2 * Copyright (C) 2012 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 import android.Manifest;
19 import android.accounts.AccountManager;
20 import android.annotation.Nullable;
21 import android.annotation.RequiresPermission;
22 import android.annotation.SystemApi;
23 import android.annotation.UserIdInt;
24 import android.app.Activity;
25 import android.app.ActivityManager;
26 import android.app.ActivityManagerNative;
27 import android.app.admin.DevicePolicyManager;
28 import android.content.ComponentName;
29 import android.content.Context;
30 import android.content.Intent;
31 import android.content.pm.UserInfo;
32 import android.content.res.Resources;
33 import android.graphics.Bitmap;
34 import android.graphics.BitmapFactory;
35 import android.graphics.Rect;
36 import android.graphics.drawable.Drawable;
37 import android.os.storage.StorageManager;
38 import android.provider.Settings;
39 import android.telephony.TelephonyManager;
40 import android.view.WindowManager.LayoutParams;
42 import com.android.internal.R;
44 import java.io.IOException;
45 import java.util.ArrayList;
46 import java.util.List;
49 * Manages users and user details on a multi-user system.
51 public class UserManager {
53 private static String TAG = "UserManager";
54 private final IUserManager mService;
55 private final Context mContext;
58 * Specifies if a user is disallowed from adding and removing accounts, unless they are
59 * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by
61 * The default value is <code>false</code>.
63 * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still
64 * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account
65 * management is disallowed.
67 * <p>Key for user restrictions.
69 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
70 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
71 * @see #getUserRestrictions()
73 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";
76 * Specifies if a user is disallowed from changing Wi-Fi
77 * access points. The default value is <code>false</code>.
78 * <p>This restriction has no effect in a managed profile.
80 * <p>Key for user restrictions.
82 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
83 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
84 * @see #getUserRestrictions()
86 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi";
89 * Specifies if a user is disallowed from installing applications.
90 * The default value is <code>false</code>.
92 * <p>Key for user restrictions.
94 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
95 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
96 * @see #getUserRestrictions()
98 public static final String DISALLOW_INSTALL_APPS = "no_install_apps";
101 * Specifies if a user is disallowed from uninstalling applications.
102 * The default value is <code>false</code>.
104 * <p>Key for user restrictions.
106 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
107 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
108 * @see #getUserRestrictions()
110 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps";
113 * Specifies if a user is disallowed from turning on location sharing.
114 * The default value is <code>false</code>.
115 * <p>In a managed profile, location sharing always reflects the primary user's setting, but
116 * can be overridden and forced off by setting this restriction to true in the managed profile.
118 * <p>Key for user restrictions.
120 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
121 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
122 * @see #getUserRestrictions()
124 public static final String DISALLOW_SHARE_LOCATION = "no_share_location";
127 * Specifies if a user is disallowed from enabling the
128 * "Unknown Sources" setting, that allows installation of apps from unknown sources.
129 * The default value is <code>false</code>.
131 * <p>Key for user restrictions.
133 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
134 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
135 * @see #getUserRestrictions()
137 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources";
140 * Specifies if a user is disallowed from configuring bluetooth.
141 * This does <em>not</em> restrict the user from turning bluetooth on or off.
142 * The default value is <code>false</code>.
143 * <p>This restriction has no effect in a managed profile.
145 * <p>Key for user restrictions.
147 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
148 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
149 * @see #getUserRestrictions()
151 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth";
154 * Specifies if a user is disallowed from transferring files over
155 * USB. This can only be set by device owners and profile owners on the primary user.
156 * The default value is <code>false</code>.
158 * <p>Key for user restrictions.
160 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
161 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
162 * @see #getUserRestrictions()
164 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer";
167 * Specifies if a user is disallowed from configuring user
168 * credentials. The default value is <code>false</code>.
170 * <p>Key for user restrictions.
172 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
173 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
174 * @see #getUserRestrictions()
176 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials";
179 * When set on the primary user this specifies if the user can remove other users.
180 * When set on a secondary user, this specifies if the user can remove itself.
181 * This restriction has no effect on managed profiles.
182 * The default value is <code>false</code>.
184 * <p>Key for user restrictions.
186 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
187 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
188 * @see #getUserRestrictions()
190 public static final String DISALLOW_REMOVE_USER = "no_remove_user";
193 * Specifies if a user is disallowed from enabling or
194 * accessing debugging features. The default value is <code>false</code>.
196 * <p>Key for user restrictions.
198 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
199 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
200 * @see #getUserRestrictions()
202 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features";
205 * Specifies if a user is disallowed from configuring VPN.
206 * The default value is <code>false</code>.
207 * This restriction has an effect in a managed profile only from
208 * {@link android.os.Build.VERSION_CODES#M}
210 * <p>Key for user restrictions.
212 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
213 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
214 * @see #getUserRestrictions()
216 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn";
219 * Specifies if a user is disallowed from configuring Tethering
220 * & portable hotspots. This can only be set by device owners and profile owners on the
221 * primary user. The default value is <code>false</code>.
223 * <p>Key for user restrictions.
225 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
226 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
227 * @see #getUserRestrictions()
229 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering";
232 * Specifies if a user is disallowed from resetting network settings
233 * from Settings. This can only be set by device owners and profile owners on the primary user.
234 * The default value is <code>false</code>.
235 * <p>This restriction has no effect on secondary users and managed profiles since only the
236 * primary user can reset the network settings of the device.
238 * <p>Key for user restrictions.
240 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
241 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
242 * @see #getUserRestrictions()
244 public static final String DISALLOW_NETWORK_RESET = "no_network_reset";
247 * Specifies if a user is disallowed from factory resetting
248 * from Settings. This can only be set by device owners and profile owners on the primary user.
249 * The default value is <code>false</code>.
250 * <p>This restriction has no effect on secondary users and managed profiles since only the
251 * primary user can factory reset the device.
253 * <p>Key for user restrictions.
255 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
256 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
257 * @see #getUserRestrictions()
259 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset";
262 * Specifies if a user is disallowed from adding new users and
263 * profiles. This can only be set by device owners and profile owners on the primary user.
264 * The default value is <code>false</code>.
265 * <p>This restriction has no effect on secondary users and managed profiles since only the
266 * primary user can add other users.
268 * <p>Key for user restrictions.
270 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
271 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
272 * @see #getUserRestrictions()
274 public static final String DISALLOW_ADD_USER = "no_add_user";
277 * Specifies if a user is disallowed from disabling application
278 * verification. The default value is <code>false</code>.
