| /* |
| * Copyright (C) 2011 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.server.pm; |
| |
| import android.app.Activity; |
| import android.app.ActivityManager; |
| import android.app.ActivityManagerNative; |
| import android.app.IStopUserCallback; |
| import android.content.BroadcastReceiver; |
| import android.content.Context; |
| import android.content.Intent; |
| import android.content.pm.ApplicationInfo; |
| import android.content.pm.PackageManager; |
| import android.content.pm.PackageManager.NameNotFoundException; |
| import android.content.pm.UserInfo; |
| import android.graphics.Bitmap; |
| import android.os.Binder; |
| import android.os.Bundle; |
| import android.os.Environment; |
| import android.os.FileUtils; |
| import android.os.Handler; |
| import android.os.IUserManager; |
| import android.os.Message; |
| import android.os.ParcelFileDescriptor; |
| import android.os.Process; |
| import android.os.RemoteException; |
| import android.os.ServiceManager; |
| import android.os.UserHandle; |
| import android.os.UserManager; |
| import android.util.AtomicFile; |
| import android.util.Log; |
| import android.util.Slog; |
| import android.util.SparseArray; |
| import android.util.SparseBooleanArray; |
| import android.util.TimeUtils; |
| import android.util.Xml; |
| |
| import com.android.internal.app.IAppOpsService; |
| import com.android.internal.util.ArrayUtils; |
| import com.android.internal.util.FastXmlSerializer; |
| |
| import org.xmlpull.v1.XmlPullParser; |
| import org.xmlpull.v1.XmlPullParserException; |
| import org.xmlpull.v1.XmlSerializer; |
| |
| import java.io.BufferedOutputStream; |
| import java.io.File; |
| import java.io.FileDescriptor; |
| import java.io.FileInputStream; |
| import java.io.FileNotFoundException; |
| import java.io.FileOutputStream; |
| import java.io.IOException; |
| import java.io.PrintWriter; |
| import java.security.MessageDigest; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.SecureRandom; |
| import java.util.ArrayList; |
| import java.util.List; |
| |
| public class UserManagerService extends IUserManager.Stub { |
| |
| private static final String LOG_TAG = "UserManagerService"; |
| |
| private static final boolean DBG = false; |
| |
| private static final String TAG_NAME = "name"; |
| private static final String ATTR_FLAGS = "flags"; |
| private static final String ATTR_ICON_PATH = "icon"; |
| private static final String ATTR_ID = "id"; |
| private static final String ATTR_CREATION_TIME = "created"; |
| private static final String ATTR_LAST_LOGGED_IN_TIME = "lastLoggedIn"; |
| private static final String ATTR_SALT = "salt"; |
| private static final String ATTR_PIN_HASH = "pinHash"; |
| private static final String ATTR_FAILED_ATTEMPTS = "failedAttempts"; |
| private static final String ATTR_LAST_RETRY_MS = "lastAttemptMs"; |
| private static final String ATTR_SERIAL_NO = "serialNumber"; |
| private static final String ATTR_NEXT_SERIAL_NO = "nextSerialNumber"; |
| private static final String ATTR_PARTIAL = "partial"; |
| private static final String ATTR_GUEST_TO_REMOVE = "guestToRemove"; |
| private static final String ATTR_USER_VERSION = "version"; |
| private static final String ATTR_PROFILE_GROUP_ID = "profileGroupId"; |
| private static final String TAG_GUEST_RESTRICTIONS = "guestRestrictions"; |
| private static final String TAG_USERS = "users"; |
| private static final String TAG_USER = "user"; |
| private static final String TAG_RESTRICTIONS = "restrictions"; |
| private static final String TAG_ENTRY = "entry"; |
| private static final String TAG_VALUE = "value"; |
| private static final String ATTR_KEY = "key"; |
| private static final String ATTR_VALUE_TYPE = "type"; |
| private static final String ATTR_MULTIPLE = "m"; |
| |
| private static final String ATTR_TYPE_STRING_ARRAY = "sa"; |
| private static final String ATTR_TYPE_STRING = "s"; |
| private static final String ATTR_TYPE_BOOLEAN = "b"; |
| private static final String ATTR_TYPE_INTEGER = "i"; |
| |
| private static final String USER_INFO_DIR = "system" + File.separator + "users"; |
| private static final String USER_LIST_FILENAME = "userlist.xml"; |
| private static final String USER_PHOTO_FILENAME = "photo.png"; |
| private static final String USER_PHOTO_FILENAME_TMP = USER_PHOTO_FILENAME + ".tmp"; |
| |
| private static final String RESTRICTIONS_FILE_PREFIX = "res_"; |
| private static final String XML_SUFFIX = ".xml"; |
| |
| private static final int MIN_USER_ID = 10; |
| |
| private static final int USER_VERSION = 5; |
| |
| private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms |
| |
| // Number of attempts before jumping to the next BACKOFF_TIMES slot |
| private static final int BACKOFF_INC_INTERVAL = 5; |
| |
| // Maximum number of managed profiles permitted is 1. This cannot be increased |
| // without first making sure that the rest of the framework is prepared for it. |
| private static final int MAX_MANAGED_PROFILES = 1; |
| |
| // Amount of time to force the user to wait before entering the PIN again, after failing |
| // BACKOFF_INC_INTERVAL times. |
| private static final int[] BACKOFF_TIMES = { 0, 30*1000, 60*1000, 5*60*1000, 30*60*1000 }; |
| |
| static final int WRITE_USER_MSG = 1; |
| static final int WRITE_USER_DELAY = 2*1000; // 2 seconds |
| |
| private final Context mContext; |
| private final PackageManagerService mPm; |
| private final Object mInstallLock; |
| private final Object mPackagesLock; |
| |
| private final Handler mHandler; |
| |
| private final File mUsersDir; |
| private final File mUserListFile; |
| private final File mBaseUserPath; |
| |
| private final SparseArray<UserInfo> mUsers = new SparseArray<UserInfo>(); |
| private final SparseArray<Bundle> mUserRestrictions = new SparseArray<Bundle>(); |
| private final Bundle mGuestRestrictions = new Bundle(); |
| |
| class RestrictionsPinState { |
| long salt; |
| String pinHash; |
| int failedAttempts; |
| long lastAttemptTime; |
| } |
| |
| private final SparseArray<RestrictionsPinState> mRestrictionsPinStates = |
| new SparseArray<RestrictionsPinState>(); |
| |
| /** |
| * Set of user IDs being actively removed. Removed IDs linger in this set |
| * for several seconds to work around a VFS caching issue. |
| */ |
| // @GuardedBy("mPackagesLock") |
| private final SparseBooleanArray mRemovingUserIds = new SparseBooleanArray(); |
| |
| private int[] mUserIds; |
| private int mNextSerialNumber; |
| private int mUserVersion = 0; |
| |
| private IAppOpsService mAppOpsService; |
| |
| private static UserManagerService sInstance; |
| |
| public static UserManagerService getInstance() { |
| synchronized (UserManagerService.class) { |
| return sInstance; |
| } |
| } |
| |
| /** |
| * Available for testing purposes. |
| */ |
| UserManagerService(File dataDir, File baseUserPath) { |
| this(null, null, new Object(), new Object(), dataDir, baseUserPath); |
| } |
| |
| /** |
| * Called by package manager to create the service. This is closely |
| * associated with the package manager, and the given lock is the |
| * package manager's own lock. |
| */ |
| UserManagerService(Context context, PackageManagerService pm, |
| Object installLock, Object packagesLock) { |
| this(context, pm, installLock, packagesLock, |
| Environment.getDataDirectory(), |
| new File(Environment.getDataDirectory(), "user")); |
| } |
| |
| /** |
| * Available for testing purposes. |
| */ |
| private UserManagerService(Context context, PackageManagerService pm, |
| Object installLock, Object packagesLock, |
| File dataDir, File baseUserPath) { |
| mContext = context; |
| mPm = pm; |
| mInstallLock = installLock; |
| mPackagesLock = packagesLock; |
| mHandler = new MainHandler(); |
| synchronized (mInstallLock) { |
| synchronized (mPackagesLock) { |
| mUsersDir = new File(dataDir, USER_INFO_DIR); |
| mUsersDir.mkdirs(); |
| // Make zeroth user directory, for services to migrate their files to that location |
| File userZeroDir = new File(mUsersDir, "0"); |
| userZeroDir.mkdirs(); |
| mBaseUserPath = baseUserPath; |
| FileUtils.setPermissions(mUsersDir.toString(), |
| FileUtils.S_IRWXU|FileUtils.S_IRWXG |
| |FileUtils.S_IROTH|FileUtils.S_IXOTH, |
| -1, -1); |
| mUserListFile = new File(mUsersDir, USER_LIST_FILENAME); |
