2 * Copyright (C) 2012 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 import android.Manifest;
20 import android.accounts.AccountManager;
21 import android.annotation.IntDef;
22 import android.annotation.Nullable;
23 import android.annotation.RequiresPermission;
24 import android.annotation.SystemApi;
25 import android.annotation.UserIdInt;
26 import android.app.Activity;
27 import android.app.ActivityManager;
28 import android.app.ActivityManagerNative;
29 import android.app.admin.DevicePolicyManager;
30 import android.content.ComponentName;
31 import android.content.Context;
32 import android.content.Intent;
33 import android.content.IntentSender;
34 import android.content.pm.UserInfo;
35 import android.content.res.Resources;
36 import android.graphics.Bitmap;
37 import android.graphics.BitmapFactory;
38 import android.graphics.Rect;
39 import android.graphics.drawable.Drawable;
40 import android.provider.Settings;
41 import android.telephony.TelephonyManager;
42 import android.view.WindowManager.LayoutParams;
44 import com.android.internal.R;
46 import java.io.IOException;
47 import java.lang.annotation.Retention;
48 import java.lang.annotation.RetentionPolicy;
49 import java.util.ArrayList;
50 import java.util.List;
53 * Manages users and user details on a multi-user system. There are two major categories of
54 * users: fully customizable users with their own login, and managed profiles that share a workspace
55 * with a related user.
57 * Users are different from accounts, which are managed by
58 * {@link AccountManager}. Each user can have their own set of accounts.
60 * See {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} for more on managed profiles.
62 public class UserManager {
64 private static String TAG = "UserManager";
65 private final IUserManager mService;
66 private final Context mContext;
70 * No user restriction.
73 public static final int RESTRICTION_NOT_SET = 0x0;
77 * User restriction set by system/user.
80 public static final int RESTRICTION_SOURCE_SYSTEM = 0x1;
84 * User restriction set by a device owner.
87 public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 0x2;
91 * User restriction set by a profile owner.
94 public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 0x4;
97 @Retention(RetentionPolicy.SOURCE)
98 @IntDef(flag=true, value={RESTRICTION_NOT_SET, RESTRICTION_SOURCE_SYSTEM,
99 RESTRICTION_SOURCE_DEVICE_OWNER, RESTRICTION_SOURCE_PROFILE_OWNER})
101 public @interface UserRestrictionSource {}
104 * Specifies if a user is disallowed from adding and removing accounts, unless they are
105 * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by
107 * The default value is <code>false</code>.
109 * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still
110 * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account
111 * management is disallowed.
113 * <p>Key for user restrictions.
115 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
116 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
117 * @see #getUserRestrictions()
119 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";
122 * Specifies if a user is disallowed from changing Wi-Fi
123 * access points. The default value is <code>false</code>.
124 * <p>This restriction has no effect in a managed profile.
126 * <p>Key for user restrictions.
128 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
129 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
130 * @see #getUserRestrictions()
132 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi";
135 * Specifies if a user is disallowed from installing applications.
136 * The default value is <code>false</code>.
138 * <p>Key for user restrictions.
140 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
141 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
142 * @see #getUserRestrictions()
144 public static final String DISALLOW_INSTALL_APPS = "no_install_apps";
147 * Specifies if a user is disallowed from uninstalling applications.
148 * The default value is <code>false</code>.
150 * <p>Key for user restrictions.
152 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
153 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
154 * @see #getUserRestrictions()
156 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps";
159 * Specifies if a user is disallowed from turning on location sharing.
160 * The default value is <code>false</code>.
161 * <p>In a managed profile, location sharing always reflects the primary user's setting, but
162 * can be overridden and forced off by setting this restriction to true in the managed profile.
164 * <p>Key for user restrictions.
166 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
167 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
168 * @see #getUserRestrictions()
170 public static final String DISALLOW_SHARE_LOCATION = "no_share_location";
173 * Specifies if a user is disallowed from enabling the
174 * "Unknown Sources" setting, that allows installation of apps from unknown sources.
175 * The default value is <code>false</code>.
177 * <p>Key for user restrictions.
179 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
180 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
181 * @see #getUserRestrictions()
183 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources";
186 * Specifies if a user is disallowed from configuring bluetooth.
187 * This does <em>not</em> restrict the user from turning bluetooth on or off.
188 * The default value is <code>false</code>.
189 * <p>This restriction has no effect in a managed profile.
191 * <p>Key for user restrictions.
193 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
194 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
195 * @see #getUserRestrictions()
197 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth";
200 * Specifies if a user is disallowed from transferring files over
201 * USB. This can only be set by device owners and profile owners on the primary user.
202 * The default value is <code>false</code>.
204 * <p>Key for user restrictions.
206 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
207 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
208 * @see #getUserRestrictions()
210 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer";
213 * Specifies if a user is disallowed from configuring user
214 * credentials. The default value is <code>false</code>.
216 * <p>Key for user restrictions.
218 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
219 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
220 * @see #getUserRestrictions()
222 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials";
225 * When set on the primary user this specifies if the user can remove other users.
226 * When set on a secondary user, this specifies if the user can remove itself.
227 * This restriction has no effect on managed profiles.
228 * The default value is <code>false</code>.
230 * <p>Key for user restrictions.
232 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
233 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
234 * @see #getUserRestrictions()
236 public static final String DISALLOW_REMOVE_USER = "no_remove_user";
239 * Specifies if a user is disallowed from enabling or
240 * accessing debugging features. The default value is <code>false</code>.
242 * <p>Key for user restrictions.
244 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
245 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
246 * @see #getUserRestrictions()
248 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features";
251 * Specifies if a user is disallowed from configuring VPN.
252 * The default value is <code>false</code>.
253 * This restriction has an effect in a managed profile only from
254 * {@link android.os.Build.VERSION_CODES#M}
256 * <p>Key for user restrictions.
258 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
259 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
260 * @see #getUserRestrictions()
262 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn";
265 * Specifies if a user is disallowed from configuring Tethering
266 * & portable hotspots. This can only be set by device owners and profile owners on the
267 * primary user. The default value is <code>false</code>.
269 * <p>Key for user restrictions.
271 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
272 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
273 * @see #getUserRestrictions()
275 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering";
278 * Specifies if a user is disallowed from resetting network settings
279 * from Settings. This can only be set by device owners and profile owners on the primary user.
280 * The default value is <code>false</code>.
281 * <p>This restriction has no effect on secondary users and managed profiles since only the
282 * primary user can reset the network settings of the device.
284 * <p>Key for user restrictions.
286 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
287 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
288 * @see #getUserRestrictions()
290 public static final String DISALLOW_NETWORK_RESET = "no_network_reset";
293 * Specifies if a user is disallowed from factory resetting
294 * from Settings. This can only be set by device owners and profile owners on the primary user.
295 * The default value is <code>false</code>.
296 * <p>This restriction has no effect on secondary users and managed profiles since only the
297 * primary user can factory reset the device.