280 * <p>Key for user restrictions.
282 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
283 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
284 * @see #getUserRestrictions()
286 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps";
289 * Specifies if a user is disallowed from configuring cell
290 * broadcasts. This can only be set by device owners and profile owners on the primary user.
291 * The default value is <code>false</code>.
292 * <p>This restriction has no effect on secondary users and managed profiles since only the
293 * primary user can configure cell broadcasts.
295 * <p>Key for user restrictions.
297 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
298 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
299 * @see #getUserRestrictions()
301 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts";
304 * Specifies if a user is disallowed from configuring mobile
305 * networks. This can only be set by device owners and profile owners on the primary user.
306 * The default value is <code>false</code>.
307 * <p>This restriction has no effect on secondary users and managed profiles since only the
308 * primary user can configure mobile networks.
310 * <p>Key for user restrictions.
312 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
313 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
314 * @see #getUserRestrictions()
316 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks";
319 * Specifies if a user is disallowed from modifying
320 * applications in Settings or launchers. The following actions will not be allowed when this
321 * restriction is enabled:
322 * <li>uninstalling apps</li>
323 * <li>disabling apps</li>
324 * <li>clearing app caches</li>
325 * <li>clearing app data</li>
326 * <li>force stopping apps</li>
327 * <li>clearing app defaults</li>
329 * The default value is <code>false</code>.
331 * <p>Key for user restrictions.
333 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
334 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
335 * @see #getUserRestrictions()
337 public static final String DISALLOW_APPS_CONTROL = "no_control_apps";
340 * Specifies if a user is disallowed from mounting
341 * physical external media. This can only be set by device owners and profile owners on the
342 * primary user. The default value is <code>false</code>.
344 * <p>Key for user restrictions.
346 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
347 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
348 * @see #getUserRestrictions()
350 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media";
353 * Specifies if a user is disallowed from adjusting microphone
354 * volume. If set, the microphone will be muted. This can only be set by device owners
355 * and profile owners on the primary user. The default value is <code>false</code>.
357 * <p>Key for user restrictions.
359 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
360 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
361 * @see #getUserRestrictions()
363 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone";
366 * Specifies if a user is disallowed from adjusting the master
367 * volume. If set, the master volume will be muted. This can only be set by device owners
368 * and profile owners on the primary user. The default value is <code>false</code>.
370 * <p>Key for user restrictions.
372 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
373 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
374 * @see #getUserRestrictions()
376 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume";
379 * Specifies that the user is not allowed to make outgoing
380 * phone calls. Emergency calls are still permitted.
381 * The default value is <code>false</code>.
382 * <p>This restriction has no effect on managed profiles.
384 * <p>Key for user restrictions.
386 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
387 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
388 * @see #getUserRestrictions()
390 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls";
393 * Specifies that the user is not allowed to send or receive
394 * SMS messages. The default value is <code>false</code>.
396 * <p>Key for user restrictions.
398 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
399 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
400 * @see #getUserRestrictions()
402 public static final String DISALLOW_SMS = "no_sms";
405 * Specifies if the user is not allowed to have fun. In some cases, the
406 * device owner may wish to prevent the user from experiencing amusement or
407 * joy while using the device. The default value is <code>false</code>.
409 * <p>Key for user restrictions.
411 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
412 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
413 * @see #getUserRestrictions()
415 public static final String DISALLOW_FUN = "no_fun";
418 * Specifies that windows besides app windows should not be
419 * created. This will block the creation of the following types of windows.
420 * <li>{@link LayoutParams#TYPE_TOAST}</li>
421 * <li>{@link LayoutParams#TYPE_PHONE}</li>
422 * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li>
423 * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li>
424 * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li>
425 * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li>
427 * <p>This can only be set by device owners and profile owners on the primary user.
428 * The default value is <code>false</code>.
430 * <p>Key for user restrictions.
432 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
433 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
434 * @see #getUserRestrictions()
436 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows";
439 * Specifies if what is copied in the clipboard of this profile can
440 * be pasted in related profiles. Does not restrict if the clipboard of related profiles can be
441 * pasted in this profile.
442 * The default value is <code>false</code>.
444 * <p>Key for user restrictions.
446 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
447 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
448 * @see #getUserRestrictions()
450 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste";
453 * Specifies if the user is not allowed to use NFC to beam out data from apps.
454 * The default value is <code>false</code>.
456 * <p>Key for user restrictions.
458 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
459 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
460 * @see #getUserRestrictions()
462 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam";
465 * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction
466 * generally means that wallpapers are not supported for the particular user. This user
467 * restriction is always set for managed profiles, because such profiles don't have wallpapers.
469 * @see #DISALLOW_SET_WALLPAPER
470 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
471 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
472 * @see #getUserRestrictions()
474 public static final String DISALLOW_WALLPAPER = "no_wallpaper";
477 * User restriction to disallow setting a wallpaper. Profile owner and device owner
478 * are able to set wallpaper regardless of this restriction.
479 * The default value is <code>false</code>.
481 * <p>Key for user restrictions.
483 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
484 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
485 * @see #getUserRestrictions()
487 public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper";
490 * Specifies if the user is not allowed to reboot the device into safe boot mode.
491 * This can only be set by device owners and profile owners on the primary user.
492 * The default value is <code>false</code>.
494 * <p>Key for user restrictions.
496 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
497 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
498 * @see #getUserRestrictions()
500 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot";
503 * Specifies if a user is not allowed to record audio. This restriction is always enabled for
504 * background users. The default value is <code>false</code>.
506 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
507 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
508 * @see #getUserRestrictions()
511 public static final String DISALLOW_RECORD_AUDIO = "no_record_audio";
514 * Specifies if a user is not allowed to run in the background and should be stopped during
515 * user switch. The default value is <code>false</code>.
517 * <p>This restriction can be set by device owners and profile owners.
519 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
520 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
521 * @see #getUserRestrictions()
524 public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background";
527 * Specifies if a user is not allowed to use the camera.
529 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
530 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
531 * @see #getUserRestrictions()
534 public static final String DISALLOW_CAMERA = "no_camera";
537 * Specifies if a user is not allowed to use cellular data when roaming. This can only be set by
538 * device owners. The default value is <code>false</code>.
540 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
541 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
542 * @see #getUserRestrictions()
544 public static final String DISALLOW_DATA_ROAMING = "no_data_roaming";
547 * Specifies if a user is not allowed to change their icon. Device owner and profile owner
548 * can set this restriction. When it is set by device owner, only the target user will be
549 * affected. The default value is <code>false</code>.