| initDefaultGuestRestrictions(); |
| readUserListLocked(); |
| // Prune out any partially created/partially removed users. |
| ArrayList<UserInfo> partials = new ArrayList<UserInfo>(); |
| for (int i = 0; i < mUsers.size(); i++) { |
| UserInfo ui = mUsers.valueAt(i); |
| if ((ui.partial || ui.guestToRemove) && i != 0) { |
| partials.add(ui); |
| } |
| } |
| for (int i = 0; i < partials.size(); i++) { |
| UserInfo ui = partials.get(i); |
| Slog.w(LOG_TAG, "Removing partially created user #" + i |
| + " (name=" + ui.name + ")"); |
| removeUserStateLocked(ui.id); |
| } |
| sInstance = this; |
| } |
| } |
| } |
| |
| void systemReady() { |
| userForeground(UserHandle.USER_OWNER); |
| mAppOpsService = IAppOpsService.Stub.asInterface( |
| ServiceManager.getService(Context.APP_OPS_SERVICE)); |
| for (int i = 0; i < mUserIds.length; ++i) { |
| try { |
| mAppOpsService.setUserRestrictions(mUserRestrictions.get(mUserIds[i]), mUserIds[i]); |
| } catch (RemoteException e) { |
| Log.w(LOG_TAG, "Unable to notify AppOpsService of UserRestrictions"); |
| } |
| } |
| } |
| |
| @Override |
| public List<UserInfo> getUsers(boolean excludeDying) { |
| checkManageUsersPermission("query users"); |
| synchronized (mPackagesLock) { |
| ArrayList<UserInfo> users = new ArrayList<UserInfo>(mUsers.size()); |
| for (int i = 0; i < mUsers.size(); i++) { |
| UserInfo ui = mUsers.valueAt(i); |
| if (ui.partial) { |
| continue; |
| } |
| if (!excludeDying || !mRemovingUserIds.get(ui.id)) { |
| users.add(ui); |
| } |
| } |
| return users; |
| } |
| } |
| |
| @Override |
| public List<UserInfo> getProfiles(int userId, boolean enabledOnly) { |
| if (userId != UserHandle.getCallingUserId()) { |
| checkManageUsersPermission("getting profiles related to user " + userId); |
| } |
| final long ident = Binder.clearCallingIdentity(); |
| try { |
| synchronized (mPackagesLock) { |
| return getProfilesLocked(userId, enabledOnly); |
| } |
| } finally { |
| Binder.restoreCallingIdentity(ident); |
| } |
| } |
| |
| /** Assume permissions already checked and caller's identity cleared */ |
| private List<UserInfo> getProfilesLocked(int userId, boolean enabledOnly) { |
| UserInfo user = getUserInfoLocked(userId); |
| ArrayList<UserInfo> users = new ArrayList<UserInfo>(mUsers.size()); |
| if (user == null) { |
| // Probably a dying user |
| return users; |
| } |
| for (int i = 0; i < mUsers.size(); i++) { |
| UserInfo profile = mUsers.valueAt(i); |
| if (!isProfileOf(user, profile)) { |
| continue; |
| } |
| if (enabledOnly && !profile.isEnabled()) { |
| continue; |
| } |
| if (mRemovingUserIds.get(profile.id)) { |
| continue; |
| } |
| users.add(profile); |
| } |
| return users; |
| } |
| |
| @Override |
| public UserInfo getProfileParent(int userHandle) { |
| checkManageUsersPermission("get the profile parent"); |
| synchronized (mPackagesLock) { |
| UserInfo profile = getUserInfoLocked(userHandle); |
| if (profile == null) { |
| return null; |
| } |
| int parentUserId = profile.profileGroupId; |
| if (parentUserId == UserInfo.NO_PROFILE_GROUP_ID) { |
| return null; |
| } else { |
| return getUserInfoLocked(parentUserId); |
| } |
| } |
| } |
| |
| private boolean isProfileOf(UserInfo user, UserInfo profile) { |
| return user.id == profile.id || |
| (user.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID |
| && user.profileGroupId == profile.profileGroupId); |
| } |
| |
| @Override |
| public void setUserEnabled(int userId) { |
| checkManageUsersPermission("enable user"); |
| synchronized (mPackagesLock) { |
| UserInfo info = getUserInfoLocked(userId); |
| if (info != null && !info.isEnabled()) { |
| info.flags ^= UserInfo.FLAG_DISABLED; |
| writeUserLocked(info); |
| } |
| } |
| } |
| |
| @Override |
| public UserInfo getUserInfo(int userId) { |
| checkManageUsersPermission("query user"); |
| synchronized (mPackagesLock) { |
| return getUserInfoLocked(userId); |
| } |
| } |
| |
| @Override |
| public boolean isRestricted() { |
| synchronized (mPackagesLock) { |
| return getUserInfoLocked(UserHandle.getCallingUserId()).isRestricted(); |
| } |
| } |
| |
| /* |
| * Should be locked on mUsers before calling this. |
| */ |
| private UserInfo getUserInfoLocked(int userId) { |
| UserInfo ui = mUsers.get(userId); |
| // If it is partial and not in the process of being removed, return as unknown user. |
| if (ui != null && ui.partial && !mRemovingUserIds.get(userId)) { |
| Slog.w(LOG_TAG, "getUserInfo: unknown user #" + userId); |
| return null; |
| } |
| return ui; |
| } |
| |
| public boolean exists(int userId) { |
| synchronized (mPackagesLock) { |
| return ArrayUtils.contains(mUserIds, userId); |
| } |
| } |
| |
| @Override |
| public void setUserName(int userId, String name) { |
| checkManageUsersPermission("rename users"); |
| boolean changed = false; |
| synchronized (mPackagesLock) { |
| UserInfo info = mUsers.get(userId); |
| if (info == null || info.partial) { |
| Slog.w(LOG_TAG, "setUserName: unknown user #" + userId); |
| return; |
| } |
| if (name != null && !name.equals(info.name)) { |
| info.name = name; |
| writeUserLocked(info); |
| changed = true; |
| } |
| } |
| if (changed) { |
| sendUserInfoChangedBroadcast(userId); |
| } |
| } |
| |
| @Override |
| public void setUserIcon(int userId, Bitmap bitmap) { |
| checkManageUsersPermission("update users"); |
| long ident = Binder.clearCallingIdentity(); |
| try { |
| synchronized (mPackagesLock) { |
| UserInfo info = mUsers.get(userId); |
| if (info == null || info.partial) { |
| Slog.w(LOG_TAG, "setUserIcon: unknown user #" + userId); |
| return; |
| } |
| writeBitmapLocked(info, bitmap); |
| writeUserLocked(info); |
| } |
| sendUserInfoChangedBroadcast(userId); |
| } finally { |
| Binder.restoreCallingIdentity(ident); |
| } |
| } |
| |
| private void sendUserInfoChangedBroadcast(int userId) { |
| Intent changedIntent = new Intent(Intent.ACTION_USER_INFO_CHANGED); |
| changedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId); |
| changedIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); |
| mContext.sendBroadcastAsUser(changedIntent, UserHandle.ALL); |
| } |
| |
| @Override |
| public ParcelFileDescriptor getUserIcon(int userId) { |
| String iconPath; |
| synchronized (mPackagesLock) { |
| UserInfo info = mUsers.get(userId); |
| if (info == null || info.partial) { |
| Slog.w(LOG_TAG, "getUserIcon: unknown user #" + userId); |
| return null; |
| } |
| int callingGroupId = mUsers.get(UserHandle.getCallingUserId()).profileGroupId; |
| if (callingGroupId == UserInfo.NO_PROFILE_GROUP_ID |
| || callingGroupId != info.profileGroupId) { |
| checkManageUsersPermission("get the icon of a user who is not related"); |
| } |
| if (info.iconPath == null) { |
| return null; |
| } |
| iconPath = info.iconPath; |
| } |
| |
| try { |
| return ParcelFileDescriptor.open( |
| new File(iconPath), ParcelFileDescriptor.MODE_READ_ONLY); |
| } catch (FileNotFoundException e) { |
| Log.e(LOG_TAG, "Couldn't find icon file", e); |
| } |
| return null; |
| } |
| |
| public void makeInitialized(int userId) { |
| checkManageUsersPermission("makeInitialized"); |
| synchronized (mPackagesLock) { |
| UserInfo info = mUsers.get(userId); |
| if (info == null || info.partial) { |
| Slog.w(LOG_TAG, "makeInitialized: unknown user #" + userId); |
| } |
| if ((info.flags&UserInfo.FLAG_INITIALIZED) == 0) { |
| info.flags |= UserInfo.FLAG_INITIALIZED; |
| scheduleWriteUserLocked(info); |
| } |
| } |
| } |
| |
| /** |
| * If default guest restrictions haven't been initialized yet, add the basic |
| * restrictions. |
| */ |
| private void initDefaultGuestRestrictions() { |
| if (mGuestRestrictions.isEmpty()) { |
| mGuestRestrictions.putBoolean(UserManager.DISALLOW_OUTGOING_CALLS, true); |
| mGuestRestrictions.putBoolean(UserManager.DISALLOW_SMS, true); |
| } |
| } |
| |
| @Override |
| public Bundle getDefaultGuestRestrictions() { |
| checkManageUsersPermission("getDefaultGuestRestrictions"); |
| synchronized (mPackagesLock) { |
| return new Bundle(mGuestRestrictions); |
| } |
| } |
| |
| @Override |
| public void setDefaultGuestRestrictions(Bundle restrictions) { |
| checkManageUsersPermission("setDefaultGuestRestrictions"); |
| synchronized (mPackagesLock) { |
| mGuestRestrictions.clear(); |
