Java Code Examples for android.content.pm.UserInfo#isRestricted()

The following examples show how to use android.content.pm.UserInfo#isRestricted() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SyncManager.java    From android_9.0.0_r45 with Apache License 2.0 6 votes vote down vote up
private int getIsSyncable(Account account, int userId, String providerName) {
    int isSyncable = mSyncStorageEngine.getIsSyncable(account, userId, providerName);
    UserInfo userInfo = UserManager.get(mContext).getUserInfo(userId);

    // If it's not a restricted user, return isSyncable.
    if (userInfo == null || !userInfo.isRestricted()) return isSyncable;

    // Else check if the sync adapter has opted-in or not.
    RegisteredServicesCache.ServiceInfo<SyncAdapterType> syncAdapterInfo =
            mSyncAdapters.getServiceInfo(
                    SyncAdapterType.newKey(providerName, account.type), userId);
    if (syncAdapterInfo == null) return AuthorityInfo.NOT_SYNCABLE;

    PackageInfo pInfo = null;
    try {
        pInfo = AppGlobals.getPackageManager().getPackageInfo(
                syncAdapterInfo.componentName.getPackageName(), 0, userId);
        if (pInfo == null) return AuthorityInfo.NOT_SYNCABLE;
    } catch (RemoteException re) {
        // Shouldn't happen.
        return AuthorityInfo.NOT_SYNCABLE;
    }
    if (pInfo.restrictedAccountType != null
            && pInfo.restrictedAccountType.equals(account.type)) {
        return isSyncable;
    } else {
        return AuthorityInfo.NOT_SYNCABLE;
    }
}
 
Example 2
Source File: Vpn.java    From android_9.0.0_r45 with Apache License 2.0 6 votes vote down vote up
/**
 * Updates UID ranges for this VPN and also updates its internal capabilities.
 *
 * <p>Should be called on primary ConnectivityService thread.
 */
public void onUserAdded(int userHandle) {
    // If the user is restricted tie them to the parent user's VPN
    UserInfo user = UserManager.get(mContext).getUserInfo(userHandle);
    if (user.isRestricted() && user.restrictedProfileParentId == mUserHandle) {
        synchronized(Vpn.this) {
            final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();
            if (existingRanges != null) {
                try {
                    addUserToRanges(existingRanges, userHandle, mConfig.allowedApplications,
                            mConfig.disallowedApplications);
                    // ConnectivityService will call {@link #updateCapabilities} and apply
                    // those for VPN network.
                    mNetworkCapabilities.setUids(existingRanges);
                } catch (Exception e) {
                    Log.wtf(TAG, "Failed to add restricted user to owner", e);
                }
            }
            setVpnForcedLocked(mLockdown);
        }
    }
}
 
Example 3
Source File: Vpn.java    From android_9.0.0_r45 with Apache License 2.0 6 votes vote down vote up
/**
 * Updates UID ranges for this VPN and also updates its capabilities.
 *
 * <p>Should be called on primary ConnectivityService thread.
 */
public void onUserRemoved(int userHandle) {
    // clean up if restricted
    UserInfo user = UserManager.get(mContext).getUserInfo(userHandle);
    if (user.isRestricted() && user.restrictedProfileParentId == mUserHandle) {
        synchronized(Vpn.this) {
            final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();
            if (existingRanges != null) {
                try {
                    final List<UidRange> removedRanges =
                        uidRangesForUser(userHandle, existingRanges);
                    existingRanges.removeAll(removedRanges);
                    // ConnectivityService will call {@link #updateCapabilities} and
                    // apply those for VPN network.
                    mNetworkCapabilities.setUids(existingRanges);
                } catch (Exception e) {
                    Log.wtf(TAG, "Failed to remove restricted user to owner", e);
                }
            }
            setVpnForcedLocked(mLockdown);
        }
    }
}
 
Example 4
Source File: Vpn.java    From android_9.0.0_r45 with Apache License 2.0 5 votes vote down vote up
/**
 * Creates a {@link Set} of non-intersecting {@link UidRange} objects including all UIDs
 * associated with one user, and any restricted profiles attached to that user.
 *
 * <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,
 * the UID ranges will match the app whitelist or blacklist specified there. Otherwise, all UIDs
 * in each user and profile will be included.
 *
 * @param userHandle The userId to create UID ranges for along with any of its restricted
 *                   profiles.
 * @param allowedApplications (optional) whitelist of applications to include.
 * @param disallowedApplications (optional) blacklist of applications to exclude.
 */
@VisibleForTesting
Set<UidRange> createUserAndRestrictedProfilesRanges(@UserIdInt int userHandle,
        @Nullable List<String> allowedApplications,
        @Nullable List<String> disallowedApplications) {
    final Set<UidRange> ranges = new ArraySet<>();