551 * <p>Key for user restrictions.
553 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
554 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
555 * @see #getUserRestrictions()
557 public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon";
560 * Allows apps in the parent profile to handle web links from the managed profile.
562 * This user restriction has an effect only in a managed profile.
564 * Intent filters of activities in the parent profile with action
565 * {@link android.content.Intent#ACTION_VIEW},
566 * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which
567 * define a host can handle intents from the managed profile.
568 * The default value is <code>false</code>.
570 * <p>Key for user restrictions.
572 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
573 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
574 * @see #getUserRestrictions()
576 public static final String ALLOW_PARENT_PROFILE_APP_LINKING
577 = "allow_parent_profile_app_linking";
580 * Application restriction key that is used to indicate the pending arrival
581 * of real restrictions for the app.
584 * Applications that support restrictions should check for the presence of this key.
585 * A <code>true</code> value indicates that restrictions may be applied in the near
586 * future but are not available yet. It is the responsibility of any
587 * management application that sets this flag to update it when the final
588 * restrictions are enforced.
590 * <p>Key for application restrictions.
592 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions(
593 * android.content.ComponentName, String, Bundle)
594 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions(
595 * android.content.ComponentName, String)
597 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending";
599 private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER";
602 * Extra containing a name for the user being created. Optional parameter passed to
603 * ACTION_CREATE_USER activity.
606 public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME";
609 * Extra containing account name for the user being created. Optional parameter passed to
610 * ACTION_CREATE_USER activity.
613 public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME";
616 * Extra containing account type for the user being created. Optional parameter passed to
617 * ACTION_CREATE_USER activity.
620 public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE";
623 * Extra containing account-specific data for the user being created. Optional parameter passed
624 * to ACTION_CREATE_USER activity.
627 public static final String EXTRA_USER_ACCOUNT_OPTIONS
628 = "android.os.extra.USER_ACCOUNT_OPTIONS";
631 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;
633 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2;
635 public static final int PIN_VERIFICATION_SUCCESS = -1;
638 * Error result indicating that this user is not allowed to add other users on this device.
639 * This is a result code returned from the activity created by the intent
640 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}.
642 public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER;
645 * Error result indicating that no more users can be created on this device.
646 * This is a result code returned from the activity created by the intent
647 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}.
649 public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1;
652 public static UserManager get(Context context) {
653 return (UserManager) context.getSystemService(Context.USER_SERVICE);
657 public UserManager(Context context, IUserManager service) {
663 * Returns whether the system supports multiple users.
664 * @return true if multiple users can be created by user, false if it is a single user device.
667 public static boolean supportsMultipleUsers() {
668 return getMaxSupportedUsers() > 1
669 && SystemProperties.getBoolean("fw.show_multiuserui",
670 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI));
675 * @return Whether the device is running with split system user. It means the system user and
676 * primary user are two separate users. Previously system user and primary user are combined as
677 * a single owner user. see @link {android.os.UserHandle#USER_OWNER}
679 public static boolean isSplitSystemUser() {
680 return SystemProperties.getBoolean("ro.fw.system_user_split", false);
684 * Returns whether switching users is currently allowed.
685 * <p>For instance switching users is not allowed if the current user is in a phone call,
686 * or system user hasn't been unlocked yet
689 public boolean canSwitchUsers() {
690 boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt(
691 mContext.getContentResolver(),
692 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0;
693 boolean isSystemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM);
694 boolean inCall = TelephonyManager.getDefault().getCallState()
695 != TelephonyManager.CALL_STATE_IDLE;
696 return (allowUserSwitchingWhenSystemUserLocked || isSystemUserUnlocked) && !inCall;
700 * Returns the user handle for the user that this process is running under.
702 * @return the user handle of this process.
705 public @UserIdInt int getUserHandle() {
706 return UserHandle.myUserId();
710 * Returns the user name of the user making this call. This call is only
711 * available to applications on the system image; it requires the
712 * MANAGE_USERS permission.
713 * @return the user name
715 public String getUserName() {
717 return mService.getUserInfo(getUserHandle()).name;
718 } catch (RemoteException re) {
719 throw re.rethrowFromSystemServer();
724 * Used to determine whether the user making this call is subject to
727 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can
728 * now automatically identify goats using advanced goat recognition technology.</p>
730 * @return Returns true if the user making this call is a goat.
732 public boolean isUserAGoat() {
733 return mContext.getPackageManager()
734 .isPackageAvailable("com.coffeestainstudios.goatsimulator");
738 * Used to check if this process is running under the primary user. The primary user
739 * is the first human user on a device.
741 * @return whether this process is running under the primary user.
744 public boolean isPrimaryUser() {
745 UserInfo user = getUserInfo(UserHandle.myUserId());
746 return user != null ? user.isPrimary() : false;
750 * Used to check if this process is running under the system user. The system user
751 * is the initial user that is implicitly created on first boot and hosts most of the
754 * @return whether this process is running under the system user.
756 public boolean isSystemUser() {
757 return UserHandle.myUserId() == UserHandle.USER_SYSTEM;
762 * Returns whether the caller is running as an admin user. There can be more than one admin
765 public boolean isAdminUser() {
766 return isUserAdmin(UserHandle.myUserId());
771 * Returns whether the provided user is an admin user. There can be more than one admin
774 public boolean isUserAdmin(@UserIdInt int userId) {
775 UserInfo user = getUserInfo(userId);
776 return user != null && user.isAdmin();
780 * Used to check if the user making this call is linked to another user. Linked users may have
781 * a reduced number of available apps, app restrictions and account restrictions.
782 * @return whether the user making this call is a linked user
785 public boolean isLinkedUser() {
787 return mService.isRestricted();
788 } catch (RemoteException re) {
789 throw re.rethrowFromSystemServer();
794 * Checks if specified user can have restricted profile.
797 public boolean canHaveRestrictedProfile(@UserIdInt int userId) {
799 return mService.canHaveRestrictedProfile(userId);
800 } catch (RemoteException re) {
801 throw re.rethrowFromSystemServer();
806 * Checks if the calling app is running as a guest user.
807 * @return whether the caller is a guest user.
810 public boolean isGuestUser() {
811 UserInfo user = getUserInfo(UserHandle.myUserId());
812 return user != null ? user.isGuest() : false;
816 * Checks if the calling app is running in a managed profile.