| mGuestRestrictions.putAll(restrictions); |
| writeUserListLocked(); |
| } |
| } |
| |
| @Override |
| public boolean hasUserRestriction(String restrictionKey, int userId) { |
| synchronized (mPackagesLock) { |
| Bundle restrictions = mUserRestrictions.get(userId); |
| return restrictions != null ? restrictions.getBoolean(restrictionKey) : false; |
| } |
| } |
| |
| @Override |
| public Bundle getUserRestrictions(int userId) { |
| // checkManageUsersPermission("getUserRestrictions"); |
| |
| synchronized (mPackagesLock) { |
| Bundle restrictions = mUserRestrictions.get(userId); |
| return restrictions != null ? new Bundle(restrictions) : new Bundle(); |
| } |
| } |
| |
| @Override |
| public void setUserRestrictions(Bundle restrictions, int userId) { |
| checkManageUsersPermission("setUserRestrictions"); |
| if (restrictions == null) return; |
| |
| synchronized (mPackagesLock) { |
| mUserRestrictions.get(userId).clear(); |
| mUserRestrictions.get(userId).putAll(restrictions); |
| long token = Binder.clearCallingIdentity(); |
| try { |
| mAppOpsService.setUserRestrictions(mUserRestrictions.get(userId), userId); |
| } catch (RemoteException e) { |
| Log.w(LOG_TAG, "Unable to notify AppOpsService of UserRestrictions"); |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| scheduleWriteUserLocked(mUsers.get(userId)); |
| } |
| } |
| |
| /** |
| * Check if we've hit the limit of how many users can be created. |
| */ |
| private boolean isUserLimitReachedLocked() { |
| int aliveUserCount = 0; |
| final int totalUserCount = mUsers.size(); |
| // Skip over users being removed |
| for (int i = 0; i < totalUserCount; i++) { |
| UserInfo user = mUsers.valueAt(i); |
| if (!mRemovingUserIds.get(user.id) |
| && !user.isGuest() && !user.partial) { |
| aliveUserCount++; |
| } |
| } |
| return aliveUserCount >= UserManager.getMaxSupportedUsers(); |
| } |
| |
| /** |
| * Enforces that only the system UID or root's UID or apps that have the |
| * {@link android.Manifest.permission#MANAGE_USERS MANAGE_USERS} |
| * permission can make certain calls to the UserManager. |
| * |
| * @param message used as message if SecurityException is thrown |
| * @throws SecurityException if the caller is not system or root |
| */ |
| private static final void checkManageUsersPermission(String message) { |
| final int uid = Binder.getCallingUid(); |
| if (uid != Process.SYSTEM_UID && uid != 0 |
| && ActivityManager.checkComponentPermission( |
| android.Manifest.permission.MANAGE_USERS, |
| uid, -1, true) != PackageManager.PERMISSION_GRANTED) { |
| throw new SecurityException("You need MANAGE_USERS permission to: " + message); |
| } |
| } |
| |
| private void writeBitmapLocked(UserInfo info, Bitmap bitmap) { |
| try { |
| File dir = new File(mUsersDir, Integer.toString(info.id)); |
| File file = new File(dir, USER_PHOTO_FILENAME); |
| File tmp = new File(dir, USER_PHOTO_FILENAME_TMP); |
| if (!dir.exists()) { |
| dir.mkdir(); |
| FileUtils.setPermissions( |
| dir.getPath(), |
| FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IXOTH, |
| -1, -1); |
| } |
| FileOutputStream os; |
| if (bitmap.compress(Bitmap.CompressFormat.PNG, 100, os = new FileOutputStream(tmp)) |
| && tmp.renameTo(file)) { |
| info.iconPath = file.getAbsolutePath(); |
| } |
| try { |
| os.close(); |
| } catch (IOException ioe) { |
| // What the ... ! |
| } |
| tmp.delete(); |
| } catch (FileNotFoundException e) { |
| Slog.w(LOG_TAG, "Error setting photo for user ", e); |
| } |
| } |
| |
| /** |
| * Returns an array of user ids. This array is cached here for quick access, so do not modify or |
| * cache it elsewhere. |
| * @return the array of user ids. |
| */ |
| public int[] getUserIds() { |
| synchronized (mPackagesLock) { |
| return mUserIds; |
| } |
| } |
| |
| int[] getUserIdsLPr() { |
| return mUserIds; |
| } |
| |
| private void readUserListLocked() { |
| if (!mUserListFile.exists()) { |
| fallbackToSingleUserLocked(); |
| return; |
| } |
| FileInputStream fis = null; |
| AtomicFile userListFile = new AtomicFile(mUserListFile); |
| try { |
| fis = userListFile.openRead(); |
| XmlPullParser parser = Xml.newPullParser(); |
| parser.setInput(fis, null); |
| int type; |
| while ((type = parser.next()) != XmlPullParser.START_TAG |
| && type != XmlPullParser.END_DOCUMENT) { |
| ; |
| } |
| |
| if (type != XmlPullParser.START_TAG) { |
| Slog.e(LOG_TAG, "Unable to read user list"); |
| fallbackToSingleUserLocked(); |
| return; |
| } |
| |
| mNextSerialNumber = -1; |
| if (parser.getName().equals(TAG_USERS)) { |
| String lastSerialNumber = parser.getAttributeValue(null, ATTR_NEXT_SERIAL_NO); |
| if (lastSerialNumber != null) { |
| mNextSerialNumber = Integer.parseInt(lastSerialNumber); |
| } |
| String versionNumber = parser.getAttributeValue(null, ATTR_USER_VERSION); |
| if (versionNumber != null) { |
| mUserVersion = Integer.parseInt(versionNumber); |
| } |
| } |
| |
| while ((type = parser.next()) != XmlPullParser.END_DOCUMENT) { |
| if (type == XmlPullParser.START_TAG) { |
| final String name = parser.getName(); |
| if (name.equals(TAG_USER)) { |
| String id = parser.getAttributeValue(null, ATTR_ID); |
| UserInfo user = readUserLocked(Integer.parseInt(id)); |
| |
| if (user != null) { |
| mUsers.put(user.id, user); |
| if (mNextSerialNumber < 0 || mNextSerialNumber <= user.id) { |
| mNextSerialNumber = user.id + 1; |
| } |
| } |
| } else if (name.equals(TAG_GUEST_RESTRICTIONS)) { |
| while ((type = parser.next()) != XmlPullParser.END_DOCUMENT |
| && type != XmlPullParser.END_TAG) { |
| if (type == XmlPullParser.START_TAG) { |
| if (parser.getName().equals(TAG_RESTRICTIONS)) { |
| readRestrictionsLocked(parser, mGuestRestrictions); |
| } |
| break; |
| } |
| } |
| } |
| } |
| } |
| updateUserIdsLocked(); |
| upgradeIfNecessaryLocked(); |
| } catch (IOException ioe) { |
| fallbackToSingleUserLocked(); |
| } catch (XmlPullParserException pe) { |
| fallbackToSingleUserLocked(); |
| } finally { |
| if (fis != null) { |
| try { |
| fis.close(); |
| } catch (IOException e) { |
| } |
| } |
| } |
| } |
| |
| /** |
| * Upgrade steps between versions, either for fixing bugs or changing the data format. |
| */ |
| private void upgradeIfNecessaryLocked() { |
| int userVersion = mUserVersion; |
| if (userVersion < 1) { |
| // Assign a proper name for the owner, if not initialized correctly before |
| UserInfo user = mUsers.get(UserHandle.USER_OWNER); |
| if ("Primary".equals(user.name)) { |
| user.name = mContext.getResources().getString(com.android.internal.R.string.owner_name); |
| scheduleWriteUserLocked(user); |
| } |
| userVersion = 1; |
| } |
| |
| if (userVersion < 2) { |
| // Owner should be marked as initialized |
| UserInfo user = mUsers.get(UserHandle.USER_OWNER); |
| if ((user.flags & UserInfo.FLAG_INITIALIZED) == 0) { |
| user.flags |= UserInfo.FLAG_INITIALIZED; |
| scheduleWriteUserLocked(user); |
| } |
| userVersion = 2; |
| } |
| |
| |
| if (userVersion < 4) { |
| userVersion = 4; |
| } |
| |
| if (userVersion < 5) { |
| initDefaultGuestRestrictions(); |
| userVersion = 5; |
| } |
| |
| if (userVersion < USER_VERSION) { |
| Slog.w(LOG_TAG, "User version " + mUserVersion + " didn't upgrade as expected to " |
| + USER_VERSION); |
| } else { |
| mUserVersion = userVersion; |
| writeUserListLocked(); |
| } |
| } |
| |
| private void fallbackToSingleUserLocked() { |
| // Create the primary user |
| UserInfo primary = new UserInfo(UserHandle.USER_OWNER, |
| mContext.getResources().getString(com.android.internal.R.string.owner_name), null, |
| UserInfo.FLAG_ADMIN | UserInfo.FLAG_PRIMARY | UserInfo.FLAG_INITIALIZED); |
| mUsers.put(0, primary); |
| mNextSerialNumber = MIN_USER_ID; |
| mUserVersion = USER_VERSION; |
| |
| Bundle restrictions = new Bundle(); |
| mUserRestrictions.append(UserHandle.USER_OWNER, restrictions); |
| |
| updateUserIdsLocked(); |
| initDefaultGuestRestrictions(); |
| |
| writeUserListLocked(); |
| writeUserLocked(primary); |
| } |
| |
| private void scheduleWriteUserLocked(UserInfo userInfo) { |
| if (!mHandler.hasMessages(WRITE_USER_MSG, userInfo)) { |
| Message msg = mHandler.obtainMessage(WRITE_USER_MSG, userInfo); |
| mHandler.sendMessageDelayed(msg, WRITE_USER_DELAY); |
| } |
| } |
| |
| /* |
| * Writes the user file in this format: |
| * |
