Merge "Layer user restrictions"

package android.app.admin;

import android.os.Bundle;

import java.util.List;

/**

     * @return true if the uid is an active admin with the given policy.

     */

    public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy);

    /**

     * Takes a {@link Bundle} containing "base" user restrictions stored in

     * {@link com.android.server.pm.UserManagerService}, mixes restrictions set by the device owner

     * and the profile owner and returns the merged restrictions.

     *

     * This method always returns a new {@link Bundle}.

     */

    public abstract Bundle getComposedUserRestrictions(int userId, Bundle inBundle);

}

    int getUserHandle(int userSerialNumber);

    Bundle getUserRestrictions(int userHandle);

    boolean hasUserRestriction(in String restrictionKey, int userHandle);

    void setUserRestrictions(in Bundle restrictions, int userHandle);

    void setUserRestriction(String key, boolean value, int userId);

    void setSystemControlledUserRestriction(String key, boolean value, int userId);

    void setApplicationRestrictions(in String packageName, in Bundle restrictions,

            int userHandle);

    Bundle getApplicationRestrictions(in String packageName);

    Bundle getApplicationRestrictionsForUser(in String packageName, int userHandle);

    void removeRestrictions();

    void setDefaultGuestRestrictions(in Bundle restrictions);

    Bundle getDefaultGuestRestrictions();

    boolean markGuestForDeletion(int userHandle);

import android.app.ActivityManager;

import android.app.ActivityManagerNative;

import android.app.admin.DevicePolicyManager;

import android.content.ComponentName;

import android.content.Context;

import android.content.pm.UserInfo;

import android.content.res.Resources;

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_INSTALL_APPS = "no_install_apps";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_SHARE_LOCATION = "no_share_location";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_REMOVE_USER = "no_remove_user";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CONFIG_VPN = "no_config_vpn";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_NETWORK_RESET = "no_network_reset";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_FACTORY_RESET = "no_factory_reset";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_ADD_USER = "no_add_user";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_APPS_CONTROL = "no_control_apps";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_SMS = "no_sms";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_FUN = "no_fun";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam";

     * Hidden user restriction to disallow access to wallpaper manager APIs. This user restriction

     * is always set for managed profiles.

     * @hide

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_WALLPAPER = "no_wallpaper";

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_SAFE_BOOT = "no_safe_boot";

     * Specifies if a user is not allowed to record audio. This restriction is always enabled for

     * background users. The default value is <code>false</code>.

     *

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     * @hide

     */

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)

     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)

     * @see #getUserRestrictions()

     */

    public static final String ALLOW_PARENT_PROFILE_APP_LINKING

    }

    /**

     * Sets all the user-wide restrictions for this user.

     * Requires the MANAGE_USERS permission.

     * @param restrictions the Bundle containing all the restrictions.

     * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(

     * android.content.ComponentName, String)} or

     * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(

     * android.content.ComponentName, String)} instead.

     * This will no longer work.  Use {@link #setUserRestriction(String, boolean)} instead.

     */

    @Deprecated

    public void setUserRestrictions(Bundle restrictions) {

        setUserRestrictions(restrictions, Process.myUserHandle());

        throw new UnsupportedOperationException("This method is no longer supported");

    }

    /**

     * Sets all the user-wide restrictions for the specified user.

     * Requires the MANAGE_USERS permission.

     * @param restrictions the Bundle containing all the restrictions.

     * @param userHandle the UserHandle of the user for whom to set the restrictions.

     * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(

     * android.content.ComponentName, String)} or

     * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(

     * android.content.ComponentName, String)} instead.

     * This will no longer work.  Use {@link #setUserRestriction(String, boolean, UserHandle)}

     * instead.