817 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
819 * @return whether the caller is in a managed profile.
823 public boolean isManagedProfile() {
824 UserInfo user = getUserInfo(UserHandle.myUserId());
825 return user != null ? user.isManagedProfile() : false;
829 * Checks if the calling app is running as an ephemeral user.
831 * @return whether the caller is an ephemeral user.
834 public boolean isEphemeralUser() {
835 return isUserEphemeral(UserHandle.myUserId());
839 * Returns whether the specified user is ephemeral.
842 public boolean isUserEphemeral(@UserIdInt int userId) {
843 final UserInfo user = getUserInfo(userId);
844 return user != null && user.isEphemeral();
848 * Return whether the given user is actively running. This means that
849 * the user is in the "started" state, not "stopped" -- it is currently
850 * allowed to run code through scheduled alarms, receiving broadcasts,
851 * etc. A started user may be either the current foreground user or a
852 * background user; the result here does not distinguish between the two.
853 * @param user The user to retrieve the running state for.
855 public boolean isUserRunning(UserHandle user) {
856 return isUserRunning(user.getIdentifier());
860 public boolean isUserRunning(int userId) {
862 return ActivityManagerNative.getDefault().isUserRunning(userId, 0);
863 } catch (RemoteException re) {
864 throw re.rethrowFromSystemServer();
869 * Return whether the given user is actively running <em>or</em> stopping.
870 * This is like {@link #isUserRunning(UserHandle)}, but will also return
871 * true if the user had been running but is in the process of being stopped
872 * (but is not yet fully stopped, and still running some code).
873 * @param user The user to retrieve the running state for.
875 public boolean isUserRunningOrStopping(UserHandle user) {
877 // TODO: reconcile stopped vs stopping?
878 return ActivityManagerNative.getDefault().isUserRunning(
879 user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED);
880 } catch (RemoteException re) {
881 throw re.rethrowFromSystemServer();
886 * Return whether the calling user is running in a "locked" state. A user is
887 * unlocked only after they've entered their credentials (such as a lock
888 * pattern or PIN), and credential-encrypted private app data storage is
892 public boolean isUserRunningAndLocked() {
893 return isUserRunningAndLocked(Process.myUserHandle());
897 * Return whether the given user is running in a "locked" state. A user
898 * is unlocked only after they've entered their credentials (such as a lock
899 * pattern or PIN), and credential-encrypted private app data storage is
902 * @param user to retrieve the unlocked state for.
905 public boolean isUserRunningAndLocked(UserHandle user) {
907 return ActivityManagerNative.getDefault().isUserRunning(
908 user.getIdentifier(), ActivityManager.FLAG_AND_LOCKED);
909 } catch (RemoteException re) {
910 throw re.rethrowFromSystemServer();
915 * Return whether the calling user is running in an "unlocked" state. A user
916 * is unlocked only after they've entered their credentials (such as a lock
917 * pattern or PIN), and credential-encrypted private app data storage is
921 public boolean isUserRunningAndUnlocked() {
922 return isUserRunningAndUnlocked(Process.myUserHandle());
926 * Return whether the given user is running in an "unlocked" state. A user
927 * is unlocked only after they've entered their credentials (such as a lock
928 * pattern or PIN), and credential-encrypted private app data storage is
931 * @param user to retrieve the unlocked state for.
934 public boolean isUserRunningAndUnlocked(UserHandle user) {
936 return ActivityManagerNative.getDefault().isUserRunning(
937 user.getIdentifier(), ActivityManager.FLAG_AND_UNLOCKED);
938 } catch (RemoteException re) {
939 throw re.rethrowFromSystemServer();
944 * Return whether the calling user is running in an "unlocked" state. A user
945 * is unlocked only after they've entered their credentials (such as a lock
946 * pattern or PIN), and credential-encrypted private app data storage is
949 public boolean isUserUnlocked() {
950 return isUserUnlocked(Process.myUserHandle());
954 * Return whether the given user is running in an "unlocked" state. A user
955 * is unlocked only after they've entered their credentials (such as a lock
956 * pattern or PIN), and credential-encrypted private app data storage is
959 * @param user to retrieve the unlocked state for.
961 public boolean isUserUnlocked(UserHandle user) {
962 return isUserUnlocked(user.getIdentifier());
966 public boolean isUserUnlocked(@UserIdInt int userId) {
967 // TODO: eventually pivot this back to look at ActivityManager state,
968 // but there is race where we can start a non-encryption-aware launcher
969 // before that lifecycle has entered the running unlocked state.
970 return mContext.getSystemService(StorageManager.class).isUserKeyUnlocked(userId);
974 * Returns the UserInfo object describing a specific user.
975 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission or the caller is
976 * in the same profile group of target user.
977 * @param userHandle the user handle of the user whose information is being requested.
978 * @return the UserInfo object for a specific user.
981 public UserInfo getUserInfo(@UserIdInt int userHandle) {
983 return mService.getUserInfo(userHandle);
984 } catch (RemoteException re) {
985 throw re.rethrowFromSystemServer();
990 * Returns the user-wide restrictions imposed on this user.
991 * @return a Bundle containing all the restrictions.
993 public Bundle getUserRestrictions() {
994 return getUserRestrictions(Process.myUserHandle());
998 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>.
999 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
1000 * @return a Bundle containing all the restrictions.
1002 public Bundle getUserRestrictions(UserHandle userHandle) {
1004 return mService.getUserRestrictions(userHandle.getIdentifier());
1005 } catch (RemoteException re) {
1006 throw re.rethrowFromSystemServer();
1012 * Returns whether the given user has been disallowed from performing certain actions
1013 * or setting certain settings through UserManager. This method disregards restrictions
1014 * set by device policy.
1015 * @param restrictionKey the string key representing the restriction
1016 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
1018 public boolean hasBaseUserRestriction(String restrictionKey, UserHandle userHandle) {
1020 return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier());
1021 } catch (RemoteException re) {
1022 throw re.rethrowFromSystemServer();
1027 * This will no longer work. Device owners and profile owners should use
1028 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead.
1030 // System apps should use UserManager.setUserRestriction() instead.
1032 public void setUserRestrictions(Bundle restrictions) {
1033 throw new UnsupportedOperationException("This method is no longer supported");
1037 * This will no longer work. Device owners and profile owners should use
1038 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead.
1040 // System apps should use UserManager.setUserRestriction() instead.
1042 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) {
1043 throw new UnsupportedOperationException("This method is no longer supported");
1047 * Sets the value of a specific restriction.