| * <user flags="20039023" id="0"> |
| * <name>Primary</name> |
| * </user> |
| */ |
| private void writeUserLocked(UserInfo userInfo) { |
| FileOutputStream fos = null; |
| AtomicFile userFile = new AtomicFile(new File(mUsersDir, userInfo.id + XML_SUFFIX)); |
| try { |
| fos = userFile.startWrite(); |
| final BufferedOutputStream bos = new BufferedOutputStream(fos); |
| |
| // XmlSerializer serializer = XmlUtils.serializerInstance(); |
| final XmlSerializer serializer = new FastXmlSerializer(); |
| serializer.setOutput(bos, "utf-8"); |
| serializer.startDocument(null, true); |
| serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true); |
| |
| serializer.startTag(null, TAG_USER); |
| serializer.attribute(null, ATTR_ID, Integer.toString(userInfo.id)); |
| serializer.attribute(null, ATTR_SERIAL_NO, Integer.toString(userInfo.serialNumber)); |
| serializer.attribute(null, ATTR_FLAGS, Integer.toString(userInfo.flags)); |
| serializer.attribute(null, ATTR_CREATION_TIME, Long.toString(userInfo.creationTime)); |
| serializer.attribute(null, ATTR_LAST_LOGGED_IN_TIME, |
| Long.toString(userInfo.lastLoggedInTime)); |
| RestrictionsPinState pinState = mRestrictionsPinStates.get(userInfo.id); |
| if (pinState != null) { |
| if (pinState.salt != 0) { |
| serializer.attribute(null, ATTR_SALT, Long.toString(pinState.salt)); |
| } |
| if (pinState.pinHash != null) { |
| serializer.attribute(null, ATTR_PIN_HASH, pinState.pinHash); |
| } |
| if (pinState.failedAttempts != 0) { |
| serializer.attribute(null, ATTR_FAILED_ATTEMPTS, |
| Integer.toString(pinState.failedAttempts)); |
| serializer.attribute(null, ATTR_LAST_RETRY_MS, |
| Long.toString(pinState.lastAttemptTime)); |
| } |
| } |
| if (userInfo.iconPath != null) { |
| serializer.attribute(null, ATTR_ICON_PATH, userInfo.iconPath); |
| } |
| if (userInfo.partial) { |
| serializer.attribute(null, ATTR_PARTIAL, "true"); |
| } |
| if (userInfo.guestToRemove) { |
| serializer.attribute(null, ATTR_GUEST_TO_REMOVE, "true"); |
| } |
| if (userInfo.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID) { |
| serializer.attribute(null, ATTR_PROFILE_GROUP_ID, |
| Integer.toString(userInfo.profileGroupId)); |
| } |
| |
| serializer.startTag(null, TAG_NAME); |
| serializer.text(userInfo.name); |
| serializer.endTag(null, TAG_NAME); |
| Bundle restrictions = mUserRestrictions.get(userInfo.id); |
| if (restrictions != null) { |
| writeRestrictionsLocked(serializer, restrictions); |
| } |
| serializer.endTag(null, TAG_USER); |
| |
| serializer.endDocument(); |
| userFile.finishWrite(fos); |
| } catch (Exception ioe) { |
| Slog.e(LOG_TAG, "Error writing user info " + userInfo.id + "\n" + ioe); |
| userFile.failWrite(fos); |
| } |
| } |
| |
| /* |
| * Writes the user list file in this format: |
| * |
| * <users nextSerialNumber="3"> |
| * <user id="0"></user> |
| * <user id="2"></user> |
| * </users> |
| */ |
| private void writeUserListLocked() { |
| FileOutputStream fos = null; |
| AtomicFile userListFile = new AtomicFile(mUserListFile); |
| try { |
| fos = userListFile.startWrite(); |
| final BufferedOutputStream bos = new BufferedOutputStream(fos); |
| |
| // XmlSerializer serializer = XmlUtils.serializerInstance(); |
| final XmlSerializer serializer = new FastXmlSerializer(); |
| serializer.setOutput(bos, "utf-8"); |
| serializer.startDocument(null, true); |
| serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true); |
| |
| serializer.startTag(null, TAG_USERS); |
| serializer.attribute(null, ATTR_NEXT_SERIAL_NO, Integer.toString(mNextSerialNumber)); |
| serializer.attribute(null, ATTR_USER_VERSION, Integer.toString(mUserVersion)); |
| |
| serializer.startTag(null, TAG_GUEST_RESTRICTIONS); |
| writeRestrictionsLocked(serializer, mGuestRestrictions); |
| serializer.endTag(null, TAG_GUEST_RESTRICTIONS); |
| for (int i = 0; i < mUsers.size(); i++) { |
| UserInfo user = mUsers.valueAt(i); |
| serializer.startTag(null, TAG_USER); |
| serializer.attribute(null, ATTR_ID, Integer.toString(user.id)); |
| serializer.endTag(null, TAG_USER); |
| } |
| |
| serializer.endTag(null, TAG_USERS); |
| |
| serializer.endDocument(); |
| userListFile.finishWrite(fos); |
| } catch (Exception e) { |
| userListFile.failWrite(fos); |
| Slog.e(LOG_TAG, "Error writing user list"); |
| } |
| } |
| |
| private void writeRestrictionsLocked(XmlSerializer serializer, Bundle restrictions) |
| throws IOException { |
| serializer.startTag(null, TAG_RESTRICTIONS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_WIFI); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_MODIFY_ACCOUNTS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_INSTALL_APPS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_UNINSTALL_APPS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_SHARE_LOCATION); |
| writeBoolean(serializer, restrictions, |
| UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_BLUETOOTH); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_USB_FILE_TRANSFER); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_CREDENTIALS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_REMOVE_USER); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_DEBUGGING_FEATURES); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_VPN); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_TETHERING); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_FACTORY_RESET); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_ADD_USER); |
| writeBoolean(serializer, restrictions, UserManager.ENSURE_VERIFY_APPS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_CELL_BROADCASTS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_APPS_CONTROL); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_UNMUTE_MICROPHONE); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_ADJUST_VOLUME); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_OUTGOING_CALLS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_SMS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CREATE_WINDOWS); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_CROSS_PROFILE_COPY_PASTE); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_OUTGOING_BEAM); |
| writeBoolean(serializer, restrictions, UserManager.DISALLOW_WALLPAPER); |
| serializer.endTag(null, TAG_RESTRICTIONS); |
| } |
| |
| private UserInfo readUserLocked(int id) { |
| int flags = 0; |
| int serialNumber = id; |
| String name = null; |
| String iconPath = null; |
| long creationTime = 0L; |
| long lastLoggedInTime = 0L; |
| long salt = 0L; |
| String pinHash = null; |
| int failedAttempts = 0; |
| int profileGroupId = UserInfo.NO_PROFILE_GROUP_ID; |
| long lastAttemptTime = 0L; |
| boolean partial = false; |
| boolean guestToRemove = false; |
| Bundle restrictions = new Bundle(); |
| |
| FileInputStream fis = null; |
| try { |
| AtomicFile userFile = |
| new AtomicFile(new File(mUsersDir, Integer.toString(id) + XML_SUFFIX)); |
| fis = userFile.openRead(); |
| XmlPullParser parser = Xml.newPullParser(); |
| parser.setInput(fis, null); |
| int type; |
| while ((type = parser.next()) != XmlPullParser.START_TAG |
| && type != XmlPullParser.END_DOCUMENT) { |
| ; |
| } |
| |
| if (type != XmlPullParser.START_TAG) { |
| Slog.e(LOG_TAG, "Unable to read user " + id); |
| return null; |
| } |
| |
| if (type == XmlPullParser.START_TAG && parser.getName().equals(TAG_USER)) { |
| int storedId = readIntAttribute(parser, ATTR_ID, -1); |
| if (storedId != id) { |
| Slog.e(LOG_TAG, "User id does not match the file name"); |
| return null; |
| } |
| serialNumber = readIntAttribute(parser, ATTR_SERIAL_NO, id); |
| flags = readIntAttribute(parser, ATTR_FLAGS, 0); |
| iconPath = parser.getAttributeValue(null, ATTR_ICON_PATH); |
| creationTime = readLongAttribute(parser, ATTR_CREATION_TIME, 0); |
| lastLoggedInTime = readLongAttribute(parser, ATTR_LAST_LOGGED_IN_TIME, 0); |
| salt = readLongAttribute(parser, ATTR_SALT, 0L); |
| pinHash = parser.getAttributeValue(null, ATTR_PIN_HASH); |
| failedAttempts = readIntAttribute(parser, ATTR_FAILED_ATTEMPTS, 0); |
| lastAttemptTime = readLongAttribute(parser, ATTR_LAST_RETRY_MS, 0L); |
| profileGroupId = readIntAttribute(parser, ATTR_PROFILE_GROUP_ID, |
| UserInfo.NO_PROFILE_GROUP_ID); |
| String valueString = parser.getAttributeValue(null, ATTR_PARTIAL); |
