableQuietMode, useManagedActions));
availabilityIntent.putExtra(Intent.EXTRA_QUIET_MODE, enableQuietMode);
availabilityIntent.putExtra(Intent.EXTRA_USER, profileInfo.getUserHandle());
availabilityIntent.putExtra(Intent.EXTRA_USER_HANDLE,
profileInfo.getUserHandle().getIdentifier());
if (profileInfo.isManagedProfile()) {
getDevicePolicyManagerInternal().broadcastIntentToManifestReceivers(
availabilityIntent, parentHandle, /* requiresPermission= */ true);
}
availabilityIntent.addFlags(
Intent.FLAG_RECEIVER_REGISTERED_ONLY | Intent.FLAG_RECEIVER_FOREGROUND);
// TODO(b/302708423): Restrict the apps that can receive these intents in case of a private
// profile.
final Bundle options = new BroadcastOptions()
.setDeferralPolicy(BroadcastOptions.DEFERRAL_POLICY_UNTIL_ACTIVE)
.setDeliveryGroupPolicy(BroadcastOptions.DELIVERY_GROUP_POLICY_MOST_RECENT)
// Both actions use single namespace because only the final state matters.
.setDeliveryGroupMatchingKey(
useManagedActions ? Intent.ACTION_MANAGED_PROFILE_AVAILABLE
: Intent.ACTION_PROFILE_AVAILABLE,
String.valueOf(profileInfo.getUserHandle().getIdentifier()) /* key */)
.toBundle();
mContext.sendBroadcastAsUser(availabilityIntent, parentHandle, /* receiverPermission= */
null, options);
}
@Override
public boolean requestQuietModeEnabled(@NonNull String callingPackage, boolean enableQuietMode,
@UserIdInt int userId, @Nullable IntentSender target, @QuietModeFlag int flags) {
Objects.requireNonNull(callingPackage);
if (enableQuietMode && target != null) {
throw new IllegalArgumentException(
"target should only be specified when we are disabling quiet mode.");
}
final boolean dontAskCredential =
(flags & UserManager.QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL) != 0;
final boolean onlyIfCredentialNotRequired =
(flags & UserManager.QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED) != 0;
if (dontAskCredential && onlyIfCredentialNotRequired) {
throw new IllegalArgumentException("invalid flags: " + flags);
}
ensureCanModifyQuietMode(
callingPackage, Binder.getCallingUid(), userId, target != null, dontAskCredential);
if (onlyIfCredentialNotRequired && callingPackage.equals(
getPackageManagerInternal().getSystemUiServiceComponent().getPackageName())) {
// This is to prevent SysUI from accidentally allowing the profile to turned on
// without password when keyguard is still locked.
throw new SecurityException("SystemUI is not allowed to set "
+ "QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED");
}
final long identity = Binder.clearCallingIdentity();
try {
// QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL is only allowed for managed-profiles
if (dontAskCredential) {
UserInfo userInfo;
synchronized (mUsersLock) {
userInfo = getUserInfo(userId);
}
if (!userInfo.isManagedProfile()) {
throw new IllegalArgumentException("Invalid flags: " + flags
+ ". Can't skip credential check for the user");
}
}
if (enableQuietMode) {
setQuietModeEnabled(userId, true /* enableQuietMode */, target, callingPackage);
return true;
}
if (android.os.Flags.allowPrivateProfile()) {
final UserProperties userProperties = getUserPropertiesInternal(userId);
if (userProperties != null
&& userProperties.isAuthAlwaysRequiredToDisableQuietMode()) {
if (onlyIfCredentialNotRequired) {
return false;
}
showConfirmCredentialToDisableQuietMode(userId, target, callingPackage);
return false;
}
}
final boolean hasUnifiedChallenge =
mLockPatternUtils.isManagedProfileWithUnifiedChallenge(userId);
if (hasUnifiedChallenge) {
KeyguardManager km = mContext.getSystemService(KeyguardManager.class);
// Normally only attempt to auto-unlock unified challenge if keyguard is not showing
// (to stop turning profile on automatically via the QS tile), except when we
// are called with QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED, in which
// case always attempt to auto-unlock.
if (!km.isDeviceLocked(mLocalService.getProfileParentId(userId))
|| onlyIfCredentialNotRequired) {
mLockPatternUtils.tryUnlockWithCachedUnifiedChallenge(userId);
}
}
final boolean needToShowConfirmCredential = !dontAskCredential
&& mLockPatternUtils.isSecure(userId)
&& (!hasUnifiedChallenge || !StorageManager.isCeStorageUnlocked(userId));
if (needToShowConfirmCredential) {
if (onlyIfCredentialNotRequired) {
return false;
}
showConfirmCredentialToDisableQuietMode(userId, target, callingPackage);
return false;
}
setQuietModeEnabled(userId, false /* enableQuietMode */, target, callingPackage);
return true;
} finally {
Binder.restoreCallingIdentity(identity);
}
}
/**
* The caller can modify quiet mode if it meets one of these conditions:
* <ul>
* <li>Has system UID or root UID</li>
* <li>Has {@link Manifest.permission#MODIFY_QUIET_MODE}</li>
* <li>Has {@link Manifest.permission#MANAGE_USERS}</li>
* <li>Is the foreground default launcher app</li>
* </ul>
* <p>
* If caller wants to start an intent after disabling the quiet mode, or if it is targeting a
* user in a different profile group from the caller, it must have
* {@link Manifest.permission#MANAGE_USERS}.
*/
private void ensureCanModifyQuietMode(String callingPackage, int callingUid,
@UserIdInt int targetUserId, boolean startIntent, boolean dontAskCredential) {
verifyCallingPackage(callingPackage, callingUid);
if (hasManageUsersPermission()) {
return;
}
if (startIntent) {
throw new SecurityException("MANAGE_USERS permission is required to start intent "
+ "after disabling quiet mode.");
}
if (dontAskCredential) {
throw new SecurityException("MANAGE_USERS permission is required to disable quiet "
+ "mode without credentials.");
}
if (!isSameProfileGroupNoChecks(UserHandle.getUserId(callingUid), targetUserId)) {
throw new SecurityException("MANAGE_USERS permission is required to modify quiet mode "
+ "for a different profile group.");
}
final boolean hasModifyQuietModePermission = hasPermissionGranted(
Manifest.permission.MODIFY_QUIET_MODE, callingUid);
if (hasModifyQuietModePermission) {
return;
}
final ShortcutServiceInternal shortcutInternal =
LocalServices.getService(ShortcutServiceInternal.class);
if (shortcutInternal != null) {
boolean isForegroundLauncher =
shortcutInternal.isForegroundDefaultLauncher(callingPackage, callingUid);
if (isForegroundLauncher) {
return;
}
}
throw new SecurityException("Can't modify quiet mode, caller is neither foreground "
+ "default launcher nor has MANAGE_USERS/MODIFY_QUIET_MODE permission");
}
private void setQuietModeEnabled(@UserIdInt int userId, boolean enableQuietMode,
IntentSender target, @Nullable String callingPackage) {
final UserInfo profile, parent;
final UserData profileUserData;
synchronized (mUsersLock) {
profile = getUserInfoLU(userId);
parent = getProfileParentLU(userId);
if (profile == null || !profile.isProfile()) {
throw new IllegalArgumentException("User " + userId + " is not a profile");
}
if (profile.isQuietModeEnabled() == enableQuietMode) {
Slog.i(LOG_TAG, "Quiet mode is already " + enableQuietMode);
return;
}
profile.flags ^= UserInfo.FLAG_QUIET_MODE;
profileUserData = getUserDataLU(profile.id);
}
synchronized (mPackagesLock) {
writeUserLP(profileUserData);
}
try {
if (enableQuietMode) {
stopUserForQuietMode(userId);
LocalServices.getService(ActivityManagerInternal.class)
.killForegroundAppsForUser(userId);
} else {
IProgressListener callback = target != null
? new DisableQuietModeUserUnlockedCallback(target)
: null;
ActivityManager.getService().startProfileWithListener(userId, callback);
}
} catch (RemoteException e) {
// Should not happen, same process.
e.rethrowAsRuntimeException();
}
logQuietModeEnabled(userId, enableQuietMode, callingPackage);
// Broadcast generic intents for all profiles
if (android.os.Flags.allowPrivateProfile()) {
broadcastProfileAvailabilityChanges(profile, parent.getUserHandle(),
enableQuietMode, false);
}
// Broadcast Managed profile availability intents too for managed profiles.
if (profile.isManagedProfile()){
broadcastProfileAvailabilityChanges(profile, parent.getUserHandle(),
enableQuietMode, true);
}
}
private void stopUserForQuietMode(int userId) throws RemoteException {
if (android.os.Flags.allowPrivateProfile()
&& android.multiuser.Flags.enableBiometricsToUnlockPrivateSpace()) {
// Allow delayed locking since some profile types want to be able to unlock again via
// biometrics.
ActivityManager.getService()
.stopUserWithDelayedLocking(userId, /* force= */ true, null);
return;
}
ActivityManager.getService().stopUser(userId, /* force= */ true, null);
}
private void logQuietModeEnabled(@UserIdInt int userId, boolean enableQuietMode,
@Nullable String callingPackage) {
Slogf.i(LOG_TAG,
"requestQuietModeEnabled called by package %s, with enableQuietMode %b.",
callingPackage,
enableQuietMode);
UserData userData;
synchronized (mUsersLock) {
userData = getUserDataLU(userId);
}
if (userData == null) {
return;
}
final long now = System.currentTimeMillis();
final long period = (userData.getLastRequestQuietModeEnabledMillis() != 0L
? now - userData.getLastRequestQuietModeEnabledMillis()
: now - userData.info.creationTime);
DevicePolicyEventLogger
.createEvent(DevicePolicyEnums.REQUEST_QUIET_MODE_ENABLED)
.setInt(UserJourneyLogger.getUserTypeForStatsd(userData.info.userType))
.setStrings(callingPackage)
.setBoolean(enableQuietMode)
.setTimePeriod(period)
.write();
userData.setLastRequestQuietModeEnabledMillis(now);
}
@Override
public boolean isQuietModeEnabled(@UserIdInt int userId) {
synchronized (mPackagesLock) {
UserInfo info;
synchronized (mUsersLock) {
info = getUserInfoLU(userId);
}
if (info == null || !info.isProfile()) {
return false;
}
return info.isQuietModeEnabled();
}
}
/**
* Show confirm credential screen to unlock user in order to turn off quiet mode.
*/
private void showConfirmCredentialToDisableQuietMode(
@UserIdInt int userId, @Nullable IntentSender target, @Nullable String callingPackage) {
if (android.app.admin.flags.Flags.quietModeCredentialBugFix()) {
// TODO (b/308121702) It may be brittle to rely on user states to check profile state
int state;
synchronized (mUserStates) {
state = mUserStates.get(userId, UserState.STATE_NONE);
}
if (state != UserState.STATE_NONE) {
Slog.i(LOG_TAG,
"showConfirmCredentialToDisableQuietMode() called too early, user " + userId
+ " is still alive.");
return;
}
}
// otherwise, we show a profile challenge to trigger decryption of the user
final KeyguardManager km = (KeyguardManager) mContext.getSystemService(
Context.KEYGUARD_SERVICE);
// We should use userId not credentialOwnerUserId here, as even if it is unified
// lock, confirm screenlock page will know and show personal challenge, and unlock
// work profile when personal challenge is correct
final Intent unlockIntent = km.createConfirmDeviceCredentialIntent(null, null, userId);
if (unlockIntent == null) {
return;
}
final Intent callBackIntent = new Intent(
ACTION_DISABLE_QUIET_MODE_AFTER_UNLOCK);
if (target != null) {
callBackIntent.putExtra(Intent.EXTRA_INTENT, target);
}
callBackIntent.putExtra(Intent.EXTRA_USER_ID, userId);
callBackIntent.setPackage(mContext.getPackageName());
callBackIntent.putExtra(Intent.EXTRA_PACKAGE_NAME, callingPackage);
callBackIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
final PendingIntent pendingIntent = PendingIntent.getBroadcast(
mContext,
0,
callBackIntent,
PendingIntent.FLAG_CANCEL_CURRENT |
PendingIntent.FLAG_ONE_SHOT |
PendingIntent.FLAG_IMMUTABLE);
// After unlocking the challenge, it will disable quiet mode and run the original
// intentSender
unlockIntent.putExtra(Intent.EXTRA_INTENT, pendingIntent.getIntentSender());
unlockIntent.setFlags(FLAG_ACTIVITY_NEW_TASK | FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS);
mContext.startActivityAsUser(
unlockIntent, UserHandle.of(getProfileParentIdUnchecked(userId)));
}
@Override
public void setUserEnabled(@UserIdInt int userId) {
checkManageUsersPermission("enable user");
UserInfo info;
boolean wasUserDisabled = false;
synchronized (mPackagesLock) {
synchronized (mUsersLock) {
info = getUserInfoLU(userId);
if (info != null && !info.isEnabled()) {
wasUserDisabled = true;
info.flags ^= UserInfo.FLAG_DISABLED;
writeUserLP(getUserDataLU(info.id));
}
}
}
if (wasUserDisabled && info != null && info.isProfile()) {
sendProfileAddedBroadcast(info.profileGroupId, info.id);
}
}
@Override
public void setUserAdmin(@UserIdInt int userId) {
checkManageUserAndAcrossUsersFullPermission("set user admin");
mUserJourneyLogger.logUserJourneyBegin(userId, USER_JOURNEY_GRANT_ADMIN);
UserData user;
synchronized (mPackagesLock) {
synchronized (mUsersLock) {
user = getUserDataLU(userId);
if (user == null) {
// Exit if no user found with that id,
mUserJourneyLogger.logNullUserJourneyError(USER_JOURNEY_GRANT_ADMIN,
getCurrentUserId(), userId, /* userType */ "", /* userFlags */ -1);
return;
} else if (user.info.isAdmin()) {
// Exit if the user is already an Admin.
mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(),
user.info, USER_JOURNEY_GRANT_ADMIN,
ERROR_CODE_USER_ALREADY_AN_ADMIN);
return;
}
user.info.flags ^= UserInfo.FLAG_ADMIN;
writeUserLP(user);
}
}
mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(), user.info,
USER_JOURNEY_GRANT_ADMIN, ERROR_CODE_UNSPECIFIED);
}
@Override
public void revokeUserAdmin(@UserIdInt int userId) {
checkManageUserAndAcrossUsersFullPermission("revoke admin privileges");
mUserJourneyLogger.logUserJourneyBegin(userId, USER_JOURNEY_REVOKE_ADMIN);
UserData user;
synchronized (mPackagesLock) {
synchronized (mUsersLock) {
user = getUserDataLU(userId);
if (user == null) {
// Exit if no user found with that id
mUserJourneyLogger.logNullUserJourneyError(
USER_JOURNEY_REVOKE_ADMIN,
getCurrentUserId(), userId, "", -1);
return;
} else if (!user.info.isAdmin()) {
// Exit if no user is not an Admin.
mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(), user.info,
USER_JOURNEY_REVOKE_ADMIN, ERROR_CODE_USER_IS_NOT_AN_ADMIN);
return;
}
user.info.flags ^= UserInfo.FLAG_ADMIN;
writeUserLP(user);
}
}
mUserJourneyLogger.logUserJourneyFinishWithError(getCurrentUserId(), user.info,
USER_JOURNEY_REVOKE_ADMIN, ERROR_CODE_UNSPECIFIED);
}
/**
* Evicts a user's CE key by stopping and restarting the user.
*
* The key is evicted automatically by the user controller when the user has stopped.
*/
@Override
public void evictCredentialEncryptionKey(@UserIdInt int userId) {
checkManageUsersPermission("evict CE key");
final IActivityManager am = ActivityManagerNative.getDefault();
final long identity = Binder.clearCallingIdentity();
// TODO(b/280054081): save userStartMode when user started and re-use it here instead
final int userStartMode = isProfileUnchecked(userId)
? UserManagerInternal.USER_START_MODE_BACKGROUND_VISIBLE
: UserManagerInternal.USER_START_MODE_BACKGROUND;
try {
am.restartUserInBackground(userId, userStartMode);
} catch (RemoteException re) {
throw re.rethrowAsRuntimeException();
} finally {
Binder.restoreCallingIdentity(identity);
}
}
/**
* Returns whether the given user (specified by userId) is of the given user type, such as
* {@link UserManager#USER_TYPE_FULL_GUEST}.
*/
@Override
public boolean isUserOfType(@UserIdInt int userId, String userType) {
checkQueryOrCreateUsersPermission("check user type");
return userType != null && userType.equals(getUserTypeNoChecks(userId));
}
/**
* Returns the user type of the given userId, or null if the user doesn't exist.
* <p>No permissions checks are made (but userId checks may be made).
*/
private @Nullable String getUserTypeNoChecks(@UserIdInt int userId) {
synchronized (mUsersLock) {
final UserInfo userInfo = getUserInfoLU(userId);
return userInfo != null ? userInfo.userType : null;
}
}
/**
* Returns the UserTypeDetails of the given userId's user type, or null if the no such user.
* <p>No permissions checks are made (but userId checks may be made).
*/
private @Nullable UserTypeDetails getUserTypeDetailsNoChecks(@UserIdInt int userId) {
final String typeStr = getUserTypeNoChecks(userId);
return typeStr != null ? mUserTypes.get(typeStr) : null;
}
/**
* Returns the UserTypeDetails of the given userInfo's user type (or null for a null userInfo).
*/
private @Nullable UserTypeDetails getUserTypeDetails(@Nullable UserInfo userInfo) {
final String typeStr = userInfo != null ? userInfo.userType : null;
return typeStr != null ? mUserTypes.get(typeStr) : null;
}
@Override
public UserInfo getUserInfo(@UserIdInt int userId) {
checkQueryOrCreateUsersPermission("query user");
synchronized (mUsersLock) {
return userWithName(getUserInfoLU(userId));
}
}
/**
* Returns a UserInfo object with the name filled in, for Owner and Guest, or the original
* if the name is already set.
*
* Note: Currently, the resulting name can be null if a user was truly created with a null name.
*/
private UserInfo userWithName(UserInfo orig) {
if (orig != null && orig.name == null) {
String name = null;
if (orig.id == UserHandle.USER_SYSTEM) {
if (DBG_ALLOCATION) {
final int number = mUser0Allocations.incrementAndGet();
Slog.w(LOG_TAG, "System user instantiated at least " + number + " times");
}
name = getOwnerName();
} else if (orig.isMain()) {
name = getOwnerName();
} else if (orig.isGuest()) {
name = getGuestName();
}
if (name != null) {
final UserInfo withName = new UserInfo(orig);
withName.name = name;
return withName;
}
}
return orig;
}
/** Returns whether the given user type is one of the FULL user types. */
boolean isUserTypeSubtypeOfFull(String userType) {
UserTypeDetails userTypeDetails = mUserTypes.get(userType);
return userTypeDetails != null && userTypeDetails.isFull();
}
/** Returns whether the given user type is one of the PROFILE user types. */
boolean isUserTypeSubtypeOfProfile(String userType) {
UserTypeDetails userTypeDetails = mUserTypes.get(userType);
return userTypeDetails != null && userTypeDetails.isProfile();
}
/** Returns whether the given user type is one of the SYSTEM user types. */
boolean isUserTypeSubtypeOfSystem(String userType) {
UserTypeDetails userTypeDetails = mUserTypes.get(userType);
return userTypeDetails != null && userTypeDetails.isSystem();
}
/**
* Returns a *copy* of the given user's UserProperties, stripping out any information for which
* the caller lacks permission.
*/
@Override
public @NonNull UserProperties getUserPropertiesCopy(@UserIdInt int userId) {
checkQueryOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getUserProperties");
final UserProperties origProperties = getUserPropertiesInternal(userId);
if (origProperties != null) {
boolean exposeAllFields = Binder.getCallingUid() == Process.SYSTEM_UID;
boolean hasManage = hasManageUsersPermission();
boolean hasQuery = hasQueryUsersPermission();
return new UserProperties(origProperties, exposeAllFields, hasManage, hasQuery);
}
// A non-existent or partial user will reach here.
throw new IllegalArgumentException("Cannot access properties for user " + userId);
}
/** Returns the user's actual, canonical UserProperties object. Do not edit it externally. */
private @Nullable UserProperties getUserPropertiesInternal(@UserIdInt int userId) {
synchronized (mUsersLock) {
final UserData userData = getUserDataLU(userId);
if (userData != null) {
return userData.userProperties;
}
}
return null;
}
@Override
public boolean hasBadge(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "hasBadge");
final UserTypeDetails userTypeDetails = getUserTypeDetailsNoChecks(userId);
return userTypeDetails != null && userTypeDetails.hasBadge();
}
@Override
public @StringRes int getUserBadgeLabelResId(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId,
"getUserBadgeLabelResId");
final UserInfo userInfo = getUserInfoNoChecks(userId);
final UserTypeDetails userTypeDetails = getUserTypeDetails(userInfo);
if (userInfo == null || userTypeDetails == null || !userTypeDetails.hasBadge()) {
Slog.e(LOG_TAG, "Requested badge label for non-badged user " + userId);
return Resources.ID_NULL;
}
final int badgeIndex = userInfo.profileBadge;
return userTypeDetails.getBadgeLabel(badgeIndex);
}
/**
* @return the color (not the resource ID) to be used for the user's badge in light theme
*/
@Override
public @ColorRes int getUserBadgeColorResId(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId,
"getUserBadgeColorResId");
final UserInfo userInfo = getUserInfoNoChecks(userId);
final UserTypeDetails userTypeDetails = getUserTypeDetails(userInfo);
if (userInfo == null || userTypeDetails == null || !userTypeDetails.hasBadge()) {
Slog.e(LOG_TAG, "Requested badge dark color for non-badged user " + userId);
return Resources.ID_NULL;
}
return userTypeDetails.getBadgeColor(userInfo.profileBadge);
}
/**
* @return the color (not the resource ID) to be used for the user's badge in dark theme
*/
@Override
public @ColorRes int getUserBadgeDarkColorResId(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId,
"getUserBadgeDarkColorResId");
final UserInfo userInfo = getUserInfoNoChecks(userId);
final UserTypeDetails userTypeDetails = getUserTypeDetails(userInfo);
if (userInfo == null || userTypeDetails == null || !userTypeDetails.hasBadge()) {
Slog.e(LOG_TAG, "Requested badge color for non-badged user " + userId);
return Resources.ID_NULL;
}
return userTypeDetails.getDarkThemeBadgeColor(userInfo.profileBadge);
}
@Override
public @DrawableRes int getUserIconBadgeResId(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getUserIconBadgeResId");
final UserTypeDetails userTypeDetails = getUserTypeDetailsNoChecks(userId);
if (userTypeDetails == null || !userTypeDetails.hasBadge()) {
Slog.e(LOG_TAG, "Requested icon badge for non-badged user " + userId);
return Resources.ID_NULL;
}
return userTypeDetails.getIconBadge();
}
@Override
public @DrawableRes int getUserBadgeResId(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getUserBadgeResId");
final UserTypeDetails userTypeDetails = getUserTypeDetailsNoChecks(userId);
if (userTypeDetails == null || !userTypeDetails.hasBadge()) {
Slog.e(LOG_TAG, "Requested badge for non-badged user " + userId);
return Resources.ID_NULL;
}
return userTypeDetails.getBadgePlain();
}
@Override
public @DrawableRes int getUserBadgeNoBackgroundResId(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId,
"getUserBadgeNoBackgroundResId");
final UserTypeDetails userTypeDetails = getUserTypeDetailsNoChecks(userId);
if (userTypeDetails == null || !userTypeDetails.hasBadge()) {
Slog.e(LOG_TAG, "Requested badge (no background) for non-badged user " + userId);
return Resources.ID_NULL;
}
return userTypeDetails.getBadgeNoBackground();
}
@Override
public @DrawableRes int getUserStatusBarIconResId(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId,
"getUserStatusBarIconResId");
final UserTypeDetails userTypeDetails = getUserTypeDetailsNoChecks(userId);
if (userTypeDetails == null || !userTypeDetails.hasBadge()) {
Slog.w(LOG_TAG, "Requested status bar icon for non-badged user " + userId);
return Resources.ID_NULL;
}
return userTypeDetails.getStatusBarIcon();
}
@Override
public @StringRes int getProfileLabelResId(@UserIdInt int userId) {
checkQueryOrInteractPermissionIfCallerInOtherProfileGroup(userId,
"getProfileLabelResId");
final UserInfo userInfo = getUserInfoNoChecks(userId);
final UserTypeDetails userTypeDetails = getUserTypeDetails(userInfo);
if (userInfo == null || userTypeDetails == null) {
return Resources.ID_NULL;
}
final int userIndex = userInfo.profileBadge;
return userTypeDetails.getLabel(userIndex);
}
public boolean isProfile(@UserIdInt int userId) {
checkQueryOrInteractPermissionIfCallerInOtherProfileGroup(userId, "isProfile");
return isProfileUnchecked(userId);
}
private boolean isProfileUnchecked(@UserIdInt int userId) {
synchronized (mUsersLock) {
UserInfo userInfo = getUserInfoLU(userId);
return userInfo != null && userInfo.isProfile();
}
}
/**
* Returns the user type (if it is a profile), empty string (if it isn't a profile),
* or null (if the user doesn't exist).
*/
@Override
public @Nullable String getProfileType(@UserIdInt int userId) {
checkQueryOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getProfileType");
synchronized (mUsersLock) {
UserInfo userInfo = getUserInfoLU(userId);
if (userInfo != null) {
return userInfo.isProfile() ? userInfo.userType : "";
}
return null;
}
}
@Override
public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId,
"isUserUnlockingOrUnlocked");
return mLocalService.isUserUnlockingOrUnlocked(userId);
}
@Override
public boolean isUserUnlocked(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "isUserUnlocked");
return mLocalService.isUserUnlocked(userId);
}
@Override
public boolean isUserRunning(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "isUserRunning");
return mLocalService.isUserRunning(userId);
}
@Override
public boolean isUserForeground(@UserIdInt int userId) {
final int callingUserId = UserHandle.getCallingUserId();
if (callingUserId != userId
&& !hasManageUsersOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS)) {
throw new SecurityException("Caller from user " + callingUserId + " needs MANAGE_USERS "
+ "or INTERACT_ACROSS_USERS permission to check if another user (" + userId
+ ") is running in the foreground");
}
return userId == getCurrentUserId();
}
@Override
public boolean isUserVisible(@UserIdInt int userId) {
int callingUserId = UserHandle.getCallingUserId();
if (callingUserId != userId
&& !hasManageUsersOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS)) {
throw new SecurityException("Caller from user " + callingUserId + " needs MANAGE_USERS "
+ "or INTERACT_ACROSS_USERS permission to check if another user (" + userId
+ ") is visible");
}
return mUserVisibilityMediator.isUserVisible(userId);
}
/**
* Gets the current and target user ids as a {@link Pair}, calling
* {@link ActivityManagerInternal} directly (and without performing any permission check).
*
* @return ids of current foreground user and the target user. Target user will be
* {@link UserHandle#USER_NULL} if there is not an ongoing user switch. And if
* {@link ActivityManagerInternal} is not available yet, they will both be
* {@link UserHandle#USER_NULL}.
*/
@VisibleForTesting
@NonNull
Pair<Integer, Integer> getCurrentAndTargetUserIds() {
ActivityManagerInternal activityManagerInternal = getActivityManagerInternal();
if (activityManagerInternal == null) {
Slog.w(LOG_TAG, "getCurrentAndTargetUserId() called too early, "
+ "ActivityManagerInternal is not set yet");
return new Pair<>(UserHandle.USER_NULL, UserHandle.USER_NULL);
}
return activityManagerInternal.getCurrentAndTargetUserIds();
}
/**
* Gets the current user id, calling {@link ActivityManagerInternal} directly (and without
* performing any permission check).
*
* @return id of current foreground user, or {@link UserHandle#USER_NULL} if
* {@link ActivityManagerInternal} is not available yet.
*/
@VisibleForTesting
int getCurrentUserId() {
ActivityManagerInternal activityManagerInternal = getActivityManagerInternal();
if (activityManagerInternal == null) {
Slog.w(LOG_TAG, "getCurrentUserId() called too early, ActivityManagerInternal"
+ " is not set yet");
return UserHandle.USER_NULL;
}
return activityManagerInternal.getCurrentUserId();
}
/**
* Gets whether the user is the current foreground user or a started profile of that user.
*
* <p>Doesn't perform any permission check.