1048 * Requires the MANAGE_USERS permission.
1049 * @param key the key of the restriction
1050 * @param value the value for the restriction
1051 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(
1052 * android.content.ComponentName, String)} or
1053 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(
1054 * android.content.ComponentName, String)} instead.
1057 public void setUserRestriction(String key, boolean value) {
1058 setUserRestriction(key, value, Process.myUserHandle());
1063 * Sets the value of a specific restriction on a specific user.
1064 * Requires the MANAGE_USERS permission.
1065 * @param key the key of the restriction
1066 * @param value the value for the restriction
1067 * @param userHandle the user whose restriction is to be changed.
1068 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(
1069 * android.content.ComponentName, String)} or
1070 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(
1071 * android.content.ComponentName, String)} instead.
1074 public void setUserRestriction(String key, boolean value, UserHandle userHandle) {
1076 mService.setUserRestriction(key, value, userHandle.getIdentifier());
1077 } catch (RemoteException re) {
1078 throw re.rethrowFromSystemServer();
1083 * Returns whether the current user has been disallowed from performing certain actions
1084 * or setting certain settings.
1086 * @param restrictionKey The string key representing the restriction.
1087 * @return {@code true} if the current user has the given restriction, {@code false} otherwise.
1089 public boolean hasUserRestriction(String restrictionKey) {
1090 return hasUserRestriction(restrictionKey, Process.myUserHandle());
1095 * Returns whether the given user has been disallowed from performing certain actions
1096 * or setting certain settings.
1097 * @param restrictionKey the string key representing the restriction
1098 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
1100 public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) {
1102 return mService.hasUserRestriction(restrictionKey,
1103 userHandle.getIdentifier());
1104 } catch (RemoteException re) {
1105 throw re.rethrowFromSystemServer();
1110 * Return the serial number for a user. This is a device-unique
1111 * number assigned to that user; if the user is deleted and then a new
1112 * user created, the new users will not be given the same serial number.
1113 * @param user The user whose serial number is to be retrieved.
1114 * @return The serial number of the given user; returns -1 if the
1115 * given UserHandle does not exist.
1116 * @see #getUserForSerialNumber(long)
1118 public long getSerialNumberForUser(UserHandle user) {
1119 return getUserSerialNumber(user.getIdentifier());
1123 * Return the user associated with a serial number previously
1124 * returned by {@link #getSerialNumberForUser(UserHandle)}.
1125 * @param serialNumber The serial number of the user that is being
1127 * @return Return the user associated with the serial number, or null
1128 * if there is not one.
1129 * @see #getSerialNumberForUser(UserHandle)
1131 public UserHandle getUserForSerialNumber(long serialNumber) {
1132 int ident = getUserHandle((int) serialNumber);
1133 return ident >= 0 ? new UserHandle(ident) : null;
1137 * Creates a user with the specified name and options. For non-admin users, default user
1138 * restrictions are going to be applied.
1139 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1141 * @param name the user's name
1142 * @param flags flags that identify the type of user and other properties.
1145 * @return the UserInfo object for the created user, or null if the user could not be created.
1148 public UserInfo createUser(String name, int flags) {
1149 UserInfo user = null;
1151 user = mService.createUser(name, flags);
1152 // TODO: Keep this in sync with
1153 // UserManagerService.LocalService.createUserEvenWhenDisallowed
1154 if (user != null && !user.isAdmin()) {
1155 mService.setUserRestriction(DISALLOW_SMS, true, user.id);
1156 mService.setUserRestriction(DISALLOW_OUTGOING_CALLS, true, user.id);
1158 } catch (RemoteException re) {
1159 throw re.rethrowFromSystemServer();
1165 * Creates a guest user and configures it.
1166 * @param context an application context
1167 * @param name the name to set for the user
1170 public UserInfo createGuest(Context context, String name) {
1171 UserInfo guest = null;
1173 guest = mService.createUser(name, UserInfo.FLAG_GUEST);
1174 if (guest != null) {
1175 Settings.Secure.putStringForUser(context.getContentResolver(),
1176 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id);
1178 } catch (RemoteException re) {
1179 throw re.rethrowFromSystemServer();
1185 * Creates a user with the specified name and options as a profile of another user.
1186 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1188 * @param name the user's name
1189 * @param flags flags that identify the type of user and other properties.
1191 * @param userHandle new user will be a profile of this use.
1193 * @return the UserInfo object for the created user, or null if the user could not be created.
1196 public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle) {
1198 return mService.createProfileForUser(name, flags, userHandle);
1199 } catch (RemoteException re) {
1200 throw re.rethrowFromSystemServer();
1205 * Creates a restricted profile with the specified name. This method also sets necessary
1206 * restrictions and adds shared accounts.
1208 * @param name profile's name
1209 * @return UserInfo object for the created user, or null if the user could not be created.
1212 public UserInfo createRestrictedProfile(String name) {
1214 UserHandle parentUserHandle = Process.myUserHandle();
1215 UserInfo user = mService.createRestrictedProfile(name,
1216 parentUserHandle.getIdentifier());
1218 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle,
1219 UserHandle.of(user.id));
1222 } catch (RemoteException re) {
1223 throw re.rethrowFromSystemServer();
1228 * Returns an intent to create a user for the provided name and email address. The name
1229 * and email address will be used when the setup process for the new user is started.
1230 * If this device does not support multiple users, null is returned.
1232 * The intent should be launched using startActivityForResult and the return result will
1233 * indicate if the user consented to adding a new user and if the operation succeeded. Any
1234 * errors in creating the user will be returned in the result code. If the user cancels the
1235 * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the
1236 * result code will be {@link Activity#RESULT_OK}.
1238 * The new user is created but not initialized. After switching into the user for the first
1239 * time, the preferred user name and account information are used by the setup process for that
1242 * @param userName Optional name to assign to the user.
1243 * @param accountName Optional email address that will be used by the setup wizard to initialize
1245 * @param accountType Optional account type for the account to be created. This is required
1246 * if the account name is specified.
1247 * @param accountOptions Optional bundle of data to be passed in during account creation in the
1248 * new user via {@link AccountManager#addAccount(String, String, String[],
1249 * Bundle, android.app.Activity, android.accounts.AccountManagerCallback,
1251 * @return An Intent that can be launched from an Activity or null if creating users is not
1252 * supported on this device.