     */

    @Deprecated

    public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) {

        try {

            mService.setUserRestrictions(restrictions, userHandle.getIdentifier());

        } catch (RemoteException re) {

            Log.w(TAG, "Could not set user restrictions", re);

        }

        throw new UnsupportedOperationException("This method is no longer supported");

    }

    /**

     */

    @Deprecated

    public void setUserRestriction(String key, boolean value) {

        Bundle bundle = getUserRestrictions();

        bundle.putBoolean(key, value);

        setUserRestrictions(bundle);

        setUserRestriction(key, value, Process.myUserHandle());

    }

    /**

        try {

            user = mService.createUser(name, flags);

            if (user != null && !user.isAdmin()) {

                Bundle userRestrictions = mService.getUserRestrictions(user.id);

                addDefaultUserRestrictions(userRestrictions);

                mService.setUserRestrictions(userRestrictions, user.id);

                mService.setUserRestriction(DISALLOW_SMS, true, user.id);

                mService.setUserRestriction(DISALLOW_OUTGOING_CALLS, true, user.id);

            }

        } catch (RemoteException re) {

            Log.w(TAG, "Could not create a user", re);

     * @hide

     */

    public UserInfo createGuest(Context context, String name) {

        UserInfo guest = createUser(name, UserInfo.FLAG_GUEST);

        UserInfo guest = null;

        try {

            guest = mService.createUser(name, UserInfo.FLAG_GUEST);

            if (guest != null) {

                Settings.Secure.putStringForUser(context.getContentResolver(),

                        Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id);

            try {

                Bundle guestRestrictions = mService.getDefaultGuestRestrictions();

                guestRestrictions.putBoolean(DISALLOW_SMS, true);

                guestRestrictions.putBoolean(DISALLOW_INSTALL_UNKNOWN_SOURCES, true);

                mService.setUserRestrictions(guestRestrictions, guest.id);

            } catch (RemoteException re) {

                Log.w(TAG, "Could not update guest restrictions");

                mService.setUserRestriction(DISALLOW_SMS, true, guest.id);

                mService.setUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES, true, guest.id);

            }

        } catch (RemoteException re) {

            Log.w(TAG, "Could not create a user", re);

        }

        return guest;

    }

    private static void addDefaultUserRestrictions(Bundle restrictions) {

        restrictions.putBoolean(DISALLOW_OUTGOING_CALLS, true);

        restrictions.putBoolean(DISALLOW_SMS, true);

    }

    /**

     * Creates a user with the specified name and options as a profile of another user.

     * Requires {@link android.Manifest.permission#MANAGE_USERS} permission.

        return false;

    }

    /** @hide */

    public void removeRestrictions() {

        try {

            mService.removeRestrictions();

        } catch (RemoteException re) {

            Log.w(TAG, "Could not change restrictions pin");

        }

    }

    /**

     * @hide

     * Set restrictions that should apply to any future guest user that's created.

/*

 * Copyright (C) 2015 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.os;

/**

 * @hide Only for use within the system server.

 */

public abstract class UserManagerInternal {

    /**

     * Lock that must be held when calling certain methods in this class.

     *

     * This is used to avoid dead lock between

     * {@link com.android.server.pm.UserManagerService} and

     * {@link com.android.server.devicepolicy.DevicePolicyManagerService}.  This lock should not

     * be newly taken while holding the DPMS lock, which would cause a dead lock.  Take this

     * lock first before taking the DPMS lock to avoid that.

     */

    public abstract Object getUserRestrictionsLock();

    /**

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to get

     * {@link com.android.server.pm.UserManagerService} to update effective user restrictions.

     *

     * Must be called while taking the {@link #getUserRestrictionsLock()} lock.

     */

    public abstract void updateEffectiveUserRestrictionsRL(int userId);

    /**

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to get

     * {@link com.android.server.pm.UserManagerService} to update effective user restrictions.

     *

     * Must be called while taking the {@link #getUserRestrictionsLock()} lock.

     */

    public abstract void updateEffectiveUserRestrictionsForAllUsersRL();

    /**

     * Returns the "base" user restrictions.

     *

     * Used by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading

     * from MNC.

     */

    public abstract Bundle getBaseUserRestrictions(int userId);

    /**

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading

     * from MNC.

     */

    public abstract void setBaseUserRestrictionsByDpmsForMigration(int userId,

            Bundle baseRestrictions);

}