299 * <p>Key for user restrictions.
301 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
302 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
303 * @see #getUserRestrictions()
305 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset";
308 * Specifies if a user is disallowed from adding new users and
309 * profiles. This can only be set by device owners and profile owners on the primary user.
310 * The default value is <code>false</code>.
311 * <p>This restriction has no effect on secondary users and managed profiles since only the
312 * primary user can add other users.
314 * <p>Key for user restrictions.
316 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
317 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
318 * @see #getUserRestrictions()
320 public static final String DISALLOW_ADD_USER = "no_add_user";
323 * Specifies if a user is disallowed from disabling application
324 * verification. The default value is <code>false</code>.
326 * <p>Key for user restrictions.
328 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
329 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
330 * @see #getUserRestrictions()
332 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps";
335 * Specifies if a user is disallowed from configuring cell
336 * broadcasts. This can only be set by device owners and profile owners on the primary user.
337 * The default value is <code>false</code>.
338 * <p>This restriction has no effect on secondary users and managed profiles since only the
339 * primary user can configure cell broadcasts.
341 * <p>Key for user restrictions.
343 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
344 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
345 * @see #getUserRestrictions()
347 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts";
350 * Specifies if a user is disallowed from configuring mobile
351 * networks. This can only be set by device owners and profile owners on the primary user.
352 * The default value is <code>false</code>.
353 * <p>This restriction has no effect on secondary users and managed profiles since only the
354 * primary user can configure mobile networks.
356 * <p>Key for user restrictions.
358 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
359 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
360 * @see #getUserRestrictions()
362 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks";
365 * Specifies if a user is disallowed from modifying
366 * applications in Settings or launchers. The following actions will not be allowed when this
367 * restriction is enabled:
368 * <li>uninstalling apps</li>
369 * <li>disabling apps</li>
370 * <li>clearing app caches</li>
371 * <li>clearing app data</li>
372 * <li>force stopping apps</li>
373 * <li>clearing app defaults</li>
375 * The default value is <code>false</code>.
377 * <p>Key for user restrictions.
379 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
380 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
381 * @see #getUserRestrictions()
383 public static final String DISALLOW_APPS_CONTROL = "no_control_apps";
386 * Specifies if a user is disallowed from mounting
387 * physical external media. This can only be set by device owners and profile owners on the
388 * primary user. The default value is <code>false</code>.
390 * <p>Key for user restrictions.
392 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
393 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
394 * @see #getUserRestrictions()
396 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media";
399 * Specifies if a user is disallowed from adjusting microphone
400 * volume. If set, the microphone will be muted. This can only be set by device owners
401 * and profile owners on the primary user. The default value is <code>false</code>.
403 * <p>Key for user restrictions.
405 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
406 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
407 * @see #getUserRestrictions()
409 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone";
412 * Specifies if a user is disallowed from adjusting the master
413 * volume. If set, the master volume will be muted. This can only be set by device owners
414 * and profile owners on the primary user. The default value is <code>false</code>.
416 * <p>Key for user restrictions.
418 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
419 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
420 * @see #getUserRestrictions()
422 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume";
425 * Specifies that the user is not allowed to make outgoing
426 * phone calls. Emergency calls are still permitted.
427 * The default value is <code>false</code>.
428 * <p>This restriction has no effect on managed profiles.
430 * <p>Key for user restrictions.
432 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
433 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
434 * @see #getUserRestrictions()
436 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls";
439 * Specifies that the user is not allowed to send or receive
440 * SMS messages. The default value is <code>false</code>.
442 * <p>Key for user restrictions.
444 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
445 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
446 * @see #getUserRestrictions()
448 public static final String DISALLOW_SMS = "no_sms";
451 * Specifies if the user is not allowed to have fun. In some cases, the
452 * device owner may wish to prevent the user from experiencing amusement or
453 * joy while using the device. The default value is <code>false</code>.
455 * <p>Key for user restrictions.
457 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
458 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
459 * @see #getUserRestrictions()
461 public static final String DISALLOW_FUN = "no_fun";
464 * Specifies that windows besides app windows should not be
465 * created. This will block the creation of the following types of windows.
466 * <li>{@link LayoutParams#TYPE_TOAST}</li>
467 * <li>{@link LayoutParams#TYPE_PHONE}</li>
468 * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li>
469 * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li>
470 * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li>
471 * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li>
473 * <p>This can only be set by device owners and profile owners on the primary user.
474 * The default value is <code>false</code>.
476 * <p>Key for user restrictions.
478 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
479 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
480 * @see #getUserRestrictions()
482 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows";
485 * Specifies if what is copied in the clipboard of this profile can
486 * be pasted in related profiles. Does not restrict if the clipboard of related profiles can be
487 * pasted in this profile.
488 * The default value is <code>false</code>.
490 * <p>Key for user restrictions.
492 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
493 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
494 * @see #getUserRestrictions()
496 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste";
499 * Specifies if the user is not allowed to use NFC to beam out data from apps.
500 * The default value is <code>false</code>.
502 * <p>Key for user restrictions.
504 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
505 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
506 * @see #getUserRestrictions()
508 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam";
511 * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction
512 * generally means that wallpapers are not supported for the particular user. This user
513 * restriction is always set for managed profiles, because such profiles don't have wallpapers.
515 * @see #DISALLOW_SET_WALLPAPER
516 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
517 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
518 * @see #getUserRestrictions()
520 public static final String DISALLOW_WALLPAPER = "no_wallpaper";
523 * User restriction to disallow setting a wallpaper. Profile owner and device owner
524 * are able to set wallpaper regardless of this restriction.
525 * The default value is <code>false</code>.
527 * <p>Key for user restrictions.
529 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
530 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
531 * @see #getUserRestrictions()
533 public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper";
536 * Specifies if the user is not allowed to reboot the device into safe boot mode.
537 * This can only be set by device owners and profile owners on the primary user.
538 * The default value is <code>false</code>.
540 * <p>Key for user restrictions.
542 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
543 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
544 * @see #getUserRestrictions()
546 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot";
549 * Specifies if a user is not allowed to record audio. This restriction is always enabled for
550 * background users. The default value is <code>false</code>.
552 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
553 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
554 * @see #getUserRestrictions()
557 public static final String DISALLOW_RECORD_AUDIO = "no_record_audio";
560 * Specifies if a user is not allowed to run in the background and should be stopped during
561 * user switch. The default value is <code>false</code>.
563 * <p>This restriction can be set by device owners and profile owners.
565 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
566 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
567 * @see #getUserRestrictions()
570 public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background";
573 * Specifies if a user is not allowed to use the camera.
575 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
576 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
577 * @see #getUserRestrictions()
580 public static final String DISALLOW_CAMERA = "no_camera";
583 * Specifies if a user is not allowed to use cellular data when roaming. This can only be set by
584 * device owners. The default value is <code>false</code>.