*/
@VisibleForTesting
boolean isCurrentUserOrRunningProfileOfCurrentUser(@UserIdInt int userId) {
int currentUserId = getCurrentUserId();
if (currentUserId == userId) {
return true;
}
if (isProfileUnchecked(userId)) {
int parentId = getProfileParentIdUnchecked(userId);
if (parentId == currentUserId) {
return isUserRunning(userId);
}
}
return false;
}
// Called by UserManagerServiceShellCommand
boolean isUserVisibleOnDisplay(@UserIdInt int userId, int displayId) {
return mUserVisibilityMediator.isUserVisible(userId, displayId);
}
@Override
public int[] getVisibleUsers() {
if (!hasManageUsersOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS)) {
throw new SecurityException("Caller needs MANAGE_USERS or INTERACT_ACROSS_USERS "
+ "permission to get list of visible users");
}
final long ident = Binder.clearCallingIdentity();
try {
return mUserVisibilityMediator.getVisibleUsers().toArray();
} finally {
Binder.restoreCallingIdentity(ident);
}
}
@Override
public int getMainDisplayIdAssignedToUser() {
// Not checking for any permission as it returns info about calling user
int userId = UserHandle.getUserId(Binder.getCallingUid());
int displayId = mUserVisibilityMediator.getMainDisplayAssignedToUser(userId);
return displayId;
}
@Override
public boolean isForegroundUserAdmin() {
// No permission requirements for this API.
synchronized (mUsersLock) {
final int currentUserId = getCurrentUserId();
if (currentUserId != UserHandle.USER_NULL) {
final UserInfo userInfo = getUserInfoLU(currentUserId);
return userInfo != null && userInfo.isAdmin();
}
}
return false;
}
@Override
public @NonNull String getUserName() {
final int callingUid = Binder.getCallingUid();
if (!hasQueryOrCreateUsersPermission()
&& !hasPermissionGranted(
android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED, callingUid)) {
throw new SecurityException("You need MANAGE_USERS, CREATE_USERS, QUERY_USERS, or "
+ "GET_ACCOUNTS_PRIVILEGED permissions to: get user name");
}
final int userId = UserHandle.getUserId(callingUid);
synchronized (mUsersLock) {
UserInfo userInfo = userWithName(getUserInfoLU(userId));
if (userInfo != null && userInfo.name != null) {
return userInfo.name;
}
return "";
}
}
@Override
public long getUserStartRealtime() {
final int userId = UserHandle.getUserId(Binder.getCallingUid());
synchronized (mUsersLock) {
final UserData user = getUserDataLU(userId);
if (user != null) {
return user.startRealtime;
}
return 0;
}
}
@Override
public long getUserUnlockRealtime() {
synchronized (mUsersLock) {
final UserData user = getUserDataLU(UserHandle.getUserId(Binder.getCallingUid()));
if (user != null) {
return user.unlockRealtime;
}
return 0;
}
}
/**
* Enforces that the calling user is in the same profile group as {@code userId} or that only
* the system UID or root's UID or apps that have the
* {@link android.Manifest.permission#INTERACT_ACROSS_USERS INTERACT_ACROSS_USERS}
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS}
* can make certain calls to the UserManager.
*
* @param name used as message if SecurityException is thrown
* @throws SecurityException if the caller lacks the required permissions.
*/
private void checkManageOrInteractPermissionIfCallerInOtherProfileGroup(@UserIdInt int userId,
String name) {
final int callingUserId = UserHandle.getCallingUserId();
if (callingUserId == userId || isSameProfileGroupNoChecks(callingUserId, userId)) {
return;
}
if (hasManageUsersPermission()) {
return;
}
if (hasPermissionGranted(Manifest.permission.INTERACT_ACROSS_USERS,
Binder.getCallingUid())) {
return;
}
throw new SecurityException("You need INTERACT_ACROSS_USERS or MANAGE_USERS permission "
+ "to: check " + name);
}
/**
* Enforces that the calling user is in the same profile group as {@code userId} or that only
* the system UID or root's UID or apps that have the
* {@link android.Manifest.permission#INTERACT_ACROSS_USERS INTERACT_ACROSS_USERS}
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
* {@link android.Manifest.permission#QUERY_USERS QUERY_USERS}
* can make certain calls to the UserManager.
*
* @param name used as message if SecurityException is thrown
* @throws SecurityException if the caller lacks the required permissions.
*/
private void checkQueryOrInteractPermissionIfCallerInOtherProfileGroup(
@UserIdInt int userId, String name) {
final int callingUserId = UserHandle.getCallingUserId();
if (callingUserId == userId || isSameProfileGroupNoChecks(callingUserId, userId)) {
return;
}
if (hasQueryUsersPermission()) {
return;
}
if (hasPermissionGranted(
Manifest.permission.INTERACT_ACROSS_USERS, Binder.getCallingUid())) {
return;
}
throw new SecurityException("You need INTERACT_ACROSS_USERS, MANAGE_USERS, or QUERY_USERS "
+ "permission to: check " + name);
}
/**
* Enforces that the calling user is in the same profile group as {@code userId} or that only
* the system UID or root's UID or apps that have the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
* {@link android.Manifest.permission#CREATE_USERS CREATE_USERS} or
* {@link android.Manifest.permission#QUERY_USERS QUERY_USERS}
* can make certain calls to the UserManager.
*
* @param userId the user's id
* @param name used as message if SecurityException is thrown
* @throws SecurityException if the caller lacks the required permissions.
*/
private void checkQueryOrCreateUsersPermissionIfCallerInOtherProfileGroup(
@UserIdInt int userId, String name) {
final int callingUserId = UserHandle.getCallingUserId();
if (callingUserId == userId || isSameProfileGroupNoChecks(callingUserId, userId)) {
return;
}
checkQueryOrCreateUsersPermission(name);
}
@Override
public boolean isDemoUser(@UserIdInt int userId) {
final int callingUserId = UserHandle.getCallingUserId();
if (callingUserId != userId && !hasManageUsersPermission()) {
throw new SecurityException("You need MANAGE_USERS permission to query if u=" + userId
+ " is a demo user");
}
synchronized (mUsersLock) {
UserInfo userInfo = getUserInfoLU(userId);
return userInfo != null && userInfo.isDemo();
}
}
@Override
public boolean isAdminUser(@UserIdInt int userId) {
checkQueryOrCreateUsersPermissionIfCallerInOtherProfileGroup(userId, "isAdminUser");
synchronized (mUsersLock) {
final UserInfo userInfo = getUserInfoLU(userId);
return userInfo != null && userInfo.isAdmin();
}
}
@Override
public boolean isPreCreated(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "isPreCreated");
synchronized (mUsersLock) {
UserInfo userInfo = getUserInfoLU(userId);
return userInfo != null && userInfo.preCreated;
}
}
/**
* Returns whether switching users is currently allowed for the provided user.
* <p>
* Switching users is not allowed in the following cases:
* <li>the user is in a phone call</li>
* <li>{@link UserManager#DISALLOW_USER_SWITCH} is set</li>
* <li>system user hasn't been unlocked yet</li>
*
* @return A {@link UserManager.UserSwitchabilityResult} flag indicating if the user is
* switchable.
*/
public @UserManager.UserSwitchabilityResult int getUserSwitchability(int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getUserSwitchability");
final TimingsTraceAndSlog t = new TimingsTraceAndSlog();
t.traceBegin("getUserSwitchability-" + userId);
int flags = UserManager.SWITCHABILITY_STATUS_OK;
t.traceBegin("TM.isInCall");
final long identity = Binder.clearCallingIdentity();
try {
final TelecomManager telecomManager = mContext.getSystemService(TelecomManager.class);
if (telecomManager != null && telecomManager.isInCall()) {
flags |= UserManager.SWITCHABILITY_STATUS_USER_IN_CALL;
}
} finally {
Binder.restoreCallingIdentity(identity);
}
t.traceEnd();
t.traceBegin("hasUserRestriction-DISALLOW_USER_SWITCH");
if (mLocalService.hasUserRestriction(DISALLOW_USER_SWITCH, userId)) {
flags |= UserManager.SWITCHABILITY_STATUS_USER_SWITCH_DISALLOWED;
}
t.traceEnd();
// System User is always unlocked in Headless System User Mode, so ignore this flag
if (!isHeadlessSystemUserMode()) {
t.traceBegin("getInt-ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED");
final boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt(
mContext.getContentResolver(),
Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0;
t.traceEnd();
t.traceBegin("isUserUnlocked-USER_SYSTEM");
final boolean systemUserUnlocked = mLocalService.isUserUnlocked(UserHandle.USER_SYSTEM);
t.traceEnd();
if (!allowUserSwitchingWhenSystemUserLocked && !systemUserUnlocked) {
flags |= UserManager.SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED;
}
}
t.traceEnd();
return flags;
}
@VisibleForTesting
boolean isUserSwitcherEnabled(@UserIdInt int mUserId) {
boolean multiUserSettingOn = Settings.Global.getInt(mContext.getContentResolver(),
Settings.Global.USER_SWITCHER_ENABLED,
Resources.getSystem().getBoolean(com.android.internal
.R.bool.config_showUserSwitcherByDefault) ? 1 : 0) != 0;
return UserManager.supportsMultipleUsers()
&& !hasUserRestriction(DISALLOW_USER_SWITCH, mUserId)
&& !UserManager.isDeviceInDemoMode(mContext)
&& multiUserSettingOn;
}
@Override
public boolean isUserSwitcherEnabled(boolean showEvenIfNotActionable,
@UserIdInt int mUserId) {
if (!isUserSwitcherEnabled(mUserId)) {
return false;
}
// The feature is enabled. But is it worth showing?
return showEvenIfNotActionable
|| !hasUserRestriction(UserManager.DISALLOW_ADD_USER, mUserId) // Can add new user
|| areThereMultipleSwitchableUsers(); // There are switchable users
}
/** Returns true if there is more than one user that can be switched to. */
private boolean areThereMultipleSwitchableUsers() {
List<UserInfo> aliveUsers = getUsers(true, true, true);
boolean isAnyAliveUser = false;
for (UserInfo userInfo : aliveUsers) {
if (userInfo.supportsSwitchToByUser()) {
if (isAnyAliveUser) {
return true;
}
isAnyAliveUser = true;
}
}
return false;
}
@Override
public boolean isRestricted(@UserIdInt int userId) {
if (userId != UserHandle.getCallingUserId()) {
checkQueryOrCreateUsersPermission("query isRestricted for user " + userId);
}
synchronized (mUsersLock) {
final UserInfo userInfo = getUserInfoLU(userId);
return userInfo == null ? false : userInfo.isRestricted();
}
}
@Override
public boolean canHaveRestrictedProfile(@UserIdInt int userId) {
checkManageUsersPermission("canHaveRestrictedProfile");
synchronized (mUsersLock) {
final UserInfo userInfo = getUserInfoLU(userId);
if (userInfo == null || !userInfo.canHaveProfile()) {
return false;
}
if (!userInfo.isAdmin()) {
return false;
}
// restricted profile can be created if there is no DO set and the admin user has no PO;
return !mIsDeviceManaged && !mIsUserManaged.get(userId);
}
}
@Override
public boolean hasRestrictedProfiles(@UserIdInt int userId) {
checkManageUsersPermission("hasRestrictedProfiles");
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
UserInfo profile = mUsers.valueAt(i).info;
if (userId != profile.id
&& profile.restrictedProfileParentId == userId) {
return true;
}
}
return false;
}
}
/*
* Should be locked on mUsers before calling this.
*/
@GuardedBy("mUsersLock")
private UserInfo getUserInfoLU(@UserIdInt int userId) {
final UserData userData = mUsers.get(userId);
// If it is partial and not in the process of being removed, return as unknown user.
if (userData != null && userData.info.partial && !mRemovingUserIds.get(userId)) {
Slog.w(LOG_TAG, "getUserInfo: unknown user #" + userId);
return null;
}
return userData != null ? userData.info : null;
}
@GuardedBy("mUsersLock")
private UserData getUserDataLU(@UserIdInt int userId) {
final UserData userData = mUsers.get(userId);
// If it is partial and not in the process of being removed, return as unknown user.
if (userData != null && userData.info.partial && !mRemovingUserIds.get(userId)) {
return null;
}
return userData;
}
/**
* Obtains {@link #mUsersLock} and return UserInfo from mUsers.
* <p>No permissions checking or any addition checks are made</p>
*/
private UserInfo getUserInfoNoChecks(@UserIdInt int userId) {
synchronized (mUsersLock) {
final UserData userData = mUsers.get(userId);
return userData != null ? userData.info : null;
}
}
/**
* Obtains {@link #mUsersLock} and return UserData from mUsers.
* <p>No permissions checking or any addition checks are made</p>
*/
private UserData getUserDataNoChecks(@UserIdInt int userId) {
synchronized (mUsersLock) {
return mUsers.get(userId);
}
}
/** Called by PackageManagerService */
public boolean exists(@UserIdInt int userId) {
return mLocalService.exists(userId);
}
/**
* Returns user's {@link CrossProfileIntentFilter.AccessControlLevel}, which is derived from
* {@link UserTypeDetails}. If user does not have defined their access control level,
* returns default {@link CrossProfileIntentFilter#ACCESS_LEVEL_ALL}
*/
private @CrossProfileIntentFilter.AccessControlLevel int
getCrossProfileIntentFilterAccessControl(@UserIdInt int userId) {
final UserProperties userProperties = getUserPropertiesInternal(userId);
return userProperties != null ? userProperties.getCrossProfileIntentFilterAccessControl() :
CrossProfileIntentFilter.ACCESS_LEVEL_ALL;
}
/**
* Verifies if calling user is allowed to access {@link CrossProfileIntentFilter} between given
* source and target user.
* @param sourceUserId userId for which CrossProfileIntentFilter would be configured
* @param targetUserId target user where we can resolve given intent filter
* @param callingUid user accessing api
* @param addCrossProfileIntentFilter if the operation is addition or not.
* @throws SecurityException is calling user is not allowed to access.
*/
public void enforceCrossProfileIntentFilterAccess(
int sourceUserId, int targetUserId,
int callingUid, boolean addCrossProfileIntentFilter) {
if (!isCrossProfileIntentFilterAccessible(sourceUserId, targetUserId,
addCrossProfileIntentFilter)) {
throw new SecurityException("CrossProfileIntentFilter cannot be accessed by user "
+ callingUid);
}
}
/**
* Checks if {@link CrossProfileIntentFilter} can be accessed by calling user for given source
* and target user. There are following rules of access
* 1. For {@link CrossProfileIntentFilter#ACCESS_LEVEL_ALL},
* irrespective of user we would allow access(addition/modification/removal)
* 2. For {@link CrossProfileIntentFilter#ACCESS_LEVEL_SYSTEM},
* only system/root user would be able to access(addition/modification/removal)
* 3. For {@link CrossProfileIntentFilter#ACCESS_LEVEL_SYSTEM_ADD_ONLY},
* only system/root user would be able to add but not modify/remove. Once added, it cannot be
* modified or removed
* @param sourceUserId userId for which CrossProfileIntentFilter would be configured
* @param targetUserId target user where we can resolve given intent filter
* @param addCrossProfileIntentFilter if the operation is addition or not.
* @return true if {@link CrossProfileIntentFilter} can be accessed by calling user
*/
public boolean isCrossProfileIntentFilterAccessible(int sourceUserId, int targetUserId,
boolean addCrossProfileIntentFilter) {
int effectiveAccessControl =
getCrossProfileIntentFilterAccessControl(sourceUserId, targetUserId);
/*
For {@link CrossProfileIntentFilter#ACCESS_LEVEL_SYSTEM}, if accessing user is not
system or root disallowing access to {@link CrossProfileIntentFilter}
*/
if (CrossProfileIntentFilter.ACCESS_LEVEL_SYSTEM == effectiveAccessControl
&& !PackageManagerServiceUtils.isSystemOrRoot()) {
return false;
}
/*
For {@link CrossProfileIntentFilter#ACCESS_LEVEL_SYSTEM_ADD_ONLY}, allowing only
system user to add {@link CrossProfileIntentFilter}. All users(including system) are
disallowed to modify/remove.
*/
if (CrossProfileIntentFilter.ACCESS_LEVEL_SYSTEM_ADD_ONLY == effectiveAccessControl
&& (!addCrossProfileIntentFilter || !PackageManagerServiceUtils.isSystemOrRoot())) {
return false;
}
return true;
}
/**
* Returns {@link CrossProfileIntentFilter.AccessControlLevel}
* that should be assigned to {@link CrossProfileIntentFilter}
* computed from source user's and target user's
* {@link CrossProfileIntentFilter.AccessControlLevel}.
* The Access Level is configured per {@link CrossProfileIntentFilter} and its property of edge
* between source and target user e.g. for all {@link CrossProfileIntentFilter}s configured
* between Primary user and Clone profile should have access level of
* {@link CrossProfileIntentFilter#ACCESS_LEVEL_SYSTEM} which is driven by highest
* access value from source or target. The higher value means higher restrictions.
* @param sourceUserId userId of source user for whom CrossProfileIntentFilter will be stored
* @param targetUserId userId of target user for whom Cross Profile access would be allowed
* @return least privileged {@link CrossProfileIntentFilter.AccessControlLevel} from source or
* target user.
*/
public @CrossProfileIntentFilter.AccessControlLevel int
getCrossProfileIntentFilterAccessControl(int sourceUserId, int targetUserId) {
int sourceAccessControlLevel,
targetAccessControlLevel, effectiveAccessControl;
sourceAccessControlLevel = getCrossProfileIntentFilterAccessControl(sourceUserId);
targetAccessControlLevel = getCrossProfileIntentFilterAccessControl(targetUserId);
effectiveAccessControl = Math.max(sourceAccessControlLevel, targetAccessControlLevel);
return effectiveAccessControl;
}
@Override
public void setUserName(@UserIdInt int userId, String name) {
checkManageUsersPermission("rename users");
synchronized (mPackagesLock) {
UserData userData = getUserDataNoChecks(userId);
if (userData == null || userData.info.partial) {
Slogf.w(LOG_TAG, "setUserName: unknown user #%d", userId);
return;
}
if (Objects.equals(name, userData.info.name)) {
Slogf.i(LOG_TAG, "setUserName: ignoring for user #%d as it didn't change (%s)",
userId, getRedacted(name));
return;
}
if (name == null) {
Slogf.i(LOG_TAG, "setUserName: resetting name of user #%d", userId);
} else {
Slogf.i(LOG_TAG, "setUserName: setting name of user #%d to %s", userId,
getRedacted(name));
}
userData.info.name = name;
writeUserLP(userData);
}
final long ident = Binder.clearCallingIdentity();
try {
sendUserInfoChangedBroadcast(userId);
} finally {
Binder.restoreCallingIdentity(ident);
}
}
@Override
public boolean setUserEphemeral(@UserIdInt int userId, boolean enableEphemeral) {
checkCreateUsersPermission("update ephemeral user flag");
return enableEphemeral
? UserManager.isRemoveResultSuccessful(setUserEphemeralUnchecked(userId))
: setUserNonEphemeralUnchecked(userId);
}
private boolean setUserNonEphemeralUnchecked(@UserIdInt int userId) {
synchronized (mPackagesLock) {
final UserData userData;
synchronized (mUsersLock) {
userData = mUsers.get(userId);
if (userData == null) {
Slog.e(LOG_TAG, TextUtils.formatSimple(
"Cannot set user %d non-ephemeral, invalid user id provided.", userId));
return false;
}
if (!userData.info.isEphemeral()) {
return true;
}
if ((userData.info.flags & UserInfo.FLAG_EPHEMERAL_ON_CREATE) != 0) {
// when user is created in ephemeral mode via FLAG_EPHEMERAL
// its state cannot be changed to non-ephemeral.
// FLAG_EPHEMERAL_ON_CREATE is used to keep track of this state
Slog.e(LOG_TAG, TextUtils.formatSimple("User %d can not be changed to "
+ "non-ephemeral because it was set ephemeral on create.", userId));
return false;
}
}
userData.info.flags &= ~UserInfo.FLAG_EPHEMERAL;
writeUserLP(userData);
}
return true;
}
private @UserManager.RemoveResult int setUserEphemeralUnchecked(@UserIdInt int userId) {
synchronized (mPackagesLock) {
final UserData userData;
synchronized (mUsersLock) {
final int userRemovability = getUserRemovabilityLocked(userId, "set as ephemeral");
if (userRemovability != UserManager.REMOVE_RESULT_USER_IS_REMOVABLE) {
return userRemovability;
}
userData = mUsers.get(userId);
}
userData.info.flags |= UserInfo.FLAG_EPHEMERAL;
writeUserLP(userData);
}
Slog.i(LOG_TAG, TextUtils.formatSimple(
"User %d is set ephemeral and will be removed on user switch or reboot.", userId));
return UserManager.REMOVE_RESULT_DEFERRED;
}
@Override
public void setUserIcon(@UserIdInt int userId, Bitmap bitmap) {
try {
checkManageUsersPermission("update users");
enforceUserRestriction(UserManager.DISALLOW_SET_USER_ICON, userId,
"Cannot set user icon");
mLocalService.setUserIcon(userId, bitmap);
} catch (UserManager.CheckedUserOperationException e) {
throw e.toServiceSpecificException();
}
}
private void sendUserInfoChangedBroadcast(@UserIdInt int userId) {
Intent changedIntent = new Intent(Intent.ACTION_USER_INFO_CHANGED);
changedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
changedIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
mContext.sendBroadcastAsUser(changedIntent, UserHandle.ALL);
}
@Override
public ParcelFileDescriptor getUserIcon(int targetUserId) {
if (!hasManageUsersOrPermission(android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED)) {
throw new SecurityException("You need MANAGE_USERS or GET_ACCOUNTS_PRIVILEGED "
+ "permissions to: get user icon");
}
String iconPath;
synchronized (mPackagesLock) {
UserInfo targetUserInfo = getUserInfoNoChecks(targetUserId);
if (targetUserInfo == null || targetUserInfo.partial) {
Slog.w(LOG_TAG, "getUserIcon: unknown user #" + targetUserId);
return null;
}
final int callingUserId = UserHandle.getCallingUserId();
final UserInfo callingUserInfo = getUserInfoNoChecks(callingUserId);
if (!isSameUserOrProfileGroupOrTargetIsCommunal(callingUserInfo, targetUserInfo)) {
checkManageUsersPermission("get the icon of a user who is not related");
}
if (targetUserInfo.iconPath == null) {
return null;
}
iconPath = targetUserInfo.iconPath;
}
try {
return ParcelFileDescriptor.open(
new File(iconPath), ParcelFileDescriptor.MODE_READ_ONLY);
} catch (FileNotFoundException e) {
Slog.e(LOG_TAG, "Couldn't find icon file", e);
}
return null;
}
public void makeInitialized(@UserIdInt int userId) {
if (DBG) Slog.d(LOG_TAG, "makeInitialized(" + userId + ")");
checkManageUsersPermission("makeInitialized");
boolean scheduleWriteUser = false;
UserData userData;
synchronized (mUsersLock) {
userData = mUsers.get(userId);
if (userData == null || userData.info.partial) {
Slog.w(LOG_TAG, "makeInitialized: unknown user #" + userId);
return;
}
if ((userData.info.flags & UserInfo.FLAG_INITIALIZED) == 0) {
userData.info.flags |= UserInfo.FLAG_INITIALIZED;
scheduleWriteUser = true;
}
}
if (scheduleWriteUser) {
scheduleWriteUser(userId);
}
}
/**
* If default guest restrictions haven't been initialized yet, add the basic
* restrictions.
*/
private void initDefaultGuestRestrictions() {
synchronized (mGuestRestrictions) {
if (mGuestRestrictions.isEmpty()) {
UserTypeDetails guestType = mUserTypes.get(UserManager.USER_TYPE_FULL_GUEST);
if (guestType == null) {
Slog.wtf(LOG_TAG, "Can't set default guest restrictions: type doesn't exist.");
return;
}
guestType.addDefaultRestrictionsTo(mGuestRestrictions);
}
}
}
@Override
public Bundle getDefaultGuestRestrictions() {
checkManageUsersPermission("getDefaultGuestRestrictions");
synchronized (mGuestRestrictions) {
return new Bundle(mGuestRestrictions);
}
}
@Override
public void setDefaultGuestRestrictions(Bundle restrictions) {
checkManageUsersPermission("setDefaultGuestRestrictions");
final List<UserInfo> guests = getGuestUsers();
synchronized (mRestrictionsLock) {
for (int i = 0; i < guests.size(); i++) {
updateUserRestrictionsInternalLR(restrictions, guests.get(i).id);
}
}
synchronized (mGuestRestrictions) {
mGuestRestrictions.clear();
mGuestRestrictions.putAll(restrictions);
}
synchronized (mPackagesLock) {
writeUserListLP();
}
}
@VisibleForTesting
void setUserRestrictionInner(int userId, @NonNull String key, boolean value) {
if (!UserRestrictionsUtils.isValidRestriction(key)) {
Slog.e(LOG_TAG, "Setting invalid restriction " + key);
return;
}
synchronized (mRestrictionsLock) {
final Bundle newRestrictions = BundleUtils.clone(
mDevicePolicyUserRestrictions.getRestrictions(userId));
newRestrictions.putBoolean(key, value);
if (mDevicePolicyUserRestrictions.updateRestrictions(userId, newRestrictions)) {
if (userId == UserHandle.USER_ALL) {
applyUserRestrictionsForAllUsersLR();
} else {
applyUserRestrictionsLR(userId);
}
}
}
}
/**
* See {@link UserManagerInternal#setDevicePolicyUserRestrictions}
*/
private void setDevicePolicyUserRestrictionsInner(@UserIdInt int originatingUserId,
@NonNull Bundle global, @NonNull RestrictionsSet local,
boolean isDeviceOwner) {
synchronized (mRestrictionsLock) {
final IntArray updatedUserIds = mDevicePolicyUserRestrictions.getUserIds();
mCachedEffectiveUserRestrictions.removeAllRestrictions();
mDevicePolicyUserRestrictions.removeAllRestrictions();
mDevicePolicyUserRestrictions.updateRestrictions(UserHandle.USER_ALL, global);
final IntArray localUserIds = local.getUserIds();
for (int i = 0; i < localUserIds.size(); i++) {
final int userId = localUserIds.get(i);
mDevicePolicyUserRestrictions.updateRestrictions(userId,
local.getRestrictions(userId));
updatedUserIds.add(userId);
}
applyUserRestrictionsForAllUsersLR();
for (int i = 0; i < updatedUserIds.size(); i++) {
if (updatedUserIds.get(i) == UserHandle.USER_ALL) {
continue;
}
applyUserRestrictionsLR(updatedUserIds.get(i));
}
}
}
@GuardedBy("mRestrictionsLock")
private Bundle computeEffectiveUserRestrictionsLR(@UserIdInt int userId) {
final Bundle baseRestrictions = mBaseUserRestrictions.getRestrictionsNonNull(userId);
final Bundle global = mDevicePolicyUserRestrictions.getRestrictionsNonNull(
UserHandle.USER_ALL);
final Bundle local = mDevicePolicyUserRestrictions.getRestrictionsNonNull(userId);
if (global.isEmpty() && local.isEmpty()) {
// Common case first.
return baseRestrictions;
}
final Bundle effective = BundleUtils.clone(baseRestrictions);
UserRestrictionsUtils.merge(effective, global);
UserRestrictionsUtils.merge(effective, local);
return effective;
}
@GuardedBy("mRestrictionsLock")
private void invalidateEffectiveUserRestrictionsLR(@UserIdInt int userId) {
if (DBG) {
Slog.d(LOG_TAG, "invalidateEffectiveUserRestrictions userId=" + userId);
}
mCachedEffectiveUserRestrictions.remove(userId);
}
private Bundle getEffectiveUserRestrictions(@UserIdInt int userId) {
synchronized (mRestrictionsLock) {
Bundle restrictions = mCachedEffectiveUserRestrictions.getRestrictions(userId);
if (restrictions == null) {
restrictions = computeEffectiveUserRestrictionsLR(userId);
mCachedEffectiveUserRestrictions.updateRestrictions(userId, restrictions);
}
return restrictions;
}
}
/** @return a specific user restriction that's in effect currently. */
@Override
public boolean hasUserRestriction(String restrictionKey, @UserIdInt int userId) {
if (!userExists(userId)) {
return false;
}
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "hasUserRestriction");
return mLocalService.hasUserRestriction(restrictionKey, userId);
}
/** @return if any user has the given restriction. */
@Override
public boolean hasUserRestrictionOnAnyUser(String restrictionKey) {
if (!UserRestrictionsUtils.isValidRestriction(restrictionKey)) {
return false;
}
final List<UserInfo> users = getUsers(/* excludeDying= */ true);
for (int i = 0; i < users.size(); i++) {
final int userId = users.get(i).id;
Bundle restrictions = getEffectiveUserRestrictions(userId);
if (restrictions != null && restrictions.getBoolean(restrictionKey)) {
return true;
}
}
return false;
}
@Override
public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId,
String value, int callingUid) {
if (Binder.getCallingUid() != Process.SYSTEM_UID) {
throw new SecurityException("Non-system caller");
}
return UserRestrictionsUtils.isSettingRestrictedForUser(mContext, setting, userId,
value, callingUid);
}
@Override
public void addUserRestrictionsListener(final IUserRestrictionsListener listener) {
if (Binder.getCallingUid() != Process.SYSTEM_UID) {
throw new SecurityException("Non-system caller");
}
// NOTE: unregistering not supported; only client is the settings provider,
// which installs a single static permanent listener. If that listener goes
// bad it implies the whole system process is going to crash.
mLocalService.addUserRestrictionsListener(
(int userId, Bundle newRestrict, Bundle prevRestrict) -> {
try {
listener.onUserRestrictionsChanged(userId, newRestrict, prevRestrict);
} catch (RemoteException re) {
Slog.e("IUserRestrictionsListener",
"Unable to invoke listener: " + re.getMessage());
}
});
}
/**
* @hide
*
* Returns who set a user restriction on a user.
* Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
* @param restrictionKey the string key representing the restriction
* @param userId the id of the user for whom to retrieve the restrictions.
* @return The source of user restriction. Any combination of
* {@link UserManager#RESTRICTION_NOT_SET},
* {@link UserManager#RESTRICTION_SOURCE_SYSTEM},
* {@link UserManager#RESTRICTION_SOURCE_DEVICE_OWNER}
* and {@link UserManager#RESTRICTION_SOURCE_PROFILE_OWNER}
*/
@Override
public int getUserRestrictionSource(String restrictionKey, @UserIdInt int userId) {
List<EnforcingUser> enforcingUsers = getUserRestrictionSources(restrictionKey, userId);
// Get "bitwise or" of restriction sources for all enforcing users.
int result = UserManager.RESTRICTION_NOT_SET;
for (int i = enforcingUsers.size() - 1; i >= 0; i--) {
result |= enforcingUsers.get(i).getUserRestrictionSource();
}
return result;
}
@Override
public List<EnforcingUser> getUserRestrictionSources(
String restrictionKey, @UserIdInt int userId) {
checkQueryUsersPermission("call getUserRestrictionSources.");
// Shortcut for the most common case
if (!hasUserRestriction(restrictionKey, userId)) {
return Collections.emptyList();
}
final List<EnforcingUser> result = new ArrayList<>();
// Check if it is base restriction.
if (hasBaseUserRestriction(restrictionKey, userId)) {
result.add(new EnforcingUser(
UserHandle.USER_NULL, UserManager.RESTRICTION_SOURCE_SYSTEM));
}
final DevicePolicyManagerInternal dpmi = getDevicePolicyManagerInternal();
if (dpmi != null) {
result.addAll(dpmi.getUserRestrictionSources(restrictionKey, userId));
}
return result;
}
/**
* @return UserRestrictions that are in effect currently. This always returns a new
* {@link Bundle}.
*/
@Override
public Bundle getUserRestrictions(@UserIdInt int userId) {
checkManageOrInteractPermissionIfCallerInOtherProfileGroup(userId, "getUserRestrictions");
return BundleUtils.clone(getEffectiveUserRestrictions(userId));
}
@Override
public boolean hasBaseUserRestriction(String restrictionKey, @UserIdInt int userId) {
checkCreateUsersPermission("hasBaseUserRestriction");
if (!UserRestrictionsUtils.isValidRestriction(restrictionKey)) {
return false;
}
synchronized (mRestrictionsLock) {
Bundle bundle = mBaseUserRestrictions.getRestrictions(userId);
return (bundle != null && bundle.getBoolean(restrictionKey, false));
}
}
@Override
public void setUserRestriction(String key, boolean value, @UserIdInt int userId) {
checkManageUsersPermission("setUserRestriction");
if (!UserRestrictionsUtils.isValidRestriction(key)) {
return;
}
if (!userExists(userId)) {
Slogf.w(LOG_TAG, "Cannot set user restriction %s. User with id %d does not exist",
key, userId);
return;
}
synchronized (mRestrictionsLock) {
// Note we can't modify Bundles stored in mBaseUserRestrictions directly, so create
// a copy.
final Bundle newRestrictions = BundleUtils.clone(
mBaseUserRestrictions.getRestrictions(userId));
newRestrictions.putBoolean(key, value);
updateUserRestrictionsInternalLR(newRestrictions, userId);
}
}
/**
* Optionally updating user restrictions, calculate the effective user restrictions and also
* propagate to other services and system settings.
*
* @param newBaseRestrictions User restrictions to set.
* If null, will not update user restrictions and only does the propagation.
* @param userId target user ID.
*/
@GuardedBy("mRestrictionsLock")
private void updateUserRestrictionsInternalLR(
@Nullable Bundle newBaseRestrictions, @UserIdInt int userId) {
final Bundle prevAppliedRestrictions = UserRestrictionsUtils.nonNull(
mAppliedUserRestrictions.getRestrictions(userId));
// Update base restrictions.
if (newBaseRestrictions != null) {
// If newBaseRestrictions == the current one, it's probably a bug.
final Bundle prevBaseRestrictions = mBaseUserRestrictions.getRestrictions(userId);
Preconditions.checkState(prevBaseRestrictions != newBaseRestrictions);
Preconditions.checkState(mCachedEffectiveUserRestrictions.getRestrictions(userId)
!= newBaseRestrictions);
if (mBaseUserRestrictions.updateRestrictions(userId, new Bundle(newBaseRestrictions))) {
scheduleWriteUser(userId);
}
}
final Bundle effective = computeEffectiveUserRestrictionsLR(userId);
mCachedEffectiveUserRestrictions.updateRestrictions(userId, new Bundle(effective));
// Apply the new restrictions.
if (DBG) {
debug("Applying user restrictions: userId=" + userId
+ " new=" + effective + " prev=" + prevAppliedRestrictions);
}
if (mAppOpsService != null) { // We skip it until system-ready.
mHandler.post(() -> {
try {
mAppOpsService.setUserRestrictions(effective, mUserRestrictionToken, userId);
} catch (RemoteException e) {
Slog.w(LOG_TAG, "Unable to notify AppOpsService of UserRestrictions");
}
});
}
propagateUserRestrictionsLR(userId, effective, prevAppliedRestrictions);
mAppliedUserRestrictions.updateRestrictions(userId, new Bundle(effective));
}
@GuardedBy("mRestrictionsLock")
private void propagateUserRestrictionsLR(final int userId,
Bundle newRestrictions, Bundle prevRestrictions) {
// Note this method doesn't touch any state, meaning it doesn't require mRestrictionsLock
// actually, but we still need some kind of synchronization otherwise we might end up
// calling listeners out-of-order, thus "LR".
if (UserRestrictionsUtils.areEqual(newRestrictions, prevRestrictions)) {
return;
}
final Bundle newRestrictionsFinal = new Bundle(newRestrictions);
final Bundle prevRestrictionsFinal = new Bundle(prevRestrictions);
mHandler.post(new Runnable() {
@Override
public void run() {
UserRestrictionsUtils.applyUserRestrictions(
mContext, userId, newRestrictionsFinal, prevRestrictionsFinal);
final UserRestrictionsListener[] listeners;
synchronized (mUserRestrictionsListeners) {
listeners = new UserRestrictionsListener[mUserRestrictionsListeners.size()];
mUserRestrictionsListeners.toArray(listeners);
}
for (int i = 0; i < listeners.length; i++) {
listeners[i].onUserRestrictionsChanged(userId,
newRestrictionsFinal, prevRestrictionsFinal);
}
final Intent broadcast = new Intent(UserManager.ACTION_USER_RESTRICTIONS_CHANGED)
.setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
// Setting the MOST_RECENT policy allows us to discard older broadcasts
// still waiting to be delivered.
final Bundle options = BroadcastOptions.makeBasic()
.setDeliveryGroupPolicy(BroadcastOptions.DELIVERY_GROUP_POLICY_MOST_RECENT)
.toBundle();
mContext.sendBroadcastAsUser(broadcast, UserHandle.of(userId),
null /* receiverPermission */, options);
}
});
}
// Package private for the inner class.
@GuardedBy("mRestrictionsLock")
private void applyUserRestrictionsLR(@UserIdInt int userId) {
updateUserRestrictionsInternalLR(null, userId);
scheduleWriteUser(userId);
}
@GuardedBy("mRestrictionsLock")
// Package private for the inner class.
private void applyUserRestrictionsForAllUsersLR() {
if (DBG) {
debug("applyUserRestrictionsForAllUsersLR");
}
// First, invalidate all cached values.
mCachedEffectiveUserRestrictions.removeAllRestrictions();
// We don't want to call into ActivityManagerService while taking a lock, so we'll call
// it on a handler.
final Runnable r = new Runnable() {
@Override
public void run() {
// Then get the list of running users.
final int[] runningUsers;
try {
runningUsers = ActivityManager.getService().getRunningUserIds();
} catch (RemoteException e) {
Slog.w(LOG_TAG, "Unable to access ActivityManagerService");
return;
}
// Then re-calculate the effective restrictions and apply, only for running users.
// It's okay if a new user has started after the getRunningUserIds() call,
// because we'll do the same thing (re-calculate the restrictions and apply)
// when we start a user.
synchronized (mRestrictionsLock) {
for (int i = 0; i < runningUsers.length; i++) {
applyUserRestrictionsLR(runningUsers[i]);
}
}
}
};
mHandler.post(r);
}
/**
* Check if we've hit the limit of how many users can be created.
*/
private boolean isUserLimitReached() {
int count;
synchronized (mUsersLock) {
count = getAliveUsersExcludingGuestsCountLU();
}
return count >= UserManager.getMaxSupportedUsers()
&& !isCreationOverrideEnabled();
}
/**
* Returns whether more users of the given type can be added (based on how many users of that
* type already exist).
*
* <p>For checking whether more profiles can be added to a particular parent use
* {@link #canAddMoreProfilesToUser}.
*/
private boolean canAddMoreUsersOfType(@NonNull UserTypeDetails userTypeDetails) {
if (!isUserTypeEnabled(userTypeDetails)) {
return false;
}
final int max = userTypeDetails.getMaxAllowed();
if (max == UserTypeDetails.UNLIMITED_NUMBER_OF_USERS) {
return true; // Indicates that there is no max.
}
return getNumberOfUsersOfType(userTypeDetails.getName()) < max
|| isCreationOverrideEnabled();
}
/**
* Returns the remaining number of users of the given type that can be created. (taking into
* account the total number of users on the device as well as how many exist of that type)
*/
@Override
public int getRemainingCreatableUserCount(String userType) {
checkQueryOrCreateUsersPermission("get the remaining number of users that can be added.");
final UserTypeDetails type = mUserTypes.get(userType);
if (type == null || !isUserTypeEnabled(type)) {
return 0;
}
synchronized (mUsersLock) {
final int userCount = getAliveUsersExcludingGuestsCountLU();
// Limit total number of users that can be created (except for guest and demo)
int result =
UserManager.isUserTypeGuest(userType) || UserManager.isUserTypeDemo(userType)
? Integer.MAX_VALUE
: (UserManager.getMaxSupportedUsers() - userCount);
// Managed profiles have their own specific rules.
if (type.isManagedProfile()) {
if (!mContext.getPackageManager().hasSystemFeature(
PackageManager.FEATURE_MANAGED_USERS)) {
return 0;
}
// Special case: Allow creating a managed profile anyway if there's only 1 user
if (result <= 0 & userCount == 1) {
result = 1;
}
}
if (result <= 0) {
return 0;
}
// Limit against max allowed for type
result = Math.min(result,
type.getMaxAllowed() == UserTypeDetails.UNLIMITED_NUMBER_OF_USERS
? Integer.MAX_VALUE
: (type.getMaxAllowed() - getNumberOfUsersOfType(userType)));
return Math.max(0, result);
}
}
/**
* Gets the number of users of the given user type.
* Does not include users that are about to die.
*/
private int getNumberOfUsersOfType(String userType) {
int count = 0;
synchronized (mUsersLock) {
final int size = mUsers.size();
for (int i = 0; i < size; i++) {
final UserInfo user = mUsers.valueAt(i).info;
if (user.userType.equals(userType)
&& !user.guestToRemove
&& !mRemovingUserIds.get(user.id)
&& !user.preCreated) {
count++;
}
}
}
return count;
}
/**
* Returns whether more users of the given type can be added (based on how many users of that
* type already exist).
*/
@Override
public boolean canAddMoreUsersOfType(String userType) {
checkCreateUsersPermission("check if more users can be added.");
final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
return userTypeDetails != null && canAddMoreUsersOfType(userTypeDetails);
}
/** Returns whether the creation of users of the given user type is enabled on this device. */
@Override
public boolean isUserTypeEnabled(String userType) {
checkCreateUsersPermission("check if user type is enabled.");
final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
return userTypeDetails != null && isUserTypeEnabled(userTypeDetails);
}
/** Returns whether the creation of users of the given user type is enabled on this device. */
private boolean isUserTypeEnabled(@NonNull UserTypeDetails userTypeDetails) {
return userTypeDetails.isEnabled() || isCreationOverrideEnabled();
}
/**
* Returns whether to almost-always allow creating users even beyond their limit or if disabled.
* For Debug builds only.
*/
private boolean isCreationOverrideEnabled() {
return Build.isDebuggable()
&& SystemProperties.getBoolean(DEV_CREATE_OVERRIDE_PROPERTY, false);
}
@Override
public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) {
return canAddMoreProfilesToUser(UserManager.USER_TYPE_PROFILE_MANAGED, userId,
allowedToRemoveOne);
}
/** Returns whether more profiles of the given type can be added to the given parent userId. */
@Override
public boolean canAddMoreProfilesToUser(String userType, @UserIdInt int userId,
boolean allowedToRemoveOne) {
return 0 < getRemainingCreatableProfileCount(userType, userId, allowedToRemoveOne)
|| isCreationOverrideEnabled();
}
@Override
public int getRemainingCreatableProfileCount(@NonNull String userType, @UserIdInt int userId) {
return getRemainingCreatableProfileCount(userType, userId, false);
}
/**
* Returns the remaining number of profiles of the given type that can be added to the given
* user. (taking into account the total number of users on the device as well as how many
* profiles exist of that type both in general and for the given user)
*/
private int getRemainingCreatableProfileCount(@NonNull String userType, @UserIdInt int userId,
boolean allowedToRemoveOne) {
checkQueryOrCreateUsersPermission(
"get the remaining number of profiles that can be added to the given user.");
final UserTypeDetails type = mUserTypes.get(userType);
if (type == null || !isUserTypeEnabled(type)) {
return 0;
}
// Managed profiles have their own specific rules.
final boolean isManagedProfile = type.isManagedProfile();
if (isManagedProfile) {
if (!mContext.getPackageManager().hasSystemFeature(
PackageManager.FEATURE_MANAGED_USERS)) {
return 0;
}
}
synchronized (mUsersLock) {
// Check if the parent exists and its type is even allowed to have a profile.
UserInfo userInfo = getUserInfoLU(userId);
if (userInfo == null || !userInfo.canHaveProfile()) {
return 0;
}
final int userTypeCount = getProfileIds(userId, userType, false).length;
final int profilesRemovedCount = userTypeCount > 0 && allowedToRemoveOne ? 1 : 0;
final int usersCountAfterRemoving = getAliveUsersExcludingGuestsCountLU()
- profilesRemovedCount;
// Limit total number of users that can be created
int result = UserManager.getMaxSupportedUsers() - usersCountAfterRemoving;
// Special case: Allow creating a managed profile anyway if there's only 1 user
if (result <= 0 && isManagedProfile && usersCountAfterRemoving == 1) {
result = 1;
}
// Limit the number of profiles of this type that can be created.
final int maxUsersOfType = getMaxUsersOfTypePerParent(type);
if (maxUsersOfType != UserTypeDetails.UNLIMITED_NUMBER_OF_USERS) {
result = Math.min(result, maxUsersOfType - (userTypeCount - profilesRemovedCount));
}
if (result <= 0) {
return 0;
}
// Limit against max allowed for type (beyond max allowed per parent)
if (type.getMaxAllowed() != UserTypeDetails.UNLIMITED_NUMBER_OF_USERS) {
result = Math.min(result, type.getMaxAllowed()
- (getNumberOfUsersOfType(userType) - profilesRemovedCount));
}
return Math.max(0, result);
}
}
@GuardedBy("mUsersLock")
private int getAliveUsersExcludingGuestsCountLU() {
int aliveUserCount = 0;
final int totalUserCount = mUsers.size();
// Skip over users being removed
for (int i = 0; i < totalUserCount; i++) {
UserInfo user = mUsers.valueAt(i).info;
if (!mRemovingUserIds.get(user.id) && !user.isGuest() && !user.preCreated) {
aliveUserCount++;
}
}
return aliveUserCount;
}
/**
* Enforces that only the system UID or root's UID or apps that have the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} and
* {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL INTERACT_ACROSS_USERS_FULL}
* permissions can make certain calls to the UserManager.
*
* @param message used as message if SecurityException is thrown
* @throws SecurityException if the caller does not have enough privilege.
*/
private static final void checkManageUserAndAcrossUsersFullPermission(String message) {
final int uid = Binder.getCallingUid();
if (uid == Process.SYSTEM_UID || uid == 0) {
// System UID or root's UID are granted privilege.
return;
}
if (hasPermissionGranted(Manifest.permission.MANAGE_USERS, uid)
&& hasPermissionGranted(Manifest.permission.INTERACT_ACROSS_USERS_FULL, uid)) {
// Apps with both permissions are granted privilege.
return;
}
throw new SecurityException(
"You need MANAGE_USERS and INTERACT_ACROSS_USERS_FULL permission to: " + message);
}
private static boolean hasPermissionGranted(String permission, int uid) {
return ActivityManager.checkComponentPermission(
permission, uid, /* owningUid = */-1, /* exported = */ true) ==
PackageManager.PERMISSION_GRANTED;
}
/**
* Enforces that only the system UID or root's UID or apps that have the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS}
* permission can make certain calls to the UserManager.
*
* @param message used as message if SecurityException is thrown
* @throws SecurityException if the caller is not system or root
* @see #hasManageUsersPermission()
*/
private static final void checkManageUsersPermission(String message) {
if (!hasManageUsersPermission()) {
throw new SecurityException("You need MANAGE_USERS permission to: " + message);
}
}
/**
* Enforces that only the system UID or root's UID or apps that have the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
* {@link android.Manifest.permission#CREATE_USERS CREATE_USERS}
* can make certain calls to the UserManager.
*
* @param message used as message if SecurityException is thrown
* @throws SecurityException if the caller is not system or root
* @see #hasCreateUsersPermission()
*/
private static final void checkCreateUsersPermission(String message) {
if (!hasCreateUsersPermission()) {
throw new SecurityException(
"You either need MANAGE_USERS or CREATE_USERS permission to: " + message);
}
}
/**
* Enforces that only the system UID or root's UID or apps that have the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
* {@link android.Manifest.permission#QUERY_USERS QUERY_USERS}
* can make certain calls to the UserManager.
*
* @param message used as message if SecurityException is thrown
* @throws SecurityException if the caller lacks the required permissions.
*/
private static final void checkQueryUsersPermission(String message) {
if (!hasQueryUsersPermission()) {
throw new SecurityException(
"You either need MANAGE_USERS or QUERY_USERS permission to: " + message);
}
}
/**
* Enforces that only the system UID or root's UID or apps that have the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
* {@link android.Manifest.permission#CREATE_USERS CREATE_USERS} or
* {@link android.Manifest.permission#QUERY_USERS QUERY_USERS}
* can make certain calls to the UserManager.
*
* @param message used as message if SecurityException is thrown
* @throws SecurityException if the caller lacks the required permissions.
*/
private static final void checkQueryOrCreateUsersPermission(String message) {
if (!hasQueryOrCreateUsersPermission()) {
throw new SecurityException(
"You either need MANAGE_USERS, CREATE_USERS, or QUERY_USERS permission to: "
+ message);
}
}
/**
* Similar to {@link #checkCreateUsersPermission(String)} but when the caller is tries
* to create user/profiles other than what is allowed for
* {@link android.Manifest.permission#CREATE_USERS CREATE_USERS} permission, then it will only
* allow callers with {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} permission.
*/
private static final void checkCreateUsersPermission(int creationFlags) {
if ((creationFlags & ~ALLOWED_FLAGS_FOR_CREATE_USERS_PERMISSION) == 0) {
if (!hasCreateUsersPermission()) {
throw new SecurityException("You either need MANAGE_USERS or CREATE_USERS "
+ "permission to create an user with flags: " + creationFlags);
}
} else if (!hasManageUsersPermission()) {
throw new SecurityException("You need MANAGE_USERS permission to create an user "
+ " with flags: " + creationFlags);
}
}
/**
* @return whether the calling UID is system UID or root's UID or the calling app has the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS}.
*/
private static final boolean hasManageUsersPermission() {
final int callingUid = Binder.getCallingUid();
return hasManageUsersPermission(callingUid);
}
/**
* @return whether the given UID is system UID or root's UID or the has the permission
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS}.
*/
private static boolean hasManageUsersPermission(int callingUid) {
return UserHandle.isSameApp(callingUid, Process.SYSTEM_UID)
|| callingUid == Process.ROOT_UID
|| hasPermissionGranted(android.Manifest.permission.MANAGE_USERS, callingUid);
}
/**
* @return whether the calling UID is system UID or root's UID or the calling app has the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or the provided permission.
*/
private static final boolean hasManageUsersOrPermission(String alternativePermission) {
final int callingUid = Binder.getCallingUid();
return hasManageUsersPermission(callingUid)
|| hasPermissionGranted(alternativePermission, callingUid);
}
/**
* @return whether the calling UID is system UID or root's UID or the calling app has the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
* {@link android.Manifest.permission#CREATE_USERS CREATE_USERS}.
*/
private static final boolean hasCreateUsersPermission() {
return hasManageUsersOrPermission(android.Manifest.permission.CREATE_USERS);
}
/**
* @return whether the calling UID is system UID or root's UID or the calling app has the
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
* {@link android.Manifest.permission#QUERY_USERS QUERY_USERS}.
*/
private static final boolean hasQueryUsersPermission() {
return hasManageUsersOrPermission(android.Manifest.permission.QUERY_USERS);
}
/**
* @return whether the calling UID is system UID or root's UID or the calling app has
* {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} or
* {@link android.Manifest.permission#CREATE_USERS CREATE_USERS} or
* {@link android.Manifest.permission#QUERY_USERS QUERY_USERS}.
*/
private static final boolean hasQueryOrCreateUsersPermission() {
return hasCreateUsersPermission()
|| hasPermissionGranted(Manifest.permission.QUERY_USERS, Binder.getCallingUid());
}
/**
* Enforces that only the system UID or root's UID (on any user) can make certain calls to the
* UserManager.
*
* @param message used as message if SecurityException is thrown
* @throws SecurityException if the caller is not system or root
*/
private static void checkSystemOrRoot(String message) {
final int uid = Binder.getCallingUid();
if (!UserHandle.isSameApp(uid, Process.SYSTEM_UID) && uid != Process.ROOT_UID) {
throw new SecurityException("Only system may: " + message);
}
}
@GuardedBy({"mPackagesLock"})
private void writeBitmapLP(UserInfo info, Bitmap bitmap) {
try {
File dir = new File(mUsersDir, Integer.toString(info.id));
File file = new File(dir, USER_PHOTO_FILENAME);
File tmp = new File(dir, USER_PHOTO_FILENAME_TMP);
if (!dir.exists()) {
dir.mkdir();
FileUtils.setPermissions(
dir.getPath(),
FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IXOTH,
-1, -1);
}
FileOutputStream os;
if (bitmap.compress(Bitmap.CompressFormat.PNG, 100, os = new FileOutputStream(tmp))
&& tmp.renameTo(file) && SELinux.restorecon(file)) {
info.iconPath = file.getAbsolutePath();
}
try {
os.close();
} catch (IOException ioe) {
// What the ... !
}
tmp.delete();
} catch (FileNotFoundException e) {
Slog.w(LOG_TAG, "Error setting photo for user ", e);
}
}
/**
* Returns an array of user ids.
*
* <p>This array is cached here for quick access, so do not modify or cache it elsewhere.
*
* @return the array of user ids.
*/
public @NonNull int[] getUserIds() {
synchronized (mUsersLock) {
return mUserIds;
}
}
/**
* Checks whether user with a given ID exists.
* @param id User id to be checked.
*/
@VisibleForTesting
boolean userExists(int id) {
synchronized (mUsersLock) {
for (int userId : mUserIds) {
if (userId == id) {
return true;
}
}
}
return false;
}
/**
* Returns an array of user ids, including pre-created users.
*
* <p>This method should only used for the specific cases that need to handle pre-created users;
* most callers should call {@link #getUserIds()} instead.
*
* <p>This array is cached here for quick access, so do not modify or
* cache it elsewhere.
*
* @return the array of user ids.
*/
public @NonNull int[] getUserIdsIncludingPreCreated() {
synchronized (mUsersLock) {
return mUserIdsIncludingPreCreated;
}
}
/** Checks whether the device is currently in headless system user mode (for any reason). */
@Override
public boolean isHeadlessSystemUserMode() {
synchronized (mUsersLock) {
final UserData systemUserData = mUsers.get(UserHandle.USER_SYSTEM);
return !systemUserData.info.isFull();
}
}
/**
* Checks whether the default state of the device is headless system user mode, i.e. what the
* mode would be if we did a fresh factory reset.
* If the mode is being emulated (via SYSTEM_USER_MODE_EMULATION_PROPERTY) then that will be
* returned instead.
* Note that, even in the absence of emulation, a device might deviate from the current default
* due to an OTA changing the default (which won't change the already-decided mode).
*/
private boolean isDefaultHeadlessSystemUserMode() {
if (!Build.isDebuggable()) {
return RoSystemProperties.MULTIUSER_HEADLESS_SYSTEM_USER;
}
final String emulatedValue = SystemProperties.get(SYSTEM_USER_MODE_EMULATION_PROPERTY);
if (!TextUtils.isEmpty(emulatedValue)) {
if (UserManager.SYSTEM_USER_MODE_EMULATION_HEADLESS.equals(emulatedValue)) return true;
if (UserManager.SYSTEM_USER_MODE_EMULATION_FULL.equals(emulatedValue)) return false;
if (!UserManager.SYSTEM_USER_MODE_EMULATION_DEFAULT.equals(emulatedValue)) {
Slogf.e(LOG_TAG, "isDefaultHeadlessSystemUserMode(): ignoring invalid valued of "
+ "property %s: %s",
SYSTEM_USER_MODE_EMULATION_PROPERTY, emulatedValue);
}
}
return RoSystemProperties.MULTIUSER_HEADLESS_SYSTEM_USER;
}
/**
* Called on boot to change the system user mode (for example, from headless to full or
* vice versa) for development purposes.
