Support demo mode and demo users

     */

    public static final int MAKE_USER_EPHEMERAL = 0x0002;

    /**

     * Flag used by {@link #createAndManageUser} to specify that the user should be created as a

     * demo user.

     * @hide

     */

    public static final int MAKE_USER_DEMO = 0x0004;

    /**

     * Called by a device owner to create a user with the specified name and a given component of

     * the calling package as profile owner. The UserHandle returned by this method should not be

        // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead.

        Set<String> mOwnerInstalledCaCerts = new ArraySet<>();

        // Used for initialization of users created by createAndManageUsers.

        // Used for initialization of users created by createAndManageUser.

        boolean mAdminBroadcastPending = false;

        PersistableBundle mInitBundle = null;

            mInjector.binderRestoreCallingIdentity(token);

        }

    }

    @Override

    public boolean resetPassword(String passwordOrNull, int flags) throws RemoteException {

        final int callingUid = mInjector.binderGetCallingUid();

    private void enableIfNecessary(String packageName, int userId) {

        try {

            ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName,

                    PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS,

                    userId);

            final ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName,

                    PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, userId);

            if (ai.enabledSetting

                    == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) {

                mIPackageManager.setApplicationEnabledSetting(packageName,

        if (!mInjector.binderGetCallingUserHandle().isSystem()) {

            throw new SecurityException("createAndManageUser was called from non-system user");

        }

        if (!mInjector.userManagerIsSplitSystemUser()

                && (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0) {

        final boolean ephemeral = (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0;

        final boolean demo = (flags & DevicePolicyManager.MAKE_USER_DEMO) != 0

                && UserManager.isDeviceInDemoMode(mContext);

        if (ephemeral && !mInjector.userManagerIsSplitSystemUser() && !demo) {

            throw new IllegalArgumentException(

                    "Ephemeral users are only supported on systems with a split system user.");

        }

            final long id = mInjector.binderClearCallingIdentity();

            try {

                int userInfoFlags = 0;

                if ((flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0) {

                if (ephemeral) {

                    userInfoFlags |= UserInfo.FLAG_EPHEMERAL;

                }

                if (demo) {

                    userInfoFlags |= UserInfo.FLAG_DEMO;

                }

                UserInfo userInfo = mUserManagerInternal.createUserEvenWhenDisallowed(name,

                        userInfoFlags);

                if (userInfo != null) {

                return null;

            }

            final UserInfo userInfo = getUserInfo(userHandle);

            if (userInfo != null && userInfo.isDemo()) {

                try {

                    final ApplicationInfo ai = mIPackageManager.getApplicationInfo(adminPkg,

                            PackageManager.MATCH_DISABLED_COMPONENTS, userHandle);

                    final boolean isSystemApp =

                            ai != null && (ai.flags & (ApplicationInfo.FLAG_SYSTEM

                                    | ApplicationInfo.FLAG_UPDATED_SYSTEM_APP)) != 0;

                    if (isSystemApp) {

                        mIPackageManager.setApplicationEnabledSetting(adminPkg,

                                PackageManager.COMPONENT_ENABLED_STATE_ENABLED,

                                PackageManager.DONT_KILL_APP, userHandle, "DevicePolicyManager");

                    }

                } catch (RemoteException e) {

                }

            }

            setActiveAdmin(profileOwner, true, userHandle);

            // User is not started yet, the broadcast by setActiveAdmin will not be received.

            // So we store adminExtras for broadcasting when the user starts for first time.

import static org.mockito.Mockito.atLeast;

import static org.mockito.Mockito.doAnswer;

import static org.mockito.Mockito.doReturn;

import static org.mockito.Mockito.mock;

import static org.mockito.Mockito.never;

import static org.mockito.Mockito.nullable;

import static org.mockito.Mockito.reset;

import android.app.admin.PasswordMetrics;

import android.content.BroadcastReceiver;

import android.content.ComponentName;

import android.content.Context;

import android.content.Intent;

import android.content.pm.ApplicationInfo;

import android.content.pm.PackageInfo;

        // Next, add one more admin.