586 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
587 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
588 * @see #getUserRestrictions()
590 public static final String DISALLOW_DATA_ROAMING = "no_data_roaming";
593 * Specifies if a user is not allowed to change their icon. Device owner and profile owner
594 * can set this restriction. When it is set by device owner, only the target user will be
595 * affected. The default value is <code>false</code>.
597 * <p>Key for user restrictions.
599 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
600 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
601 * @see #getUserRestrictions()
603 public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon";
606 * Allows apps in the parent profile to handle web links from the managed profile.
608 * This user restriction has an effect only in a managed profile.
610 * Intent filters of activities in the parent profile with action
611 * {@link android.content.Intent#ACTION_VIEW},
612 * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which
613 * define a host can handle intents from the managed profile.
614 * The default value is <code>false</code>.
616 * <p>Key for user restrictions.
618 * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
619 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
620 * @see #getUserRestrictions()
622 public static final String ALLOW_PARENT_PROFILE_APP_LINKING
623 = "allow_parent_profile_app_linking";
626 * Application restriction key that is used to indicate the pending arrival
627 * of real restrictions for the app.
630 * Applications that support restrictions should check for the presence of this key.
631 * A <code>true</code> value indicates that restrictions may be applied in the near
632 * future but are not available yet. It is the responsibility of any
633 * management application that sets this flag to update it when the final
634 * restrictions are enforced.
636 * <p>Key for application restrictions.
638 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions(
639 * android.content.ComponentName, String, Bundle)
640 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions(
641 * android.content.ComponentName, String)
643 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending";
645 private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER";
648 * Extra containing a name for the user being created. Optional parameter passed to
649 * ACTION_CREATE_USER activity.
652 public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME";
655 * Extra containing account name for the user being created. Optional parameter passed to
656 * ACTION_CREATE_USER activity.
659 public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME";
662 * Extra containing account type for the user being created. Optional parameter passed to
663 * ACTION_CREATE_USER activity.
666 public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE";
669 * Extra containing account-specific data for the user being created. Optional parameter passed
670 * to ACTION_CREATE_USER activity.
673 public static final String EXTRA_USER_ACCOUNT_OPTIONS
674 = "android.os.extra.USER_ACCOUNT_OPTIONS";
677 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;
679 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2;
681 public static final int PIN_VERIFICATION_SUCCESS = -1;
684 * Error result indicating that this user is not allowed to add other users on this device.
685 * This is a result code returned from the activity created by the intent
686 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}.
688 public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER;
691 * Error result indicating that no more users can be created on this device.
692 * This is a result code returned from the activity created by the intent
693 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}.
695 public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1;
698 public static UserManager get(Context context) {
699 return (UserManager) context.getSystemService(Context.USER_SERVICE);
703 public UserManager(Context context, IUserManager service) {
709 * Returns whether this device supports multiple users with their own login and customizable
711 * @return whether the device supports multiple users.
713 public static boolean supportsMultipleUsers() {
714 return getMaxSupportedUsers() > 1
715 && SystemProperties.getBoolean("fw.show_multiuserui",
716 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI));
721 * @return Whether the device is running with split system user. It means the system user and
722 * primary user are two separate users. Previously system user and primary user are combined as
723 * a single owner user. see @link {android.os.UserHandle#USER_OWNER}
725 public static boolean isSplitSystemUser() {
726 return SystemProperties.getBoolean("ro.fw.system_user_split", false);
730 * Returns whether switching users is currently allowed.
731 * <p>For instance switching users is not allowed if the current user is in a phone call,
732 * or system user hasn't been unlocked yet
735 public boolean canSwitchUsers() {
736 boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt(
737 mContext.getContentResolver(),
738 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0;
739 boolean isSystemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM);
740 boolean inCall = TelephonyManager.getDefault().getCallState()
741 != TelephonyManager.CALL_STATE_IDLE;
742 return (allowUserSwitchingWhenSystemUserLocked || isSystemUserUnlocked) && !inCall;
746 * Returns the user handle for the user that this process is running under.
748 * @return the user handle of this process.
751 public @UserIdInt int getUserHandle() {
752 return UserHandle.myUserId();
756 * Returns the user name of the user making this call. This call is only
757 * available to applications on the system image; it requires the
758 * MANAGE_USERS permission.
759 * @return the user name
761 public String getUserName() {
763 return mService.getUserInfo(getUserHandle()).name;
764 } catch (RemoteException re) {
765 throw re.rethrowFromSystemServer();
770 * Used to determine whether the user making this call is subject to
773 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can
774 * now automatically identify goats using advanced goat recognition technology.</p>
776 * @return Returns true if the user making this call is a goat.
778 public boolean isUserAGoat() {
779 return mContext.getPackageManager()
780 .isPackageAvailable("com.coffeestainstudios.goatsimulator");
784 * Used to check if this process is running under the primary user. The primary user
785 * is the first human user on a device.
787 * @return whether this process is running under the primary user.
790 public boolean isPrimaryUser() {
791 UserInfo user = getUserInfo(UserHandle.myUserId());
792 return user != null ? user.isPrimary() : false;
796 * Used to check if this process is running under the system user. The system user
797 * is the initial user that is implicitly created on first boot and hosts most of the
800 * @return whether this process is running under the system user.
802 public boolean isSystemUser() {
803 return UserHandle.myUserId() == UserHandle.USER_SYSTEM;
808 * Returns whether the caller is running as an admin user. There can be more than one admin
811 public boolean isAdminUser() {
812 return isUserAdmin(UserHandle.myUserId());
817 * Returns whether the provided user is an admin user. There can be more than one admin
820 public boolean isUserAdmin(@UserIdInt int userId) {
821 UserInfo user = getUserInfo(userId);
822 return user != null && user.isAdmin();
826 * Used to check if the user making this call is linked to another user. Linked users may have
827 * a reduced number of available apps, app restrictions and account restrictions.
828 * @return whether the user making this call is a linked user
831 public boolean isLinkedUser() {
833 return mService.isRestricted();
834 } catch (RemoteException re) {
835 throw re.rethrowFromSystemServer();
840 * Checks if specified user can have restricted profile.
843 public boolean canHaveRestrictedProfile(@UserIdInt int userId) {
845 return mService.canHaveRestrictedProfile(userId);
846 } catch (RemoteException re) {
847 throw re.rethrowFromSystemServer();
852 * Checks if the calling app is running as a guest user.
853 * @return whether the caller is a guest user.
856 public boolean isGuestUser() {
857 UserInfo user = getUserInfo(UserHandle.myUserId());
858 return user != null ? user.isGuest() : false;
862 * Checks if the calling app is running in a managed profile.
863 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
865 * @return whether the caller is in a managed profile.
869 public boolean isManagedProfile() {
871 return mService.isManagedProfile(UserHandle.myUserId());
872 } catch (RemoteException re) {
873 throw re.rethrowFromSystemServer();
878 * Checks if the specified user is a managed profile.
879 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission, otherwise the caller
880 * must be in the same profile group of specified user.
