UserManager restricted profile SystemApis (81762fac) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -7508,11 +7508,13 @@ package android.os {
		}

		public class UserManager {
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean canHaveRestrictedProfile();
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public void clearSeedAccountData();
		method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}) public android.os.UserHandle createProfile(@NonNull String, @NonNull String, @NonNull java.util.Set<java.lang.String>) throws android.os.UserManager.UserOperationException;
		method @NonNull @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}, conditional=true) public java.util.List<android.os.UserHandle> getAllProfiles();
		method @NonNull @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}, conditional=true) public java.util.List<android.os.UserHandle> getEnabledProfiles();
		method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.os.UserHandle getProfileParent(@NonNull android.os.UserHandle);
		method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}) public android.os.UserHandle getRestrictedProfileParent();
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public String getSeedAccountName();
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.os.PersistableBundle getSeedAccountOptions();
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public String getSeedAccountType();

core/java/android/os/UserManager.java

+25 −3

Original line number	Diff line number	Diff line
		@@ -1992,13 +1992,16 @@ public class UserManager {
		}

		/**
		* Checks if specified user can have restricted profile.
		* Checks if the calling context user can have a restricted profile.
		* @return whether the context user can have a restricted profile.
		* @hide
		*/
		@SystemApi
		@RequiresPermission(android.Manifest.permission.MANAGE_USERS)
		public boolean canHaveRestrictedProfile(@UserIdInt int userId) {
		@UserHandleAware
		public boolean canHaveRestrictedProfile() {
		try {
		return mService.canHaveRestrictedProfile(userId);
		return mService.canHaveRestrictedProfile(mUserId);
		} catch (RemoteException re) {
		throw re.rethrowFromSystemServer();
		}
		@@ -2019,6 +2022,25 @@ public class UserManager {
		}
		}

		/**
		* Get the parent of a restricted profile.
		*
		* @return the parent of the user or {@code null} if the user is not restricted profile
		* @hide
		*/
		@SystemApi
		@RequiresPermission(anyOf = {Manifest.permission.MANAGE_USERS,
		Manifest.permission.CREATE_USERS})
		@UserHandleAware
		public @Nullable UserHandle getRestrictedProfileParent() {
		final UserInfo info = getUserInfo(mUserId);
		if (info == null) return null;
		if (!info.isRestricted()) return null;
		final int parent = info.restrictedProfileParentId;
		if (parent == UserHandle.USER_NULL) return null;
		return UserHandle.of(parent);
		}

		/**
		* Checks if a user is a guest user.
		* @return whether user is a guest user.

services/core/java/com/android/server/connectivity/Vpn.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -1229,7 +1229,8 @@ public class Vpn {
		private boolean canHaveRestrictedProfile(int userId) {
		final long token = Binder.clearCallingIdentity();
		try {
		return UserManager.get(mContext).canHaveRestrictedProfile(userId);
		final Context userContext = mContext.createContextAsUser(UserHandle.of(userId), 0);
		return userContext.getSystemService(UserManager.class).canHaveRestrictedProfile();
		} finally {
		Binder.restoreCallingIdentity(token);
		}

tests/net/java/com/android/server/ConnectivityServiceTest.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -6213,7 +6213,7 @@ public class ConnectivityServiceTest {

		// Create a fake restricted profile whose parent is our user ID.
		final int userId = UserHandle.getUserId(uid);
		when(mUserManager.canHaveRestrictedProfile(userId)).thenReturn(true);
		when(mUserManager.canHaveRestrictedProfile()).thenReturn(true);
		final int restrictedUserId = userId + 1;
		final UserInfo info = new UserInfo(restrictedUserId, "user", UserInfo.FLAG_RESTRICTED);
		info.restrictedProfileParentId = userId;

tests/net/java/com/android/server/connectivity/VpnTest.java

+9 −1

Original line number	Diff line number	Diff line
		@@ -252,6 +252,7 @@ public class VpnTest {

		@Test
		public void testRestrictedProfilesAreAddedToVpn() {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		setMockedUsers(primaryUser, secondaryUser, restrictedProfileA, restrictedProfileB);

		final Vpn vpn = createVpn(primaryUser.id);
		@@ -265,6 +266,7 @@ public class VpnTest {

		@Test
		public void testManagedProfilesAreNotAddedToVpn() {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		setMockedUsers(primaryUser, managedProfileA);

		final Vpn vpn = createVpn(primaryUser.id);
		@@ -287,6 +289,7 @@ public class VpnTest {

		@Test
		public void testUidAllowAndDenylist() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRange user = PRI_USER_RANGE;
		final String[] packages = {PKGS[0], PKGS[1], PKGS[2]};
		@@ -312,6 +315,7 @@ public class VpnTest {

		@Test
		public void testGetAlwaysAndOnGetLockDown() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);

		// Default state.
		@@ -336,6 +340,7 @@ public class VpnTest {

		@Test
		public void testLockdownChangingPackage() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRange user = PRI_USER_RANGE;

		@@ -363,6 +368,7 @@ public class VpnTest {

		@Test
		public void testLockdownAllowlist() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRange user = PRI_USER_RANGE;

		@@ -437,6 +443,7 @@ public class VpnTest {

		@Test
		public void testLockdownRuleRepeatability() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRangeParcel[] primaryUserRangeParcel = new UidRangeParcel[] {
		new UidRangeParcel(PRI_USER_RANGE.start, PRI_USER_RANGE.stop)};
		@@ -469,6 +476,7 @@ public class VpnTest {

		@Test
		public void testLockdownRuleReversibility() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRangeParcel[] entireUser = {
		new UidRangeParcel(PRI_USER_RANGE.start, PRI_USER_RANGE.stop)
		@@ -1174,7 +1182,7 @@ public class VpnTest {
		doAnswer(invocation -> {
		final int id = (int) invocation.getArguments()[0];
		return (userMap.get(id).flags & UserInfo.FLAG_ADMIN) != 0;
		}).when(mUserManager).canHaveRestrictedProfile(anyInt());
		}).when(mUserManager).canHaveRestrictedProfile();
		}

		/**