| if ("true".equals(valueString)) { |
| partial = true; |
| } |
| valueString = parser.getAttributeValue(null, ATTR_GUEST_TO_REMOVE); |
| if ("true".equals(valueString)) { |
| guestToRemove = true; |
| } |
| |
| int outerDepth = parser.getDepth(); |
| while ((type = parser.next()) != XmlPullParser.END_DOCUMENT |
| && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { |
| if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { |
| continue; |
| } |
| String tag = parser.getName(); |
| if (TAG_NAME.equals(tag)) { |
| type = parser.next(); |
| if (type == XmlPullParser.TEXT) { |
| name = parser.getText(); |
| } |
| } else if (TAG_RESTRICTIONS.equals(tag)) { |
| readRestrictionsLocked(parser, restrictions); |
| } |
| } |
| } |
| |
| UserInfo userInfo = new UserInfo(id, name, iconPath, flags); |
| userInfo.serialNumber = serialNumber; |
| userInfo.creationTime = creationTime; |
| userInfo.lastLoggedInTime = lastLoggedInTime; |
| userInfo.partial = partial; |
| userInfo.guestToRemove = guestToRemove; |
| userInfo.profileGroupId = profileGroupId; |
| mUserRestrictions.append(id, restrictions); |
| if (salt != 0L) { |
| RestrictionsPinState pinState = mRestrictionsPinStates.get(id); |
| if (pinState == null) { |
| pinState = new RestrictionsPinState(); |
| mRestrictionsPinStates.put(id, pinState); |
| } |
| pinState.salt = salt; |
| pinState.pinHash = pinHash; |
| pinState.failedAttempts = failedAttempts; |
| pinState.lastAttemptTime = lastAttemptTime; |
| } |
| return userInfo; |
| |
| } catch (IOException ioe) { |
| } catch (XmlPullParserException pe) { |
| } finally { |
| if (fis != null) { |
| try { |
| fis.close(); |
| } catch (IOException e) { |
| } |
| } |
| } |
| return null; |
| } |
| |
| private void readRestrictionsLocked(XmlPullParser parser, Bundle restrictions) |
| throws IOException { |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_WIFI); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_MODIFY_ACCOUNTS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_INSTALL_APPS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_UNINSTALL_APPS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_SHARE_LOCATION); |
| readBoolean(parser, restrictions, |
| UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_BLUETOOTH); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_USB_FILE_TRANSFER); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_CREDENTIALS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_REMOVE_USER); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_DEBUGGING_FEATURES); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_VPN); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_TETHERING); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_FACTORY_RESET); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_ADD_USER); |
| readBoolean(parser, restrictions, UserManager.ENSURE_VERIFY_APPS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_CELL_BROADCASTS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_APPS_CONTROL); |
| readBoolean(parser, restrictions, |
| UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_UNMUTE_MICROPHONE); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_ADJUST_VOLUME); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_OUTGOING_CALLS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_SMS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CREATE_WINDOWS); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_CROSS_PROFILE_COPY_PASTE); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_OUTGOING_BEAM); |
| readBoolean(parser, restrictions, UserManager.DISALLOW_WALLPAPER); |
| } |
| |
| private void readBoolean(XmlPullParser parser, Bundle restrictions, |
| String restrictionKey) { |
| String value = parser.getAttributeValue(null, restrictionKey); |
| if (value != null) { |
| restrictions.putBoolean(restrictionKey, Boolean.parseBoolean(value)); |
| } |
| } |
| |
| private void writeBoolean(XmlSerializer xml, Bundle restrictions, String restrictionKey) |
| throws IOException { |
| if (restrictions.containsKey(restrictionKey)) { |
| xml.attribute(null, restrictionKey, |
| Boolean.toString(restrictions.getBoolean(restrictionKey))); |
| } |
| } |
| |
| private int readIntAttribute(XmlPullParser parser, String attr, int defaultValue) { |
| String valueString = parser.getAttributeValue(null, attr); |
| if (valueString == null) return defaultValue; |
| try { |
| return Integer.parseInt(valueString); |
| } catch (NumberFormatException nfe) { |
| return defaultValue; |
| } |
| } |
| |
| private long readLongAttribute(XmlPullParser parser, String attr, long defaultValue) { |
| String valueString = parser.getAttributeValue(null, attr); |
| if (valueString == null) return defaultValue; |
| try { |
| return Long.parseLong(valueString); |
| } catch (NumberFormatException nfe) { |
| return defaultValue; |
| } |
| } |
| |
| private boolean isPackageInstalled(String pkg, int userId) { |
| final ApplicationInfo info = mPm.getApplicationInfo(pkg, |
| PackageManager.GET_UNINSTALLED_PACKAGES, |
| userId); |
| if (info == null || (info.flags&ApplicationInfo.FLAG_INSTALLED) == 0) { |
| return false; |
| } |
| return true; |
| } |
| |
| /** |
| * Removes all the restrictions files (res_<packagename>) for a given user. |
| * Does not do any permissions checking. |
| */ |
| private void cleanAppRestrictions(int userId) { |
| synchronized (mPackagesLock) { |
| File dir = Environment.getUserSystemDirectory(userId); |
| String[] files = dir.list(); |
| if (files == null) return; |
| for (String fileName : files) { |
| if (fileName.startsWith(RESTRICTIONS_FILE_PREFIX)) { |
| File resFile = new File(dir, fileName); |
| if (resFile.exists()) { |
| resFile.delete(); |
| } |
| } |
| } |
| } |
| } |
| |
| /** |
| * Removes the app restrictions file for a specific package and user id, if it exists. |
| */ |
| private void cleanAppRestrictionsForPackage(String pkg, int userId) { |
| synchronized (mPackagesLock) { |
| File dir = Environment.getUserSystemDirectory(userId); |
| File resFile = new File(dir, packageToRestrictionsFileName(pkg)); |
| if (resFile.exists()) { |
| resFile.delete(); |
| } |
| } |
| } |
| |
| @Override |
| public UserInfo createProfileForUser(String name, int flags, int userId) { |
| checkManageUsersPermission("Only the system can create users"); |
| if (userId != UserHandle.USER_OWNER) { |
| Slog.w(LOG_TAG, "Only user owner can have profiles"); |
| return null; |
| } |
| return createUserInternal(name, flags, userId); |
| } |
| |
| @Override |
| public UserInfo createUser(String name, int flags) { |
| checkManageUsersPermission("Only the system can create users"); |
| return createUserInternal(name, flags, UserHandle.USER_NULL); |
| } |
| |
| private UserInfo createUserInternal(String name, int flags, int parentId) { |
| if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean( |
| UserManager.DISALLOW_ADD_USER, false)) { |
| Log.w(LOG_TAG, "Cannot add user. DISALLOW_ADD_USER is enabled."); |
| return null; |
| } |
| final boolean isGuest = (flags & UserInfo.FLAG_GUEST) != 0; |
| final long ident = Binder.clearCallingIdentity(); |
| UserInfo userInfo = null; |
| try { |
| synchronized (mInstallLock) { |
| synchronized (mPackagesLock) { |
| UserInfo parent = null; |
| if (parentId != UserHandle.USER_NULL) { |
| parent = getUserInfoLocked(parentId); |
| if (parent == null) return null; |
| } |
| // If we're not adding a guest user and the limit has been reached, |
| // cannot add a user. |
| if (!isGuest && isUserLimitReachedLocked()) { |
| return null; |
| } |
| // If we're adding a guest and there already exists one, bail. |
| if (isGuest && findCurrentGuestUserLocked() != null) { |
| return null; |
| } |
| // Limit number of managed profiles that can be created |
| if ((flags & UserInfo.FLAG_MANAGED_PROFILE) != 0 |
| && numberOfUsersOfTypeLocked(UserInfo.FLAG_MANAGED_PROFILE, true) |
| >= MAX_MANAGED_PROFILES) { |
| return null; |
| } |
| int userId = getNextAvailableIdLocked(); |
| userInfo = new UserInfo(userId, name, null, flags); |
| File userPath = new File(mBaseUserPath, Integer.toString(userId)); |
| userInfo.serialNumber = mNextSerialNumber++; |
| long now = System.currentTimeMillis(); |
| userInfo.creationTime = (now > EPOCH_PLUS_30_YEARS) ? now : 0; |