882 * @return whether the specified user is a managed profile.
886 public boolean isManagedProfile(@UserIdInt int userId) {
888 return mService.isManagedProfile(userId);
889 } catch (RemoteException re) {
890 throw re.rethrowFromSystemServer();
895 * Checks if the calling app is running as an ephemeral user.
897 * @return whether the caller is an ephemeral user.
900 public boolean isEphemeralUser() {
901 return isUserEphemeral(UserHandle.myUserId());
905 * Returns whether the specified user is ephemeral.
908 public boolean isUserEphemeral(@UserIdInt int userId) {
909 final UserInfo user = getUserInfo(userId);
910 return user != null && user.isEphemeral();
914 * Return whether the given user is actively running. This means that
915 * the user is in the "started" state, not "stopped" -- it is currently
916 * allowed to run code through scheduled alarms, receiving broadcasts,
917 * etc. A started user may be either the current foreground user or a
918 * background user; the result here does not distinguish between the two.
919 * @param user The user to retrieve the running state for.
921 public boolean isUserRunning(UserHandle user) {
922 return isUserRunning(user.getIdentifier());
926 public boolean isUserRunning(int userId) {
928 return ActivityManagerNative.getDefault().isUserRunning(userId, 0);
929 } catch (RemoteException re) {
930 throw re.rethrowFromSystemServer();
935 * Return whether the given user is actively running <em>or</em> stopping.
936 * This is like {@link #isUserRunning(UserHandle)}, but will also return
937 * true if the user had been running but is in the process of being stopped
938 * (but is not yet fully stopped, and still running some code).
939 * @param user The user to retrieve the running state for.
941 public boolean isUserRunningOrStopping(UserHandle user) {
943 // TODO: reconcile stopped vs stopping?
944 return ActivityManagerNative.getDefault().isUserRunning(
945 user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED);
946 } catch (RemoteException re) {
947 throw re.rethrowFromSystemServer();
953 public boolean isUserRunningAndLocked() {
954 return isUserRunningAndLocked(Process.myUserHandle());
959 public boolean isUserRunningAndLocked(UserHandle user) {
961 return ActivityManagerNative.getDefault().isUserRunning(
962 user.getIdentifier(), ActivityManager.FLAG_AND_LOCKED);
963 } catch (RemoteException re) {
964 throw re.rethrowFromSystemServer();
970 public boolean isUserRunningAndUnlocked() {
971 return isUserRunningAndUnlocked(Process.myUserHandle());
976 public boolean isUserRunningAndUnlocked(UserHandle user) {
978 return ActivityManagerNative.getDefault().isUserRunning(
979 user.getIdentifier(), ActivityManager.FLAG_AND_UNLOCKED);
980 } catch (RemoteException re) {
981 throw re.rethrowFromSystemServer();
986 * Return whether the calling user is running in an "unlocked" state.
988 * On devices with direct boot, a user is unlocked only after they've
989 * entered their credentials (such as a lock pattern or PIN). On devices
990 * without direct boot, a user is unlocked as soon as it starts.
992 * When a user is locked, only device-protected data storage is available.
993 * When a user is unlocked, both device-protected and credential-protected
994 * private app data storage is available.
996 * @see Intent#ACTION_USER_UNLOCKED
997 * @see Context#createDeviceProtectedStorageContext()
999 public boolean isUserUnlocked() {
1000 return isUserUnlocked(Process.myUserHandle());
1004 * Return whether the given user is running in an "unlocked" state.
1006 * On devices with direct boot, a user is unlocked only after they've
1007 * entered their credentials (such as a lock pattern or PIN). On devices
1008 * without direct boot, a user is unlocked as soon as it starts.
1010 * When a user is locked, only device-protected data storage is available.
1011 * When a user is unlocked, both device-protected and credential-protected
1012 * private app data storage is available.
1014 * @param user to retrieve the unlocked state for.
1015 * @see Intent#ACTION_USER_UNLOCKED
1016 * @see Context#createDeviceProtectedStorageContext()
1018 public boolean isUserUnlocked(UserHandle user) {
1019 return isUserUnlocked(user.getIdentifier());
1023 public boolean isUserUnlocked(@UserIdInt int userId) {
1025 return ActivityManagerNative.getDefault().isUserRunning(userId,
1026 ActivityManager.FLAG_AND_UNLOCKED);
1027 } catch (RemoteException re) {
1028 throw re.rethrowFromSystemServer();
1033 public boolean isUserUnlockingOrUnlocked(UserHandle user) {
1034 return isUserUnlockingOrUnlocked(user.getIdentifier());
1038 public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) {
1039 // TODO Switch to using UMS internal isUserUnlockingOrUnlocked
1041 return ActivityManagerNative.getDefault().isUserRunning(userId,
1042 ActivityManager.FLAG_AND_UNLOCKING_OR_UNLOCKED);
1043 } catch (RemoteException re) {
1044 throw re.rethrowFromSystemServer();
1049 * Returns the UserInfo object describing a specific user.
1050 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1051 * @param userHandle the user handle of the user whose information is being requested.
1052 * @return the UserInfo object for a specific user.
1055 public UserInfo getUserInfo(@UserIdInt int userHandle) {
1057 return mService.getUserInfo(userHandle);
1058 } catch (RemoteException re) {
1059 throw re.rethrowFromSystemServer();
1066 * Returns who set a user restriction on a user.
1067 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1068 * @param restrictionKey the string key representing the restriction
1069 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
1070 * @return The source of user restriction. Any combination of {@link #RESTRICTION_NOT_SET},
1071 * {@link #RESTRICTION_SOURCE_SYSTEM}, {@link #RESTRICTION_SOURCE_DEVICE_OWNER}
1072 * and {@link #RESTRICTION_SOURCE_PROFILE_OWNER}
1075 @UserRestrictionSource
1076 public int getUserRestrictionSource(String restrictionKey, UserHandle userHandle) {
1078 return mService.getUserRestrictionSource(restrictionKey, userHandle.getIdentifier());
1079 } catch (RemoteException re) {
1080 throw re.rethrowFromSystemServer();
1085 * Returns the user-wide restrictions imposed on this user.
1086 * @return a Bundle containing all the restrictions.
1088 public Bundle getUserRestrictions() {
1089 return getUserRestrictions(Process.myUserHandle());
1093 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>.
1094 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
1095 * @return a Bundle containing all the restrictions.
1097 public Bundle getUserRestrictions(UserHandle userHandle) {
1099 return mService.getUserRestrictions(userHandle.getIdentifier());
1100 } catch (RemoteException re) {
1101 throw re.rethrowFromSystemServer();
1107 * Returns whether the given user has been disallowed from performing certain actions
1108 * or setting certain settings through UserManager. This method disregards restrictions
1109 * set by device policy.