    // Assign the top-level user to the set of ranges
    addUserToRanges(ranges, userHandle, allowedApplications, disallowedApplications);

    // If the user can have restricted profiles, assign all its restricted profiles too
    if (canHaveRestrictedProfile(userHandle)) {
        final long token = Binder.clearCallingIdentity();
        List<UserInfo> users;
        try {
            users = UserManager.get(mContext).getUsers(true);
        } finally {
            Binder.restoreCallingIdentity(token);
        }
        for (UserInfo user : users) {
            if (user.isRestricted() && (user.restrictedProfileParentId == userHandle)) {
                addUserToRanges(ranges, user.id, allowedApplications, disallowedApplications);
            }
        }
    }
    return ranges;
}
 
Example 5
Source File: SettingsProvider.java    From Study_Android_Demo with Apache License 2.0 5 votes vote down vote up
private void ensureSecureSettingAndroidIdSetLocked(SettingsState secureSettings) {
    Setting value = secureSettings.getSettingLocked(Settings.Secure.ANDROID_ID);

    if (!value.isNull()) {
        return;
    }

    final int userId = getUserIdFromKey(secureSettings.mKey);

    final UserInfo user;
    final long identity = Binder.clearCallingIdentity();
    try {
        user = mUserManager.getUserInfo(userId);
    } finally {
        Binder.restoreCallingIdentity(identity);
    }
    if (user == null) {
        // Can happen due to races when deleting users - treat as benign.
        return;
    }

    String androidId = Long.toHexString(new SecureRandom().nextLong());
    secureSettings.insertSettingLocked(Settings.Secure.ANDROID_ID, androidId,
            null, true, SettingsState.SYSTEM_PACKAGE_NAME);

    Slog.d(LOG_TAG, "Generated and saved new ANDROID_ID [" + androidId
            + "] for user " + userId);

    // Write a drop box entry if it's a restricted profile
    if (user.isRestricted()) {
        DropBoxManager dbm = (DropBoxManager) getContext().getSystemService(
                Context.DROPBOX_SERVICE);
        if (dbm != null && dbm.isTagEnabled(DROPBOX_TAG_USERLOG)) {
            dbm.addText(DROPBOX_TAG_USERLOG, System.currentTimeMillis()
                    + "," + DROPBOX_TAG_USERLOG + "," + androidId + "\n");
        }
    }
}
 
Example 6
Source File: SettingsProvider.java    From Study_Android_Demo with Apache License 2.0 4 votes vote down vote up
private boolean ensureAndroidIdIsSet(int userHandle) {
    final Cursor c = queryForUser(Settings.Secure.CONTENT_URI,
            new String[] { Settings.NameValueTable.VALUE },
            Settings.NameValueTable.NAME + "=?",
            new String[] { Settings.Secure.ANDROID_ID }, null,
            userHandle);
    try {
        final String value = c.moveToNext() ? c.getString(0) : null;
        if (value == null) {
            // sanity-check the user before touching the db
            final UserInfo user = mUserManager.getUserInfo(userHandle);
            if (user == null) {
                // can happen due to races when deleting users; treat as benign
                return false;
            }

            final SecureRandom random = new SecureRandom();
            final String newAndroidIdValue = Long.toHexString(random.nextLong());
            final ContentValues values = new ContentValues();
            values.put(Settings.NameValueTable.NAME, Settings.Secure.ANDROID_ID);
            values.put(Settings.NameValueTable.VALUE, newAndroidIdValue);
            final Uri uri = insertForUser(Settings.Secure.CONTENT_URI, values, userHandle);
            if (uri == null) {
                Slog.e(TAG, "Unable to generate new ANDROID_ID for user " + userHandle);
                return false;
            }
            Slog.d(TAG, "Generated and saved new ANDROID_ID [" + newAndroidIdValue
                    + "] for user " + userHandle);
            // Write a dropbox entry if it's a restricted profile
            if (user.isRestricted()) {
                DropBoxManager dbm = (DropBoxManager)
                        getContext().getSystemService(Context.DROPBOX_SERVICE);
                if (dbm != null && dbm.isTagEnabled(DROPBOX_TAG_USERLOG)) {
                    dbm.addText(DROPBOX_TAG_USERLOG, System.currentTimeMillis()
                            + ",restricted_profile_ssaid,"
                            + newAndroidIdValue + "\n");
                }
            }
        }
        return true;
    } finally {
        c.close();
    }
}