*/
private void emulateSystemUserModeIfNeeded() {
if (!Build.isDebuggable()) {
return;
}
if (TextUtils.isEmpty(SystemProperties.get(SYSTEM_USER_MODE_EMULATION_PROPERTY))) {
return;
}
final boolean newHeadlessSystemUserMode = isDefaultHeadlessSystemUserMode();
// Update system user type
synchronized (mPackagesLock) {
synchronized (mUsersLock) {
final UserData systemUserData = mUsers.get(UserHandle.USER_SYSTEM);
if (systemUserData == null) {
Slogf.wtf(LOG_TAG, "emulateSystemUserModeIfNeeded(): no system user data");
return;
}
final int oldMainUserId = getMainUserIdUnchecked();
final int oldSysFlags = systemUserData.info.flags;
final int newSysFlags;
final String newUserType;
if (newHeadlessSystemUserMode) {
newUserType = UserManager.USER_TYPE_SYSTEM_HEADLESS;
newSysFlags = oldSysFlags & ~UserInfo.FLAG_FULL & ~UserInfo.FLAG_MAIN;
} else {
newUserType = UserManager.USER_TYPE_FULL_SYSTEM;
newSysFlags = oldSysFlags | UserInfo.FLAG_FULL | UserInfo.FLAG_MAIN;
}
if (systemUserData.info.userType.equals(newUserType)) {
Slogf.d(LOG_TAG, "emulateSystemUserModeIfNeeded(): system user type is already "
+ "%s, returning", newUserType);
return;
}
Slogf.i(LOG_TAG, "Persisting emulated system user data: type changed from %s to "
+ "%s, flags changed from %s to %s",
systemUserData.info.userType, newUserType,
UserInfo.flagsToString(oldSysFlags), UserInfo.flagsToString(newSysFlags));
systemUserData.info.userType = newUserType;
systemUserData.info.flags = newSysFlags;
writeUserLP(systemUserData);
// Designate the MainUser to a reasonable choice if needed.
final UserData oldMain = getUserDataNoChecks(oldMainUserId);
if (newHeadlessSystemUserMode) {
final boolean mainIsAlreadyNonSystem =
oldMain != null && (oldMain.info.flags & UserInfo.FLAG_SYSTEM) == 0;
if (!mainIsAlreadyNonSystem && isMainUserPermanentAdmin()) {
// We need a new choice for Main. Pick the oldest.
// If no oldest, don't set any. Let the BootUserInitializer do that later.
final UserInfo newMainUser = getEarliestCreatedFullUser();
if (newMainUser != null) {
Slogf.i(LOG_TAG, "Designating user " + newMainUser.id + " to be Main");
newMainUser.flags |= UserInfo.FLAG_MAIN;
writeUserLP(getUserDataNoChecks(newMainUser.id));
}
}
} else {
// We already made user 0 Main above. Now strip it from the old Main user.
// TODO(b/256624031): For now, we demand the Main user (if there is one) is
// always the system in non-HSUM. In the future, when we relax this, change how
// we handle MAIN.
if (oldMain != null && (oldMain.info.flags & UserInfo.FLAG_SYSTEM) == 0) {
Slogf.i(LOG_TAG, "Transferring Main to user 0 from " + oldMain.info.id);
oldMain.info.flags &= ~UserInfo.FLAG_MAIN;
writeUserLP(oldMain);
} else {
Slogf.i(LOG_TAG, "Designated user 0 to be Main");
}
}
}
}
// Update emulated mode, which will used to trigger an update on user packages
mUpdatingSystemUserMode = true;
}
private ResilientAtomicFile getUserListFile() {
File tempBackup = new File(mUserListFile.getParent(), mUserListFile.getName() + ".backup");
File reserveCopy = new File(mUserListFile.getParent(),
mUserListFile.getName() + ".reservecopy");
int fileMode = FileUtils.S_IRWXU | FileUtils.S_IRWXG | FileUtils.S_IXOTH;
return new ResilientAtomicFile(mUserListFile, tempBackup, reserveCopy, fileMode,
"user list", (priority, msg) -> {
Slog.e(LOG_TAG, msg);
// Something went wrong, schedule full rewrite.
scheduleWriteUserList();
});
}
@GuardedBy({"mPackagesLock"})
private void readUserListLP() {
// Whether guest restrictions are present on userlist.xml
boolean guestRestrictionsArePresentOnUserListXml = false;
try (ResilientAtomicFile file = getUserListFile()) {
FileInputStream fin = null;
try {
fin = file.openRead();
if (fin == null) {
Slog.e(LOG_TAG, "userlist.xml not found, fallback to single user");
fallbackToSingleUserLP();
return;
}
final TypedXmlPullParser parser = Xml.resolvePullParser(fin);
int type;
while ((type = parser.next()) != XmlPullParser.START_TAG
&& type != XmlPullParser.END_DOCUMENT) {
// Skip
}
if (type != XmlPullParser.START_TAG) {
Slog.e(LOG_TAG, "Unable to read user list");
fallbackToSingleUserLP();
return;
}
mNextSerialNumber = -1;
if (parser.getName().equals(TAG_USERS)) {
mNextSerialNumber =
parser.getAttributeInt(null, ATTR_NEXT_SERIAL_NO, mNextSerialNumber);
mUserVersion =
parser.getAttributeInt(null, ATTR_USER_VERSION, mUserVersion);
mUserTypeVersion =
parser.getAttributeInt(null, ATTR_USER_TYPE_VERSION, mUserTypeVersion);
}
while ((type = parser.next()) != XmlPullParser.END_DOCUMENT) {
if (type == XmlPullParser.START_TAG) {
final String name = parser.getName();
if (name.equals(TAG_USER)) {
UserData userData = readUserLP(parser.getAttributeInt(null, ATTR_ID),
mUserVersion);
if (userData != null) {
synchronized (mUsersLock) {
mUsers.put(userData.info.id, userData);
if (mNextSerialNumber < 0
|| mNextSerialNumber <= userData.info.id) {
mNextSerialNumber = userData.info.id + 1;
}
}
}
} else if (name.equals(TAG_GUEST_RESTRICTIONS)) {
guestRestrictionsArePresentOnUserListXml = true;
while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
&& type != XmlPullParser.END_TAG) {
if (type == XmlPullParser.START_TAG) {
if (parser.getName().equals(TAG_RESTRICTIONS)) {
synchronized (mGuestRestrictions) {
UserRestrictionsUtils
.readRestrictions(parser, mGuestRestrictions);
}
}
break;
}
}
}
}
}
updateUserIds();
upgradeIfNecessaryLP();
updateUsersWithFeatureFlags(guestRestrictionsArePresentOnUserListXml);
} catch (Exception e) {
// Remove corrupted file and retry.
file.failRead(fin, e);
readUserListLP();
return;
}
}
synchronized (mUsersLock) {
if (mUsers.size() == 0) {
Slog.e(LOG_TAG, "mUsers is empty, fallback to single user");
fallbackToSingleUserLP();
}
}
}
/**
* Upgrade steps between versions, either for fixing bugs or changing the data format.
*/
@GuardedBy({"mPackagesLock"})
private void upgradeIfNecessaryLP() {
upgradeIfNecessaryLP(mUserVersion, mUserTypeVersion);
}
/**
* Update any user formats or Xml data that need to be updated based on the current user state
* and the feature flag settings.
*/
@GuardedBy({"mPackagesLock"})
private void updateUsersWithFeatureFlags(boolean guestRestrictionsArePresentOnUserListXml) {
// User Xml re-writes are required when guest restrictions are saved on userlist.xml but
// as per the feature flag it should be on the SYSTEM user's xml or guest restrictions
// are saved on SYSTEM user's xml but as per the flags it should not be saved there.
if (guestRestrictionsArePresentOnUserListXml
== Flags.saveGlobalAndGuestRestrictionsOnSystemUserXmlReadOnly()) {
for (int userId: getUserIds()) {
writeUserLP(getUserDataNoChecks(userId));
}
writeUserListLP();
}
}
/**
* Version of {@link #upgradeIfNecessaryLP()} that takes in the userVersion for testing
* purposes. For non-tests, use {@link #upgradeIfNecessaryLP()}.
*/
@GuardedBy({"mPackagesLock"})
@VisibleForTesting
void upgradeIfNecessaryLP(int userVersion, int userTypeVersion) {
Slog.i(LOG_TAG, "Upgrading users from userVersion " + userVersion + " to " + USER_VERSION);
Set<Integer> userIdsToWrite = new ArraySet<>();
final int originalVersion = mUserVersion;
final int originalUserTypeVersion = mUserTypeVersion;
if (userVersion < 1) {
// Assign a proper name for the owner, if not initialized correctly before
UserData userData = getUserDataNoChecks(UserHandle.USER_SYSTEM);
if ("Primary".equals(userData.info.name)) {
userData.info.name =
mContext.getResources().getString(com.android.internal.R.string.owner_name);
userIdsToWrite.add(userData.info.id);
}
userVersion = 1;
}
if (userVersion < 2) {
// Owner should be marked as initialized
UserData userData = getUserDataNoChecks(UserHandle.USER_SYSTEM);
if ((userData.info.flags & UserInfo.FLAG_INITIALIZED) == 0) {
userData.info.flags |= UserInfo.FLAG_INITIALIZED;
userIdsToWrite.add(userData.info.id);
}
userVersion = 2;
}
if (userVersion < 4) {
userVersion = 4;
}
if (userVersion < 5) {
initDefaultGuestRestrictions();
userVersion = 5;
}
if (userVersion < 6) {
synchronized (mUsersLock) {
for (int i = 0; i < mUsers.size(); i++) {
UserData userData = mUsers.valueAt(i);
// Only system user can have restricted profiles
if (userData.info.isRestricted() && (userData.info.restrictedProfileParentId
== UserInfo.NO_PROFILE_GROUP_ID)) {
userData.info.restrictedProfileParentId = UserHandle.USER_SYSTEM;
userIdsToWrite.add(userData.info.id);
}
}
}
userVersion = 6;
}
if (userVersion < 7) {
// Previously only one user could enforce global restrictions, now it is per-user.
synchronized (mRestrictionsLock) {
if (mDevicePolicyUserRestrictions.removeRestrictionsForAllUsers(
UserManager.ENSURE_VERIFY_APPS)) {
mDevicePolicyUserRestrictions.getRestrictionsNonNull(UserHandle.USER_ALL)
.putBoolean(UserManager.ENSURE_VERIFY_APPS, true);
}
}
// DISALLOW_CONFIG_WIFI was made a default guest restriction some time during version 6.
final List<UserInfo> guestUsers = getGuestUsers();
for (int i = 0; i < guestUsers.size(); i++) {
final UserInfo guestUser = guestUsers.get(i);
if (guestUser != null && !hasUserRestriction(
UserManager.DISALLOW_CONFIG_WIFI, guestUser.id)) {
setUserRestriction(UserManager.DISALLOW_CONFIG_WIFI, true, guestUser.id);
}
}
userVersion = 7;
}
if (userVersion < 8) {
// Added FLAG_FULL and FLAG_SYSTEM flags.
synchronized (mUsersLock) {
UserData userData = mUsers.get(UserHandle.USER_SYSTEM);
userData.info.flags |= UserInfo.FLAG_SYSTEM;
// We assume that isDefaultHeadlessSystemUserMode() does not change during the OTA
// from userVersion < 8 since it is documented that pre-R devices do not support its
// modification. Therefore, its current value should be the same as the pre-update
// version.
if (!isDefaultHeadlessSystemUserMode()) {
userData.info.flags |= UserInfo.FLAG_FULL;
}
userIdsToWrite.add(userData.info.id);
// Mark FULL all non-profile users except USER_SYSTEM.
// Start index at 1 since USER_SYSTEM is the smallest userId and we're skipping it.
for (int i = 1; i < mUsers.size(); i++) {
userData = mUsers.valueAt(i);
if ((userData.info.flags & UserInfo.FLAG_MANAGED_PROFILE) == 0) {
userData.info.flags |= UserInfo.FLAG_FULL;
userIdsToWrite.add(userData.info.id);
}
}
}
userVersion = 8;
}
if (userVersion < 9) {
// Convert from UserInfo flags to UserTypes. Apply FLAG_PROFILE to FLAG_MANAGED_PROFILE.
synchronized (mUsersLock) {
for (int i = 0; i < mUsers.size(); i++) {
UserData userData = mUsers.valueAt(i);
final int flags = userData.info.flags;
if ((flags & UserInfo.FLAG_SYSTEM) != 0) {
if ((flags & UserInfo.FLAG_FULL) != 0) {
userData.info.userType = UserManager.USER_TYPE_FULL_SYSTEM;
} else {
userData.info.userType = UserManager.USER_TYPE_SYSTEM_HEADLESS;
}
} else {
try {
userData.info.userType = UserInfo.getDefaultUserType(flags);
} catch (IllegalArgumentException e) {
// TODO(b/142482943): What should we do here? Delete user? Crashloop?
throw new IllegalStateException("Cannot upgrade user with flags "
+ Integer.toHexString(flags) + " because it doesn't correspond "
+ "to a valid user type.", e);
}
}
// OEMs are responsible for their own custom upgrade logic here.
final UserTypeDetails userTypeDetails = mUserTypes.get(userData.info.userType);
if (userTypeDetails == null) {
throw new IllegalStateException(
"Cannot upgrade user with flags " + Integer.toHexString(flags)
+ " because " + userData.info.userType + " isn't defined"
+ " on this device!");
}
userData.info.flags |= userTypeDetails.getDefaultUserInfoFlags();
userIdsToWrite.add(userData.info.id);
}
}
userVersion = 9;
}
if (userVersion < 10) {
// Add UserProperties.
synchronized (mUsersLock) {
for (int i = 0; i < mUsers.size(); i++) {
final UserData userData = mUsers.valueAt(i);
final UserTypeDetails userTypeDetails = mUserTypes.get(userData.info.userType);
if (userTypeDetails == null) {
throw new IllegalStateException(
"Cannot upgrade user because " + userData.info.userType
+ " isn't defined on this device!");
}
userData.userProperties = new UserProperties(
userTypeDetails.getDefaultUserPropertiesReference());
userIdsToWrite.add(userData.info.id);
}
}
userVersion = 10;
}
if (userVersion < 11) {
// Add FLAG_MAIN
if (isHeadlessSystemUserMode()) {
if (isMainUserPermanentAdmin()) {
final UserInfo earliestCreatedUser = getEarliestCreatedFullUser();
if (earliestCreatedUser != null) {
earliestCreatedUser.flags |= UserInfo.FLAG_MAIN;
userIdsToWrite.add(earliestCreatedUser.id);
}
}
} else { // not isHeadlessSystemUserMode
synchronized (mUsersLock) {
final UserData userData = mUsers.get(UserHandle.USER_SYSTEM);
userData.info.flags |= UserInfo.FLAG_MAIN;
userIdsToWrite.add(userData.info.id);
}
}
userVersion = 11;
}
// Reminder: If you add another upgrade, make sure to increment USER_VERSION too.
// Done with userVersion changes, moving on to deal with userTypeVersion upgrades
// Upgrade from previous user type to a new user type
final int newUserTypeVersion = UserTypeFactory.getUserTypeVersion();
if (newUserTypeVersion > userTypeVersion) {
synchronized (mUsersLock) {
upgradeUserTypesLU(UserTypeFactory.getUserTypeUpgrades(), mUserTypes,
userTypeVersion, userIdsToWrite);
}
}
if (userVersion < USER_VERSION) {
Slog.w(LOG_TAG, "User version " + mUserVersion + " didn't upgrade as expected to "
+ USER_VERSION);
} else {
if (userVersion > USER_VERSION) {
Slog.wtf(LOG_TAG, "Upgraded user version " + mUserVersion + " is higher the SDK's "
+ "one of " + USER_VERSION + ". Someone forgot to update USER_VERSION?");
}
mUserVersion = userVersion;
mUserTypeVersion = newUserTypeVersion;
if (originalVersion < mUserVersion || originalUserTypeVersion < mUserTypeVersion) {
for (int userId : userIdsToWrite) {
UserData userData = getUserDataNoChecks(userId);
if (userData != null) {
writeUserLP(userData);
}
}
writeUserListLP();
}
}
}
@GuardedBy("mUsersLock")
private void upgradeUserTypesLU(@NonNull List<UserTypeFactory.UserTypeUpgrade> upgradeOps,
@NonNull ArrayMap<String, UserTypeDetails> userTypes,
final int formerUserTypeVersion,
@NonNull Set<Integer> userIdsToWrite) {
for (UserTypeFactory.UserTypeUpgrade userTypeUpgrade : upgradeOps) {
if (DBG) {
Slog.i(LOG_TAG, "Upgrade: " + userTypeUpgrade.getFromType() + " to: "
+ userTypeUpgrade.getToType() + " maxVersion: "
+ userTypeUpgrade.getUpToVersion());
}
// upgrade user type if version up to getUpToVersion()
if (formerUserTypeVersion <= userTypeUpgrade.getUpToVersion()) {
for (int i = 0; i < mUsers.size(); i++) {
UserData userData = mUsers.valueAt(i);
if (userTypeUpgrade.getFromType().equals(userData.info.userType)) {
final UserTypeDetails newUserType = userTypes.get(
userTypeUpgrade.getToType());
if (newUserType == null) {
throw new IllegalStateException(
"Upgrade destination user type not defined: "
+ userTypeUpgrade.getToType());
}
upgradeProfileToTypeLU(userData.info, newUserType);
userIdsToWrite.add(userData.info.id);
}
}
}
}
}
/**
* Changes the user type of a profile to a new user type.
* @param userInfo The user to be updated.
* @param newUserType The new user type.
*/
@GuardedBy("mUsersLock")
@VisibleForTesting
void upgradeProfileToTypeLU(@NonNull UserInfo userInfo, @NonNull UserTypeDetails newUserType) {
Slog.i(LOG_TAG, "Upgrading user " + userInfo.id
+ " from " + userInfo.userType
+ " to " + newUserType.getName());
if (!userInfo.isProfile()) {
throw new IllegalStateException(
"Can only upgrade profile types. " + userInfo.userType
+ " is not a profile type.");
}
// Exceeded maximum profiles for parent user: log error, but allow upgrade
if (!canAddMoreProfilesToUser(newUserType.getName(), userInfo.profileGroupId, false)) {
Slog.w(LOG_TAG,
"Exceeded maximum profiles of type " + newUserType.getName() + " for user "
+ userInfo.id + ". Maximum allowed= "
+ newUserType.getMaxAllowedPerParent());
}
final UserTypeDetails oldUserType = mUserTypes.get(userInfo.userType);
final int oldFlags;
if (oldUserType != null) {
oldFlags = oldUserType.getDefaultUserInfoFlags();
} else {
// if oldUserType is missing from config_user_types.xml -> can only assume FLAG_PROFILE
oldFlags = UserInfo.FLAG_PROFILE;
}
//convert userData to newUserType
userInfo.userType = newUserType.getName();
// remove old default flags and add newUserType's default flags
userInfo.flags = newUserType.getDefaultUserInfoFlags() | (userInfo.flags ^ oldFlags);
// merge existing base restrictions with the new type's default restrictions
synchronized (mRestrictionsLock) {
if (!BundleUtils.isEmpty(newUserType.getDefaultRestrictions())) {
final Bundle newRestrictions = BundleUtils.clone(
mBaseUserRestrictions.getRestrictions(userInfo.id));
UserRestrictionsUtils.merge(newRestrictions,
newUserType.getDefaultRestrictions());
updateUserRestrictionsInternalLR(newRestrictions, userInfo.id);
if (DBG) {
Slog.i(LOG_TAG, "Updated user " + userInfo.id
+ " restrictions to " + newRestrictions);
}
}
}
// re-compute badge index
userInfo.profileBadge = getFreeProfileBadgeLU(userInfo.profileGroupId, userInfo.userType);
}
/** Returns the oldest Full Admin user, or null is if there none. */
private @Nullable UserInfo getEarliestCreatedFullUser() {
final List<UserInfo> users = getUsersInternal(true, true, true);
UserInfo earliestUser = null;
long earliestCreationTime = Long.MAX_VALUE;
for (int i = 0; i < users.size(); i++) {
final UserInfo info = users.get(i);
if (info.isFull() && info.isAdmin() && info.creationTime >= 0
&& info.creationTime < earliestCreationTime) {
earliestCreationTime = info.creationTime;
earliestUser = info;
}
}
return earliestUser;
}
@GuardedBy({"mPackagesLock"})
private void fallbackToSingleUserLP() {
// Create the system user
final String systemUserType = isDefaultHeadlessSystemUserMode()
? UserManager.USER_TYPE_SYSTEM_HEADLESS
: UserManager.USER_TYPE_FULL_SYSTEM;
final int flags = mUserTypes.get(systemUserType).getDefaultUserInfoFlags()
| UserInfo.FLAG_INITIALIZED;
final UserInfo system = new UserInfo(UserHandle.USER_SYSTEM,
/* name= */ null, /* iconPath= */ null, flags, systemUserType);
final UserData userData = putUserInfo(system);
userData.userProperties = new UserProperties(
mUserTypes.get(userData.info.userType).getDefaultUserPropertiesReference());
mNextSerialNumber = MIN_USER_ID;
mUserVersion = USER_VERSION;
mUserTypeVersion = UserTypeFactory.getUserTypeVersion();
final Bundle restrictions = new Bundle();
try {
final String[] defaultFirstUserRestrictions = mContext.getResources().getStringArray(
com.android.internal.R.array.config_defaultFirstUserRestrictions);
for (String userRestriction : defaultFirstUserRestrictions) {
if (UserRestrictionsUtils.isValidRestriction(userRestriction)) {
restrictions.putBoolean(userRestriction, true);
}
}
} catch (Resources.NotFoundException e) {
Slog.e(LOG_TAG, "Couldn't find resource: config_defaultFirstUserRestrictions", e);
}
if (!restrictions.isEmpty()) {
synchronized (mRestrictionsLock) {
mBaseUserRestrictions.updateRestrictions(UserHandle.USER_SYSTEM,
restrictions);
}
}
initDefaultGuestRestrictions();
writeUserLP(userData);
writeUserListLP();
}
private String getOwnerName() {
return mOwnerName.get();
}
private String getGuestName() {
return mContext.getString(com.android.internal.R.string.guest_name);
}
private void invalidateOwnerNameIfNecessary(@NonNull Resources res, boolean forceUpdate) {
final int configChanges = mLastConfiguration.updateFrom(res.getConfiguration());
if (forceUpdate || (configChanges & mOwnerNameTypedValue.changingConfigurations) != 0) {
res.getValue(com.android.internal.R.string.owner_name, mOwnerNameTypedValue, true);
final CharSequence ownerName = mOwnerNameTypedValue.coerceToString();
mOwnerName.set(ownerName != null ? ownerName.toString() : null);
}
}
private void scheduleWriteUserList() {
if (DBG) {
debug("scheduleWriteUserList");
}
// No need to wrap it within a lock -- worst case, we'll just post the same message
// twice.
if (!mHandler.hasMessages(WRITE_USER_LIST_MSG)) {
Message msg = mHandler.obtainMessage(WRITE_USER_LIST_MSG);
mHandler.sendMessageDelayed(msg, WRITE_USER_DELAY);
}
}
private void scheduleWriteUser(@UserIdInt int userId) {
if (DBG) {
debug("scheduleWriteUser");
}
// No need to wrap it within a lock -- worst case, we'll just post the same message
// twice.
if (!mHandler.hasMessages(WRITE_USER_MSG, userId)) {
Message msg = mHandler.obtainMessage(WRITE_USER_MSG, userId);
mHandler.sendMessageDelayed(msg, WRITE_USER_DELAY);
}
}
private ResilientAtomicFile getUserFile(int userId) {
File file = new File(mUsersDir, userId + XML_SUFFIX);
File tempBackup = new File(mUsersDir, userId + XML_SUFFIX + ".backup");
File reserveCopy = new File(mUsersDir, userId + XML_SUFFIX + ".reservecopy");
int fileMode = FileUtils.S_IRWXU | FileUtils.S_IRWXG | FileUtils.S_IXOTH;
return new ResilientAtomicFile(file, tempBackup, reserveCopy, fileMode,
"user info", (priority, msg) -> {
Slog.e(LOG_TAG, msg);
// Something went wrong, schedule full rewrite.
UserData userData = getUserDataNoChecks(userId);
if (userData != null) {
scheduleWriteUser(userId);
}
});
}
@GuardedBy({"mPackagesLock"})
private void writeUserLP(UserData userData) {
if (DBG) {
debug("writeUserLP " + userData);
}
try (ResilientAtomicFile userFile = getUserFile(userData.info.id)) {
FileOutputStream fos = null;
try {
fos = userFile.startWrite();
writeUserLP(userData, fos);
userFile.finishWrite(fos);
} catch (Exception ioe) {
Slog.e(LOG_TAG, "Error writing user info " + userData.info.id, ioe);
userFile.failWrite(fos);
}
}
}
/*
* Writes the user file in this format:
*
* <user flags="20039023" id="0">
* <name>Primary</name>
* </user>
*/
@GuardedBy({"mPackagesLock"})
@VisibleForTesting
void writeUserLP(UserData userData, OutputStream os)
throws IOException, XmlPullParserException {
final TypedXmlSerializer serializer = Xml.resolveSerializer(os);
serializer.startDocument(null, true);
serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true);
final UserInfo userInfo = userData.info;
serializer.startTag(null, TAG_USER);
serializer.attributeInt(null, ATTR_ID, userInfo.id);
serializer.attributeInt(null, ATTR_SERIAL_NO, userInfo.serialNumber);
serializer.attributeInt(null, ATTR_FLAGS, userInfo.flags);
serializer.attribute(null, ATTR_TYPE, userInfo.userType);
serializer.attributeLong(null, ATTR_CREATION_TIME, userInfo.creationTime);
serializer.attributeLong(null, ATTR_LAST_LOGGED_IN_TIME, userInfo.lastLoggedInTime);
if (userInfo.lastLoggedInFingerprint != null) {
serializer.attribute(null, ATTR_LAST_LOGGED_IN_FINGERPRINT,
userInfo.lastLoggedInFingerprint);
}
serializer.attributeLong(
null, ATTR_LAST_ENTERED_FOREGROUND_TIME, userData.mLastEnteredForegroundTimeMillis);
if (userInfo.iconPath != null) {
serializer.attribute(null, ATTR_ICON_PATH, userInfo.iconPath);
}
if (userInfo.partial) {
serializer.attributeBoolean(null, ATTR_PARTIAL, true);
}
if (userInfo.preCreated) {
serializer.attributeBoolean(null, ATTR_PRE_CREATED, true);
}
if (userInfo.convertedFromPreCreated) {
serializer.attributeBoolean(null, ATTR_CONVERTED_FROM_PRE_CREATED, true);
}
if (userInfo.guestToRemove) {
serializer.attributeBoolean(null, ATTR_GUEST_TO_REMOVE, true);
}
if (userInfo.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID) {
serializer.attributeInt(null, ATTR_PROFILE_GROUP_ID, userInfo.profileGroupId);
}
serializer.attributeInt(null, ATTR_PROFILE_BADGE, userInfo.profileBadge);
if (userInfo.restrictedProfileParentId != UserInfo.NO_PROFILE_GROUP_ID) {
serializer.attributeInt(null, ATTR_RESTRICTED_PROFILE_PARENT_ID,
userInfo.restrictedProfileParentId);
}
// Write seed data
if (userData.persistSeedData) {
if (userData.seedAccountName != null) {
serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME,
truncateString(userData.seedAccountName));
}
if (userData.seedAccountType != null) {
serializer.attribute(null, ATTR_SEED_ACCOUNT_TYPE,
truncateString(userData.seedAccountType));
}
}
if (userInfo.name != null) {
serializer.startTag(null, TAG_NAME);
serializer.text(truncateString(userInfo.name));
serializer.endTag(null, TAG_NAME);
}
synchronized (mRestrictionsLock) {
UserRestrictionsUtils.writeRestrictions(serializer,
mBaseUserRestrictions.getRestrictions(userInfo.id), TAG_RESTRICTIONS);
if (Flags.saveGlobalAndGuestRestrictionsOnSystemUserXmlReadOnly()) {
if (userInfo.id == UserHandle.USER_SYSTEM) {
UserRestrictionsUtils.writeRestrictions(serializer,
mDevicePolicyUserRestrictions.getRestrictions(UserHandle.USER_ALL),
TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS);
serializer.startTag(null, TAG_GUEST_RESTRICTIONS);
synchronized (mGuestRestrictions) {
UserRestrictionsUtils.writeRestrictions(serializer, mGuestRestrictions,
TAG_RESTRICTIONS);
}
serializer.endTag(null, TAG_GUEST_RESTRICTIONS);
}
} else {
UserRestrictionsUtils.writeRestrictions(serializer,
mDevicePolicyUserRestrictions.getRestrictions(UserHandle.USER_ALL),
TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS);
}
UserRestrictionsUtils.writeRestrictions(serializer,
mDevicePolicyUserRestrictions.getRestrictions(userInfo.id),
TAG_DEVICE_POLICY_LOCAL_RESTRICTIONS);
}
if (userData.account != null) {
serializer.startTag(null, TAG_ACCOUNT);
serializer.text(userData.account);
serializer.endTag(null, TAG_ACCOUNT);
}
if (userData.persistSeedData && userData.seedAccountOptions != null) {
serializer.startTag(null, TAG_SEED_ACCOUNT_OPTIONS);
userData.seedAccountOptions.saveToXml(serializer);
serializer.endTag(null, TAG_SEED_ACCOUNT_OPTIONS);
}
if (userData.userProperties != null) {
serializer.startTag(null, TAG_USER_PROPERTIES);
userData.userProperties.writeToXml(serializer);
serializer.endTag(null, TAG_USER_PROPERTIES);
}
if (userData.getLastRequestQuietModeEnabledMillis() != 0L) {
serializer.startTag(/* namespace */ null, TAG_LAST_REQUEST_QUIET_MODE_ENABLED_CALL);
serializer.text(String.valueOf(userData.getLastRequestQuietModeEnabledMillis()));
serializer.endTag(/* namespace */ null, TAG_LAST_REQUEST_QUIET_MODE_ENABLED_CALL);
}
serializer.startTag(/* namespace */ null, TAG_IGNORE_PREPARE_STORAGE_ERRORS);
serializer.text(String.valueOf(userData.getIgnorePrepareStorageErrors()));
serializer.endTag(/* namespace */ null, TAG_IGNORE_PREPARE_STORAGE_ERRORS);
serializer.endTag(null, TAG_USER);
serializer.endDocument();
}
private String truncateString(String original) {
if (original == null || original.length() <= MAX_USER_STRING_LENGTH) {
return original;
}
return original.substring(0, MAX_USER_STRING_LENGTH);
}
/*
* Writes the user list file in this format:
*
* <users nextSerialNumber="3">
* <user id="0"></user>
* <user id="2"></user>
* </users>
*/
@GuardedBy({"mPackagesLock"})
private void writeUserListLP() {
if (DBG) {
debug("writeUserList");
}
try (ResilientAtomicFile file = getUserListFile()) {
FileOutputStream fos = null;
try {
fos = file.startWrite();
final TypedXmlSerializer serializer = Xml.resolveSerializer(fos);
serializer.startDocument(null, true);
serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output",
true);
serializer.startTag(null, TAG_USERS);
serializer.attributeInt(null, ATTR_NEXT_SERIAL_NO, mNextSerialNumber);
serializer.attributeInt(null, ATTR_USER_VERSION, mUserVersion);
serializer.attributeInt(null, ATTR_USER_TYPE_VERSION, mUserTypeVersion);
if (!Flags.saveGlobalAndGuestRestrictionsOnSystemUserXmlReadOnly()) {
serializer.startTag(null, TAG_GUEST_RESTRICTIONS);
synchronized (mGuestRestrictions) {
UserRestrictionsUtils
.writeRestrictions(serializer, mGuestRestrictions,
TAG_RESTRICTIONS);
}
serializer.endTag(null, TAG_GUEST_RESTRICTIONS);
}
int[] userIdsToWrite;
synchronized (mUsersLock) {
userIdsToWrite = new int[mUsers.size()];
for (int i = 0; i < userIdsToWrite.length; i++) {
UserInfo user = mUsers.valueAt(i).info;
userIdsToWrite[i] = user.id;
}
}
for (int id : userIdsToWrite) {
serializer.startTag(null, TAG_USER);
serializer.attributeInt(null, ATTR_ID, id);
serializer.endTag(null, TAG_USER);
}
serializer.endTag(null, TAG_USERS);
serializer.endDocument();
file.finishWrite(fos);
} catch (Exception e) {
Slog.e(LOG_TAG, "Error writing user list", e);
file.failWrite(fos);
}
}
}
@GuardedBy({"mPackagesLock"})
private UserData readUserLP(int id, int userVersion) {
try (ResilientAtomicFile file = getUserFile(id)) {
FileInputStream fis = null;
try {
fis = file.openRead();
if (fis == null) {
Slog.e(LOG_TAG, "User info not found, returning null, user id: " + id);
return null;
}
return readUserLP(id, fis, userVersion);
} catch (Exception e) {
// Remove corrupted file and retry.