1110 * @param restrictionKey the string key representing the restriction
1111 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
1113 public boolean hasBaseUserRestriction(String restrictionKey, UserHandle userHandle) {
1115 return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier());
1116 } catch (RemoteException re) {
1117 throw re.rethrowFromSystemServer();
1122 * This will no longer work. Device owners and profile owners should use
1123 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead.
1125 // System apps should use UserManager.setUserRestriction() instead.
1127 public void setUserRestrictions(Bundle restrictions) {
1128 throw new UnsupportedOperationException("This method is no longer supported");
1132 * This will no longer work. Device owners and profile owners should use
1133 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead.
1135 // System apps should use UserManager.setUserRestriction() instead.
1137 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) {
1138 throw new UnsupportedOperationException("This method is no longer supported");
1142 * Sets the value of a specific restriction.
1143 * Requires the MANAGE_USERS permission.
1144 * @param key the key of the restriction
1145 * @param value the value for the restriction
1146 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(
1147 * android.content.ComponentName, String)} or
1148 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(
1149 * android.content.ComponentName, String)} instead.
1152 public void setUserRestriction(String key, boolean value) {
1153 setUserRestriction(key, value, Process.myUserHandle());
1158 * Sets the value of a specific restriction on a specific user.
1159 * Requires the MANAGE_USERS permission.
1160 * @param key the key of the restriction
1161 * @param value the value for the restriction
1162 * @param userHandle the user whose restriction is to be changed.
1163 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(
1164 * android.content.ComponentName, String)} or
1165 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(
1166 * android.content.ComponentName, String)} instead.
1169 public void setUserRestriction(String key, boolean value, UserHandle userHandle) {
1171 mService.setUserRestriction(key, value, userHandle.getIdentifier());
1172 } catch (RemoteException re) {
1173 throw re.rethrowFromSystemServer();
1178 * Returns whether the current user has been disallowed from performing certain actions
1179 * or setting certain settings.
1181 * @param restrictionKey The string key representing the restriction.
1182 * @return {@code true} if the current user has the given restriction, {@code false} otherwise.
1184 public boolean hasUserRestriction(String restrictionKey) {
1185 return hasUserRestriction(restrictionKey, Process.myUserHandle());
1190 * Returns whether the given user has been disallowed from performing certain actions
1191 * or setting certain settings.
1192 * @param restrictionKey the string key representing the restriction
1193 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions.
1195 public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) {
1197 return mService.hasUserRestriction(restrictionKey,
1198 userHandle.getIdentifier());
1199 } catch (RemoteException re) {
1200 throw re.rethrowFromSystemServer();
1205 * Return the serial number for a user. This is a device-unique
1206 * number assigned to that user; if the user is deleted and then a new
1207 * user created, the new users will not be given the same serial number.
1208 * @param user The user whose serial number is to be retrieved.
1209 * @return The serial number of the given user; returns -1 if the
1210 * given UserHandle does not exist.
1211 * @see #getUserForSerialNumber(long)
1213 public long getSerialNumberForUser(UserHandle user) {
1214 return getUserSerialNumber(user.getIdentifier());
1218 * Return the user associated with a serial number previously
1219 * returned by {@link #getSerialNumberForUser(UserHandle)}.
1220 * @param serialNumber The serial number of the user that is being
1222 * @return Return the user associated with the serial number, or null
1223 * if there is not one.
1224 * @see #getSerialNumberForUser(UserHandle)
1226 public UserHandle getUserForSerialNumber(long serialNumber) {
1227 int ident = getUserHandle((int) serialNumber);
1228 return ident >= 0 ? new UserHandle(ident) : null;
1232 * Creates a user with the specified name and options. For non-admin users, default user
1233 * restrictions are going to be applied.
1234 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1236 * @param name the user's name
1237 * @param flags flags that identify the type of user and other properties.
1240 * @return the UserInfo object for the created user, or null if the user could not be created.
1243 public UserInfo createUser(String name, int flags) {
1244 UserInfo user = null;
1246 user = mService.createUser(name, flags);
1247 // TODO: Keep this in sync with
1248 // UserManagerService.LocalService.createUserEvenWhenDisallowed
1249 if (user != null && !user.isAdmin()) {
1250 mService.setUserRestriction(DISALLOW_SMS, true, user.id);
1251 mService.setUserRestriction(DISALLOW_OUTGOING_CALLS, true, user.id);
1253 } catch (RemoteException re) {
1254 throw re.rethrowFromSystemServer();
1260 * Creates a guest user and configures it.
1261 * @param context an application context
1262 * @param name the name to set for the user
1265 public UserInfo createGuest(Context context, String name) {
1266 UserInfo guest = null;
1268 guest = mService.createUser(name, UserInfo.FLAG_GUEST);
1269 if (guest != null) {
1270 Settings.Secure.putStringForUser(context.getContentResolver(),
1271 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id);
1273 } catch (RemoteException re) {
1274 throw re.rethrowFromSystemServer();
1280 * Creates a user with the specified name and options as a profile of another user.
1281 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1283 * @param name the user's name
1284 * @param flags flags that identify the type of user and other properties.
1286 * @param userHandle new user will be a profile of this use.
1288 * @return the UserInfo object for the created user, or null if the user could not be created.
1291 public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle) {
1293 return mService.createProfileForUser(name, flags, userHandle);
1294 } catch (RemoteException re) {
1295 throw re.rethrowFromSystemServer();
1300 * Creates a restricted profile with the specified name. This method also sets necessary
1301 * restrictions and adds shared accounts.
1303 * @param name profile's name
1304 * @return UserInfo object for the created user, or null if the user could not be created.
1307 public UserInfo createRestrictedProfile(String name) {
1309 UserHandle parentUserHandle = Process.myUserHandle();
1310 UserInfo user = mService.createRestrictedProfile(name,
1311 parentUserHandle.getIdentifier());
1313 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle,
1314 UserHandle.of(user.id));
1317 } catch (RemoteException re) {
1318 throw re.rethrowFromSystemServer();
1323 * Returns an intent to create a user for the provided name and account name. The name
1324 * and account name will be used when the setup process for the new user is started.
1326 * The intent should be launched using startActivityForResult and the return result will
1327 * indicate if the user consented to adding a new user and if the operation succeeded. Any
1328 * errors in creating the user will be returned in the result code. If the user cancels the
1329 * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the
1330 * result code will be {@link Activity#RESULT_OK}.
1332 * Use {@link #supportsMultipleUsers()} to first check if the device supports this operation
1335 * The new user is created but not initialized. After switching into the user for the first
1336 * time, the preferred user name and account information are used by the setup process for that
1339 * @param userName Optional name to assign to the user.
1340 * @param accountName Optional account name that will be used by the setup wizard to initialize
1342 * @param accountType Optional account type for the account to be created. This is required
1343 * if the account name is specified.
1344 * @param accountOptions Optional bundle of data to be passed in during account creation in the
1345 * new user via {@link AccountManager#addAccount(String, String, String[],
1346 * Bundle, android.app.Activity, android.accounts.AccountManagerCallback,
1348 * @return An Intent that can be launched from an Activity.