1253 * @see #USER_CREATION_FAILED_NOT_PERMITTED
1254 * @see #USER_CREATION_FAILED_NO_MORE_USERS
1256 public static Intent createUserCreationIntent(@Nullable String userName,
1257 @Nullable String accountName,
1258 @Nullable String accountType, @Nullable PersistableBundle accountOptions) {
1259 if (!supportsMultipleUsers() || getMaxSupportedUsers() < 2) {
1262 Intent intent = new Intent(ACTION_CREATE_USER);
1263 if (userName != null) {
1264 intent.putExtra(EXTRA_USER_NAME, userName);
1266 if (accountName != null && accountType == null) {
1267 throw new IllegalArgumentException("accountType must be specified if accountName is "
1270 if (accountName != null) {
1271 intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName);
1273 if (accountType != null) {
1274 intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType);
1276 if (accountOptions != null) {
1277 intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions);
1285 * Returns the preferred account name for user creation. Requires MANAGE_USERS permission.
1288 public String getSeedAccountName() {
1290 return mService.getSeedAccountName();
1291 } catch (RemoteException re) {
1292 throw re.rethrowFromSystemServer();
1299 * Returns the preferred account type for user creation. Requires MANAGE_USERS permission.
1302 public String getSeedAccountType() {
1304 return mService.getSeedAccountType();
1305 } catch (RemoteException re) {
1306 throw re.rethrowFromSystemServer();
1313 * Returns the preferred account's options bundle for user creation. Requires MANAGE_USERS
1315 * @return Any options set by the requestor that created the user.
1318 public PersistableBundle getSeedAccountOptions() {
1320 return mService.getSeedAccountOptions();
1321 } catch (RemoteException re) {
1322 throw re.rethrowFromSystemServer();
1329 * Called by a system activity to set the seed account information of a user created
1330 * through the user creation intent.
1332 * @param accountName
1333 * @param accountType
1334 * @param accountOptions
1335 * @see #createUserCreationIntent(String, String, String, PersistableBundle)
1337 public void setSeedAccountData(int userId, String accountName, String accountType,
1338 PersistableBundle accountOptions) {
1340 mService.setSeedAccountData(userId, accountName, accountType, accountOptions,
1341 /* persist= */ true);
1342 } catch (RemoteException re) {
1343 throw re.rethrowFromSystemServer();
1349 * Clears the seed information used to create this user. Requires MANAGE_USERS permission.
1352 public void clearSeedAccountData() {
1354 mService.clearSeedAccountData();
1355 } catch (RemoteException re) {
1356 throw re.rethrowFromSystemServer();
1362 * Marks the guest user for deletion to allow a new guest to be created before deleting
1363 * the current user who is a guest.
1367 public boolean markGuestForDeletion(@UserIdInt int userHandle) {
1369 return mService.markGuestForDeletion(userHandle);
1370 } catch (RemoteException re) {
1371 throw re.rethrowFromSystemServer();
1376 * Sets the user as enabled, if such an user exists.
1378 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1380 * <p>Note that the default is true, it's only that managed profiles might not be enabled.
1381 * Also ephemeral users can be disabled to indicate that their removal is in progress and they
1382 * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled.
1384 * @param userHandle the id of the profile to enable
1387 public void setUserEnabled(@UserIdInt int userHandle) {
1389 mService.setUserEnabled(userHandle);
1390 } catch (RemoteException re) {
1391 throw re.rethrowFromSystemServer();
1396 * Return the number of users currently created on the device.
1398 public int getUserCount() {
1399 List<UserInfo> users = getUsers();
1400 return users != null ? users.size() : 1;
1404 * Returns information for all users on this device.
1405 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1406 * @return the list of users that exist on the device.
1409 public List<UserInfo> getUsers() {
1411 return mService.getUsers(false);
1412 } catch (RemoteException re) {
1413 throw re.rethrowFromSystemServer();
1418 * Returns serial numbers of all users on this device.
1419 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1421 * @param excludeDying specify if the list should exclude users being removed.
1422 * @return the list of serial numbers of users that exist on the device.
1426 public long[] getSerialNumbersOfUsers(boolean excludeDying) {
1428 List<UserInfo> users = mService.getUsers(excludeDying);
1429 long[] result = new long[users.size()];
1430 for (int i = 0; i < result.length; i++) {
1431 result[i] = users.get(i).serialNumber;
1434 } catch (RemoteException re) {
1435 throw re.rethrowFromSystemServer();
1440 * @return the user's account name, null if not found.
1443 @RequiresPermission( allOf = {
1444 Manifest.permission.INTERACT_ACROSS_USERS_FULL,
1445 Manifest.permission.MANAGE_USERS
1447 public @Nullable String getUserAccount(@UserIdInt int userHandle) {
1449 return mService.getUserAccount(userHandle);
1450 } catch (RemoteException re) {
1451 throw re.rethrowFromSystemServer();
1456 * Set account name for the given user.
1459 @RequiresPermission( allOf = {
1460 Manifest.permission.INTERACT_ACROSS_USERS_FULL,
1461 Manifest.permission.MANAGE_USERS
1463 public void setUserAccount(@UserIdInt int userHandle, @Nullable String accountName) {
1465 mService.setUserAccount(userHandle, accountName);
1466 } catch (RemoteException re) {
1467 throw re.rethrowFromSystemServer();
1472 * Returns information for Primary user.
1473 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1475 * @return the Primary user, null if not found.
1478 public @Nullable UserInfo getPrimaryUser() {
1480 return mService.getPrimaryUser();
1481 } catch (RemoteException re) {
1482 throw re.rethrowFromSystemServer();
1487 * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS
1490 * @return true if more users can be added, false if limit has been reached.
1493 public boolean canAddMoreUsers() {
1494 final List<UserInfo> users = getUsers(true);
1495 final int totalUserCount = users.size();
1496 int aliveUserCount = 0;
1497 for (int i = 0; i < totalUserCount; i++) {
1498 UserInfo user = users.get(i);
1499 if (!user.isGuest()) {
1503 return aliveUserCount < getMaxSupportedUsers();
1507 * Checks whether it's possible to add more managed profiles. Caller must hold the MANAGE_USERS
1509 * if allowedToRemoveOne is true and if the user already has a managed profile, then return if
1510 * we could add a new managed profile to this user after removing the existing one.
1512 * @return true if more managed profiles can be added, false if limit has been reached.
1515 public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) {
1517 return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne);
1518 } catch (RemoteException re) {
1519 throw re.rethrowFromSystemServer();
1524 * Returns list of the profiles of userHandle including
1525 * userHandle itself.