| userInfo.partial = true; |
| Environment.getUserSystemDirectory(userInfo.id).mkdirs(); |
| mUsers.put(userId, userInfo); |
| writeUserListLocked(); |
| if (parent != null) { |
| if (parent.profileGroupId == UserInfo.NO_PROFILE_GROUP_ID) { |
| parent.profileGroupId = parent.id; |
| scheduleWriteUserLocked(parent); |
| } |
| userInfo.profileGroupId = parent.profileGroupId; |
| } |
| mPm.createNewUserLILPw(userId, userPath); |
| userInfo.partial = false; |
| scheduleWriteUserLocked(userInfo); |
| updateUserIdsLocked(); |
| Bundle restrictions = new Bundle(); |
| mUserRestrictions.append(userId, restrictions); |
| } |
| } |
| if (userInfo != null) { |
| Intent addedIntent = new Intent(Intent.ACTION_USER_ADDED); |
| addedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userInfo.id); |
| mContext.sendBroadcastAsUser(addedIntent, UserHandle.ALL, |
| android.Manifest.permission.MANAGE_USERS); |
| } |
| } finally { |
| Binder.restoreCallingIdentity(ident); |
| } |
| return userInfo; |
| } |
| |
| private int numberOfUsersOfTypeLocked(int flags, boolean excludeDying) { |
| int count = 0; |
| for (int i = mUsers.size() - 1; i >= 0; i--) { |
| UserInfo user = mUsers.valueAt(i); |
| if (!excludeDying || !mRemovingUserIds.get(user.id)) { |
| if ((user.flags & flags) != 0) { |
| count++; |
| } |
| } |
| } |
| return count; |
| } |
| |
| /** |
| * Find the current guest user. If the Guest user is partial, |
| * then do not include it in the results as it is about to die. |
| * This is different than {@link #numberOfUsersOfTypeLocked(int, boolean)} due to |
| * the special handling of Guests being removed. |
| */ |
| private UserInfo findCurrentGuestUserLocked() { |
| final int size = mUsers.size(); |
| for (int i = 0; i < size; i++) { |
| final UserInfo user = mUsers.valueAt(i); |
| if (user.isGuest() && !user.guestToRemove && !mRemovingUserIds.get(user.id)) { |
| return user; |
| } |
| } |
| return null; |
| } |
| |
| /** |
| * Mark this guest user for deletion to allow us to create another guest |
| * and switch to that user before actually removing this guest. |
| * @param userHandle the userid of the current guest |
| * @return whether the user could be marked for deletion |
| */ |
| public boolean markGuestForDeletion(int userHandle) { |
| checkManageUsersPermission("Only the system can remove users"); |
| if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean( |
| UserManager.DISALLOW_REMOVE_USER, false)) { |
| Log.w(LOG_TAG, "Cannot remove user. DISALLOW_REMOVE_USER is enabled."); |
| return false; |
| } |
| |
| long ident = Binder.clearCallingIdentity(); |
| try { |
| final UserInfo user; |
| synchronized (mPackagesLock) { |
| user = mUsers.get(userHandle); |
| if (userHandle == 0 || user == null || mRemovingUserIds.get(userHandle)) { |
| return false; |
| } |
| if (!user.isGuest()) { |
| return false; |
| } |
| // We set this to a guest user that is to be removed. This is a temporary state |
| // where we are allowed to add new Guest users, even if this one is still not |
| // removed. This user will still show up in getUserInfo() calls. |
| // If we don't get around to removing this Guest user, it will be purged on next |
| // startup. |
| user.guestToRemove = true; |
| // Mark it as disabled, so that it isn't returned any more when |
| // profiles are queried. |
| user.flags |= UserInfo.FLAG_DISABLED; |
| writeUserLocked(user); |
| } |
| } finally { |
| Binder.restoreCallingIdentity(ident); |
| } |
| return true; |
| } |
| |
| /** |
| * Removes a user and all data directories created for that user. This method should be called |
| * after the user's processes have been terminated. |
| * @param userHandle the user's id |
| */ |
| public boolean removeUser(int userHandle) { |
| checkManageUsersPermission("Only the system can remove users"); |
| if (getUserRestrictions(UserHandle.getCallingUserId()).getBoolean( |
| UserManager.DISALLOW_REMOVE_USER, false)) { |
| Log.w(LOG_TAG, "Cannot remove user. DISALLOW_REMOVE_USER is enabled."); |
| return false; |
| } |
| |
| long ident = Binder.clearCallingIdentity(); |
| try { |
| final UserInfo user; |
| synchronized (mPackagesLock) { |
| user = mUsers.get(userHandle); |
| if (userHandle == 0 || user == null || mRemovingUserIds.get(userHandle)) { |
| return false; |
| } |
| |
| // We remember deleted user IDs to prevent them from being |
| // reused during the current boot; they can still be reused |
| // after a reboot. |
| mRemovingUserIds.put(userHandle, true); |
| |
| try { |
| mAppOpsService.removeUser(userHandle); |
| } catch (RemoteException e) { |
| Log.w(LOG_TAG, "Unable to notify AppOpsService of removing user", e); |
| } |
| // Set this to a partially created user, so that the user will be purged |
| // on next startup, in case the runtime stops now before stopping and |
| // removing the user completely. |
| user.partial = true; |
| // Mark it as disabled, so that it isn't returned any more when |
| // profiles are queried. |
| user.flags |= UserInfo.FLAG_DISABLED; |
| writeUserLocked(user); |
| } |
| |
| if (user.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID |
| && user.isManagedProfile()) { |
| // Send broadcast to notify system that the user removed was a |
| // managed user. |
| sendProfileRemovedBroadcast(user.profileGroupId, user.id); |
| } |
| |
| if (DBG) Slog.i(LOG_TAG, "Stopping user " + userHandle); |
| int res; |
| try { |
| res = ActivityManagerNative.getDefault().stopUser(userHandle, |
| new IStopUserCallback.Stub() { |
| @Override |
| public void userStopped(int userId) { |
| finishRemoveUser(userId); |
| } |
| @Override |
| public void userStopAborted(int userId) { |
| } |
| }); |
| } catch (RemoteException e) { |
| return false; |
| } |
| return res == ActivityManager.USER_OP_SUCCESS; |
| } finally { |
| Binder.restoreCallingIdentity(ident); |
| } |
| } |
| |
| void finishRemoveUser(final int userHandle) { |
| if (DBG) Slog.i(LOG_TAG, "finishRemoveUser " + userHandle); |
| // Let other services shutdown any activity and clean up their state before completely |
| // wiping the user's system directory and removing from the user list |
| long ident = Binder.clearCallingIdentity(); |
| try { |
| Intent addedIntent = new Intent(Intent.ACTION_USER_REMOVED); |
| addedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userHandle); |
| mContext.sendOrderedBroadcastAsUser(addedIntent, UserHandle.ALL, |
| android.Manifest.permission.MANAGE_USERS, |
| |
| new BroadcastReceiver() { |
| @Override |
| public void onReceive(Context context, Intent intent) { |
| if (DBG) { |
| Slog.i(LOG_TAG, |
| "USER_REMOVED broadcast sent, cleaning up user data " |
| + userHandle); |
| } |
| new Thread() { |
| public void run() { |
| synchronized (mInstallLock) { |
| synchronized (mPackagesLock) { |
| removeUserStateLocked(userHandle); |
| } |
| } |
| } |
| }.start(); |
| } |
| }, |
| |
| null, Activity.RESULT_OK, null, null); |
| } finally { |
| Binder.restoreCallingIdentity(ident); |
| } |
| } |
| |
| private void removeUserStateLocked(final int userHandle) { |
| // Cleanup package manager settings |
| mPm.cleanUpUserLILPw(this, userHandle); |
| |
| // Remove this user from the list |
| mUsers.remove(userHandle); |
| |
| mRestrictionsPinStates.remove(userHandle); |
| // Remove user file |
| AtomicFile userFile = new AtomicFile(new File(mUsersDir, userHandle + XML_SUFFIX)); |
| userFile.delete(); |
| // Update the user list |
| writeUserListLocked(); |
| updateUserIdsLocked(); |
| removeDirectoryRecursive(Environment.getUserSystemDirectory(userHandle)); |
| } |
| |
| private void removeDirectoryRecursive(File parent) { |
| if (parent.isDirectory()) { |
| String[] files = parent.list(); |
| for (String filename : files) { |
| File child = new File(parent, filename); |
| removeDirectoryRecursive(child); |
| } |
| } |
| parent.delete(); |
| } |
| |
| private void sendProfileRemovedBroadcast(int parentUserId, int removedUserId) { |
| Intent managedProfileIntent = new Intent(Intent.ACTION_MANAGED_PROFILE_REMOVED); |
| managedProfileIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY | |
| Intent.FLAG_RECEIVER_FOREGROUND); |
| managedProfileIntent.putExtra(Intent.EXTRA_USER, new UserHandle(removedUserId)); |
