Examples with UserInfo android.content.pm.UserInfo used on opensource projects

Example 66 with UserInfo

use of android.content.pm.UserInfo in project platform_frameworks_base by android.

the class Vpn method establish.

/**
     * Establish a VPN network and return the file descriptor of the VPN
     * interface. This methods returns {@code null} if the application is
     * revoked or not prepared.
     *
     * @param config The parameters to configure the network.
     * @return The file descriptor of the VPN interface.
     */
public synchronized ParcelFileDescriptor establish(VpnConfig config) {
    // Check if the caller is already prepared.
    UserManager mgr = UserManager.get(mContext);
    if (Binder.getCallingUid() != mOwnerUID) {
        return null;
    }
    // Check to ensure consent hasn't been revoked since we were prepared.
    if (!isVpnUserPreConsented(mPackage)) {
        return null;
    }
    // Check if the service is properly declared.
    Intent intent = new Intent(VpnConfig.SERVICE_INTERFACE);
    intent.setClassName(mPackage, config.user);
    long token = Binder.clearCallingIdentity();
    try {
        // Restricted users are not allowed to create VPNs, they are tied to Owner
        UserInfo user = mgr.getUserInfo(mUserHandle);
        if (user.isRestricted()) {
            throw new SecurityException("Restricted users cannot establish VPNs");
        }
        ResolveInfo info = AppGlobals.getPackageManager().resolveService(intent, null, 0, mUserHandle);
        if (info == null) {
            throw new SecurityException("Cannot find " + config.user);
        }
        if (!BIND_VPN_SERVICE.equals(info.serviceInfo.permission)) {
            throw new SecurityException(config.user + " does not require " + BIND_VPN_SERVICE);
        }
    } catch (RemoteException e) {
        throw new SecurityException("Cannot find " + config.user);
    } finally {
        Binder.restoreCallingIdentity(token);
    }
    // Save the old config in case we need to go back.
    VpnConfig oldConfig = mConfig;
    String oldInterface = mInterface;
    Connection oldConnection = mConnection;
    NetworkAgent oldNetworkAgent = mNetworkAgent;
    mNetworkAgent = null;
    Set<UidRange> oldUsers = mVpnUsers;
    // Configure the interface. Abort if any of these steps fails.
    ParcelFileDescriptor tun = ParcelFileDescriptor.adoptFd(jniCreate(config.mtu));
    try {
        updateState(DetailedState.CONNECTING, "establish");
        String interfaze = jniGetName(tun.getFd());
        // TEMP use the old jni calls until there is support for netd address setting
        StringBuilder builder = new StringBuilder();
        for (LinkAddress address : config.addresses) {
            builder.append(" " + address);
        }
        if (jniSetAddresses(interfaze, builder.toString()) < 1) {
            throw new IllegalArgumentException("At least one address must be specified");
        }
        Connection connection = new Connection();
        if (!mContext.bindServiceAsUser(intent, connection, Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE, new UserHandle(mUserHandle))) {
            throw new IllegalStateException("Cannot bind " + config.user);
        }
        mConnection = connection;
        mInterface = interfaze;
        // Fill more values.
        config.user = mPackage;
        config.interfaze = mInterface;
        config.startTime = SystemClock.elapsedRealtime();
        mConfig = config;
        // Set up forwarding and DNS rules.
        agentConnect();
        if (oldConnection != null) {
            mContext.unbindService(oldConnection);
        }
        // Remove the old tun's user forwarding rules
        // The new tun's user rules have already been added so they will take over
        // as rules are deleted. This prevents data leakage as the rules are moved over.
        agentDisconnect(oldNetworkAgent);
        if (oldInterface != null && !oldInterface.equals(interfaze)) {
            jniReset(oldInterface);
        }
        try {
            IoUtils.setBlocking(tun.getFileDescriptor(), config.blocking);
        } catch (IOException e) {
            throw new IllegalStateException("Cannot set tunnel's fd as blocking=" + config.blocking, e);
        }
    } catch (RuntimeException e) {
        IoUtils.closeQuietly(tun);
        agentDisconnect();
        // restore old state
        mConfig = oldConfig;
        mConnection = oldConnection;
        mVpnUsers = oldUsers;
        mNetworkAgent = oldNetworkAgent;
        mInterface = oldInterface;
        throw e;
    }
    Log.i(TAG, "Established by " + config.user + " on " + mInterface);
    return tun;
}

Example 67 with UserInfo

use of android.content.pm.UserInfo in project platform_frameworks_base by android.

the class Vpn method createUserAndRestrictedProfilesRanges.