Slog.e(LOG_TAG, "Error reading user info, user id: " + id);
file.failRead(fis, e);
return readUserLP(id, userVersion);
}
}
}
@GuardedBy({"mPackagesLock"})
@VisibleForTesting
UserData readUserLP(int id, InputStream is, int userVersion) throws IOException,
XmlPullParserException {
int flags = 0;
String userType = null;
int serialNumber = id;
String name = null;
String account = null;
String iconPath = null;
long creationTime = 0L;
long lastLoggedInTime = 0L;
long lastRequestQuietModeEnabledTimestamp = 0L;
String lastLoggedInFingerprint = null;
long lastEnteredForegroundTime = 0L;
int profileGroupId = UserInfo.NO_PROFILE_GROUP_ID;
int profileBadge = 0;
int restrictedProfileParentId = UserInfo.NO_PROFILE_GROUP_ID;
boolean partial = false;
boolean preCreated = false;
boolean converted = false;
boolean guestToRemove = false;
boolean persistSeedData = false;
String seedAccountName = null;
String seedAccountType = null;
PersistableBundle seedAccountOptions = null;
UserProperties userProperties = null;
Bundle baseRestrictions = null;
Bundle legacyLocalRestrictions = null;
Bundle localRestrictions = null;
Bundle globalRestrictions = null;
boolean ignorePrepareStorageErrors = true; // default is true for old users
final TypedXmlPullParser parser = Xml.resolvePullParser(is);
int type;
while ((type = parser.next()) != XmlPullParser.START_TAG
&& type != XmlPullParser.END_DOCUMENT) {
// Skip
}
if (type != XmlPullParser.START_TAG) {
Slog.e(LOG_TAG, "Unable to read user " + id);
return null;
}
if (type == XmlPullParser.START_TAG && parser.getName().equals(TAG_USER)) {
int storedId = parser.getAttributeInt(null, ATTR_ID, -1);
if (storedId != id) {
Slog.e(LOG_TAG, "User id does not match the file name");
return null;
}
serialNumber = parser.getAttributeInt(null, ATTR_SERIAL_NO, id);
flags = parser.getAttributeInt(null, ATTR_FLAGS, 0);
userType = parser.getAttributeValue(null, ATTR_TYPE);
userType = userType != null ? userType.intern() : null;
iconPath = parser.getAttributeValue(null, ATTR_ICON_PATH);
creationTime = parser.getAttributeLong(null, ATTR_CREATION_TIME, 0);
lastLoggedInTime = parser.getAttributeLong(null, ATTR_LAST_LOGGED_IN_TIME, 0);
lastLoggedInFingerprint = parser.getAttributeValue(null,
ATTR_LAST_LOGGED_IN_FINGERPRINT);
lastEnteredForegroundTime =
parser.getAttributeLong(null, ATTR_LAST_ENTERED_FOREGROUND_TIME, 0L);
profileGroupId = parser.getAttributeInt(null, ATTR_PROFILE_GROUP_ID,
UserInfo.NO_PROFILE_GROUP_ID);
profileBadge = parser.getAttributeInt(null, ATTR_PROFILE_BADGE, 0);
restrictedProfileParentId = parser.getAttributeInt(null,
ATTR_RESTRICTED_PROFILE_PARENT_ID, UserInfo.NO_PROFILE_GROUP_ID);
partial = parser.getAttributeBoolean(null, ATTR_PARTIAL, false);
preCreated = parser.getAttributeBoolean(null, ATTR_PRE_CREATED, false);
converted = parser.getAttributeBoolean(null, ATTR_CONVERTED_FROM_PRE_CREATED, false);
guestToRemove = parser.getAttributeBoolean(null, ATTR_GUEST_TO_REMOVE, false);
seedAccountName = parser.getAttributeValue(null, ATTR_SEED_ACCOUNT_NAME);
seedAccountType = parser.getAttributeValue(null, ATTR_SEED_ACCOUNT_TYPE);
if (seedAccountName != null || seedAccountType != null) {
persistSeedData = true;
}
int outerDepth = parser.getDepth();
while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
&& (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
continue;
}
String tag = parser.getName();
if (TAG_NAME.equals(tag)) {
type = parser.next();
if (type == XmlPullParser.TEXT) {
name = parser.getText();
}
} else if (TAG_RESTRICTIONS.equals(tag)) {
baseRestrictions = UserRestrictionsUtils.readRestrictions(parser);
} else if (TAG_DEVICE_POLICY_RESTRICTIONS.equals(tag)) {
legacyLocalRestrictions = UserRestrictionsUtils.readRestrictions(parser);
} else if (TAG_DEVICE_POLICY_LOCAL_RESTRICTIONS.equals(tag)) {
if (userVersion < 10) {
// Prior to version 10, the local user restrictions were stored as sub tags
// grouped by the user id of the source user. The source is no longer stored
// on versions 10+ as this is now stored in the DevicePolicyEngine.
RestrictionsSet oldLocalRestrictions =
RestrictionsSet.readRestrictions(
parser, TAG_DEVICE_POLICY_LOCAL_RESTRICTIONS);
localRestrictions = oldLocalRestrictions.mergeAll();
} else {
localRestrictions = UserRestrictionsUtils.readRestrictions(parser);
}
} else if (TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS.equals(tag)) {
globalRestrictions = UserRestrictionsUtils.readRestrictions(parser);
} else if (TAG_GUEST_RESTRICTIONS.equals(tag)) {
while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
&& type != XmlPullParser.END_TAG) {
if (type == XmlPullParser.START_TAG) {
if (parser.getName().equals(TAG_RESTRICTIONS)) {
synchronized (mGuestRestrictions) {
UserRestrictionsUtils
.readRestrictions(parser, mGuestRestrictions);
}
}
break;
}
}
} else if (TAG_ACCOUNT.equals(tag)) {
type = parser.next();
if (type == XmlPullParser.TEXT) {
account = parser.getText();
}
} else if (TAG_SEED_ACCOUNT_OPTIONS.equals(tag)) {
seedAccountOptions = PersistableBundle.restoreFromXml(parser);
persistSeedData = true;
} else if (TAG_USER_PROPERTIES.equals(tag)) {
// We already got the userType above (if it exists), so we can use it.
// And it must exist, since ATTR_TYPE historically predates PROPERTIES.
final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
if (userTypeDetails == null) {
Slog.e(LOG_TAG, "User has properties but no user type!");
return null;
}
final UserProperties defaultProps
= userTypeDetails.getDefaultUserPropertiesReference();
userProperties = new UserProperties(parser, defaultProps);
} else if (TAG_LAST_REQUEST_QUIET_MODE_ENABLED_CALL.equals(tag)) {
type = parser.next();
if (type == XmlPullParser.TEXT) {
lastRequestQuietModeEnabledTimestamp = Long.parseLong(parser.getText());
}
} else if (TAG_IGNORE_PREPARE_STORAGE_ERRORS.equals(tag)) {
type = parser.next();
if (type == XmlPullParser.TEXT) {
ignorePrepareStorageErrors = Boolean.parseBoolean(parser.getText());
}
}
}
}
// Create the UserInfo object that gets passed around
UserInfo userInfo = new UserInfo(id, name, iconPath, flags, userType);
userInfo.serialNumber = serialNumber;
userInfo.creationTime = creationTime;
userInfo.lastLoggedInTime = lastLoggedInTime;
userInfo.lastLoggedInFingerprint = lastLoggedInFingerprint;
userInfo.partial = partial;
userInfo.preCreated = preCreated;
userInfo.convertedFromPreCreated = converted;
userInfo.guestToRemove = guestToRemove;
userInfo.profileGroupId = profileGroupId;
userInfo.profileBadge = profileBadge;
userInfo.restrictedProfileParentId = restrictedProfileParentId;
// Create the UserData object that's internal to this class
UserData userData = new UserData();
userData.info = userInfo;
userData.account = account;
userData.seedAccountName = seedAccountName;
userData.seedAccountType = seedAccountType;
userData.persistSeedData = persistSeedData;
userData.seedAccountOptions = seedAccountOptions;
userData.userProperties = userProperties;
userData.setLastRequestQuietModeEnabledMillis(lastRequestQuietModeEnabledTimestamp);
userData.mLastEnteredForegroundTimeMillis = lastEnteredForegroundTime;
if (ignorePrepareStorageErrors) {
userData.setIgnorePrepareStorageErrors();
}
synchronized (mRestrictionsLock) {
if (baseRestrictions != null) {
mBaseUserRestrictions.updateRestrictions(id, baseRestrictions);
}
if (localRestrictions != null) {
mDevicePolicyUserRestrictions.updateRestrictions(id, localRestrictions);
if (legacyLocalRestrictions != null) {
Slog.wtf(LOG_TAG, "Seeing both legacy and current local restrictions in xml");
}
} else if (legacyLocalRestrictions != null) {
mDevicePolicyUserRestrictions.updateRestrictions(id, legacyLocalRestrictions);
}
if (globalRestrictions != null) {
mDevicePolicyUserRestrictions.updateRestrictions(UserHandle.USER_ALL,
globalRestrictions);
}
}
return userData;
}
/**
* Removes the app restrictions file for a specific package and user id, if it exists.
*
* @return whether there were any restrictions.
*/
@GuardedBy({"mAppRestrictionsLock"})
private static boolean cleanAppRestrictionsForPackageLAr(String pkg, @UserIdInt int userId) {
final File dir = Environment.getUserSystemDirectory(userId);
final File resFile = new File(dir, packageToRestrictionsFileName(pkg));
if (resFile.exists()) {
resFile.delete();
return true;
}
return false;
}
/**
* Creates a profile user. Used for actual profiles, like
* {@link UserManager#USER_TYPE_PROFILE_MANAGED},
* as well as for {@link UserManager#USER_TYPE_FULL_RESTRICTED}.
*/
@Override
public @NonNull UserInfo createProfileForUserWithThrow(
@Nullable String name, @NonNull String userType, @UserInfoFlag int flags,
@UserIdInt int userId, @Nullable String[] disallowedPackages)
throws ServiceSpecificException {
checkCreateUsersPermission(flags);
try {
return createUserInternal(name, userType, flags, userId, disallowedPackages);
} catch (UserManager.CheckedUserOperationException e) {
throw e.toServiceSpecificException();
}
}
/**
* @see #createProfileForUser
*/
@Override
public @NonNull UserInfo createProfileForUserEvenWhenDisallowedWithThrow(
@Nullable String name, @NonNull String userType, @UserInfoFlag int flags,
@UserIdInt int userId, @Nullable String[] disallowedPackages)
throws ServiceSpecificException {
checkCreateUsersPermission(flags);
try {
return createUserInternalUnchecked(name, userType, flags, userId,
/* preCreate= */ false, disallowedPackages, /* token= */ null);
} catch (UserManager.CheckedUserOperationException e) {
throw e.toServiceSpecificException();
}
}
@Override
public @NonNull UserInfo createUserWithThrow(
@Nullable String name, @NonNull String userType, @UserInfoFlag int flags)
throws ServiceSpecificException {
checkCreateUsersPermission(flags);
try {
return createUserInternal(name, userType, flags, UserHandle.USER_NULL,
/* disallowedPackages= */ null);
} catch (UserManager.CheckedUserOperationException e) {
throw e.toServiceSpecificException();
}
}
@Override
public @NonNull UserInfo preCreateUserWithThrow(
@NonNull String userType)
throws ServiceSpecificException {
final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
final int flags = userTypeDetails != null ? userTypeDetails.getDefaultUserInfoFlags() : 0;
checkCreateUsersPermission(flags);
Preconditions.checkArgument(isUserTypeEligibleForPreCreation(userTypeDetails),
"cannot pre-create user of type " + userType);
Slog.i(LOG_TAG, "Pre-creating user of type " + userType);
try {
return createUserInternalUnchecked(/* name= */ null, userType, flags,
/* parentId= */ UserHandle.USER_NULL, /* preCreate= */ true,
/* disallowedPackages= */ null, /* token= */ null);
} catch (UserManager.CheckedUserOperationException e) {
throw e.toServiceSpecificException();
}
}
@Override
public @NonNull UserHandle createUserWithAttributes(
@Nullable String userName, @NonNull String userType, @UserInfoFlag int flags,
@Nullable Bitmap userIcon, @Nullable String accountName, @Nullable String accountType,
@Nullable PersistableBundle accountOptions)
throws ServiceSpecificException {
checkCreateUsersPermission(flags);
if (someUserHasAccountNoChecks(accountName, accountType)) {
throw new ServiceSpecificException(
UserManager.USER_OPERATION_ERROR_USER_ACCOUNT_ALREADY_EXISTS);
}
UserInfo userInfo;
try {
userInfo = createUserInternal(userName, userType, flags, UserHandle.USER_NULL, null);
} catch (UserManager.CheckedUserOperationException e) {
throw e.toServiceSpecificException();
}
if (userIcon != null) {
mLocalService.setUserIcon(userInfo.id, userIcon);
}
setSeedAccountDataNoChecks(userInfo.id, accountName, accountType, accountOptions, true);
return userInfo.getUserHandle();
}
private @NonNull UserInfo createUserInternal(
@Nullable String name, @NonNull String userType,
@UserInfoFlag int flags, @UserIdInt int parentId,
@Nullable String[] disallowedPackages)
throws UserManager.CheckedUserOperationException {
// Checking user restriction before creating new user,
// default check is for DISALLOW_ADD_USER
// If new user is of type CLONE, check if creation of clone profile is allowed
// If new user is of type MANAGED, check if creation of managed profile is allowed
// If new user is of type PRIVATE, check if creation of private profile is allowed
String restriction = UserManager.DISALLOW_ADD_USER;
if (UserManager.isUserTypeCloneProfile(userType)) {
restriction = UserManager.DISALLOW_ADD_CLONE_PROFILE;
} else if (UserManager.isUserTypeManagedProfile(userType)) {
restriction = UserManager.DISALLOW_ADD_MANAGED_PROFILE;
} else if (UserManager.isUserTypePrivateProfile(userType)) {
restriction = UserManager.DISALLOW_ADD_PRIVATE_PROFILE;
}
enforceUserRestriction(restriction, UserHandle.getCallingUserId(),
"Cannot add user");
return createUserInternalUnchecked(name, userType, flags, parentId,
/* preCreate= */ false, disallowedPackages, /* token= */ null);
}
private @NonNull UserInfo createUserInternalUnchecked(
@Nullable String name, @NonNull String userType, @UserInfoFlag int flags,
@UserIdInt int parentId, boolean preCreate, @Nullable String[] disallowedPackages,
@Nullable Object token)
throws UserManager.CheckedUserOperationException {
final int noneUserId = -1;
final TimingsTraceAndSlog t = new TimingsTraceAndSlog();
t.traceBegin("createUser-" + flags);
mUserJourneyLogger.logUserJourneyBegin(noneUserId, USER_JOURNEY_USER_CREATE);
UserInfo newUser = null;
try {
newUser = createUserInternalUncheckedNoTracing(name, userType, flags, parentId,
preCreate, disallowedPackages, t, token);
return newUser;
} finally {
if (newUser != null) {
mUserJourneyLogger.logUserCreateJourneyFinish(getCurrentUserId(), newUser);
} else {
mUserJourneyLogger.logNullUserJourneyError(
USER_JOURNEY_USER_CREATE,
getCurrentUserId(), noneUserId, userType, flags);
}
t.traceEnd();
}
}
private @NonNull UserInfo createUserInternalUncheckedNoTracing(
@Nullable String name, @NonNull String userType, @UserInfoFlag int flags,
@UserIdInt int parentId, boolean preCreate, @Nullable String[] disallowedPackages,
@NonNull TimingsTraceAndSlog t, @Nullable Object token)
throws UserManager.CheckedUserOperationException {
String truncatedName = truncateString(name);
final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
if (userTypeDetails == null) {
throwCheckedUserOperationException(
"Cannot create user of invalid user type: " + userType,
USER_OPERATION_ERROR_UNKNOWN);
}
userType = userType.intern(); // Now that we know it's valid, we can intern it.
flags |= userTypeDetails.getDefaultUserInfoFlags();
if (!checkUserTypeConsistency(flags)) {
throwCheckedUserOperationException(
"Cannot add user. Flags (" + Integer.toHexString(flags)
+ ") and userTypeDetails (" + userType + ") are inconsistent.",
USER_OPERATION_ERROR_UNKNOWN);
}
if ((flags & UserInfo.FLAG_SYSTEM) != 0) {
throwCheckedUserOperationException(
"Cannot add user. Flags (" + Integer.toHexString(flags)
+ ") indicated SYSTEM user, which cannot be created.",
USER_OPERATION_ERROR_UNKNOWN);
}
if (!isUserTypeEnabled(userTypeDetails)) {
throwCheckedUserOperationException(
"Cannot add a user of disabled type " + userType + ".",
UserManager.USER_OPERATION_ERROR_MAX_USERS);
}
synchronized (mUsersLock) {
if (mForceEphemeralUsers) {
flags |= UserInfo.FLAG_EPHEMERAL;
}
}
// Try to use a pre-created user (if available).
if (!preCreate && parentId < 0 && isUserTypeEligibleForPreCreation(userTypeDetails)) {
final UserInfo preCreatedUser = convertPreCreatedUserIfPossible(userType, flags,
truncatedName, token);
if (preCreatedUser != null) {
return preCreatedUser;
}
}
DeviceStorageMonitorInternal dsm = LocalServices
.getService(DeviceStorageMonitorInternal.class);
if (dsm.isMemoryLow()) {
throwCheckedUserOperationException(
"Cannot add user. Not enough space on disk.",
UserManager.USER_OPERATION_ERROR_LOW_STORAGE);
}
final boolean isMainUser = (flags & UserInfo.FLAG_MAIN) != 0;
final boolean isProfile = userTypeDetails.isProfile();
final boolean isGuest = UserManager.isUserTypeGuest(userType);
final boolean isRestricted = UserManager.isUserTypeRestricted(userType);
final boolean isDemo = UserManager.isUserTypeDemo(userType);
final boolean isManagedProfile = UserManager.isUserTypeManagedProfile(userType);
final boolean isCommunalProfile = UserManager.isUserTypeCommunalProfile(userType);
final long ident = Binder.clearCallingIdentity();
UserInfo userInfo;
UserData userData;
final int userId;
try {
synchronized (mPackagesLock) {
UserData parent = null;
if (parentId != UserHandle.USER_NULL) {
synchronized (mUsersLock) {
parent = getUserDataLU(parentId);
}
if (parent == null) {
throwCheckedUserOperationException(
"Cannot find user data for parent user " + parentId,
USER_OPERATION_ERROR_UNKNOWN);
}
}
if (isMainUser && getMainUserIdUnchecked() != UserHandle.USER_NULL) {
throwCheckedUserOperationException(
"Cannot add user with FLAG_MAIN as main user already exists.",
UserManager.USER_OPERATION_ERROR_MAX_USERS);
}
if (!preCreate && !canAddMoreUsersOfType(userTypeDetails)) {
throwCheckedUserOperationException(
"Cannot add more users of type " + userType
+ ". Maximum number of that type already exists.",
UserManager.USER_OPERATION_ERROR_MAX_USERS);
}
// Keep logic in sync with getRemainingCreatableUserCount()
if (!isGuest && !isManagedProfile && !isDemo && isUserLimitReached()) {
// If the user limit has been reached, we cannot add a user (except guest/demo).
// Note that managed profiles can bypass it in certain circumstances (taken
// into account in the profile check below).
throwCheckedUserOperationException(
"Cannot add user. Maximum user limit is reached.",
UserManager.USER_OPERATION_ERROR_MAX_USERS);
}
// TODO(b/142482943): Perhaps let the following code apply to restricted users too.
if (isProfile && !isCommunalProfile &&
!canAddMoreProfilesToUser(userType, parentId, false)) {
throwCheckedUserOperationException(
"Cannot add more profiles of type " + userType
+ " for user " + parentId,
UserManager.USER_OPERATION_ERROR_MAX_USERS);
}
if (isRestricted && (parentId != UserHandle.USER_SYSTEM)
&& !isCreationOverrideEnabled()) {
throwCheckedUserOperationException(
"Cannot add restricted profile - parent user must be system",
USER_OPERATION_ERROR_UNKNOWN);
}
userId = getNextAvailableId();
Slog.i(LOG_TAG, "Creating user " + userId + " of type " + userType);
Environment.getUserSystemDirectory(userId).mkdirs();
synchronized (mUsersLock) {
// Inherit ephemeral flag from parent.
if (parent != null && parent.info.isEphemeral()) {
flags |= UserInfo.FLAG_EPHEMERAL;
}
// Always clear EPHEMERAL for pre-created users, otherwise the storage key
// won't be persisted. The flag will be re-added (if needed) when the
// pre-created user is "converted" to a normal user.
if (preCreate) {
flags &= ~UserInfo.FLAG_EPHEMERAL;
}
if ((flags & UserInfo.FLAG_EPHEMERAL) != 0) {
flags |= UserInfo.FLAG_EPHEMERAL_ON_CREATE;
}
userInfo = new UserInfo(userId, truncatedName, null, flags, userType);
userInfo.serialNumber = mNextSerialNumber++;
userInfo.creationTime = getCreationTime();
userInfo.partial = true;
userInfo.preCreated = preCreate;
userInfo.lastLoggedInFingerprint = PackagePartitions.FINGERPRINT;
if (userTypeDetails.hasBadge() && parentId != UserHandle.USER_NULL) {
userInfo.profileBadge = getFreeProfileBadgeLU(parentId, userType);
}
userData = new UserData();
userData.info = userInfo;
userData.userProperties = new UserProperties(
userTypeDetails.getDefaultUserPropertiesReference());
mUsers.put(userId, userData);
}
writeUserLP(userData);
writeUserListLP();
if (parent != null) {
if (isProfile) {
if (parent.info.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID) {
parent.info.profileGroupId = parent.info.id;
writeUserLP(parent);
}
userInfo.profileGroupId = parent.info.profileGroupId;
} else if (isRestricted) {
if (parent.info.restrictedProfileParentId == UserInfo.NO_PROFILE_GROUP_ID) {
parent.info.restrictedProfileParentId = parent.info.id;
writeUserLP(parent);
}
userInfo.restrictedProfileParentId = parent.info.restrictedProfileParentId;
}
}
}
t.traceBegin("createUserStorageKeys");
final StorageManager storage = mContext.getSystemService(StorageManager.class);
storage.createUserStorageKeys(userId, userInfo.isEphemeral());
t.traceEnd();
// Only prepare DE storage here. CE storage will be prepared later, when the user is
// unlocked. We do this to ensure that CE storage isn't prepared before the CE key is
// saved to disk. This also matches what is done for user 0.
t.traceBegin("prepareUserData");
mUserDataPreparer.prepareUserData(userInfo, StorageManager.FLAG_STORAGE_DE);
t.traceEnd();
t.traceBegin("LSS.createNewUser");
mLockPatternUtils.createNewUser(userId, userInfo.serialNumber);
t.traceEnd();
final Set<String> userTypeInstallablePackages =
mSystemPackageInstaller.getInstallablePackagesForUserType(userType);
t.traceBegin("PM.createNewUser");
mPm.createNewUser(userId, userTypeInstallablePackages, disallowedPackages);
t.traceEnd();
Bundle restrictions = new Bundle();
if (isGuest) {
// Guest default restrictions can be modified via setDefaultGuestRestrictions.
synchronized (mGuestRestrictions) {
restrictions.putAll(mGuestRestrictions);
}
} else {
userTypeDetails.addDefaultRestrictionsTo(restrictions);
if (isMainUser) {
restrictions.remove(UserManager.DISALLOW_OUTGOING_CALLS);
restrictions.remove(UserManager.DISALLOW_SMS);
}
}
synchronized (mRestrictionsLock) {
mBaseUserRestrictions.updateRestrictions(userId, restrictions);
}
userInfo.partial = false;
synchronized (mPackagesLock) {
writeUserLP(userData);
}
updateUserIds();
t.traceBegin("PM.onNewUserCreated-" + userId);
mPm.onNewUserCreated(userId, /* convertedFromPreCreated= */ false);
t.traceEnd();
applyDefaultUserSettings(userTypeDetails, userId);
setDefaultCrossProfileIntentFilters(userId, userTypeDetails, restrictions, parentId);
if (preCreate) {
// Must start user (which will be stopped right away, through
// UserController.finishUserUnlockedCompleted) so services can properly
// intialize it.
// NOTE: user will be stopped on UserController.finishUserUnlockedCompleted().