1349 * @see #USER_CREATION_FAILED_NOT_PERMITTED
1350 * @see #USER_CREATION_FAILED_NO_MORE_USERS
1351 * @see #supportsMultipleUsers
1353 public static Intent createUserCreationIntent(@Nullable String userName,
1354 @Nullable String accountName,
1355 @Nullable String accountType, @Nullable PersistableBundle accountOptions) {
1356 Intent intent = new Intent(ACTION_CREATE_USER);
1357 if (userName != null) {
1358 intent.putExtra(EXTRA_USER_NAME, userName);
1360 if (accountName != null && accountType == null) {
1361 throw new IllegalArgumentException("accountType must be specified if accountName is "
1364 if (accountName != null) {
1365 intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName);
1367 if (accountType != null) {
1368 intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType);
1370 if (accountOptions != null) {
1371 intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions);
1379 * Returns the preferred account name for user creation. Requires MANAGE_USERS permission.
1382 public String getSeedAccountName() {
1384 return mService.getSeedAccountName();
1385 } catch (RemoteException re) {
1386 throw re.rethrowFromSystemServer();
1393 * Returns the preferred account type for user creation. Requires MANAGE_USERS permission.
1396 public String getSeedAccountType() {
1398 return mService.getSeedAccountType();
1399 } catch (RemoteException re) {
1400 throw re.rethrowFromSystemServer();
1407 * Returns the preferred account's options bundle for user creation. Requires MANAGE_USERS
1409 * @return Any options set by the requestor that created the user.
1412 public PersistableBundle getSeedAccountOptions() {
1414 return mService.getSeedAccountOptions();
1415 } catch (RemoteException re) {
1416 throw re.rethrowFromSystemServer();
1423 * Called by a system activity to set the seed account information of a user created
1424 * through the user creation intent.
1426 * @param accountName
1427 * @param accountType
1428 * @param accountOptions
1429 * @see #createUserCreationIntent(String, String, String, PersistableBundle)
1431 public void setSeedAccountData(int userId, String accountName, String accountType,
1432 PersistableBundle accountOptions) {
1434 mService.setSeedAccountData(userId, accountName, accountType, accountOptions,
1435 /* persist= */ true);
1436 } catch (RemoteException re) {
1437 throw re.rethrowFromSystemServer();
1443 * Clears the seed information used to create this user. Requires MANAGE_USERS permission.
1446 public void clearSeedAccountData() {
1448 mService.clearSeedAccountData();
1449 } catch (RemoteException re) {
1450 throw re.rethrowFromSystemServer();
1456 * Marks the guest user for deletion to allow a new guest to be created before deleting
1457 * the current user who is a guest.
1461 public boolean markGuestForDeletion(@UserIdInt int userHandle) {
1463 return mService.markGuestForDeletion(userHandle);
1464 } catch (RemoteException re) {
1465 throw re.rethrowFromSystemServer();
1470 * Sets the user as enabled, if such an user exists.
1472 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1474 * <p>Note that the default is true, it's only that managed profiles might not be enabled.
1475 * Also ephemeral users can be disabled to indicate that their removal is in progress and they
1476 * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled.
1478 * @param userHandle the id of the profile to enable
1481 public void setUserEnabled(@UserIdInt int userHandle) {
1483 mService.setUserEnabled(userHandle);
1484 } catch (RemoteException re) {
1485 throw re.rethrowFromSystemServer();
1490 * Return the number of users currently created on the device.
1492 public int getUserCount() {
1493 List<UserInfo> users = getUsers();
1494 return users != null ? users.size() : 1;
1498 * Returns information for all users on this device.
1499 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1500 * @return the list of users that exist on the device.
1503 public List<UserInfo> getUsers() {
1505 return mService.getUsers(false);
1506 } catch (RemoteException re) {
1507 throw re.rethrowFromSystemServer();
1512 * Returns serial numbers of all users on this device.
1513 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1515 * @param excludeDying specify if the list should exclude users being removed.
1516 * @return the list of serial numbers of users that exist on the device.
1520 public long[] getSerialNumbersOfUsers(boolean excludeDying) {
1522 List<UserInfo> users = mService.getUsers(excludeDying);
1523 long[] result = new long[users.size()];
1524 for (int i = 0; i < result.length; i++) {
1525 result[i] = users.get(i).serialNumber;
1528 } catch (RemoteException re) {
1529 throw re.rethrowFromSystemServer();
1534 * @return the user's account name, null if not found.
1537 @RequiresPermission( allOf = {
1538 Manifest.permission.INTERACT_ACROSS_USERS_FULL,
1539 Manifest.permission.MANAGE_USERS
1541 public @Nullable String getUserAccount(@UserIdInt int userHandle) {
1543 return mService.getUserAccount(userHandle);
1544 } catch (RemoteException re) {
1545 throw re.rethrowFromSystemServer();
1550 * Set account name for the given user.
1553 @RequiresPermission( allOf = {
1554 Manifest.permission.INTERACT_ACROSS_USERS_FULL,
1555 Manifest.permission.MANAGE_USERS
1557 public void setUserAccount(@UserIdInt int userHandle, @Nullable String accountName) {
1559 mService.setUserAccount(userHandle, accountName);
1560 } catch (RemoteException re) {
1561 throw re.rethrowFromSystemServer();
1566 * Returns information for Primary user.
1567 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1569 * @return the Primary user, null if not found.
1572 public @Nullable UserInfo getPrimaryUser() {
1574 return mService.getPrimaryUser();
1575 } catch (RemoteException re) {
1576 throw re.rethrowFromSystemServer();
1581 * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS
1584 * @return true if more users can be added, false if limit has been reached.
1587 public boolean canAddMoreUsers() {
1588 final List<UserInfo> users = getUsers(true);
1589 final int totalUserCount = users.size();
1590 int aliveUserCount = 0;
1591 for (int i = 0; i < totalUserCount; i++) {
1592 UserInfo user = users.get(i);
1593 if (!user.isGuest()) {
1597 return aliveUserCount < getMaxSupportedUsers();
1601 * Checks whether it's possible to add more managed profiles. Caller must hold the MANAGE_USERS
1603 * if allowedToRemoveOne is true and if the user already has a managed profile, then return if
1604 * we could add a new managed profile to this user after removing the existing one.
1606 * @return true if more managed profiles can be added, false if limit has been reached.
1609 public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) {
1611 return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne);
1612 } catch (RemoteException re) {
1613 throw re.rethrowFromSystemServer();
1618 * Returns list of the profiles of userHandle including
1619 * userHandle itself.
1620 * Note that this returns both enabled and not enabled profiles. See
1621 * {@link #getEnabledProfiles(int)} if you need only the enabled ones.
1623 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1624 * @param userHandle profiles of this user will be returned.
1625 * @return the list of profiles.