        // Before doing so, update the application info, now it's enabled.

        setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID,

                PackageManager.COMPONENT_ENABLED_STATE_ENABLED);

                PackageManager.COMPONENT_ENABLED_STATE_DEFAULT);

        dpm.setActiveAdmin(admin2, /* replace =*/ false);

        mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");

    }

    public void testCreateAndManageUser_demoUserSystemApp() throws Exception {

        mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);

        setDeviceOwner();

        final int id = UserHandle.getUserId(DpmMockContext.CALLER_UID);

        final UserInfo demoUserInfo = mock(UserInfo.class);

        demoUserInfo.id = id;

        doReturn(UserHandle.of(id)).when(demoUserInfo).getUserHandle();

        doReturn(true).when(demoUserInfo).isDemo();

        final UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE);

        doReturn(demoUserInfo).when(um).getUserInfo(id);

        doReturn(demoUserInfo).when(mContext.getUserManagerInternal())

                .createUserEvenWhenDisallowed(anyString(), anyInt());

        final ApplicationInfo applicationInfo = getServices().ipackageManager.getApplicationInfo(

                admin2.getPackageName(), PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, id);

        applicationInfo.flags = ApplicationInfo.FLAG_SYSTEM;

        doReturn(applicationInfo).when(getServices().ipackageManager).getApplicationInfo(

                anyString(), anyInt(), anyInt());

        final UserHandle userHandle = dpm.createAndManageUser(admin1, "", admin2, null, 0);

        verify(getServices().ipackageManager, times(1)).setApplicationEnabledSetting(

                eq(admin2.getPackageName()),

                eq(PackageManager.COMPONENT_ENABLED_STATE_ENABLED),

                eq(PackageManager.DONT_KILL_APP),

                eq(id),

                anyString());

        assertNotNull(userHandle);

    }

    public void testCreateAndManageUser_demoUserSystemUpdatedApp() throws Exception {

        mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);

        setDeviceOwner();

        final int id = UserHandle.getUserId(DpmMockContext.CALLER_UID);

        final UserInfo demoUserInfo = mock(UserInfo.class);

        demoUserInfo.id = id;

        doReturn(UserHandle.of(id)).when(demoUserInfo).getUserHandle();

        doReturn(true).when(demoUserInfo).isDemo();

        final UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE);

        doReturn(demoUserInfo).when(um).getUserInfo(id);

        doReturn(demoUserInfo).when(mContext.getUserManagerInternal())

                .createUserEvenWhenDisallowed(anyString(), anyInt());

        final ApplicationInfo applicationInfo = getServices().ipackageManager.getApplicationInfo(

                admin2.getPackageName(), PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, id);

        applicationInfo.flags = ApplicationInfo.FLAG_UPDATED_SYSTEM_APP;

        doReturn(applicationInfo).when(getServices().ipackageManager).getApplicationInfo(

                anyString(), anyInt(), anyInt());

        final UserHandle userHandle = dpm.createAndManageUser(admin1, "", admin2, null, 0);

        verify(getServices().ipackageManager, times(1)).setApplicationEnabledSetting(

                eq(admin2.getPackageName()),

                eq(PackageManager.COMPONENT_ENABLED_STATE_ENABLED),

                eq(PackageManager.DONT_KILL_APP),

                eq(id),

                anyString());

        assertNotNull(userHandle);

    }

    public void testSetActiveAdmin_multiUsers() throws Exception {

        final int ANOTHER_USER_ID = 100;

import android.os.Bundle;

import android.os.Handler;

import android.os.UserHandle;

import android.os.UserManagerInternal;

import android.test.mock.MockContext;

import android.util.ArrayMap;

        return mMockSystemServices.packageManager;

    }

    public UserManagerInternal getUserManagerInternal() {

        return mMockSystemServices.userManagerInternal;

    }

    @Override

    public void enforceCallingOrSelfPermission(String permission, String message) {

        if (UserHandle.isSameApp(binder.getCallingUid(), SYSTEM_UID)) {