/**
     * Creates a {@link Set} of non-intersecting {@link UidRange} objects including all UIDs
     * associated with one user, and any restricted profiles attached to that user.
     *
     * <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,
     * the UID ranges will match the app whitelist or blacklist specified there. Otherwise, all UIDs
     * in each user and profile will be included.
     *
     * @param userHandle The userId to create UID ranges for along with any of its restricted
     *                   profiles.
     * @param allowedApplications (optional) whitelist of applications to include.
     * @param disallowedApplications (optional) blacklist of applications to exclude.
     */
@VisibleForTesting
Set<UidRange> createUserAndRestrictedProfilesRanges(@UserIdInt int userHandle, @Nullable List<String> allowedApplications, @Nullable List<String> disallowedApplications) {
    final Set<UidRange> ranges = new ArraySet<>();
    // Assign the top-level user to the set of ranges
    addUserToRanges(ranges, userHandle, allowedApplications, disallowedApplications);
    // If the user can have restricted profiles, assign all its restricted profiles too
    if (canHaveRestrictedProfile(userHandle)) {
        final long token = Binder.clearCallingIdentity();
        List<UserInfo> users;
        try {
            users = UserManager.get(mContext).getUsers(true);
        } finally {
            Binder.restoreCallingIdentity(token);
        }
        for (UserInfo user : users) {
            if (user.isRestricted() && (user.restrictedProfileParentId == userHandle)) {
                addUserToRanges(ranges, user.id, allowedApplications, disallowedApplications);
            }
        }
    }
    return ranges;
}

Example 68 with UserInfo

use of android.content.pm.UserInfo in project platform_frameworks_base by android.

the class UserController method startProfilesLocked.

void startProfilesLocked() {
    if (DEBUG_MU)
        Slog.i(TAG, "startProfilesLocked");
    List<UserInfo> profiles = getUserManager().getProfiles(mCurrentUserId, false);
    List<UserInfo> profilesToStart = new ArrayList<>(profiles.size());
    for (UserInfo user : profiles) {
        if ((user.flags & UserInfo.FLAG_INITIALIZED) == UserInfo.FLAG_INITIALIZED && user.id != mCurrentUserId && !user.isQuietModeEnabled()) {
            profilesToStart.add(user);
        }
    }
    final int profilesToStartSize = profilesToStart.size();
    int i = 0;
    for (; i < profilesToStartSize && i < (MAX_RUNNING_USERS - 1); ++i) {
        startUser(profilesToStart.get(i).id, /* foreground= */
        false);
    }
    if (i < profilesToStartSize) {
        Slog.w(TAG, "More profiles than MAX_RUNNING_USERS");
    }
}

Example 69 with UserInfo

use of android.content.pm.UserInfo in project platform_frameworks_base by android.

the class UserController method finishUserUnlocked.

