Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d96ba2de authored by Kedar Chitnis's avatar Kedar Chitnis
Browse files

Guest mode updates to resolve privacy concerns in guest mode 

- Add API in IUserManager to allow setting ephemeral user flag
- Implement and export this API in UserManagerService and UserManager
- Set guest as ephermal by default when createGuest in UserManager is called
- Handle guest user switching in UserSwitcherController for the case
  of dynamic change of ephemeral state
- Add persistant notification when in guest mode to indicate
  - if guest session is new or previously used.
  - if guest session will be cleared on exit or not
- Add buttons in persistant notification to reset or exit guest
- Add flags to enable/disable this feature

Bug: 214031645
Screenshots: go/ephemeral-guest-b-214031645-ux
Test: Manual test using sunfish, atest SystemUITests, atest SettingsRoboTests
Change-Id: I86a5a15715cc6dde0eae93d38cd1c5cef33d7c67
parent 5fcaef4d

core/api/test-current.txt

+0 −1
Original line number Diff line number Diff line
@@ -1855,7 +1855,6 @@ package android.os { 
    method @NonNull @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS, android.Manifest.permission.QUERY_USERS}) public String getUserType();

    method @NonNull @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}) public java.util.List<android.content.pm.UserInfo> getUsers(boolean, boolean, boolean);

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}) public boolean hasBaseUserRestriction(@NonNull String, @NonNull android.os.UserHandle);

    method public static boolean isGuestUserEphemeral();

    method public static boolean isSplitSystemUser();

    method @NonNull @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.CREATE_USERS}) public android.content.pm.UserInfo preCreateUser(@NonNull String) throws android.os.UserManager.UserOperationException;

  }

core/java/android/content/pm/UserInfo.java

+18 −1
Original line number Diff line number Diff line
@@ -141,6 +141,22 @@ public class UserInfo implements Parcelable { 
     */

    public static final int FLAG_PROFILE = 0x00001000;



    /**

     * Indicates that this user is created in ephemeral mode via

     * {@link IUserManager} create user.

     *

     * When a user is created with {@link #FLAG_EPHEMERAL}, {@link #FLAG_EPHEMERAL_ON_CREATE}

     * is set internally within the user manager.

     *

     * When {@link #FLAG_EPHEMERAL_ON_CREATE} is set {@link IUserManager.setUserEphemeral}

     * has no effect because a user that was created ephemeral can never be made non-ephemeral.

     *

     * {@link #FLAG_EPHEMERAL_ON_CREATE} should NOT be set by client's of user manager

     *

     * @hide

     */

    public static final int FLAG_EPHEMERAL_ON_CREATE = 0x00002000;



    /**

     * @hide

     */
@@ -157,7 +173,8 @@ public class UserInfo implements Parcelable { 
            FLAG_DEMO,

            FLAG_FULL,

            FLAG_SYSTEM,

            FLAG_PROFILE

            FLAG_PROFILE,

            FLAG_EPHEMERAL_ON_CREATE

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface UserInfoFlag {

core/java/android/os/IUserManager.aidl

+1 −0
Original line number Diff line number Diff line
@@ -131,4 +131,5 @@ interface IUserManager { 
    String getUserName();

    long getUserStartRealtime();

    long getUserUnlockRealtime();

    boolean setUserEphemeral(int userId, boolean enableEphemeral);

}

core/java/android/os/UserManager.java

+50 −2
Original line number Diff line number Diff line
@@ -1993,12 +1993,21 @@ public class UserManager { 
     * @return Whether guest user is always ephemeral

     * @hide

     */

    @TestApi

    public static boolean isGuestUserEphemeral() {

    public static boolean isGuestUserAlwaysEphemeral() {

        return Resources.getSystem()

                .getBoolean(com.android.internal.R.bool.config_guestUserEphemeral);

    }



    /**

     * @return true, when we want to enable user manager API and UX to allow

     *           guest user ephemeral state change based on user input

     * @hide

     */

    public static boolean isGuestUserAllowEphemeralStateChange() {

        return Resources.getSystem()

                .getBoolean(com.android.internal.R.bool.config_guestUserAllowEphemeralStateChange);

    }



    /**

     * Checks whether the device is running in a headless system user mode.

     *
@@ -3420,6 +3429,20 @@ public class UserManager { 
            if (guest != null) {

                Settings.Secure.putStringForUser(context.getContentResolver(),

                        Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id);



                if (UserManager.isGuestUserAllowEphemeralStateChange()) {

                    // Mark guest as (changeably) ephemeral if REMOVE_GUEST_ON_EXIT is 1

                    // This is done so that a user via a UI controller can choose to

                    // make a guest as ephemeral or not.

                    // Settings.Global.REMOVE_GUEST_ON_EXIT holds the choice on what the guest state

                    // should be, with default being ephemeral.

                    boolean resetGuestOnExit = Settings.Global.getInt(context.getContentResolver(),

                                                 Settings.Global.REMOVE_GUEST_ON_EXIT, 1) == 1;



                    if (resetGuestOnExit && !guest.isEphemeral()) {

                        setUserEphemeral(guest.id, true);

                    }

                }

            }

            return guest;

        } catch (ServiceSpecificException e) {
@@ -4936,6 +4959,31 @@ public class UserManager { 
        }

    }



    /**

     * Set the user as ephemeral or non-ephemeral.

     *

     * If the user was initially created as ephemeral then this

     * method has no effect and false is returned.

     *

     * @param userId the user's integer id

     * @param enableEphemeral true: change user state to ephemeral,

     *                        false: change user state to non-ephemeral

     * @return true: user now has the desired ephemeral state,

     *         false: desired user ephemeral state could not be set

     *

     * @hide

     */

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.CREATE_USERS})

    public boolean setUserEphemeral(@UserIdInt int userId, boolean enableEphemeral) {

        try {

            return mService.setUserEphemeral(userId, enableEphemeral);

        } catch (RemoteException re) {

            throw re.rethrowFromSystemServer();

        }

    }



    /**

     * Updates the context user's name.

     *

core/java/android/provider/Settings.java

+8 −0
Original line number Diff line number Diff line
@@ -10870,6 +10870,14 @@ public final class Settings { 
        @Readable

        public static final String ADD_USERS_WHEN_LOCKED = "add_users_when_locked";













        /**













         * Whether guest user should be removed on exit from guest mode.













         * <p>













         * Type: int













         * @hide













         */













        public static final String REMOVE_GUEST_ON_EXIT = "remove_guest_on_exit";



























        /**















         * Whether applying ramping ringer on incoming phone call ringtone.















         * <p>1 = apply ramping ringer