| mContext.sendBroadcastAsUser(managedProfileIntent, new UserHandle(parentUserId), null); |
| } |
| |
| @Override |
| public Bundle getApplicationRestrictions(String packageName) { |
| return getApplicationRestrictionsForUser(packageName, UserHandle.getCallingUserId()); |
| } |
| |
| @Override |
| public Bundle getApplicationRestrictionsForUser(String packageName, int userId) { |
| if (UserHandle.getCallingUserId() != userId |
| || !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) { |
| checkManageUsersPermission("Only system can get restrictions for other users/apps"); |
| } |
| synchronized (mPackagesLock) { |
| // Read the restrictions from XML |
| return readApplicationRestrictionsLocked(packageName, userId); |
| } |
| } |
| |
| @Override |
| public void setApplicationRestrictions(String packageName, Bundle restrictions, |
| int userId) { |
| if (UserHandle.getCallingUserId() != userId |
| || !UserHandle.isSameApp(Binder.getCallingUid(), getUidForPackage(packageName))) { |
| checkManageUsersPermission("Only system can set restrictions for other users/apps"); |
| } |
| synchronized (mPackagesLock) { |
| if (restrictions == null || restrictions.isEmpty()) { |
| cleanAppRestrictionsForPackage(packageName, userId); |
| } else { |
| // Write the restrictions to XML |
| writeApplicationRestrictionsLocked(packageName, restrictions, userId); |
| } |
| } |
| |
| if (isPackageInstalled(packageName, userId)) { |
| // Notify package of changes via an intent - only sent to explicitly registered receivers. |
| Intent changeIntent = new Intent(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED); |
| changeIntent.setPackage(packageName); |
| changeIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); |
| mContext.sendBroadcastAsUser(changeIntent, new UserHandle(userId)); |
| } |
| } |
| |
| @Override |
| public boolean setRestrictionsChallenge(String newPin) { |
| checkManageUsersPermission("Only system can modify the restrictions pin"); |
| int userId = UserHandle.getCallingUserId(); |
| synchronized (mPackagesLock) { |
| RestrictionsPinState pinState = mRestrictionsPinStates.get(userId); |
| if (pinState == null) { |
| pinState = new RestrictionsPinState(); |
| } |
| if (newPin == null) { |
| pinState.salt = 0; |
| pinState.pinHash = null; |
| } else { |
| try { |
| pinState.salt = SecureRandom.getInstance("SHA1PRNG").nextLong(); |
| } catch (NoSuchAlgorithmException e) { |
| pinState.salt = (long) (Math.random() * Long.MAX_VALUE); |
| } |
| pinState.pinHash = passwordToHash(newPin, pinState.salt); |
| pinState.failedAttempts = 0; |
| } |
| mRestrictionsPinStates.put(userId, pinState); |
| writeUserLocked(mUsers.get(userId)); |
| } |
| return true; |
| } |
| |
| @Override |
| public int checkRestrictionsChallenge(String pin) { |
| checkManageUsersPermission("Only system can verify the restrictions pin"); |
| int userId = UserHandle.getCallingUserId(); |
| synchronized (mPackagesLock) { |
| RestrictionsPinState pinState = mRestrictionsPinStates.get(userId); |
| // If there's no pin set, return error code |
| if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) { |
| return UserManager.PIN_VERIFICATION_FAILED_NOT_SET; |
| } else if (pin == null) { |
| // If just checking if user can be prompted, return remaining time |
| int waitTime = getRemainingTimeForPinAttempt(pinState); |
| Slog.d(LOG_TAG, "Remaining waittime peek=" + waitTime); |
| return waitTime; |
| } else { |
| int waitTime = getRemainingTimeForPinAttempt(pinState); |
| Slog.d(LOG_TAG, "Remaining waittime=" + waitTime); |
| if (waitTime > 0) { |
| return waitTime; |
| } |
| if (passwordToHash(pin, pinState.salt).equals(pinState.pinHash)) { |
| pinState.failedAttempts = 0; |
| scheduleWriteUserLocked(mUsers.get(userId)); |
| return UserManager.PIN_VERIFICATION_SUCCESS; |
| } else { |
| pinState.failedAttempts++; |
| pinState.lastAttemptTime = System.currentTimeMillis(); |
| scheduleWriteUserLocked(mUsers.get(userId)); |
| return waitTime; |
| } |
| } |
| } |
| } |
| |
| private int getRemainingTimeForPinAttempt(RestrictionsPinState pinState) { |
| int backoffIndex = Math.min(pinState.failedAttempts / BACKOFF_INC_INTERVAL, |
| BACKOFF_TIMES.length - 1); |
| int backoffTime = (pinState.failedAttempts % BACKOFF_INC_INTERVAL) == 0 ? |
| BACKOFF_TIMES[backoffIndex] : 0; |
| return (int) Math.max(backoffTime + pinState.lastAttemptTime - System.currentTimeMillis(), |
| 0); |
| } |
| |
| @Override |
| public boolean hasRestrictionsChallenge() { |
| int userId = UserHandle.getCallingUserId(); |
| synchronized (mPackagesLock) { |
| return hasRestrictionsPinLocked(userId); |
| } |
| } |
| |
| private boolean hasRestrictionsPinLocked(int userId) { |
| RestrictionsPinState pinState = mRestrictionsPinStates.get(userId); |
| if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) { |
| return false; |
| } |
| return true; |
| } |
| |
| @Override |
| public void removeRestrictions() { |
| checkManageUsersPermission("Only system can remove restrictions"); |
| final int userHandle = UserHandle.getCallingUserId(); |
| removeRestrictionsForUser(userHandle, true); |
| } |
| |
| private void removeRestrictionsForUser(final int userHandle, boolean unhideApps) { |
| synchronized (mPackagesLock) { |
| // Remove all user restrictions |
| setUserRestrictions(new Bundle(), userHandle); |
| // Remove restrictions pin |
| setRestrictionsChallenge(null); |
| // Remove any app restrictions |
| cleanAppRestrictions(userHandle); |
| } |
| if (unhideApps) { |
| unhideAllInstalledAppsForUser(userHandle); |
| } |
| } |
| |
| private void unhideAllInstalledAppsForUser(final int userHandle) { |
| mHandler.post(new Runnable() { |
| @Override |
| public void run() { |
| List<ApplicationInfo> apps = |
| mPm.getInstalledApplications(PackageManager.GET_UNINSTALLED_PACKAGES, |
| userHandle).getList(); |
| final long ident = Binder.clearCallingIdentity(); |
| try { |
| for (ApplicationInfo appInfo : apps) { |
| if ((appInfo.flags & ApplicationInfo.FLAG_INSTALLED) != 0 |
| && (appInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_HIDDEN) |
| != 0) { |
| mPm.setApplicationHiddenSettingAsUser(appInfo.packageName, false, |
| userHandle); |
| } |
| } |
| } finally { |
| Binder.restoreCallingIdentity(ident); |
| } |
| } |
| }); |
| } |
| |
| /* |
| * Generate a hash for the given password. To avoid brute force attacks, we use a salted hash. |
| * Not the most secure, but it is at least a second level of protection. First level is that |
| * the file is in a location only readable by the system process. |
| * @param password the password. |
| * @param salt the randomly generated salt |
| * @return the hash of the pattern in a String. |
| */ |
| private String passwordToHash(String password, long salt) { |
| if (password == null) { |
| return null; |
| } |
| String algo = null; |
| String hashed = salt + password; |
| try { |
| byte[] saltedPassword = (password + salt).getBytes(); |
| byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword); |
| byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword); |
| hashed = toHex(sha1) + toHex(md5); |
| } catch (NoSuchAlgorithmException e) { |
| Log.w(LOG_TAG, "Failed to encode string because of missing algorithm: " + algo); |
| } |
| return hashed; |
| } |
| |
| private static String toHex(byte[] ary) { |
| final String hex = "0123456789ABCDEF"; |
| String ret = ""; |
| for (int i = 0; i < ary.length; i++) { |
| ret += hex.charAt((ary[i] >> 4) & 0xf); |
| ret += hex.charAt(ary[i] & 0xf); |
| } |
| return ret; |
| } |
| |
| private int getUidForPackage(String packageName) { |
| long ident = Binder.clearCallingIdentity(); |
| try { |
| return mContext.getPackageManager().getApplicationInfo(packageName, |
| PackageManager.GET_UNINSTALLED_PACKAGES).uid; |
| } catch (NameNotFoundException nnfe) { |
| return -1; |
| } finally { |
| Binder.restoreCallingIdentity(ident); |
| } |
| } |
| |
| private Bundle readApplicationRestrictionsLocked(String packageName, |
| int userId) { |
| final Bundle restrictions = new Bundle(); |
| final ArrayList<String> values = new ArrayList<String>(); |
| |
| FileInputStream fis = null; |
| try { |
| AtomicFile restrictionsFile = |
| new AtomicFile(new File(Environment.getUserSystemDirectory(userId), |
| packageToRestrictionsFileName(packageName))); |