Slog.i(LOG_TAG, "starting pre-created user " + userInfo.toFullString());
final IActivityManager am = ActivityManager.getService();
try {
am.startUserInBackground(userId);
} catch (RemoteException e) {
Slog.w(LOG_TAG, "could not start pre-created user " + userId, e);
}
} else {
dispatchUserAdded(userInfo, token);
}
} finally {
Binder.restoreCallingIdentity(ident);
}
// TODO(b/143092698): it's possible to reach "max users overflow" when the user is created
// "from scratch" (i.e., not from a pre-created user) and reaches the maximum number of
// users without counting the pre-created one. Then when the pre-created is converted, the
// "effective" number of max users is exceeds. Example:
// Max: 3 Current: 2 full (u0 and u10) + 1 pre-created (u11)
// Step 1: create(/* flags doesn't match u11 */): u12 is created, "effective max" is now 3
// (u0, u10, u12) but "real" max is 4 (u0, u10, u11, u12)
// Step 2: create(/* flags match u11 */): u11 is converted, now "effective max" is also 4
// (u0, u10, u11, u12)
// One way to avoid this issue is by removing a pre-created user from the pool when the
// "real" max exceeds the max here.
return userInfo;
}
private void applyDefaultUserSettings(UserTypeDetails userTypeDetails, @UserIdInt int userId) {
final Bundle systemSettings = userTypeDetails.getDefaultSystemSettings();
final Bundle secureSettings = userTypeDetails.getDefaultSecureSettings();
if (systemSettings.isEmpty() && secureSettings.isEmpty()) {
return;
}
final int systemSettingsSize = systemSettings.size();
final String[] systemSettingsArray = systemSettings.keySet().toArray(
new String[systemSettingsSize]);
for (int i = 0; i < systemSettingsSize; i++) {
final String setting = systemSettingsArray[i];
if (!Settings.System.putStringForUser(
mContext.getContentResolver(), setting, systemSettings.getString(setting),
userId)) {
Slog.e(LOG_TAG, "Failed to insert default system setting: " + setting);
}
}
final int secureSettingsSize = secureSettings.size();
final String[] secureSettingsArray = secureSettings.keySet().toArray(
new String[secureSettingsSize]);
for (int i = 0; i < secureSettingsSize; i++) {
final String setting = secureSettingsArray[i];
if (!Settings.Secure.putStringForUser(
mContext.getContentResolver(), setting, secureSettings.getString(setting),
userId)) {
Slog.e(LOG_TAG, "Failed to insert default secure setting: " + setting);
}
}
}
/**
* Sets all default cross profile intent filters between {@code parentUserId} and
* {@code profileUserId}, does nothing if {@code userType} is not a profile.
*/
private void setDefaultCrossProfileIntentFilters(
@UserIdInt int profileUserId, UserTypeDetails profileDetails,
Bundle profileRestrictions, @UserIdInt int parentUserId) {
if (profileDetails == null || !profileDetails.isProfile()) {
return;
}
final List<DefaultCrossProfileIntentFilter> filters =
profileDetails.getDefaultCrossProfileIntentFilters();
if (filters.isEmpty()) {
return;
}
// Skip filters that allow data to be shared into the profile, if admin has disabled it.
final boolean disallowSharingIntoProfile =
profileRestrictions.getBoolean(
UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE,
/* defaultValue = */ false);
final int size = profileDetails.getDefaultCrossProfileIntentFilters().size();
for (int i = 0; i < size; i++) {
final DefaultCrossProfileIntentFilter filter =
profileDetails.getDefaultCrossProfileIntentFilters().get(i);
if (disallowSharingIntoProfile && filter.letsPersonalDataIntoProfile) {
continue;
}
if (filter.direction == DefaultCrossProfileIntentFilter.Direction.TO_PARENT) {
mPm.addCrossProfileIntentFilter(mPm.snapshotComputer(),
filter.filter, mContext.getOpPackageName(), profileUserId, parentUserId,
filter.flags);
} else {
mPm.addCrossProfileIntentFilter(mPm.snapshotComputer(),
filter.filter, mContext.getOpPackageName(), parentUserId, profileUserId,
filter.flags);
}
}
}
/**
* Finds and converts a previously pre-created user into a regular user, if possible.
*
* @return the converted user, or {@code null} if no pre-created user could be converted.
*/
private @Nullable UserInfo convertPreCreatedUserIfPossible(String userType,
@UserInfoFlag int flags, @Nullable String name, @Nullable Object token) {
final UserData preCreatedUserData;
synchronized (mUsersLock) {
preCreatedUserData = getPreCreatedUserLU(userType);
}
if (preCreatedUserData == null) {
return null;
}
synchronized (mUserStates) {
if (mUserStates.has(preCreatedUserData.info.id)) {
Slog.w(LOG_TAG, "Cannot reuse pre-created user "
+ preCreatedUserData.info.id + " because it didn't stop yet");
return null;
}
}
final UserInfo preCreatedUser = preCreatedUserData.info;
final int newFlags = preCreatedUser.flags | flags;
if (!checkUserTypeConsistency(newFlags)) {
Slog.wtf(LOG_TAG, "Cannot reuse pre-created user " + preCreatedUser.id
+ " of type " + userType + " because flags are inconsistent. "
+ "Flags (" + Integer.toHexString(flags) + "); preCreatedUserFlags ( "
+ Integer.toHexString(preCreatedUser.flags) + ").");
return null;
}
Slog.i(LOG_TAG, "Reusing pre-created user " + preCreatedUser.id + " of type "
+ userType + " and bestowing on it flags " + UserInfo.flagsToString(flags));
preCreatedUser.name = name;
preCreatedUser.flags = newFlags;
preCreatedUser.preCreated = false;
preCreatedUser.convertedFromPreCreated = true;
preCreatedUser.creationTime = getCreationTime();
synchronized (mPackagesLock) {
writeUserLP(preCreatedUserData);
writeUserListLP();
}
updateUserIds();
Binder.withCleanCallingIdentity(() -> {
mPm.onNewUserCreated(preCreatedUser.id, /* convertedFromPreCreated= */ true);
dispatchUserAdded(preCreatedUser, token);
VoiceInteractionManagerInternal vimi = LocalServices
.getService(VoiceInteractionManagerInternal.class);
if (vimi != null) {
vimi.onPreCreatedUserConversion(preCreatedUser.id);
}
});
return preCreatedUser;
}
/** Checks that the flags do not contain mutually exclusive types/properties. */
@VisibleForTesting
static boolean checkUserTypeConsistency(@UserInfoFlag int flags) {
// Mask to check that flags don't refer to multiple user types.
final int userTypeFlagMask = UserInfo.FLAG_GUEST | UserInfo.FLAG_DEMO
| UserInfo.FLAG_RESTRICTED | UserInfo.FLAG_PROFILE;
return isAtMostOneFlag(flags & userTypeFlagMask)
&& isAtMostOneFlag(flags & (UserInfo.FLAG_PROFILE | UserInfo.FLAG_FULL))
&& isAtMostOneFlag(flags & (UserInfo.FLAG_PROFILE | UserInfo.FLAG_SYSTEM));
}
/** Returns whether the given flags contains at most one 1. */
private static boolean isAtMostOneFlag(int flags) {
return (flags & (flags - 1)) == 0;
// If !=0, this means that flags is not a power of 2, and therefore is multiple types.
}
/** Install/uninstall system packages for all users based on their user-type, as applicable. */
boolean installWhitelistedSystemPackages(boolean isFirstBoot, boolean isUpgrade,
@Nullable ArraySet<String> existingPackages) {
return mSystemPackageInstaller.installWhitelistedSystemPackages(
isFirstBoot || mUpdatingSystemUserMode, isUpgrade, existingPackages);
}
@Override
public String[] getPreInstallableSystemPackages(@NonNull String userType) {
checkCreateUsersPermission("getPreInstallableSystemPackages");
final Set<String> installableSystemPackages =
mSystemPackageInstaller.getInstallablePackagesForUserType(userType);
if (installableSystemPackages == null) {
return null;
}
return installableSystemPackages.toArray(new String[installableSystemPackages.size()]);
}
private long getCreationTime() {
final long now = System.currentTimeMillis();
return (now > EPOCH_PLUS_30_YEARS) ? now : 0;
}
private void dispatchUserAdded(@NonNull UserInfo userInfo, @Nullable Object token) {
// Notify internal listeners first...
synchronized (mUserLifecycleListeners) {
for (int i = 0; i < mUserLifecycleListeners.size(); i++) {
mUserLifecycleListeners.get(i).onUserCreated(userInfo, token);
}
}
//...then external ones
Intent addedIntent = new Intent(Intent.ACTION_USER_ADDED);
addedIntent.addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
// In HSUM, MainUser might be created before PHASE_ACTIVITY_MANAGER_READY has been sent.
addedIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT);
addedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userInfo.id);
// Also, add the UserHandle for mainline modules which can't use the @hide
// EXTRA_USER_HANDLE.
addedIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(userInfo.id));
mContext.sendBroadcastAsUser(addedIntent, UserHandle.ALL,
android.Manifest.permission.MANAGE_USERS);
MetricsLogger.count(mContext, userInfo.isGuest() ? TRON_GUEST_CREATED
: (userInfo.isDemo() ? TRON_DEMO_CREATED : TRON_USER_CREATED), 1);
if (userInfo.isProfile()) {
sendProfileAddedBroadcast(userInfo.profileGroupId, userInfo.id);
} else {
// If the user switch hasn't been explicitly toggled on or off by the user, turn it on.
if (android.provider.Settings.Global.getString(mContext.getContentResolver(),
android.provider.Settings.Global.USER_SWITCHER_ENABLED) == null) {
android.provider.Settings.Global.putInt(mContext.getContentResolver(),
android.provider.Settings.Global.USER_SWITCHER_ENABLED, 1);
}
}
}
/**
* Gets a pre-created user for the given user type.
*
* <p>Should be used only during user creation, so the pre-created user can be used (instead of
* creating and initializing a new user from scratch).
*/
// TODO(b/143092698): add unit test
@GuardedBy("mUsersLock")
private @Nullable UserData getPreCreatedUserLU(String userType) {
if (DBG) Slog.d(LOG_TAG, "getPreCreatedUser(): userType= " + userType);
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
final UserData user = mUsers.valueAt(i);
if (DBG) Slog.d(LOG_TAG, i + ":" + user.info.toFullString());
if (user.info.preCreated && !user.info.partial && user.info.userType.equals(userType)) {
if (!user.info.isInitialized()) {
Slog.w(LOG_TAG, "found pre-created user of type " + userType
+ ", but it's not initialized yet: " + user.info.toFullString());
continue;
}
return user;
}
}
return null;
}
/**
* Returns whether a user with the given userTypeDetails is eligible to be
* {@link UserInfo#preCreated}.
*/
private static boolean isUserTypeEligibleForPreCreation(UserTypeDetails userTypeDetails) {
if (userTypeDetails == null) {
return false;
}
return !userTypeDetails.isProfile()
&& !userTypeDetails.getName().equals(UserManager.USER_TYPE_FULL_RESTRICTED);
}
/** Register callbacks for statsd pulled atoms. */
private void registerStatsCallbacks() {
final StatsManager statsManager = mContext.getSystemService(StatsManager.class);
statsManager.setPullAtomCallback(
FrameworkStatsLog.USER_INFO,
null, // use default PullAtomMetadata values
DIRECT_EXECUTOR,
this::onPullAtom);
statsManager.setPullAtomCallback(
FrameworkStatsLog.MULTI_USER_INFO,
null, // use default PullAtomMetadata values
DIRECT_EXECUTOR,
this::onPullAtom);
}
/** Writes a UserInfo pulled atom for each user on the device. */
private int onPullAtom(int atomTag, List<StatsEvent> data) {
if (atomTag == FrameworkStatsLog.USER_INFO) {
final List<UserInfo> users = getUsersInternal(true, true, true);
final int size = users.size();
if (size > 1) {
for (int idx = 0; idx < size; idx++) {
final UserInfo user = users.get(idx);
final int userTypeStandard = mUserJourneyLogger
.getUserTypeForStatsd(user.userType);
final String userTypeCustom = (userTypeStandard == FrameworkStatsLog
.USER_LIFECYCLE_JOURNEY_REPORTED__USER_TYPE__TYPE_UNKNOWN)
?
user.userType : null;
boolean isUserRunningUnlocked;
synchronized (mUserStates) {
isUserRunningUnlocked =
mUserStates.get(user.id, -1) == UserState.STATE_RUNNING_UNLOCKED;
}
data.add(FrameworkStatsLog.buildStatsEvent(FrameworkStatsLog.USER_INFO,
user.id,
userTypeStandard,
userTypeCustom,
user.flags,
user.creationTime,
user.lastLoggedInTime,
isUserRunningUnlocked
));
}
}
} else if (atomTag == FrameworkStatsLog.MULTI_USER_INFO) {
if (UserManager.getMaxSupportedUsers() > 1) {
data.add(FrameworkStatsLog.buildStatsEvent(FrameworkStatsLog.MULTI_USER_INFO,
UserManager.getMaxSupportedUsers(),
isUserSwitcherEnabled(UserHandle.USER_ALL),
UserManager.supportsMultipleUsers()
&& !hasUserRestriction(UserManager.DISALLOW_ADD_USER,
UserHandle.USER_ALL)));
}
} else {
Slogf.e(LOG_TAG, "Unexpected atom tag: %d", atomTag);
return android.app.StatsManager.PULL_SKIP;
}
return android.app.StatsManager.PULL_SUCCESS;
}
@VisibleForTesting
UserData putUserInfo(UserInfo userInfo) {
final UserData userData = new UserData();
userData.info = userInfo;
synchronized (mUsersLock) {
mUsers.put(userInfo.id, userData);
}
updateUserIds();
return userData;
}
@VisibleForTesting
void removeUserInfo(@UserIdInt int userId) {
synchronized (mUsersLock) {
mUsers.remove(userId);
}
}
/**
* @hide
*/
@Override
public @NonNull UserInfo createRestrictedProfileWithThrow(
@Nullable String name, @UserIdInt int parentUserId)
throws ServiceSpecificException {
checkCreateUsersPermission("setupRestrictedProfile");
final UserInfo user = createProfileForUserWithThrow(
name, UserManager.USER_TYPE_FULL_RESTRICTED, 0, parentUserId, null);
final long identity = Binder.clearCallingIdentity();
try {
setUserRestriction(UserManager.DISALLOW_MODIFY_ACCOUNTS, true, user.id);
// Change the setting before applying the DISALLOW_SHARE_LOCATION restriction, otherwise
// the putIntForUser() will fail.
android.provider.Settings.Secure.putIntForUser(mContext.getContentResolver(),
android.provider.Settings.Secure.LOCATION_MODE,
android.provider.Settings.Secure.LOCATION_MODE_OFF, user.id);
setUserRestriction(UserManager.DISALLOW_SHARE_LOCATION, true, user.id);
} finally {
Binder.restoreCallingIdentity(identity);
}
return user;
}
/**
* Gets the existing guest users. If a Guest user is partial,
* then do not include it in the results as it is about to die.
*
* @return list of existing Guest users currently on the device.
*/
@Override
public List<UserInfo> getGuestUsers() {
checkManageUsersPermission("getGuestUsers");
final ArrayList<UserInfo> guestUsers = new ArrayList<>();
synchronized (mUsersLock) {
final int size = mUsers.size();
for (int i = 0; i < size; i++) {
final UserInfo user = mUsers.valueAt(i).info;
if (user.isGuest() && !user.guestToRemove && !user.preCreated
&& !mRemovingUserIds.get(user.id)) {
guestUsers.add(user);
}
}
}
return guestUsers;
}
/**
* Mark this guest user for deletion to allow us to create another guest
* and switch to that user before actually removing this guest.
* @param userId the userid of the current guest
* @return whether the user could be marked for deletion
*/
@Override
public boolean markGuestForDeletion(@UserIdInt int userId) {
checkManageUsersPermission("Only the system can remove users");
if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(
UserManager.DISALLOW_REMOVE_USER, false)) {
Slog.w(LOG_TAG, "Cannot remove user. DISALLOW_REMOVE_USER is enabled.");
return false;
}
final long ident = Binder.clearCallingIdentity();
try {
final UserData userData;
synchronized (mPackagesLock) {
synchronized (mUsersLock) {
userData = mUsers.get(userId);
if (userId == 0 || userData == null || mRemovingUserIds.get(userId)) {
return false;
}
}
if (!userData.info.isGuest()) {
return false;
}
// We set this to a guest user that is to be removed. This is a temporary state
// where we are allowed to add new Guest users, even if this one is still not
// removed. This user will still show up in getUserInfo() calls.
// If we don't get around to removing this Guest user, it will be purged on next
// startup.
userData.info.guestToRemove = true;
// Mark it as disabled, so that it isn't returned any more when
// profiles are queried.
userData.info.flags |= UserInfo.FLAG_DISABLED;
writeUserLP(userData);
}
} finally {
Binder.restoreCallingIdentity(ident);
}
return true;
}
/**
* Removes a user and its profiles along with all data directories created for that user
* and its profile.
* This method should be called after the user's processes have been terminated.
* @param userId the user's id
*/
@Override
public boolean removeUser(@UserIdInt int userId) {
Slog.i(LOG_TAG, "removeUser u" + userId);
checkCreateUsersPermission("Only the system can remove users");
final String restriction = getUserRemovalRestriction(userId);
if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(restriction, false)) {
Slog.w(LOG_TAG, "Cannot remove user. " + restriction + " is enabled.");
return false;
}
return removeUserWithProfilesUnchecked(userId);
}
private boolean removeUserWithProfilesUnchecked(@UserIdInt int userId) {
final UserData userData;
final boolean isProfile;
final IntArray profileIds;
synchronized (mUsersLock) {
final int userRemovability = getUserRemovabilityLocked(userId, "removed");
if (userRemovability != UserManager.REMOVE_RESULT_USER_IS_REMOVABLE) {
return UserManager.isRemoveResultSuccessful(userRemovability);
}
userData = mUsers.get(userId);
isProfile = userData.info.isProfile();
profileIds = isProfile ? null : getProfileIdsLU(userId, null, false);
}
if (!isProfile) {
Pair<Integer, Integer> currentAndTargetUserIds = getCurrentAndTargetUserIds();
if (userId == currentAndTargetUserIds.first) {
Slog.w(LOG_TAG, "Current user cannot be removed.");
return false;
}
if (userId == currentAndTargetUserIds.second) {
Slog.w(LOG_TAG, "Target user of an ongoing user switch cannot be removed.");
return false;
}
for (int i = profileIds.size() - 1; i >= 0; i--) {
int profileId = profileIds.get(i);
if (profileId == userId) {
//Remove the associated profiles first and then remove the user
continue;
}
Slog.i(LOG_TAG, "removing profile:" + profileId
+ " associated with user:" + userId);
if (!removeUserUnchecked(profileId)) {
// If the profile was not immediately removed, make sure it is marked as
// ephemeral. Don't mark as disabled since, per UserInfo.FLAG_DISABLED
// documentation, an ephemeral user should only be marked as disabled
// when its removal is in progress.
Slog.i(LOG_TAG, "Unable to immediately remove profile " + profileId
+ "associated with user " + userId + ". User is set as ephemeral "
+ "and will be removed on user switch or reboot.");
synchronized (mPackagesLock) {
UserData profileData = getUserDataNoChecks(userId);
profileData.info.flags |= UserInfo.FLAG_EPHEMERAL;
writeUserLP(profileData);
}
}
}
}
return removeUserUnchecked(userId);
}
@Override
public boolean removeUserEvenWhenDisallowed(@UserIdInt int userId) {
checkCreateUsersPermission("Only the system can remove users");
return removeUserWithProfilesUnchecked(userId);
}
/**
* Returns the string name of the restriction to check for user removal. The restriction name
* varies depending on whether the user is a managed profile.
*/
private String getUserRemovalRestriction(@UserIdInt int userId) {
final boolean isManagedProfile;
final UserInfo userInfo;
synchronized (mUsersLock) {
userInfo = getUserInfoLU(userId);
}
isManagedProfile = userInfo != null && userInfo.isManagedProfile();
return isManagedProfile
? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE : UserManager.DISALLOW_REMOVE_USER;
}
private boolean removeUserUnchecked(@UserIdInt int userId) {
final long ident = Binder.clearCallingIdentity();
try {
final UserData userData;
synchronized (mPackagesLock) {
synchronized (mUsersLock) {
final int userRemovability = getUserRemovabilityLocked(userId, "removed");
if (userRemovability != UserManager.REMOVE_RESULT_USER_IS_REMOVABLE) {
return UserManager.isRemoveResultSuccessful(userRemovability);
}
userData = mUsers.get(userId);
Slog.i(LOG_TAG, "Removing user " + userId);
addRemovingUserIdLocked(userId);
}
// Set this to a partially created user, so that the user will be purged
// on next startup, in case the runtime stops now before stopping and
// removing the user completely.
userData.info.partial = true;
// Mark it as disabled, so that it isn't returned any more when
// profiles are queried.
userData.info.flags |= UserInfo.FLAG_DISABLED;
writeUserLP(userData);
}
mUserJourneyLogger.logUserJourneyBegin(userId, USER_JOURNEY_USER_REMOVE);
mUserJourneyLogger.startSessionForDelayedJourney(userId,
USER_JOURNEY_USER_LIFECYCLE, userData.info.creationTime);
try {
mAppOpsService.removeUser(userId);
} catch (RemoteException e) {
Slog.w(LOG_TAG, "Unable to notify AppOpsService of removing user.", e);
}
if (userData.info.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID
&& userData.info.isProfile()) {
sendProfileRemovedBroadcast(userData.info.profileGroupId, userData.info.id,
userData.info.userType);
}
if (DBG) Slog.i(LOG_TAG, "Stopping user " + userId);
int res;
try {
res = ActivityManager.getService().stopUser(userId, /* force= */ true,
new IStopUserCallback.Stub() {
@Override
public void userStopped(int userIdParam) {
finishRemoveUser(userIdParam);
int originUserId = UserManagerService.this.getCurrentUserId();
mUserJourneyLogger.logUserJourneyFinishWithError(originUserId,
userData.info, USER_JOURNEY_USER_REMOVE,
ERROR_CODE_UNSPECIFIED);
mUserJourneyLogger
.logDelayedUserJourneyFinishWithError(originUserId,
userData.info, USER_JOURNEY_USER_LIFECYCLE,
ERROR_CODE_UNSPECIFIED);
}
@Override
public void userStopAborted(int userIdParam) {
int originUserId = UserManagerService.this.getCurrentUserId();
mUserJourneyLogger.logUserJourneyFinishWithError(originUserId,
userData.info, USER_JOURNEY_USER_REMOVE,
ERROR_CODE_ABORTED);
mUserJourneyLogger
.logDelayedUserJourneyFinishWithError(originUserId,
userData.info, USER_JOURNEY_USER_LIFECYCLE,
ERROR_CODE_ABORTED);
}
});
} catch (RemoteException e) {
Slog.w(LOG_TAG, "Failed to stop user during removal.", e);
return false;
}
return res == ActivityManager.USER_OP_SUCCESS;
} finally {
Binder.restoreCallingIdentity(ident);
}
}
@VisibleForTesting
void addRemovingUserId(@UserIdInt int userId) {
synchronized (mUsersLock) {
addRemovingUserIdLocked(userId);
}
}
@GuardedBy("mUsersLock")
void addRemovingUserIdLocked(@UserIdInt int userId) {
// We remember deleted user IDs to prevent them from being
// reused during the current boot; they can still be reused
// after a reboot or recycling of userIds.
mRemovingUserIds.put(userId, true);
mRecentlyRemovedIds.add(userId);
// Keep LRU queue of recently removed IDs for recycling
if (mRecentlyRemovedIds.size() > MAX_RECENTLY_REMOVED_IDS_SIZE) {
mRecentlyRemovedIds.removeFirst();
}
}
@Override
public @UserManager.RemoveResult int removeUserWhenPossible(@UserIdInt int userId,
boolean overrideDevicePolicy) {
Slog.i(LOG_TAG, "removeUserWhenPossible u" + userId);
checkCreateUsersPermission("Only the system can remove users");
if (!overrideDevicePolicy) {
final String restriction = getUserRemovalRestriction(userId);
if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean(restriction, false)) {
Slog.w(LOG_TAG, "Cannot remove user. " + restriction + " is enabled.");
return UserManager.REMOVE_RESULT_ERROR_USER_RESTRICTION;
}
}
Slog.i(LOG_TAG, "Attempting to immediately remove user " + userId);
if (removeUserWithProfilesUnchecked(userId)) {
return UserManager.REMOVE_RESULT_REMOVED;
}
Slog.i(LOG_TAG, TextUtils.formatSimple(
"Unable to immediately remove user %d. Now trying to set it ephemeral.", userId));
return setUserEphemeralUnchecked(userId);
}
/**
* Returns the user's removability status.
* User is removable if the return value is {@link UserManager#REMOVE_RESULT_USER_IS_REMOVABLE}.
* If the user is not removable this method also prints the reason.
* See also {@link UserManager#isRemoveResultSuccessful}.
*/
@GuardedBy("mUsersLock")
private @UserManager.RemoveResult int getUserRemovabilityLocked(@UserIdInt int userId,
String msg) {
String prefix = TextUtils.formatSimple("User %d can not be %s, ", userId, msg);
if (userId == UserHandle.USER_SYSTEM) {
Slog.e(LOG_TAG, prefix + "system user cannot be removed.");
return UserManager.REMOVE_RESULT_ERROR_SYSTEM_USER;
}
final UserData userData = mUsers.get(userId);
if (userData == null) {
Slog.e(LOG_TAG, prefix + "invalid user id provided.");
return UserManager.REMOVE_RESULT_ERROR_USER_NOT_FOUND;
}
if (isNonRemovableMainUser(userData.info)) {
Slog.e(LOG_TAG, prefix
+ "main user cannot be removed when it's a permanent admin user.");
return UserManager.REMOVE_RESULT_ERROR_MAIN_USER_PERMANENT_ADMIN;
}
if (mRemovingUserIds.get(userId)) {
Slog.w(LOG_TAG, prefix + "it is already scheduled for removal.");
return UserManager.REMOVE_RESULT_ALREADY_BEING_REMOVED;
}
return UserManager.REMOVE_RESULT_USER_IS_REMOVABLE;
}
private void finishRemoveUser(final @UserIdInt int userId) {
Slog.i(LOG_TAG, "finishRemoveUser " + userId);
UserInfo user;
synchronized (mUsersLock) {
user = getUserInfoLU(userId);
}
if (user != null && user.preCreated) {
Slog.i(LOG_TAG, "Removing a pre-created user with user id: " + userId);
// Don't want to fire ACTION_USER_REMOVED, so cleanup the state and exit early.
LocalServices.getService(ActivityTaskManagerInternal.class).onUserStopped(userId);
removeUserState(userId);
return;
}
synchronized (mUserLifecycleListeners) {
for (int i = 0; i < mUserLifecycleListeners.size(); i++) {
mUserLifecycleListeners.get(i).onUserRemoved(user);
}
}
// Let other services shutdown any activity and clean up their state before completely
// wiping the user's system directory and removing from the user list
final long ident = Binder.clearCallingIdentity();
try {
Intent removedIntent = new Intent(Intent.ACTION_USER_REMOVED);
removedIntent.addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
removedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
// Also, add the UserHandle for mainline modules which can't use the @hide
// EXTRA_USER_HANDLE.
removedIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(userId));
getActivityManagerInternal().broadcastIntentWithCallback(removedIntent,
new IIntentReceiver.Stub() {
@Override
public void performReceive(Intent intent, int resultCode, String data,
Bundle extras, boolean ordered, boolean sticky, int sendingUser) {
if (DBG) {
Slog.i(LOG_TAG,
"USER_REMOVED broadcast sent, cleaning up user data "
+ userId);
}
new Thread(() -> {
getActivityManagerInternal().onUserRemoved(userId);
removeUserState(userId);
}).start();
}
},
new String[] {android.Manifest.permission.MANAGE_USERS},
UserHandle.USER_ALL, null, null, null);
} finally {
Binder.restoreCallingIdentity(ident);
}
}
private void removeUserState(final @UserIdInt int userId) {
Slog.i(LOG_TAG, "Removing user state of user " + userId);
// Cleanup lock settings. This requires that the user's DE storage still be accessible, so
// this must happen before destroyUserStorageKeys().
mLockPatternUtils.removeUser(userId);
// Evict and destroy the user's CE and DE encryption keys. At this point, the user's CE and
// DE storage is made inaccessible, except to delete its contents.
try {
mContext.getSystemService(StorageManager.class).destroyUserStorageKeys(userId);
} catch (IllegalStateException e) {
// This may be simply because the user was partially created.