1628 public List<UserInfo> getProfiles(@UserIdInt int userHandle) {
1630 return mService.getProfiles(userHandle, false /* enabledOnly */);
1631 } catch (RemoteException re) {
1632 throw re.rethrowFromSystemServer();
1637 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1638 * @param userId one of the two user ids to check.
1639 * @param otherUserId one of the two user ids to check.
1640 * @return true if the two user ids are in the same profile group.
1643 public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) {
1645 return mService.isSameProfileGroup(userId, otherUserId);
1646 } catch (RemoteException re) {
1647 throw re.rethrowFromSystemServer();
1652 * Returns list of the profiles of userHandle including
1653 * userHandle itself.
1654 * Note that this returns only enabled.
1656 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1657 * @param userHandle profiles of this user will be returned.
1658 * @return the list of profiles.
1661 public List<UserInfo> getEnabledProfiles(@UserIdInt int userHandle) {
1663 return mService.getProfiles(userHandle, true /* enabledOnly */);
1664 } catch (RemoteException re) {
1665 throw re.rethrowFromSystemServer();
1670 * Returns a list of UserHandles for profiles associated with the user that the calling process
1671 * is running on, including the user itself.
1673 * @return A non-empty list of UserHandles associated with the calling user.
1675 public List<UserHandle> getUserProfiles() {
1676 int[] userIds = getProfileIds(UserHandle.myUserId(), true /* enabledOnly */);
1677 List<UserHandle> result = new ArrayList<>(userIds.length);
1678 for (int userId : userIds) {
1679 result.add(UserHandle.of(userId));
1685 * Returns a list of ids for profiles associated with the specified user including the user
1688 * @param userId id of the user to return profiles for
1689 * @param enabledOnly whether return only {@link UserInfo#isEnabled() enabled} profiles
1690 * @return A non-empty list of ids of profiles associated with the specified user.
1694 public int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) {
1696 return mService.getProfileIds(userId, enabledOnly);
1697 } catch (RemoteException re) {
1698 throw re.rethrowFromSystemServer();
1703 * @see #getProfileIds(int, boolean)
1706 public int[] getProfileIdsWithDisabled(@UserIdInt int userId) {
1707 return getProfileIds(userId, false /* enabledOnly */);
1711 * @see #getProfileIds(int, boolean)
1714 public int[] getEnabledProfileIds(@UserIdInt int userId) {
1715 return getProfileIds(userId, true /* enabledOnly */);
1719 * Returns the device credential owner id of the profile from
1720 * which this method is called, or userHandle if called from a user that
1725 public int getCredentialOwnerProfile(@UserIdInt int userHandle) {
1727 return mService.getCredentialOwnerProfile(userHandle);
1728 } catch (RemoteException re) {
1729 throw re.rethrowFromSystemServer();
1734 * Returns the parent of the profile which this method is called from
1735 * or null if called from a user that is not a profile.
1739 public UserInfo getProfileParent(@UserIdInt int userHandle) {
1741 return mService.getProfileParent(userHandle);
1742 } catch (RemoteException re) {
1743 throw re.rethrowFromSystemServer();
1748 * Set quiet mode of a managed profile.
1750 * @param userHandle The user handle of the profile.
1751 * @param enableQuietMode Whether quiet mode should be enabled or disabled.
1754 public void setQuietModeEnabled(@UserIdInt int userHandle, boolean enableQuietMode) {
1756 mService.setQuietModeEnabled(userHandle, enableQuietMode);
1757 } catch (RemoteException re) {
1758 throw re.rethrowFromSystemServer();
1763 * Returns whether the given profile is in quiet mode or not.
1764 * Notes: Quiet mode is only supported for managed profiles.
1766 * @param userHandle The user handle of the profile to be queried.
1767 * @return true if the profile is in quiet mode, false otherwise.
1769 public boolean isQuietModeEnabled(UserHandle userHandle) {
1771 return mService.isQuietModeEnabled(userHandle.getIdentifier());
1772 } catch (RemoteException re) {
1773 throw re.rethrowFromSystemServer();
1778 * Tries disabling quiet mode for a given user. If the user is still locked, we unlock the user
1779 * first by showing the confirm credentials screen and disable quiet mode upon successful
1780 * unlocking. If the user is already unlocked, we call through to {@link #setQuietModeEnabled}
1783 * @return true if the quiet mode was disabled immediately
1786 public boolean trySetQuietModeDisabled(@UserIdInt int userHandle, IntentSender target) {
1788 return mService.trySetQuietModeDisabled(userHandle, target);
1789 } catch (RemoteException re) {
1790 throw re.rethrowFromSystemServer();
1795 * If the target user is a managed profile of the calling user or the caller
1796 * is itself a managed profile, then this returns a badged copy of the given
1797 * icon to be able to distinguish it from the original icon. For badging an
1798 * arbitrary drawable use {@link #getBadgedDrawableForUser(
1799 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}.
1801 * If the original drawable is a BitmapDrawable and the backing bitmap is
1802 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging
1803 * is performed in place and the original drawable is returned.
1806 * @param icon The icon to badge.
1807 * @param user The target user.
1808 * @return A drawable that combines the original icon and a badge as
1809 * determined by the system.
1812 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) {
1813 return mContext.getPackageManager().getUserBadgedIcon(icon, user);
1817 * If the target user is a managed profile of the calling user or the caller
1818 * is itself a managed profile, then this returns a badged copy of the given
1819 * drawable allowing the user to distinguish it from the original drawable.
1820 * The caller can specify the location in the bounds of the drawable to be
1821 * badged where the badge should be applied as well as the density of the
1824 * If the original drawable is a BitmapDrawable and the backing bitmap is
1825 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging
1826 * is performed in place and the original drawable is returned.
1829 * @param badgedDrawable The drawable to badge.
1830 * @param user The target user.
1831 * @param badgeLocation Where in the bounds of the badged drawable to place
1832 * the badge. If it's {@code null}, the badge is applied on top of the entire
1833 * drawable being badged.
1834 * @param badgeDensity The optional desired density for the badge as per
1835 * {@link android.util.DisplayMetrics#densityDpi}. If it's not positive,
1836 * the density of the display is used.
1837 * @return A drawable that combines the original drawable and a badge as
1838 * determined by the system.
1841 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user,
1842 Rect badgeLocation, int badgeDensity) {
1843 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user,
1844 badgeLocation, badgeDensity);
1848 * If the target user is a managed profile of the calling user or the caller
1849 * is itself a managed profile, then this returns a copy of the label with
1850 * badging for accessibility services like talkback. E.g. passing in "Email"
1851 * and it might return "Work Email" for Email in the work profile.
1853 * @param label The label to change.
1854 * @param user The target user.
1855 * @return A label that combines the original label and a badge as
1856 * determined by the system.
1859 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) {
1860 return mContext.getPackageManager().getUserBadgedLabel(label, user);
1864 * Returns information for all users on this device. Requires
1865 * {@link android.Manifest.permission#MANAGE_USERS} permission.
1867 * @param excludeDying specify if the list should exclude users being
1869 * @return the list of users that were created.