| fis = restrictionsFile.openRead(); |
| XmlPullParser parser = Xml.newPullParser(); |
| parser.setInput(fis, null); |
| int type; |
| while ((type = parser.next()) != XmlPullParser.START_TAG |
| && type != XmlPullParser.END_DOCUMENT) { |
| ; |
| } |
| |
| if (type != XmlPullParser.START_TAG) { |
| Slog.e(LOG_TAG, "Unable to read restrictions file " |
| + restrictionsFile.getBaseFile()); |
| return restrictions; |
| } |
| |
| while ((type = parser.next()) != XmlPullParser.END_DOCUMENT) { |
| if (type == XmlPullParser.START_TAG && parser.getName().equals(TAG_ENTRY)) { |
| String key = parser.getAttributeValue(null, ATTR_KEY); |
| String valType = parser.getAttributeValue(null, ATTR_VALUE_TYPE); |
| String multiple = parser.getAttributeValue(null, ATTR_MULTIPLE); |
| if (multiple != null) { |
| values.clear(); |
| int count = Integer.parseInt(multiple); |
| while (count > 0 && (type = parser.next()) != XmlPullParser.END_DOCUMENT) { |
| if (type == XmlPullParser.START_TAG |
| && parser.getName().equals(TAG_VALUE)) { |
| values.add(parser.nextText().trim()); |
| count--; |
| } |
| } |
| String [] valueStrings = new String[values.size()]; |
| values.toArray(valueStrings); |
| restrictions.putStringArray(key, valueStrings); |
| } else { |
| String value = parser.nextText().trim(); |
| if (ATTR_TYPE_BOOLEAN.equals(valType)) { |
| restrictions.putBoolean(key, Boolean.parseBoolean(value)); |
| } else if (ATTR_TYPE_INTEGER.equals(valType)) { |
| restrictions.putInt(key, Integer.parseInt(value)); |
| } else { |
| restrictions.putString(key, value); |
| } |
| } |
| } |
| } |
| } catch (IOException ioe) { |
| } catch (XmlPullParserException pe) { |
| } finally { |
| if (fis != null) { |
| try { |
| fis.close(); |
| } catch (IOException e) { |
| } |
| } |
| } |
| return restrictions; |
| } |
| |
| private void writeApplicationRestrictionsLocked(String packageName, |
| Bundle restrictions, int userId) { |
| FileOutputStream fos = null; |
| AtomicFile restrictionsFile = new AtomicFile( |
| new File(Environment.getUserSystemDirectory(userId), |
| packageToRestrictionsFileName(packageName))); |
| try { |
| fos = restrictionsFile.startWrite(); |
| final BufferedOutputStream bos = new BufferedOutputStream(fos); |
| |
| // XmlSerializer serializer = XmlUtils.serializerInstance(); |
| final XmlSerializer serializer = new FastXmlSerializer(); |
| serializer.setOutput(bos, "utf-8"); |
| serializer.startDocument(null, true); |
| serializer.setFeature("http://xmlpull.org/v1/doc/features.html#indent-output", true); |
| |
| serializer.startTag(null, TAG_RESTRICTIONS); |
| |
| for (String key : restrictions.keySet()) { |
| Object value = restrictions.get(key); |
| serializer.startTag(null, TAG_ENTRY); |
| serializer.attribute(null, ATTR_KEY, key); |
| |
| if (value instanceof Boolean) { |
| serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_BOOLEAN); |
| serializer.text(value.toString()); |
| } else if (value instanceof Integer) { |
| serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_INTEGER); |
| serializer.text(value.toString()); |
| } else if (value == null || value instanceof String) { |
| serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_STRING); |
| serializer.text(value != null ? (String) value : ""); |
| } else { |
| serializer.attribute(null, ATTR_VALUE_TYPE, ATTR_TYPE_STRING_ARRAY); |
| String[] values = (String[]) value; |
| serializer.attribute(null, ATTR_MULTIPLE, Integer.toString(values.length)); |
| for (String choice : values) { |
| serializer.startTag(null, TAG_VALUE); |
| serializer.text(choice != null ? choice : ""); |
| serializer.endTag(null, TAG_VALUE); |
| } |
| } |
| serializer.endTag(null, TAG_ENTRY); |
| } |
| |
| serializer.endTag(null, TAG_RESTRICTIONS); |
| |
| serializer.endDocument(); |
| restrictionsFile.finishWrite(fos); |
| } catch (Exception e) { |
| restrictionsFile.failWrite(fos); |
| Slog.e(LOG_TAG, "Error writing application restrictions list"); |
| } |
| } |
| |
| @Override |
| public int getUserSerialNumber(int userHandle) { |
| synchronized (mPackagesLock) { |
| if (!exists(userHandle)) return -1; |
| return getUserInfoLocked(userHandle).serialNumber; |
| } |
| } |
| |
| @Override |
| public int getUserHandle(int userSerialNumber) { |
| synchronized (mPackagesLock) { |
| for (int userId : mUserIds) { |
| UserInfo info = getUserInfoLocked(userId); |
| if (info != null && info.serialNumber == userSerialNumber) return userId; |
| } |
| // Not found |
| return -1; |
| } |
| } |
| |
| /** |
| * Caches the list of user ids in an array, adjusting the array size when necessary. |
| */ |
| private void updateUserIdsLocked() { |
| int num = 0; |
| for (int i = 0; i < mUsers.size(); i++) { |
| if (!mUsers.valueAt(i).partial) { |
| num++; |
| } |
| } |
| final int[] newUsers = new int[num]; |
| int n = 0; |
| for (int i = 0; i < mUsers.size(); i++) { |
| if (!mUsers.valueAt(i).partial) { |
| newUsers[n++] = mUsers.keyAt(i); |
| } |
| } |
| mUserIds = newUsers; |
| } |
| |
| /** |
| * Make a note of the last started time of a user and do some cleanup. |
| * @param userId the user that was just foregrounded |
| */ |
| public void userForeground(int userId) { |
| synchronized (mPackagesLock) { |
| UserInfo user = mUsers.get(userId); |
| long now = System.currentTimeMillis(); |
| if (user == null || user.partial) { |
| Slog.w(LOG_TAG, "userForeground: unknown user #" + userId); |
| return; |
| } |
| if (now > EPOCH_PLUS_30_YEARS) { |
| user.lastLoggedInTime = now; |
| scheduleWriteUserLocked(user); |
| } |
| } |
| } |
| |
| /** |
| * Returns the next available user id, filling in any holes in the ids. |
| * TODO: May not be a good idea to recycle ids, in case it results in confusion |
| * for data and battery stats collection, or unexpected cross-talk. |
| * @return |
| */ |
| private int getNextAvailableIdLocked() { |
| synchronized (mPackagesLock) { |
| int i = MIN_USER_ID; |
| while (i < Integer.MAX_VALUE) { |
| if (mUsers.indexOfKey(i) < 0 && !mRemovingUserIds.get(i)) { |
| break; |
| } |
| i++; |
| } |
| return i; |
| } |
| } |
| |
| private String packageToRestrictionsFileName(String packageName) { |
| return RESTRICTIONS_FILE_PREFIX + packageName + XML_SUFFIX; |
| } |
| |
| private String restrictionsFileNameToPackage(String fileName) { |
| return fileName.substring(RESTRICTIONS_FILE_PREFIX.length(), |
| (int) (fileName.length() - XML_SUFFIX.length())); |
| } |
| |
| @Override |
| protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { |
| if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) |
| != PackageManager.PERMISSION_GRANTED) { |
| pw.println("Permission Denial: can't dump UserManager from from pid=" |
| + Binder.getCallingPid() |
| + ", uid=" + Binder.getCallingUid() |
| + " without permission " |
| + android.Manifest.permission.DUMP); |
| return; |
| } |
| |
| long now = System.currentTimeMillis(); |
| StringBuilder sb = new StringBuilder(); |
| synchronized (mPackagesLock) { |
| pw.println("Users:"); |
| for (int i = 0; i < mUsers.size(); i++) { |
| UserInfo user = mUsers.valueAt(i); |
| if (user == null) continue; |
| pw.print(" "); pw.print(user); pw.print(" serialNo="); pw.print(user.serialNumber); |
| if (mRemovingUserIds.get(mUsers.keyAt(i))) pw.print(" <removing> "); |
| if (user.partial) pw.print(" <partial>"); |
| pw.println(); |
| pw.print(" Created: "); |
| if (user.creationTime == 0) { |
| pw.println("<unknown>"); |
| } else { |
| sb.setLength(0); |
| TimeUtils.formatDuration(now - user.creationTime, sb); |
| sb.append(" ago"); |
| pw.println(sb); |
| } |
| pw.print(" Last logged in: "); |
| if (user.lastLoggedInTime == 0) { |
| pw.println("<unknown>"); |
| } else { |
| sb.setLength(0); |
| TimeUtils.formatDuration(now - user.lastLoggedInTime, sb); |
| sb.append(" ago"); |
| pw.println(sb); |
| } |
| } |
| } |
| } |
| |
| final class MainHandler extends Handler { |
| |
| @Override |
| public void handleMessage(Message msg) { |
| switch (msg.what) { |
| case WRITE_USER_MSG: |
| removeMessages(WRITE_USER_MSG, msg.obj); |
| synchronized (mPackagesLock) { |
| int userId = ((UserInfo) msg.obj).id; |
| UserInfo userInfo = mUsers.get(userId); |
| if (userInfo != null) { |
| writeUserLocked(userInfo); |
| } |
| } |
| } |
| } |
| } |
| } |