/**
     * Step from {@link UserState#STATE_RUNNING_UNLOCKING} to
     * {@link UserState#STATE_RUNNING_UNLOCKED}.
     */
void finishUserUnlocked(final UserState uss) {
    final int userId = uss.mHandle.getIdentifier();
    synchronized (mService) {
        // Bail if we ended up with a stale user
        if (mStartedUsers.get(uss.mHandle.getIdentifier()) != uss)
            return;
        // Only keep marching forward if user is actually unlocked
        if (!StorageManager.isUserKeyUnlocked(userId))
            return;
        if (uss.setState(STATE_RUNNING_UNLOCKING, STATE_RUNNING_UNLOCKED)) {
            getUserManagerInternal().setUserState(userId, uss.state);
            uss.mUnlockProgress.finish();
            // Dispatch unlocked to external apps
            final Intent unlockedIntent = new Intent(Intent.ACTION_USER_UNLOCKED);
            unlockedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
            unlockedIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY | Intent.FLAG_RECEIVER_FOREGROUND);
            mService.broadcastIntentLocked(null, null, unlockedIntent, null, null, 0, null, null, null, AppOpsManager.OP_NONE, null, false, false, MY_PID, SYSTEM_UID, userId);
            if (getUserInfo(userId).isManagedProfile()) {
                UserInfo parent = getUserManager().getProfileParent(userId);
                if (parent != null) {
                    final Intent profileUnlockedIntent = new Intent(Intent.ACTION_MANAGED_PROFILE_UNLOCKED);
                    profileUnlockedIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(userId));
                    profileUnlockedIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY | Intent.FLAG_RECEIVER_FOREGROUND);
                    mService.broadcastIntentLocked(null, null, profileUnlockedIntent, null, null, 0, null, null, null, AppOpsManager.OP_NONE, null, false, false, MY_PID, SYSTEM_UID, parent.id);
                }
            }
            // Send PRE_BOOT broadcasts if user fingerprint changed; we
            // purposefully block sending BOOT_COMPLETED until after all
            // PRE_BOOT receivers are finished to avoid ANR'ing apps
            final UserInfo info = getUserInfo(userId);
            if (!Objects.equals(info.lastLoggedInFingerprint, Build.FINGERPRINT)) {
                // Suppress double notifications for managed profiles that
                // were unlocked automatically as part of their parent user
                // being unlocked.
                final boolean quiet;
                if (info.isManagedProfile()) {
                    quiet = !uss.tokenProvided || !mLockPatternUtils.isSeparateProfileChallengeEnabled(userId);
                } else {
                    quiet = false;
                }
                new PreBootBroadcaster(mService, userId, null, quiet) {

                    @Override
                    public void onFinished() {
                        finishUserUnlockedCompleted(uss);
                    }
                }.sendNext();
            } else {
                finishUserUnlockedCompleted(uss);
            }
        }
    }
}

Example 70 with UserInfo

use of android.content.pm.UserInfo in project platform_frameworks_base by android.

the class UserController method finishUserUnlockedCompleted.

private void finishUserUnlockedCompleted(UserState uss) {
    final int userId = uss.mHandle.getIdentifier();
    synchronized (mService) {
        // Bail if we ended up with a stale user
        if (mStartedUsers.get(uss.mHandle.getIdentifier()) != uss)
            return;
        final UserInfo userInfo = getUserInfo(userId);
        if (userInfo == null) {
            return;
        }
        // Only keep marching forward if user is actually unlocked
        if (!StorageManager.isUserKeyUnlocked(userId))
            return;
        // Remember that we logged in
        mUserManager.onUserLoggedIn(userId);
        if (!userInfo.isInitialized()) {
            if (userId != UserHandle.USER_SYSTEM) {
                Slog.d(TAG, "Initializing user #" + userId);
                Intent intent = new Intent(Intent.ACTION_USER_INITIALIZE);
                intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
                mService.broadcastIntentLocked(null, null, intent, null, new IIntentReceiver.Stub() {

                    @Override
                    public void performReceive(Intent intent, int resultCode, String data, Bundle extras, boolean ordered, boolean sticky, int sendingUser) {
                        // Note: performReceive is called with mService lock held
                        getUserManager().makeInitialized(userInfo.id);
                    }
                }, 0, null, null, null, AppOpsManager.OP_NONE, null, true, false, MY_PID, SYSTEM_UID, userId);
            }
        }
        Slog.d(TAG, "Sending BOOT_COMPLETE user #" + userId);
        int uptimeSeconds = (int) (SystemClock.elapsedRealtime() / 1000);
        MetricsLogger.histogram(mService.mContext, "framework_boot_completed", uptimeSeconds);
        final Intent bootIntent = new Intent(Intent.ACTION_BOOT_COMPLETED, null);
        bootIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
        bootIntent.addFlags(Intent.FLAG_RECEIVER_NO_ABORT | Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
        mService.broadcastIntentLocked(null, null, bootIntent, null, null, 0, null, null, new String[] { android.Manifest.permission.RECEIVE_BOOT_COMPLETED }, AppOpsManager.OP_NONE, null, true, false, MY_PID, SYSTEM_UID, userId);
    }
}