1872 public List<UserInfo> getUsers(boolean excludeDying) {
1874 return mService.getUsers(excludeDying);
1875 } catch (RemoteException re) {
1876 throw re.rethrowFromSystemServer();
1881 * Removes a user and all associated data.
1882 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1883 * @param userHandle the integer handle of the user, where 0 is the primary user.
1886 public boolean removeUser(@UserIdInt int userHandle) {
1888 return mService.removeUser(userHandle);
1889 } catch (RemoteException re) {
1890 throw re.rethrowFromSystemServer();
1895 * Updates the user's name.
1896 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.
1898 * @param userHandle the user's integer handle
1899 * @param name the new name for the user
1902 public void setUserName(@UserIdInt int userHandle, String name) {
1904 mService.setUserName(userHandle, name);
1905 } catch (RemoteException re) {
1906 throw re.rethrowFromSystemServer();
1911 * Sets the user's photo.
1912 * @param userHandle the user for whom to change the photo.
1913 * @param icon the bitmap to set as the photo.
1916 public void setUserIcon(@UserIdInt int userHandle, Bitmap icon) {
1918 mService.setUserIcon(userHandle, icon);
1919 } catch (RemoteException re) {
1920 throw re.rethrowFromSystemServer();
1925 * Returns a file descriptor for the user's photo. PNG data can be read from this file.
1926 * @param userHandle the user whose photo we want to read.
1927 * @return a {@link Bitmap} of the user's photo, or null if there's no photo.
1928 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default.
1931 public Bitmap getUserIcon(@UserIdInt int userHandle) {
1933 ParcelFileDescriptor fd = mService.getUserIcon(userHandle);
1936 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor());
1940 } catch (IOException e) {
1944 } catch (RemoteException re) {
1945 throw re.rethrowFromSystemServer();
1951 * Returns the maximum number of users that can be created on this device. A return value
1952 * of 1 means that it is a single user device.
1954 * @return a value greater than or equal to 1
1956 public static int getMaxSupportedUsers() {
1957 // Don't allow multiple users on certain builds
1958 if (android.os.Build.ID.startsWith("JVP")) return 1;
1959 // Svelte devices don't get multi-user.
1960 if (ActivityManager.isLowRamDeviceStatic()) return 1;
1961 return SystemProperties.getInt("fw.max_users",
1962 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers));
1966 * Returns true if the user switcher should be shown, this will be if device supports multi-user
1967 * and there are at least 2 users available that are not managed profiles.
1969 * @return true if user switcher should be shown.
1971 public boolean isUserSwitcherEnabled() {
1972 if (!supportsMultipleUsers()) {
1975 List<UserInfo> users = getUsers(true);
1976 if (users == null) {
1979 int switchableUserCount = 0;
1980 for (UserInfo user : users) {
1981 if (user.supportsSwitchToByUser()) {
1982 ++switchableUserCount;
1985 final boolean guestEnabled = !mContext.getSystemService(DevicePolicyManager.class)
1986 .getGuestUserDisabled(null);
1987 return switchableUserCount > 1 || guestEnabled;
1991 * Returns a serial number on this device for a given userHandle. User handles can be recycled
1992 * when deleting and creating users, but serial numbers are not reused until the device is wiped.
1994 * @return a serial number associated with that user, or -1 if the userHandle is not valid.
1997 public int getUserSerialNumber(@UserIdInt int userHandle) {
1999 return mService.getUserSerialNumber(userHandle);
2000 } catch (RemoteException re) {
2001 throw re.rethrowFromSystemServer();
2006 * Returns a userHandle on this device for a given user serial number. User handles can be
2007 * recycled when deleting and creating users, but serial numbers are not reused until the device
2009 * @param userSerialNumber
2010 * @return the userHandle associated with that user serial number, or -1 if the serial number
2014 public @UserIdInt int getUserHandle(int userSerialNumber) {
2016 return mService.getUserHandle(userSerialNumber);
2017 } catch (RemoteException re) {
2018 throw re.rethrowFromSystemServer();
2023 * Returns a {@code Bundle} containing any saved application restrictions for this user, for the
2024 * given package name. Only an application with this package name can call this method.
2026 * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application,
2027 * where the types of values may be:
2029 * <li>{@code boolean}
2031 * <li>{@code String} or {@code String[]}
2032 * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]}
2035 * @param packageName the package name of the calling application
2036 * @return a {@code Bundle} with the restrictions for that package, or {@code null} if there
2037 * are no saved restrictions.
2039 * @see #KEY_RESTRICTIONS_PENDING
2041 public Bundle getApplicationRestrictions(String packageName) {
2043 return mService.getApplicationRestrictions(packageName);
2044 } catch (RemoteException re) {
2045 throw re.rethrowFromSystemServer();
2052 public Bundle getApplicationRestrictions(String packageName, UserHandle user) {
2054 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier());
2055 } catch (RemoteException re) {
2056 throw re.rethrowFromSystemServer();
2063 public void setApplicationRestrictions(String packageName, Bundle restrictions,
2066 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier());
2067 } catch (RemoteException re) {
2068 throw re.rethrowFromSystemServer();
2073 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed
2074 * apps and requires the MANAGE_USERS permission.
2075 * @param newPin the PIN to use for challenge dialogs.
2076 * @return Returns true if the challenge PIN was set successfully.
2077 * @deprecated The restrictions PIN functionality is no longer provided by the system.
2078 * This method is preserved for backwards compatibility reasons and always returns false.
2080 public boolean setRestrictionsChallenge(String newPin) {
2086 * Set restrictions that should apply to any future guest user that's created.
2088 public void setDefaultGuestRestrictions(Bundle restrictions) {
2090 mService.setDefaultGuestRestrictions(restrictions);
2091 } catch (RemoteException re) {
2092 throw re.rethrowFromSystemServer();
2098 * Gets the default guest restrictions.
2100 public Bundle getDefaultGuestRestrictions() {
2102 return mService.getDefaultGuestRestrictions();
2103 } catch (RemoteException re) {
2104 throw re.rethrowFromSystemServer();
2109 * Returns creation time of the user or of a managed profile associated with the calling user.
2110 * @param userHandle user handle of the user or a managed profile associated with the
2112 * @return creation time in milliseconds since Epoch time.
2114 public long getUserCreationTime(UserHandle userHandle) {
2116 return mService.getUserCreationTime(userHandle.getIdentifier());
2117 } catch (RemoteException re) {
2118 throw re.rethrowFromSystemServer();
2124 * Checks if any uninitialized user has the specific seed account name and type.
2126 * @param mAccountName The account name to check for
2127 * @param mAccountType The account type of the account to check for
2128 * @return whether the seed account was found
2130 public boolean someUserHasSeedAccount(String accountName, String accountType) {
2132 return mService.someUserHasSeedAccount(accountName, accountType);
2133 } catch (RemoteException re) {
2134 throw re.rethrowFromSystemServer();