1526 * Note that this returns both enabled and not enabled profiles. See
1527 * {@link #getEnabledProfiles(int)} if you need only the enabled ones.
1529 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1530 * @param userHandle profiles of this user will be returned.
1531 * @return the list of profiles.
1534 public List<UserInfo> getProfiles(@UserIdInt int userHandle) {
1536 return mService.getProfiles(userHandle, false /* enabledOnly */);
1537 } catch (RemoteException re) {
1538 throw re.rethrowFromSystemServer();
1543 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1544 * @param userId one of the two user ids to check.
1545 * @param otherUserId one of the two user ids to check.
1546 * @return true if the two user ids are in the same profile group.
1549 public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) {
1551 return mService.isSameProfileGroup(userId, otherUserId);
1552 } catch (RemoteException re) {
1553 throw re.rethrowFromSystemServer();
1558 * Returns list of the profiles of userHandle including
1559 * userHandle itself.
1560 * Note that this returns only enabled.
1562 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1563 * @param userHandle profiles of this user will be returned.
1564 * @return the list of profiles.
1567 public List<UserInfo> getEnabledProfiles(@UserIdInt int userHandle) {
1569 return mService.getProfiles(userHandle, true /* enabledOnly */);
1570 } catch (RemoteException re) {
1571 throw re.rethrowFromSystemServer();
1576 * Returns a list of UserHandles for profiles associated with the user that the calling process
1577 * is running on, including the user itself.
1579 * @return A non-empty list of UserHandles associated with the calling user.
1581 public List<UserHandle> getUserProfiles() {
1582 ArrayList<UserHandle> profiles = new ArrayList<UserHandle>();
1583 List<UserInfo> users;
1585 users = mService.getProfiles(UserHandle.myUserId(), true /* enabledOnly */);
1586 } catch (RemoteException re) {
1587 throw re.rethrowFromSystemServer();
1589 for (UserInfo info : users) {
1590 UserHandle userHandle = new UserHandle(info.id);
1591 profiles.add(userHandle);
1597 * Returns the device credential owner id of the profile from
1598 * which this method is called, or userHandle if called from a user that
1603 public int getCredentialOwnerProfile(@UserIdInt int userHandle) {
1605 return mService.getCredentialOwnerProfile(userHandle);
1606 } catch (RemoteException re) {
1607 throw re.rethrowFromSystemServer();
1612 * Returns the parent of the profile which this method is called from
1613 * or null if called from a user that is not a profile.
1617 public UserInfo getProfileParent(@UserIdInt int userHandle) {
1619 return mService.getProfileParent(userHandle);
1620 } catch (RemoteException re) {
1621 throw re.rethrowFromSystemServer();
1626 * Set quiet mode of a managed profile.
1628 * @param userHandle The user handle of the profile.
1629 * @param enableQuietMode Whether quiet mode should be enabled or disabled.
1632 public void setQuietModeEnabled(@UserIdInt int userHandle, boolean enableQuietMode) {
1634 mService.setQuietModeEnabled(userHandle, enableQuietMode);
1635 } catch (RemoteException re) {
1636 throw re.rethrowFromSystemServer();
1641 * Returns whether the given profile is in quiet mode or not.
1643 * @param userHandle The user handle of the profile to be queried.
1644 * @return true if the profile is in quiet mode, false otherwise.
1646 public boolean isQuietModeEnabled(UserHandle userHandle) {
1648 return mService.isQuietModeEnabled(userHandle.getIdentifier());
1649 } catch (RemoteException re) {
1650 throw re.rethrowFromSystemServer();
1655 * If the target user is a managed profile of the calling user or the caller
1656 * is itself a managed profile, then this returns a badged copy of the given
1657 * icon to be able to distinguish it from the original icon. For badging an
1658 * arbitrary drawable use {@link #getBadgedDrawableForUser(
1659 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}.
1661 * If the original drawable is a BitmapDrawable and the backing bitmap is
1662 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging
1663 * is performed in place and the original drawable is returned.
1666 * @param icon The icon to badge.
1667 * @param user The target user.
1668 * @return A drawable that combines the original icon and a badge as
1669 * determined by the system.
1672 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) {
1673 return mContext.getPackageManager().getUserBadgedIcon(icon, user);
1677 * If the target user is a managed profile of the calling user or the caller
1678 * is itself a managed profile, then this returns a badged copy of the given
1679 * drawable allowing the user to distinguish it from the original drawable.
1680 * The caller can specify the location in the bounds of the drawable to be
1681 * badged where the badge should be applied as well as the density of the
1684 * If the original drawable is a BitmapDrawable and the backing bitmap is
1685 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging
1686 * is performed in place and the original drawable is returned.
1689 * @param badgedDrawable The drawable to badge.
1690 * @param user The target user.
1691 * @param badgeLocation Where in the bounds of the badged drawable to place
1692 * the badge. If it's {@code null}, the badge is applied on top of the entire
1693 * drawable being badged.
1694 * @param badgeDensity The optional desired density for the badge as per
1695 * {@link android.util.DisplayMetrics#densityDpi}. If it's not positive,
1696 * the density of the display is used.
1697 * @return A drawable that combines the original drawable and a badge as
1698 * determined by the system.
1701 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user,
1702 Rect badgeLocation, int badgeDensity) {
1703 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user,
1704 badgeLocation, badgeDensity);
1708 * If the target user is a managed profile of the calling user or the caller
1709 * is itself a managed profile, then this returns a copy of the label with
1710 * badging for accessibility services like talkback. E.g. passing in "Email"
1711 * and it might return "Work Email" for Email in the work profile.
1713 * @param label The label to change.
1714 * @param user The target user.
1715 * @return A label that combines the original label and a badge as
1716 * determined by the system.
1719 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) {
1720 return mContext.getPackageManager().getUserBadgedLabel(label, user);
1724 * Returns information for all users on this device. Requires
1725 * {@link android.Manifest.permission#MANAGE_USERS} permission.
1727 * @param excludeDying specify if the list should exclude users being
1729 * @return the list of users that were created.
1732 public List<UserInfo> getUsers(boolean excludeDying) {
1734 return mService.getUsers(excludeDying);
1735 } catch (RemoteException re) {
1736 throw re.rethrowFromSystemServer();
1741 * Removes a user and all associated data.
1742 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1743 * @param userHandle the integer handle of the user, where 0 is the primary user.