Slog.i(LOG_TAG, "Destroying storage keys for user " + userId
+ " failed, continuing anyway", e);
}
// Cleanup package manager settings
mPm.cleanUpUser(this, userId);
// Clean up all data before removing metadata
mUserDataPreparer.destroyUserData(userId,
StorageManager.FLAG_STORAGE_DE | StorageManager.FLAG_STORAGE_CE);
// Remove this user from the list
synchronized (mUsersLock) {
mUsers.remove(userId);
mIsUserManaged.delete(userId);
}
synchronized (mUserStates) {
mUserStates.delete(userId);
}
synchronized (mRestrictionsLock) {
mBaseUserRestrictions.remove(userId);
mAppliedUserRestrictions.remove(userId);
mCachedEffectiveUserRestrictions.remove(userId);
// Remove restrictions affecting the user
if (mDevicePolicyUserRestrictions.remove(userId)) {
applyUserRestrictionsForAllUsersLR();
}
}
// Update the user list
synchronized (mPackagesLock) {
writeUserListLP();
}
// Remove user file(s)
getUserFile(userId).delete();
updateUserIds();
if (RELEASE_DELETED_USER_ID) {
synchronized (mUsersLock) {
mRemovingUserIds.delete(userId);
}
}
}
/**
* Send {@link Intent#ACTION_PROFILE_ADDED} broadcast when a user of type
* {@link UserInfo#isProfile()} is added. This broadcast is sent only to dynamic receivers
* created with {@link Context#registerReceiver}.
*/
private void sendProfileAddedBroadcast(int parentUserId, int addedUserId) {
sendProfileBroadcast(
new Intent(Intent.ACTION_PROFILE_ADDED),
parentUserId, addedUserId);
}
/**
* Send {@link Intent#ACTION_PROFILE_REMOVED} broadcast when a user of type
* {@link UserInfo#isProfile()} is removed. Additionally sends
* {@link Intent#ACTION_MANAGED_PROFILE_REMOVED} broadcast if the profile is of type
* {@link UserManager#USER_TYPE_PROFILE_MANAGED}
*
* <p> {@link Intent#ACTION_PROFILE_REMOVED} is a generalized broadcast for all users of type
* {@link UserInfo#isProfile()} and is sent only to dynamic receivers.
*
* <p> In contrast, the {@link Intent#ACTION_MANAGED_PROFILE_REMOVED} broadcast is specific to
* {@link UserManager#USER_TYPE_PROFILE_MANAGED} and is sent to both manifest and dynamic
* receivers thus it is still needed as manifest receivers will not be able to listen to
* the aforementioned generalized broadcast.
*/
private void sendProfileRemovedBroadcast(int parentUserId, int removedUserId, String userType) {
if (Objects.equals(userType, UserManager.USER_TYPE_PROFILE_MANAGED)) {
sendManagedProfileRemovedBroadcast(parentUserId, removedUserId);
}
sendProfileBroadcast(
new Intent(Intent.ACTION_PROFILE_REMOVED),
parentUserId, removedUserId);
}
private void sendProfileBroadcast(Intent intent,
int parentUserId, int userId) {
final UserHandle parentHandle = UserHandle.of(parentUserId);
intent.putExtra(Intent.EXTRA_USER, UserHandle.of(userId));
intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY
| Intent.FLAG_RECEIVER_FOREGROUND);
mContext.sendBroadcastAsUser(intent, parentHandle, /* receiverPermission= */null);
}
private void sendManagedProfileRemovedBroadcast(int parentUserId, int removedUserId) {
Intent managedProfileIntent = new Intent(Intent.ACTION_MANAGED_PROFILE_REMOVED);
managedProfileIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(removedUserId));
managedProfileIntent.putExtra(Intent.EXTRA_USER_HANDLE, removedUserId);
final UserHandle parentHandle = UserHandle.of(parentUserId);
getDevicePolicyManagerInternal().broadcastIntentToManifestReceivers(
managedProfileIntent, parentHandle, /* requiresPermission= */ false);
managedProfileIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY
| Intent.FLAG_RECEIVER_FOREGROUND);
mContext.sendBroadcastAsUser(managedProfileIntent, parentHandle,
/* receiverPermission= */null);
}
/**
* <p>Starting from Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE},
* it is possible for there to be multiple managing agents on the device with the ability to set
* restrictions, e.g. an Enterprise DPC and a Supervision admin. This API will only to return
* the restrictions set by the DPCs. To retrieve restrictions set by all agents, use
* {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} instead.
*/
@Override
public Bundle getApplicationRestrictions(String packageName) {
return getApplicationRestrictionsForUser(packageName, UserHandle.getCallingUserId());
}
/**
* <p>Starting from Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE},
* it is possible for there to be multiple managing agents on the device with the ability to set
* restrictions, e.g. an Enterprise DPC and a Supervision admin. This API will only to return
* the restrictions set by the DPCs. To retrieve restrictions set by all agents, use
* {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} instead.
*/
@Override
public Bundle getApplicationRestrictionsForUser(String packageName, @UserIdInt int userId) {
if (UserHandle.getCallingUserId() != userId
|| !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) {
checkSystemOrRoot("get application restrictions for other user/app " + packageName);
}
synchronized (mAppRestrictionsLock) {
// Read the restrictions from XML
return readApplicationRestrictionsLAr(packageName, userId);
}
}
@Override
public void setApplicationRestrictions(String packageName, Bundle restrictions,
@UserIdInt int userId) {
checkSystemOrRoot("set application restrictions");
String validationResult =
FrameworkParsingPackageUtils.validateName(packageName, false, false);
if (validationResult != null) {
throw new IllegalArgumentException("Invalid package name: " + validationResult);
}
if (restrictions != null) {
restrictions.setDefusable(true);
}
final boolean changed;
synchronized (mAppRestrictionsLock) {
if (restrictions == null || restrictions.isEmpty()) {
changed = cleanAppRestrictionsForPackageLAr(packageName, userId);
} else {
// Write the restrictions to XML
writeApplicationRestrictionsLAr(packageName, restrictions, userId);
// TODO(b/154323615): avoid unnecessary broadcast when there is no change.
changed = true;
}
}
if (!changed) {
return;
}
// Notify package of changes via an intent - only sent to explicitly registered receivers.
final Intent changeIntent = new Intent(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED);
changeIntent.setPackage(packageName);
changeIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
mContext.sendBroadcastAsUser(changeIntent, UserHandle.of(userId));
}
private int getUidForPackage(String packageName) {
final long ident = Binder.clearCallingIdentity();
try {
return mContext.getPackageManager().getApplicationInfo(packageName,
PackageManager.MATCH_ANY_USER).uid;
} catch (NameNotFoundException nnfe) {
return -1;
} finally {
Binder.restoreCallingIdentity(ident);
}
}
@GuardedBy("mAppRestrictionsLock")
private static Bundle readApplicationRestrictionsLAr(String packageName,
@UserIdInt int userId) {
AtomicFile restrictionsFile =
new AtomicFile(new File(Environment.getUserSystemDirectory(userId),
packageToRestrictionsFileName(packageName)));
return readApplicationRestrictionsLAr(restrictionsFile);
}
@VisibleForTesting
@GuardedBy("mAppRestrictionsLock")
static Bundle readApplicationRestrictionsLAr(AtomicFile restrictionsFile) {
final Bundle restrictions = new Bundle();
final ArrayList<String> values = new ArrayList<>();
if (!restrictionsFile.getBaseFile().exists()) {
return restrictions;
}
FileInputStream fis = null;
try {
fis = restrictionsFile.openRead();
final TypedXmlPullParser parser = Xml.resolvePullParser(fis);
XmlUtils.nextElement(parser);
if (parser.getEventType() != XmlPullParser.START_TAG) {
Slog.e(LOG_TAG, "Unable to read restrictions file "
+ restrictionsFile.getBaseFile());
return restrictions;
}
while (parser.next() != XmlPullParser.END_DOCUMENT) {
readEntry(restrictions, values, parser);
}
} catch (IOException|XmlPullParserException e) {
Slog.w(LOG_TAG, "Error parsing " + restrictionsFile.getBaseFile(), e);
} finally {
IoUtils.closeQuietly(fis);
}
return restrictions;
}
private static void readEntry(Bundle restrictions, ArrayList<String> values,
TypedXmlPullParser parser) throws XmlPullParserException, IOException {
int type = parser.getEventType();
if (type == XmlPullParser.START_TAG && parser.getName().equals(TAG_ENTRY)) {
String key = parser.getAttributeValue(null, ATTR_KEY);
String valType = parser.getAttributeValue(null, ATTR_VALUE_TYPE);
int count = parser.getAttributeInt(null, ATTR_MULTIPLE, -1);
if (count != -1) {
values.clear();
while (count > 0 && (type = parser.next()) != XmlPullParser.END_DOCUMENT) {
if (type == XmlPullParser.START_TAG
&& parser.getName().equals(TAG_VALUE)) {
values.add(parser.nextText().trim());
count--;
}
}
String [] valueStrings = new String[values.size()];
values.toArray(valueStrings);
restrictions.putStringArray(key, valueStrings);
} else if (ATTR_TYPE_BUNDLE.equals(valType)) {
restrictions.putBundle(key, readBundleEntry(parser, values));
} else if (ATTR_TYPE_BUNDLE_ARRAY.equals(valType)) {
final int outerDepth = parser.getDepth();
ArrayList<Bundle> bundleList = new ArrayList<>();
while (XmlUtils.nextElementWithin(parser, outerDepth)) {
Bundle childBundle = readBundleEntry(parser, values);
bundleList.add(childBundle);
}
restrictions.putParcelableArray(key,
bundleList.toArray(new Bundle[bundleList.size()]));
} else {
String value = parser.nextText().trim();
if (ATTR_TYPE_BOOLEAN.equals(valType)) {
restrictions.putBoolean(key, Boolean.parseBoolean(value));
} else if (ATTR_TYPE_INTEGER.equals(valType)) {
restrictions.putInt(key, Integer.parseInt(value));
} else {
restrictions.putString(key, value);
}
}
}
}
private static Bundle readBundleEntry(TypedXmlPullParser parser, ArrayList<String> values)
throws IOException, XmlPullParserException {
Bundle childBundle = new Bundle();
final int outerDepth = parser.getDepth();
while (XmlUtils.nextElementWithin(parser, outerDepth)) {
readEntry(childBundle, values, parser);
}
return childBundle;
}
@GuardedBy("mAppRestrictionsLock")
private static void writeApplicationRestrictionsLAr(String packageName,
Bundle restrictions, @UserIdInt int userId) {
AtomicFile restrictionsFile = new AtomicFile(
new File(Environment.getUserSystemDirectory(userId),
packageToRestrictionsFileName(packageName)));
writeApplicationRestrictionsLAr(restrictions, restrictionsFile);
}
@VisibleForTesting
@GuardedBy("mAppRestrictionsLock")
static void writeApplicationRestrictionsLAr(Bundle restrictions, AtomicFile restrictionsFile) {
FileOutputStream fos = null;
try {
fos = restrictionsFile.startWrite();
final TypedXmlSerializer serializer = Xml.resolveSerializer(fos);
serializer.startDocument(null, true);
serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true);
serializer.startTag(null, TAG_RESTRICTIONS);
writeBundle(restrictions, serializer);
serializer.endTag(null, TAG_RESTRICTIONS);
serializer.endDocument();
restrictionsFile.finishWrite(fos);
} catch (Exception e) {
restrictionsFile.failWrite(fos);
Slog.e(LOG_TAG, "Error writing application restrictions list", e);
}
}
private static void writeBundle(Bundle restrictions, TypedXmlSerializer serializer)
throws IOException {
for (String key : restrictions.keySet()) {
Object value = restrictions.get(key);
serializer.startTag(null, TAG_ENTRY);
serializer.attribute(null, ATTR_KEY, key);
if (value instanceof Boolean) {
serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BOOLEAN);
serializer.text(value.toString());
} else if (value instanceof Integer) {
serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_INTEGER);
serializer.text(value.toString());
} else if (value == null || value instanceof String) {
serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_STRING);
serializer.text(value != null ? (String) value : "");
} else if (value instanceof Bundle) {
serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BUNDLE);
writeBundle((Bundle) value, serializer);
} else if (value instanceof Parcelable[]) {
serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BUNDLE_ARRAY);
Parcelable[] array = (Parcelable[]) value;
for (Parcelable parcelable : array) {
if (!(parcelable instanceof Bundle)) {
throw new IllegalArgumentException("bundle-array can only hold Bundles");
}
serializer.startTag(null, TAG_ENTRY);
serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BUNDLE);
writeBundle((Bundle) parcelable, serializer);
serializer.endTag(null, TAG_ENTRY);
}
} else {
serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_STRING_ARRAY);
String[] values = (String[]) value;
serializer.attributeInt(null, ATTR_MULTIPLE, values.length);
for (String choice : values) {
serializer.startTag(null, TAG_VALUE);
serializer.text(choice != null ? choice : "");
serializer.endTag(null, TAG_VALUE);
}
}
serializer.endTag(null, TAG_ENTRY);
}
}
@Override
public int getUserSerialNumber(@UserIdInt int userId) {
synchronized (mUsersLock) {
final UserInfo userInfo = getUserInfoLU(userId);
return userInfo != null ? userInfo.serialNumber : -1;
}
}
@Override
public boolean isUserNameSet(@UserIdInt int userId) {
final int callingUid = Binder.getCallingUid();
final int callingUserId = UserHandle.getUserId(callingUid);
if (!hasQueryOrCreateUsersPermission()
&& !(callingUserId == userId && hasPermissionGranted(
android.Manifest.permission.GET_ACCOUNTS_PRIVILEGED, callingUid))) {
throw new SecurityException("You need MANAGE_USERS, CREATE_USERS, QUERY_USERS, or "
+ "GET_ACCOUNTS_PRIVILEGED permissions to: get whether user name is set");
}
synchronized (mUsersLock) {
final UserInfo userInfo = getUserInfoLU(userId);
return userInfo != null && userInfo.name != null;
}
}
@Override
public int getUserHandle(int userSerialNumber) {
synchronized (mUsersLock) {
for (int userId : mUserIds) {
UserInfo info = getUserInfoLU(userId);
if (info != null && info.serialNumber == userSerialNumber) return userId;
}
// Not found
return -1;
}
}
@Override
public long getUserCreationTime(@UserIdInt int userId) {
int callingUserId = UserHandle.getCallingUserId();
UserInfo userInfo = null;
synchronized (mUsersLock) {
if (callingUserId == userId) {
userInfo = getUserInfoLU(userId);
} else {
UserInfo parent = getProfileParentLU(userId);
if (parent != null && parent.id == callingUserId) {
userInfo = getUserInfoLU(userId);
}
}
}
if (userInfo == null) {
throw new SecurityException("userId can only be the calling user or a "
+ "profile associated with this user");
}
return userInfo.creationTime;
}
/**
* Caches the list of user ids in an array, adjusting the array size when necessary.
*/
private void updateUserIds() {
int num = 0;
int numIncludingPreCreated = 0;
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
final UserInfo userInfo = mUsers.valueAt(i).info;
if (!userInfo.partial) {
numIncludingPreCreated++;
if (!userInfo.preCreated) {
num++;
}
}
}
if (DBG) {
Slog.d(LOG_TAG, "updateUserIds(): numberUsers= " + num
+ " includingPreCreated=" + numIncludingPreCreated);
}
final int[] newUsers = new int[num];
final int[] newUsersIncludingPreCreated = new int[numIncludingPreCreated];
int n = 0;
int nIncludingPreCreated = 0;
for (int i = 0; i < userSize; i++) {
final UserInfo userInfo = mUsers.valueAt(i).info;
if (!userInfo.partial) {
final int userId = mUsers.keyAt(i);
newUsersIncludingPreCreated[nIncludingPreCreated++] = userId;
if (!userInfo.preCreated) {
newUsers[n++] = userId;
}
}
}
mUserIds = newUsers;
mUserIdsIncludingPreCreated = newUsersIncludingPreCreated;
if (DBG) {
Slog.d(LOG_TAG, "updateUserIds(): userIds= " + Arrays.toString(mUserIds)
+ " includingPreCreated=" + Arrays.toString(mUserIdsIncludingPreCreated));
}
UserPackage.setValidUserIds(mUserIds);
}
}
/**
* Called right before a user is started. This gives us a chance to prepare
* app storage and apply any user restrictions.
*/
public void onBeforeStartUser(@UserIdInt int userId) {
UserInfo userInfo = getUserInfo(userId);
if (userInfo == null) {
return;
}
TimingsTraceAndSlog t = new TimingsTraceAndSlog();
t.traceBegin("onBeforeStartUser-" + userId);
// Migrate only if build fingerprints mismatch
boolean migrateAppsData = !PackagePartitions.FINGERPRINT.equals(
userInfo.lastLoggedInFingerprint);
t.traceBegin("prepareUserData");
mUserDataPreparer.prepareUserData(userInfo, StorageManager.FLAG_STORAGE_DE);
t.traceEnd();
t.traceBegin("reconcileAppsData");
getPackageManagerInternal().reconcileAppsData(userId, StorageManager.FLAG_STORAGE_DE,
migrateAppsData);
t.traceEnd();
if (userId != UserHandle.USER_SYSTEM) {
t.traceBegin("applyUserRestrictions");
synchronized (mRestrictionsLock) {
applyUserRestrictionsLR(userId);
}
t.traceEnd();
}
t.traceEnd(); // onBeforeStartUser
}
/**
* Called right before a user is unlocked. This gives us a chance to prepare
* app storage.
*/
public void onBeforeUnlockUser(@UserIdInt int userId) {
UserInfo userInfo = getUserInfo(userId);
if (userInfo == null) {
return;
}
// Migrate only if build fingerprints mismatch
boolean migrateAppsData = !PackagePartitions.FINGERPRINT.equals(
userInfo.lastLoggedInFingerprint);
final TimingsTraceAndSlog t = new TimingsTraceAndSlog();
t.traceBegin("prepareUserData-" + userId);
mUserDataPreparer.prepareUserData(userInfo, StorageManager.FLAG_STORAGE_CE);
t.traceEnd();
StorageManagerInternal smInternal = LocalServices.getService(StorageManagerInternal.class);
smInternal.markCeStoragePrepared(userId);
t.traceBegin("reconcileAppsData-" + userId);
getPackageManagerInternal().reconcileAppsData(userId, StorageManager.FLAG_STORAGE_CE,
migrateAppsData);
t.traceEnd();
}
/**
* Examine all users present on given mounted volume, and destroy data
* belonging to users that are no longer valid, or whose user ID has been
* recycled.
*/
void reconcileUsers(String volumeUuid) {
mUserDataPreparer.reconcileUsers(volumeUuid, getUsers(
/* excludePartial= */ true,
/* excludeDying= */ true,
/* excludePreCreated= */ false));
}
/**
* Make a note of the last started time of a user and do some cleanup.
* This is called with ActivityManagerService lock held.
* @param userId the user that was just foregrounded
*/
public void onUserLoggedIn(@UserIdInt int userId) {
UserData userData = getUserDataNoChecks(userId);
if (userData == null || userData.info.partial) {
Slog.w(LOG_TAG, "userForeground: unknown user #" + userId);
return;
}
final long now = System.currentTimeMillis();
if (now > EPOCH_PLUS_30_YEARS) {
userData.info.lastLoggedInTime = now;
}
userData.info.lastLoggedInFingerprint = PackagePartitions.FINGERPRINT;
scheduleWriteUser(userId);
}
/**
* Returns the next available user id, filling in any holes in the ids.
*/
@VisibleForTesting
int getNextAvailableId() {
int nextId;
synchronized (mUsersLock) {
nextId = scanNextAvailableIdLocked();
if (nextId >= 0) {
return nextId;
}
// All ids up to MAX_USER_ID were used. Remove all mRemovingUserIds,
// except most recently removed
if (mRemovingUserIds.size() > 0) {
Slog.i(LOG_TAG, "All available IDs are used. Recycling LRU ids.");
mRemovingUserIds.clear();
for (Integer recentlyRemovedId : mRecentlyRemovedIds) {
mRemovingUserIds.put(recentlyRemovedId, true);
}
nextId = scanNextAvailableIdLocked();
}
}
// If we got here, we probably recycled user ids, so invalidate any caches.