1746 public boolean removeUser(@UserIdInt int userHandle) {
1748 return mService.removeUser(userHandle);
1749 } catch (RemoteException re) {
1750 throw re.rethrowFromSystemServer();
1755 * Updates the user's name.
1756 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1758 * @param userHandle the user's integer handle
1759 * @param name the new name for the user
1762 public void setUserName(@UserIdInt int userHandle, String name) {
1764 mService.setUserName(userHandle, name);
1765 } catch (RemoteException re) {
1766 throw re.rethrowFromSystemServer();
1771 * Sets the user's photo.
1772 * @param userHandle the user for whom to change the photo.
1773 * @param icon the bitmap to set as the photo.
1776 public void setUserIcon(@UserIdInt int userHandle, Bitmap icon) {
1778 mService.setUserIcon(userHandle, icon);
1779 } catch (RemoteException re) {
1780 throw re.rethrowFromSystemServer();
1785 * Returns a file descriptor for the user's photo. PNG data can be read from this file.
1786 * @param userHandle the user whose photo we want to read.
1787 * @return a {@link Bitmap} of the user's photo, or null if there's no photo.
1788 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default.
1791 public Bitmap getUserIcon(@UserIdInt int userHandle) {
1793 ParcelFileDescriptor fd = mService.getUserIcon(userHandle);
1796 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor());
1800 } catch (IOException e) {
1804 } catch (RemoteException re) {
1805 throw re.rethrowFromSystemServer();
1811 * Returns the maximum number of users that can be created on this device. A return value
1812 * of 1 means that it is a single user device.
1814 * @return a value greater than or equal to 1
1816 public static int getMaxSupportedUsers() {
1817 // Don't allow multiple users on certain builds
1818 if (android.os.Build.ID.startsWith("JVP")) return 1;
1819 // Svelte devices don't get multi-user.
1820 if (ActivityManager.isLowRamDeviceStatic()) return 1;
1821 return SystemProperties.getInt("fw.max_users",
1822 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers));
1826 * Returns true if the user switcher should be shown, this will be if device supports multi-user
1827 * and there are at least 2 users available that are not managed profiles.
1829 * @return true if user switcher should be shown.
1831 public boolean isUserSwitcherEnabled() {
1832 if (!supportsMultipleUsers()) {
1835 List<UserInfo> users = getUsers(true);
1836 if (users == null) {
1839 int switchableUserCount = 0;
1840 for (UserInfo user : users) {
1841 if (user.supportsSwitchToByUser()) {
1842 ++switchableUserCount;
1845 final boolean guestEnabled = !mContext.getSystemService(DevicePolicyManager.class)
1846 .getGuestUserDisabled(null);
1847 return switchableUserCount > 1 || guestEnabled;
1851 * Returns a serial number on this device for a given userHandle. User handles can be recycled
1852 * when deleting and creating users, but serial numbers are not reused until the device is wiped.
1854 * @return a serial number associated with that user, or -1 if the userHandle is not valid.
1857 public int getUserSerialNumber(@UserIdInt int userHandle) {
1859 return mService.getUserSerialNumber(userHandle);
1860 } catch (RemoteException re) {
1861 throw re.rethrowFromSystemServer();
1866 * Returns a userHandle on this device for a given user serial number. User handles can be
1867 * recycled when deleting and creating users, but serial numbers are not reused until the device
1869 * @param userSerialNumber
1870 * @return the userHandle associated with that user serial number, or -1 if the serial number
1874 public @UserIdInt int getUserHandle(int userSerialNumber) {
1876 return mService.getUserHandle(userSerialNumber);
1877 } catch (RemoteException re) {
1878 throw re.rethrowFromSystemServer();
1883 * Returns a {@code Bundle} containing any saved application restrictions for this user, for the
1884 * given package name. Only an application with this package name can call this method.
1886 * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application,
1887 * where the types of values may be:
1889 * <li>{@code boolean}
1891 * <li>{@code String} or {@code String[]}
1892 * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]}
1895 * @param packageName the package name of the calling application
1896 * @return a {@code Bundle} with the restrictions for that package, or {@code null} if there
1897 * are no saved restrictions.
1899 * @see #KEY_RESTRICTIONS_PENDING
1901 public Bundle getApplicationRestrictions(String packageName) {
1903 return mService.getApplicationRestrictions(packageName);
1904 } catch (RemoteException re) {
1905 throw re.rethrowFromSystemServer();
1912 public Bundle getApplicationRestrictions(String packageName, UserHandle user) {
1914 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier());
1915 } catch (RemoteException re) {
1916 throw re.rethrowFromSystemServer();
1923 public void setApplicationRestrictions(String packageName, Bundle restrictions,
1926 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier());
1927 } catch (RemoteException re) {
1928 throw re.rethrowFromSystemServer();
1933 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed
1934 * apps and requires the MANAGE_USERS permission.
1935 * @param newPin the PIN to use for challenge dialogs.
1936 * @return Returns true if the challenge PIN was set successfully.
1937 * @deprecated The restrictions PIN functionality is no longer provided by the system.
1938 * This method is preserved for backwards compatibility reasons and always returns false.
1940 public boolean setRestrictionsChallenge(String newPin) {
1946 * Set restrictions that should apply to any future guest user that's created.
1948 public void setDefaultGuestRestrictions(Bundle restrictions) {
1950 mService.setDefaultGuestRestrictions(restrictions);
1951 } catch (RemoteException re) {
1952 throw re.rethrowFromSystemServer();
1958 * Gets the default guest restrictions.
1960 public Bundle getDefaultGuestRestrictions() {
1962 return mService.getDefaultGuestRestrictions();
1963 } catch (RemoteException re) {
1964 throw re.rethrowFromSystemServer();
1969 * Returns creation time of the user or of a managed profile associated with the calling user.
1970 * @param userHandle user handle of the user or a managed profile associated with the
1972 * @return creation time in milliseconds since Epoch time.
1974 public long getUserCreationTime(UserHandle userHandle) {
1976 return mService.getUserCreationTime(userHandle.getIdentifier());
1977 } catch (RemoteException re) {
1978 throw re.rethrowFromSystemServer();
1984 * Checks if any uninitialized user has the specific seed account name and type.
1986 * @param mAccountName The account name to check for
1987 * @param mAccountType The account type of the account to check for
1988 * @return whether the seed account was found
1990 public boolean someUserHasSeedAccount(String accountName, String accountType) {
1992 return mService.someUserHasSeedAccount(accountName, accountType);
1993 } catch (RemoteException re) {
1994 throw re.rethrowFromSystemServer();