UserManager.invalidateStaticUserProperties();
UserManager.invalidateUserPropertiesCache();
if (nextId < 0) {
throw new IllegalStateException("No user id available!");
}
return nextId;
}
@GuardedBy("mUsersLock")
private int scanNextAvailableIdLocked() {
for (int i = MIN_USER_ID; i < MAX_USER_ID; i++) {
if (mUsers.indexOfKey(i) < 0 && !mRemovingUserIds.get(i)) {
return i;
}
}
return -1;
}
private static String packageToRestrictionsFileName(String packageName) {
return RESTRICTIONS_FILE_PREFIX + packageName + XML_SUFFIX;
}
@Nullable
private static String getRedacted(@Nullable String string) {
return string == null ? null : string.length() + "_chars";
}
@Override
public void setSeedAccountData(@UserIdInt int userId, String accountName, String accountType,
PersistableBundle accountOptions, boolean persist) {
checkManageUsersPermission("set user seed account data");
setSeedAccountDataNoChecks(userId, accountName, accountType, accountOptions, persist);
}
private void setSeedAccountDataNoChecks(@UserIdInt int userId, @Nullable String accountName,
@Nullable String accountType, @Nullable PersistableBundle accountOptions,
boolean persist) {
synchronized (mPackagesLock) {
final UserData userData;
synchronized (mUsersLock) {
userData = getUserDataLU(userId);
if (userData == null) {
Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId);
return;
}
userData.seedAccountName = truncateString(accountName);
userData.seedAccountType = truncateString(accountType);
userData.seedAccountOptions = accountOptions;
userData.persistSeedData = persist;
}
if (persist) {
writeUserLP(userData);
}
}
}
@Override
public String getSeedAccountName(@UserIdInt int userId) throws RemoteException {
checkManageUsersPermission("Cannot get seed account information");
synchronized (mUsersLock) {
final UserData userData = getUserDataLU(userId);
return userData == null ? null : userData.seedAccountName;
}
}
@Override
public String getSeedAccountType(@UserIdInt int userId) throws RemoteException {
checkManageUsersPermission("Cannot get seed account information");
synchronized (mUsersLock) {
final UserData userData = getUserDataLU(userId);
return userData == null ? null : userData.seedAccountType;
}
}
@Override
public PersistableBundle getSeedAccountOptions(@UserIdInt int userId) throws RemoteException {
checkManageUsersPermission("Cannot get seed account information");
synchronized (mUsersLock) {
final UserData userData = getUserDataLU(userId);
return userData == null ? null : userData.seedAccountOptions;
}
}
@Override
public void clearSeedAccountData(@UserIdInt int userId) throws RemoteException {
checkManageUsersPermission("Cannot clear seed account information");
synchronized (mPackagesLock) {
UserData userData;
synchronized (mUsersLock) {
userData = getUserDataLU(userId);
if (userData == null) return;
userData.clearSeedAccountData();
}
writeUserLP(userData);
}
}
@Override
public boolean someUserHasSeedAccount(String accountName, String accountType) {
checkManageUsersPermission("check seed account information");
return someUserHasSeedAccountNoChecks(accountName, accountType);
}
private boolean someUserHasSeedAccountNoChecks(String accountName, String accountType) {
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
final UserData data = mUsers.valueAt(i);
if (data.info.isInitialized()) continue;
if (mRemovingUserIds.get(data.info.id)) continue;
if (data.seedAccountName == null || !data.seedAccountName.equals(accountName)) {
continue;
}
if (data.seedAccountType == null || !data.seedAccountType.equals(accountType)) {
continue;
}
return true;
}
}
return false;
}
@Override
public boolean someUserHasAccount(String accountName, String accountType) {
checkCreateUsersPermission("check seed account information");
return someUserHasAccountNoChecks(accountName, accountType);
}
private boolean someUserHasAccountNoChecks(
String accountName, String accountType) {
if (TextUtils.isEmpty(accountName) || TextUtils.isEmpty(accountType)) {
return false;
}
final Account account = new Account(accountName, accountType);
return Binder.withCleanCallingIdentity(() ->
AccountManager.get(mContext).someUserHasAccount(account)
|| someUserHasSeedAccountNoChecks(accountName, accountType));
}
private void setLastEnteredForegroundTimeToNow(@NonNull UserData userData) {
userData.mLastEnteredForegroundTimeMillis = System.currentTimeMillis();
scheduleWriteUser(userData.info.id);
}
@Override
public void onShellCommand(FileDescriptor in, FileDescriptor out,
FileDescriptor err, String[] args, ShellCallback callback,
ResultReceiver resultReceiver) {
(new UserManagerServiceShellCommand(this, mSystemPackageInstaller,
mLockPatternUtils, mContext))
.exec(this, in, out, err, args, callback, resultReceiver);
}
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return;
final long now = System.currentTimeMillis();
final long nowRealtime = SystemClock.elapsedRealtime();
final StringBuilder sb = new StringBuilder();
if (args != null && args.length > 0) {
switch (args[0]) {
case "--user":
dumpUser(pw, UserHandle.parseUserArg(args[1]), sb, now, nowRealtime);
return;
case "--visibility-mediator":
mUserVisibilityMediator.dump(pw, args);
return;
}
}
final int currentUserId = getCurrentUserId();
pw.print("Current user: ");
if (currentUserId != UserHandle.USER_NULL) {
pw.println(currentUserId);
} else {
pw.println("N/A");
}
pw.println();
synchronized (mPackagesLock) {
synchronized (mUsersLock) {
pw.println("Users:");
for (int i = 0; i < mUsers.size(); i++) {
UserData userData = mUsers.valueAt(i);
if (userData == null) {
continue;
}
dumpUserLocked(pw, userData, sb, now, nowRealtime);
}
}
pw.println();
pw.println("Device properties:");
pw.println(" Device policy global restrictions:");
synchronized (mRestrictionsLock) {
UserRestrictionsUtils.dumpRestrictions(
pw, " ",
mDevicePolicyUserRestrictions.getRestrictions(UserHandle.USER_ALL));
}
pw.println(" Guest restrictions:");
synchronized (mGuestRestrictions) {
UserRestrictionsUtils.dumpRestrictions(pw, " ", mGuestRestrictions);
}
synchronized (mUsersLock) {
pw.println();
pw.println(" Device managed: " + mIsDeviceManaged);
if (mRemovingUserIds.size() > 0) {
pw.println();
pw.println(" Recently removed userIds: " + mRecentlyRemovedIds);
}
}
synchronized (mUserStates) {
pw.print(" Started users state: [");
final int size = mUserStates.states.size();
for (int i = 0; i < size; i++) {
final int userId = mUserStates.states.keyAt(i);
final int state = mUserStates.states.valueAt(i);
pw.print(userId);
pw.print('=');
pw.print(UserState.stateToString(state));
if (i != size - 1) pw.print(", ");
}
pw.println(']');
}
synchronized (mUsersLock) {
pw.print(" Cached user IDs: ");
pw.println(Arrays.toString(mUserIds));
pw.print(" Cached user IDs (including pre-created): ");
pw.println(Arrays.toString(mUserIdsIncludingPreCreated));
}
} // synchronized (mPackagesLock)
pw.println();
mUserVisibilityMediator.dump(pw, args);
pw.println();
// Dump some capabilities
pw.println();
pw.print(" Max users: " + UserManager.getMaxSupportedUsers());
pw.println(" (limit reached: " + isUserLimitReached() + ")");
pw.println(" Supports switchable users: " + UserManager.supportsMultipleUsers());
pw.println(" All guests ephemeral: " + Resources.getSystem().getBoolean(
com.android.internal.R.bool.config_guestUserEphemeral));
pw.println(" Force ephemeral users: " + mForceEphemeralUsers);
final boolean isHeadlessSystemUserMode = isHeadlessSystemUserMode();
pw.println(" Is headless-system mode: " + isHeadlessSystemUserMode);
if (isHeadlessSystemUserMode != RoSystemProperties.MULTIUSER_HEADLESS_SYSTEM_USER) {
pw.println(" (differs from the current default build value)");
}
if (!TextUtils.isEmpty(SystemProperties.get(SYSTEM_USER_MODE_EMULATION_PROPERTY))) {
pw.println(" (emulated by 'cmd user set-system-user-mode-emulation')");
if (mUpdatingSystemUserMode) {
pw.println(" (and being updated after boot)");
}
}
pw.println(" User version: " + mUserVersion);
pw.println(" Owner name: " + getOwnerName());
if (DBG_ALLOCATION) {
pw.println(" System user allocations: " + mUser0Allocations.get());
}
synchronized (mUsersLock) {
pw.println(" Boot user: " + mBootUser);
}
pw.println();
pw.println("Number of listeners for");
synchronized (mUserRestrictionsListeners) {
pw.println(" restrictions: " + mUserRestrictionsListeners.size());
}
synchronized (mUserLifecycleListeners) {
pw.println(" user lifecycle events: " + mUserLifecycleListeners.size());
}
// Dump UserTypes
pw.println();
pw.println("User types version: " + mUserTypeVersion);
pw.println("User types (" + mUserTypes.size() + " types):");
for (int i = 0; i < mUserTypes.size(); i++) {
pw.println(" " + mUserTypes.keyAt(i) + ": ");
mUserTypes.valueAt(i).dump(pw, " ");
}
// TODO: create IndentingPrintWriter at the beginning of dump() and use the proper
// indentation methods instead of explicit printing " "
try (IndentingPrintWriter ipw = new IndentingPrintWriter(pw)) {
// Dump SystemPackageInstaller info
ipw.println();
mSystemPackageInstaller.dump(ipw);
// NOTE: pw's not available after this point as it's auto-closed by ipw, so new dump
// statements should use ipw below
}
}
private void dumpUser(PrintWriter pw, @UserIdInt int userId, StringBuilder sb, long now,
long nowRealtime) {
if (userId == UserHandle.USER_CURRENT) {
final int currentUserId = getCurrentUserId();
pw.print("Current user: ");
if (currentUserId == UserHandle.USER_NULL) {
pw.println("Cannot determine current user");
return;
}
userId = currentUserId;
}
synchronized (mUsersLock) {
final UserData userData = mUsers.get(userId);
if (userData == null) {
pw.println("User " + userId + " not found");
return;
}
dumpUserLocked(pw, userData, sb, now, nowRealtime);
}
}
@GuardedBy("mUsersLock")
private void dumpUserLocked(PrintWriter pw, UserData userData, StringBuilder tempStringBuilder,
long now, long nowRealtime) {
final UserInfo userInfo = userData.info;
final int userId = userInfo.id;
pw.print(" "); pw.print(userInfo);
pw.print(" serialNo="); pw.print(userInfo.serialNumber);
pw.print(" isPrimary="); pw.print(userInfo.isPrimary());
if (userInfo.profileGroupId != userInfo.id
&& userInfo.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID) {
pw.print(" parentId="); pw.print(userInfo.profileGroupId);
}
if (mRemovingUserIds.get(userId)) {
pw.print(" <removing> ");
}
if (userInfo.partial) {
pw.print(" <partial>");
}
if (userInfo.preCreated) {
pw.print(" <pre-created>");
}
if (userInfo.convertedFromPreCreated) {
pw.print(" <converted>");
}
pw.println();
pw.print(" Type: "); pw.println(userInfo.userType);
pw.print(" Flags: "); pw.print(userInfo.flags); pw.print(" (");
pw.print(UserInfo.flagsToString(userInfo.flags)); pw.println(")");
pw.print(" State: ");
final int state;
synchronized (mUserStates) {
state = mUserStates.get(userId, -1);
}
pw.println(UserState.stateToString(state));
pw.print(" Created: ");
dumpTimeAgo(pw, tempStringBuilder, now, userInfo.creationTime);
pw.print(" Last logged in: ");
dumpTimeAgo(pw, tempStringBuilder, now, userInfo.lastLoggedInTime);
pw.print(" Last logged in fingerprint: ");
pw.println(userInfo.lastLoggedInFingerprint);
pw.print(" Start time: ");
dumpTimeAgo(pw, tempStringBuilder, nowRealtime, userData.startRealtime);
pw.print(" Unlock time: ");
dumpTimeAgo(pw, tempStringBuilder, nowRealtime, userData.unlockRealtime);
pw.print(" Last entered foreground: ");
dumpTimeAgo(pw, tempStringBuilder, now, userData.mLastEnteredForegroundTimeMillis);
pw.print(" Has profile owner: ");
pw.println(mIsUserManaged.get(userId));
pw.println(" Restrictions:");
synchronized (mRestrictionsLock) {
UserRestrictionsUtils.dumpRestrictions(
pw, " ", mBaseUserRestrictions.getRestrictions(userInfo.id));
pw.println(" Device policy restrictions:");
UserRestrictionsUtils.dumpRestrictions(
pw, " ",
mDevicePolicyUserRestrictions.getRestrictions(userInfo.id));
pw.println(" Effective restrictions:");
UserRestrictionsUtils.dumpRestrictions(
pw, " ",
mCachedEffectiveUserRestrictions.getRestrictions(userInfo.id));
}
if (userData.account != null) {
pw.print(" Account name: " + userData.account);
pw.println();
}
if (userData.seedAccountName != null) {
pw.print(" Seed account name: " + userData.seedAccountName);
pw.println();
if (userData.seedAccountType != null) {
pw.print(" account type: " + userData.seedAccountType);
pw.println();
}
if (userData.seedAccountOptions != null) {
pw.print(" account options exist");
pw.println();
}
}
if (userData.userProperties != null) {
userData.userProperties.println(pw, " ");
}
pw.println(" Ignore errors preparing storage: "
+ userData.getIgnorePrepareStorageErrors());
}
private static void dumpTimeAgo(PrintWriter pw, StringBuilder sb, long nowTime, long time) {
if (time == 0) {
pw.println("<unknown>");
} else {
sb.setLength(0);
TimeUtils.formatDuration(nowTime - time, sb);
sb.append(" ago");
pw.println(sb);
}
}
final class MainHandler extends Handler {
@Override
public void handleMessage(Message msg) {
switch (msg.what) {
case WRITE_USER_LIST_MSG: {
removeMessages(WRITE_USER_LIST_MSG);
synchronized (mPackagesLock) {
writeUserListLP();
}
break;
}
case WRITE_USER_MSG:
removeMessages(WRITE_USER_MSG, msg.obj);
synchronized (mPackagesLock) {
int userId = (int) msg.obj;
UserData userData = getUserDataNoChecks(userId);
if (userData != null) {
writeUserLP(userData);
} else {
Slog.i(LOG_TAG, "handle(WRITE_USER_MSG): no data for user " + userId
+ ", it was probably removed before handler could handle it");
}
}
break;
}
}
}
/**
* @param userId
* @return whether the user has been initialized yet
*/
boolean isUserInitialized(@UserIdInt int userId) {
return mLocalService.isUserInitialized(userId);
}
private class LocalService extends UserManagerInternal {
@Override
public void setDevicePolicyUserRestrictions(@UserIdInt int originatingUserId,
@NonNull Bundle global, @NonNull RestrictionsSet local,
boolean isDeviceOwner) {
UserManagerService.this.setDevicePolicyUserRestrictionsInner(originatingUserId,
global, local, isDeviceOwner);
}
@Override
public void setUserRestriction(int userId, @NonNull String key, boolean value) {
UserManagerService.this.setUserRestrictionInner(userId, key, value);
}
@Override
public boolean getUserRestriction(@UserIdInt int userId, String key) {
return getUserRestrictions(userId).getBoolean(key);
}
@Override
public void addUserRestrictionsListener(UserRestrictionsListener listener) {
synchronized (mUserRestrictionsListeners) {
mUserRestrictionsListeners.add(listener);
}
}
@Override
public void removeUserRestrictionsListener(UserRestrictionsListener listener) {
synchronized (mUserRestrictionsListeners) {
mUserRestrictionsListeners.remove(listener);
}
}
@Override
public void addUserLifecycleListener(UserLifecycleListener listener) {
synchronized (mUserLifecycleListeners) {
mUserLifecycleListeners.add(listener);
}
}
@Override
public void removeUserLifecycleListener(UserLifecycleListener listener) {
synchronized (mUserLifecycleListeners) {
mUserLifecycleListeners.remove(listener);
}
}
// TODO(b/258213147): Remove
@Override
public void setDeviceManaged(boolean isManaged) {
synchronized (mUsersLock) {
mIsDeviceManaged = isManaged;
}
}
// TODO(b/258213147): Remove
@Override
public boolean isDeviceManaged() {
synchronized (mUsersLock) {
return mIsDeviceManaged;
}
}
// TODO(b/258213147): Remove
@Override
public void setUserManaged(@UserIdInt int userId, boolean isManaged) {
synchronized (mUsersLock) {
mIsUserManaged.put(userId, isManaged);
}
}
// TODO(b/258213147): Remove
@Override
public boolean isUserManaged(@UserIdInt int userId) {
synchronized (mUsersLock) {
return mIsUserManaged.get(userId);
}
}
@Override
public void setUserIcon(@UserIdInt int userId, Bitmap bitmap) {
final long ident = Binder.clearCallingIdentity();
try {
synchronized (mPackagesLock) {
UserData userData = getUserDataNoChecks(userId);
if (userData == null || userData.info.partial) {
Slog.w(LOG_TAG, "setUserIcon: unknown user #" + userId);
return;
}
writeBitmapLP(userData.info, bitmap);
writeUserLP(userData);
}
sendUserInfoChangedBroadcast(userId);
} finally {
Binder.restoreCallingIdentity(ident);
}
}
@Override
public void setForceEphemeralUsers(boolean forceEphemeralUsers) {
synchronized (mUsersLock) {
mForceEphemeralUsers = forceEphemeralUsers;
}
}
@Override
public void removeAllUsers() {
if (UserHandle.USER_SYSTEM == getCurrentUserId()) {
// Remove the non-system users straight away.
removeAllUsersExceptSystemAndPermanentAdminMain();
} else {
// Switch to the system user first and then remove the other users.
BroadcastReceiver userSwitchedReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
int userId =
intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);
if (userId != UserHandle.USER_SYSTEM) {
return;
}
mContext.unregisterReceiver(this);
removeAllUsersExceptSystemAndPermanentAdminMain();
}
};
IntentFilter userSwitchedFilter = new IntentFilter();
userSwitchedFilter.addAction(Intent.ACTION_USER_SWITCHED);
mContext.registerReceiver(
userSwitchedReceiver, userSwitchedFilter, null, mHandler);
// Switch to the system user.
ActivityManager am =
(ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
am.switchUser(UserHandle.USER_SYSTEM);
}
}
@Override
public void onEphemeralUserStop(@UserIdInt int userId) {
synchronized (mUsersLock) {
UserInfo userInfo = getUserInfoLU(userId);
if (userInfo != null && userInfo.isEphemeral()) {
// Do not allow switching back to the ephemeral user again as the user is going
// to be deleted.
userInfo.flags |= UserInfo.FLAG_DISABLED;
if (userInfo.isGuest()) {
// Indicate that the guest will be deleted after it stops.
userInfo.guestToRemove = true;
}
}
}
}
@Override
public @NonNull UserInfo createUserEvenWhenDisallowed(
@Nullable String name, @NonNull String userType, @UserInfoFlag int flags,
@Nullable String[] disallowedPackages, @Nullable Object token)
throws UserManager.CheckedUserOperationException {
return createUserInternalUnchecked(name, userType, flags,
UserHandle.USER_NULL, /* preCreated= */ false, disallowedPackages, token);
}
@Override
public boolean removeUserEvenWhenDisallowed(@UserIdInt int userId) {
return removeUserWithProfilesUnchecked(userId);
}
@Override
public boolean isUserRunning(@UserIdInt int userId) {
int state;
synchronized (mUserStates) {
state = mUserStates.get(userId, UserState.STATE_NONE);
}
return state != UserState.STATE_NONE
&& state != UserState.STATE_STOPPING
&& state != UserState.STATE_SHUTDOWN;
}
@Override
public void setUserState(@UserIdInt int userId, int userState) {
synchronized (mUserStates) {
mUserStates.put(userId, userState);
}
}
@Override
public void removeUserState(@UserIdInt int userId) {
synchronized (mUserStates) {
mUserStates.delete(userId);
}
}
@Override
public int[] getUserIds() {
return UserManagerService.this.getUserIds();
}
@Override
public @NonNull List<UserInfo> getUsers(boolean excludeDying) {
return getUsers(/*excludePartial= */ true, excludeDying, /* excludePreCreated= */ true);
}
@Override
public @NonNull List<UserInfo> getUsers(boolean excludePartial, boolean excludeDying,
boolean excludePreCreated) {
return UserManagerService.this.getUsersInternal(excludePartial, excludeDying,
excludePreCreated);
}
@Override
public @NonNull int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) {
synchronized (mUsersLock) {
return getProfileIdsLU(userId, null /* userType */, enabledOnly).toArray();
}
}
@Override
public @Nullable LauncherUserInfo getLauncherUserInfo(@UserIdInt int userId) {
UserInfo userInfo;
synchronized (mUsersLock) {
userInfo = getUserInfoLU(userId);
}
if (userInfo != null) {
final UserTypeDetails userDetails = getUserTypeDetails(userInfo);
final LauncherUserInfo uiInfo = new LauncherUserInfo.Builder(
userDetails.getName(),
userInfo.serialNumber)
.build();
return uiInfo;
} else {
return null;
}
}
@Override
public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) {
int state;
synchronized (mUserStates) {
state = mUserStates.get(userId, -1);
}
// Special case: in the stopping/shutdown state, CE storage can still be unlocked.
if (state == UserState.STATE_STOPPING || state == UserState.STATE_SHUTDOWN) {
return StorageManager.isCeStorageUnlocked(userId);
}
return (state == UserState.STATE_RUNNING_UNLOCKING)
|| (state == UserState.STATE_RUNNING_UNLOCKED);
}
/**
* The return values of this method are cached in clients. If the
* logic in this function changes then the cache invalidation code
* may need to be revisited.
*/
@Override
public boolean isUserUnlocked(@UserIdInt int userId) {
int state;
synchronized (mUserStates) {
state = mUserStates.get(userId, -1);
}
// Special case: in the stopping/shutdown state, CE storage can still be unlocked.
if (state == UserState.STATE_STOPPING || state == UserState.STATE_SHUTDOWN) {
return StorageManager.isCeStorageUnlocked(userId);
}
return state == UserState.STATE_RUNNING_UNLOCKED;
}
@Override
public boolean isUserInitialized(@UserIdInt int userId) {
return (getUserInfo(userId).flags & UserInfo.FLAG_INITIALIZED) != 0;
}
@Override
public boolean exists(@UserIdInt int userId) {
return getUserInfoNoChecks(userId) != null;
}
@Override
public boolean isProfileAccessible(int callingUserId, int targetUserId, String debugMsg,
boolean throwSecurityException) {
if (targetUserId == callingUserId) {
return true;
}
synchronized (mUsersLock) {
UserInfo callingUserInfo = getUserInfoLU(callingUserId);
if (callingUserInfo == null || callingUserInfo.isProfile()) {
if (throwSecurityException) {
throw new SecurityException(
debugMsg + " for another profile "
+ targetUserId + " from " + callingUserId);
}
Slog.w(LOG_TAG, debugMsg + " for another profile "
+ targetUserId + " from " + callingUserId);
return false;
}
UserInfo targetUserInfo = getUserInfoLU(targetUserId);
if (targetUserInfo == null || !targetUserInfo.isEnabled()) {
// Do not throw any exception here as this could happen due to race conditions
// between the system updating its state and the client getting notified.
if (throwSecurityException) {
Slog.w(LOG_TAG, debugMsg + " for disabled profile "
+ targetUserId + " from " + callingUserId);
}
return false;
}
// TODO(b/276473320): Probably use isSameUserOrProfileGroupOrTargetIsCommunal.
if (targetUserInfo.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID ||
targetUserInfo.profileGroupId != callingUserInfo.profileGroupId) {
if (throwSecurityException) {
throw new SecurityException(
debugMsg + " for unrelated profile " + targetUserId);
}
return false;
}
}
return true;
}
@Override
public int getProfileParentId(@UserIdInt int userId) {
return getProfileParentIdUnchecked(userId);
}
@Override
public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId,
String value, int callingUid) {
return UserManagerService.this.isSettingRestrictedForUser(setting, userId,
value, callingUid);
}
@Override
public boolean hasUserRestriction(String restrictionKey, @UserIdInt int userId) {
if (!UserRestrictionsUtils.isValidRestriction(restrictionKey)) {
return false;
}
Bundle restrictions = getEffectiveUserRestrictions(userId);
return restrictions != null && restrictions.getBoolean(restrictionKey);
}
@Override
public @Nullable UserInfo getUserInfo(@UserIdInt int userId) {
UserData userData;
synchronized (mUsersLock) {
userData = mUsers.get(userId);
}
return userData == null ? null : userData.info;
}
@Override
public @NonNull UserInfo[] getUserInfos() {
synchronized (mUsersLock) {
int userSize = mUsers.size();
UserInfo[] allInfos = new UserInfo[userSize];
for (int i = 0; i < userSize; i++) {
allInfos[i] = mUsers.valueAt(i).info;
}
return allInfos;
}
}
@Override
public void setDefaultCrossProfileIntentFilters(
@UserIdInt int parentUserId, @UserIdInt int profileUserId) {
final UserTypeDetails userTypeDetails = getUserTypeDetailsNoChecks(profileUserId);
final Bundle restrictions = getEffectiveUserRestrictions(profileUserId);
UserManagerService.this.setDefaultCrossProfileIntentFilters(
profileUserId, userTypeDetails, restrictions, parentUserId);
}
@Override
public boolean shouldIgnorePrepareStorageErrors(int userId) {
synchronized (mUsersLock) {
UserData userData = mUsers.get(userId);
return userData != null && userData.getIgnorePrepareStorageErrors();
}
}
@Override
public @Nullable UserProperties getUserProperties(@UserIdInt int userId) {
final UserProperties props = getUserPropertiesInternal(userId);
if (props == null) {
Slog.w(LOG_TAG, "A null UserProperties was returned for user " + userId);
}
return props;
}
@Override
@UserAssignmentResult
public int assignUserToDisplayOnStart(@UserIdInt int userId,
@UserIdInt int profileGroupId, @UserStartMode int userStartMode, int displayId) {
final UserProperties properties = getUserProperties(userId);
final boolean isAlwaysVisible = properties != null && properties.getAlwaysVisible();
return mUserVisibilityMediator.assignUserToDisplayOnStart(userId, profileGroupId,
userStartMode, displayId, isAlwaysVisible);
}
@Override
public boolean assignUserToExtraDisplay(int userId, int displayId) {
return mUserVisibilityMediator.assignUserToExtraDisplay(userId, displayId);
}
@Override
public boolean unassignUserFromExtraDisplay(int userId, int displayId) {
return mUserVisibilityMediator.unassignUserFromExtraDisplay(userId, displayId);
}
@Override
public void unassignUserFromDisplayOnStop(@UserIdInt int userId) {
mUserVisibilityMediator.unassignUserFromDisplayOnStop(userId);
}
@Override
public boolean isUserVisible(@UserIdInt int userId) {
return mUserVisibilityMediator.isUserVisible(userId);
}
@Override
public boolean isUserVisible(@UserIdInt int userId, int displayId) {
return mUserVisibilityMediator.isUserVisible(userId, displayId);
}
@Override
public int getMainDisplayAssignedToUser(@UserIdInt int userId) {
return mUserVisibilityMediator.getMainDisplayAssignedToUser(userId);
}
@Override
public @Nullable int[] getDisplaysAssignedToUser(@UserIdInt int userId) {
return mUserVisibilityMediator.getDisplaysAssignedToUser(userId);
}
@Override
public @UserIdInt int getUserAssignedToDisplay(int displayId) {
return mUserVisibilityMediator.getUserAssignedToDisplay(displayId);
}
@Override
public void addUserVisibilityListener(UserVisibilityListener listener) {
mUserVisibilityMediator.addListener(listener);
}
@Override
public void removeUserVisibilityListener(UserVisibilityListener listener) {
mUserVisibilityMediator.removeListener(listener);
}
@Override
public void onSystemUserVisibilityChanged(boolean visible) {
mUserVisibilityMediator.onSystemUserVisibilityChanged(visible);
}
@Override
public int[] getUserTypesForStatsd(@UserIdInt int[] userIds) {
if (userIds == null) {
return null;
}
final int[] userTypes = new int[userIds.length];
for (int i = 0; i < userTypes.length; i++) {
final UserInfo userInfo = getUserInfo(userIds[i]);
if (userInfo == null) {
// Not possible because the input user ids should all be valid
userTypes[i] = mUserJourneyLogger.getUserTypeForStatsd("");
} else {
userTypes[i] = mUserJourneyLogger.getUserTypeForStatsd(userInfo.userType);
}
}
return userTypes;
}
@Override
public @UserIdInt int getMainUserId() {
return getMainUserIdUnchecked();
}
@Override
public @UserIdInt int getBootUser(boolean waitUntilSet)
throws UserManager.CheckedUserOperationException {
if (waitUntilSet) {
final TimingsTraceAndSlog t = new TimingsTraceAndSlog();
t.traceBegin("wait-boot-user");
try {
if (mBootUserLatch.getCount() != 0) {
Slogf.d(LOG_TAG,
"Sleeping for boot user to be set. "
+ "Max sleep for Time: %d", BOOT_USER_SET_TIMEOUT_MS);
}
if (!mBootUserLatch.await(BOOT_USER_SET_TIMEOUT_MS, TimeUnit.MILLISECONDS)) {
Slogf.w(LOG_TAG, "Boot user not set. Timeout: %d",
BOOT_USER_SET_TIMEOUT_MS);
}
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
Slogf.w(LOG_TAG, e, "InterruptedException during wait for boot user.");
}
t.traceEnd();
}
return getBootUserUnchecked();
}
@Override
public @UserIdInt int getCommunalProfileId() {
return getCommunalProfileIdUnchecked();
}
} // class LocalService
/**
* Check if user has restrictions
* @param restriction restrictions to check
* @param userId id of the user
*
* @throws {@link android.os.UserManager.CheckedUserOperationException} if user has any of the
* specified restrictions
*/
private void enforceUserRestriction(String restriction, @UserIdInt int userId, String message)
throws UserManager.CheckedUserOperationException {
if (hasUserRestriction(restriction, userId)) {
String errorMessage = (message != null ? (message + ": ") : "")
+ restriction + " is enabled.";
Slog.w(LOG_TAG, errorMessage);
throw new UserManager.CheckedUserOperationException(errorMessage,
USER_OPERATION_ERROR_UNKNOWN);
}
}
/**
* Throws CheckedUserOperationException and shows error log
* @param message message for exception and logging
* @param userOperationResult result/error code
* @throws UserManager.CheckedUserOperationException
*/
private void throwCheckedUserOperationException(@NonNull String message,
@UserManager.UserOperationResult int userOperationResult)
throws UserManager.CheckedUserOperationException {
Slog.e(LOG_TAG, message);
throw new UserManager.CheckedUserOperationException(message, userOperationResult);
}
/* Remove all the users except the system and permanent admin main.*/
private void removeAllUsersExceptSystemAndPermanentAdminMain() {
ArrayList<UserInfo> usersToRemove = new ArrayList<>();
synchronized (mUsersLock) {
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
UserInfo ui = mUsers.valueAt(i).info;
if (ui.id != UserHandle.USER_SYSTEM && !isNonRemovableMainUser(ui)) {
usersToRemove.add(ui);
}
}
}
for (UserInfo ui: usersToRemove) {
removeUser(ui.id);
}
}
private static void debug(String message) {
Slog.d(LOG_TAG, message
+ (DBG_WITH_STACKTRACE ? " called at\n" + Debug.getCallers(10, " ") : ""));
}
/** @see #getMaxUsersOfTypePerParent(UserTypeDetails) */
@VisibleForTesting
int getMaxUsersOfTypePerParent(String userType) {
final UserTypeDetails type = mUserTypes.get(userType);
if (type == null) {
return 0;
}
return getMaxUsersOfTypePerParent(type);
}
/**
* Returns the maximum number of users allowed for the given userTypeDetails per parent user.
* This is applicable for user types that are {@link UserTypeDetails#isProfile()}.
* If there is no maximum, {@link UserTypeDetails#UNLIMITED_NUMBER_OF_USERS} is returned.
* Under certain circumstances (such as after a change-user-type) the max value can actually
* be exceeded: this is allowed in order to keep the device in a usable state.
* An error is logged in {@link UserManagerService#upgradeProfileToTypeLU}
*/
private static int getMaxUsersOfTypePerParent(UserTypeDetails userTypeDetails) {
final int defaultMax = userTypeDetails.getMaxAllowedPerParent();
if (!Build.IS_DEBUGGABLE) {
return defaultMax;
} else {
if (userTypeDetails.isManagedProfile()) {
return SystemProperties.getInt("persist.sys.max_profiles", defaultMax);
}
}
return defaultMax;
}
@GuardedBy("mUsersLock")
@VisibleForTesting
int getFreeProfileBadgeLU(int parentUserId, String userType) {
Set<Integer> usedBadges = new ArraySet<>();
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
UserInfo ui = mUsers.valueAt(i).info;
// Check which badge indexes are already used by this profile group.
if (ui.userType.equals(userType)
&& ui.profileGroupId == parentUserId
&& !mRemovingUserIds.get(ui.id)) {
usedBadges.add(ui.profileBadge);
}
}
int maxUsersOfType = getMaxUsersOfTypePerParent(userType);
if (maxUsersOfType == UserTypeDetails.UNLIMITED_NUMBER_OF_USERS) {
maxUsersOfType = Integer.MAX_VALUE;
}
for (int i = 0; i < maxUsersOfType; i++) {
if (!usedBadges.contains(i)) {
return i;
}
}
return 0;
}
/**
* Checks if the given user has a profile associated with it.
* @param userId The parent user
* @return
*/
boolean hasProfile(@UserIdInt int userId) {
synchronized (mUsersLock) {
UserInfo userInfo = getUserInfoLU(userId);
final int userSize = mUsers.size();
for (int i = 0; i < userSize; i++) {
UserInfo profile = mUsers.valueAt(i).info;
if (userId != profile.id && isProfileOf(userInfo, profile)) {
return true;
}
}
return false;
}
}
/**
* Checks if the calling package name matches with the calling UID, throw
* {@link SecurityException} if not.
*/
private void verifyCallingPackage(String callingPackage, int callingUid) {
int packageUid = mPm.snapshotComputer()
.getPackageUid(callingPackage, 0, UserHandle.getUserId(callingUid));
if (packageUid != callingUid) {
throw new SecurityException("Specified package " + callingPackage
+ " does not match the calling uid " + callingUid);
}
}
/** Retrieves the internal package manager interface. */
private PackageManagerInternal getPackageManagerInternal() {
// Don't need to synchonize; worst-case scenario LocalServices will be called twice.
if (mPmInternal == null) {
mPmInternal = LocalServices.getService(PackageManagerInternal.class);
}
return mPmInternal;
}
/** Returns the internal device policy manager interface. */
private DevicePolicyManagerInternal getDevicePolicyManagerInternal() {
if (mDevicePolicyManagerInternal == null) {
mDevicePolicyManagerInternal =
LocalServices.getService(DevicePolicyManagerInternal.class);
}
return mDevicePolicyManagerInternal;
}
/** Returns the internal activity manager interface. */
private @Nullable ActivityManagerInternal getActivityManagerInternal() {
if (mAmInternal == null) {
mAmInternal = LocalServices.getService(ActivityManagerInternal.class);
}
return mAmInternal;
}
/**
* Returns true, when user has {@link UserInfo#FLAG_MAIN} and system property
* {@link com.android.internal.R.bool#config_isMainUserPermanentAdmin} is true.
*/
private boolean isNonRemovableMainUser(UserInfo userInfo) {
return userInfo.isMain() && isMainUserPermanentAdmin();
}
/**
* Returns true if {@link com.android.internal.R.bool#config_isMainUserPermanentAdmin} is true.
* If the main user is a permanent admin user it can't be deleted
* or downgraded to non-admin status.
*/
public boolean isMainUserPermanentAdmin() {
return Resources.getSystem()
.getBoolean(R.bool.config_isMainUserPermanentAdmin);
}
/**
* Returns true if {@link com.android.internal.R.bool#config_canSwitchToHeadlessSystemUser}
* is true. If allowed, headless system user can run in the foreground even though
* it is not a full user.
*/
public boolean canSwitchToHeadlessSystemUser() {
return Resources.getSystem()
.getBoolean(R.bool.config_canSwitchToHeadlessSystemUser);
}
/**
* Returns instance of {@link com.android.server.pm.UserJourneyLogger}.
*/
public UserJourneyLogger getUserJourneyLogger() {
return mUserJourneyLogger;
}
}