drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_frameworks_base/services/java/com/android/server/DevicePolicyManagerService.java

2394 lines
102 KiB
Java
Raw Normal View History

First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
/*
* Copyright (C) 2010 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server;
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
import com.android.internal.os.storage.ExternalStorageFormatter;
Re-arrange android-common so framework no longer links with it. This is the framework part, moving classes around so the framework no longer needs to link to android-common. Makes some APIs public, others that didn't need to be public are private in the framework, some small things are copied.
2010-02-24 19:54:22 -08:00
import com.android.internal.util.FastXmlSerializer;
Maybe fix issue #2457218: Corrupt batterystats.bin file preventing phone boot - LIBtt68127 No steps to repro, but makes the code more robust by using the standard JournaledFile class and doing sanity checks on the input it reads. This required moving the JournaledFile class in to the framework (and we really should get rid of either it or AtomicFile, but they have different recovery semantics so that is tough). Also went through and cleaned up the file management in various places. Change-Id: Ieb7268d8435e77dff66b6e67bb63b62e5dea572e
2010-03-18 22:47:17 -07:00
import com.android.internal.util.JournaledFile;
Re-arrange android-common so framework no longer links with it. This is the framework part, moving classes around so the framework no longer needs to link to android-common. Makes some APIs public, others that didn't need to be public are private in the framework, some small things are copied.
2010-02-24 19:54:22 -08:00
import com.android.internal.util.XmlUtils;
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
import com.android.internal.widget.LockPatternUtils;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmlpull.v1.XmlSerializer;
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
import android.app.Activity;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
import android.app.ActivityManagerNative;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
import android.app.AlarmManager;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
import android.app.AppGlobals;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
import android.app.PendingIntent;
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
import android.app.admin.DeviceAdminInfo;
import android.app.admin.DeviceAdminReceiver;
import android.app.admin.DevicePolicyManager;
import android.app.admin.IDevicePolicyManager;
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
import android.content.BroadcastReceiver;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import android.content.ComponentName;
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
import android.content.ContentResolver;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import android.content.Context;
import android.content.Intent;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
import android.content.IntentFilter;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
import android.content.pm.IPackageManager;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import android.content.pm.PackageManager;
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
import android.content.pm.PackageManager.NameNotFoundException;
Fixes to DevicePolicyManager.setPasswordExpirationTimeout * Fix permissions problem in DevicePolicyManager * Allow short timeouts (primarily for testing) * Remove unused debugging code Bug: 3212583 Change-Id: I3770b1c6f090363e8e8d65db92839cd53de05c45
2010-11-19 15:39:41 -08:00
import android.content.pm.ResolveInfo;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import android.os.Binder;
Fix remote device wipe to not hang. The DPM seemed to always go through ExternalStorageFormatter to wipe the device and SD card. For SD cards emulated on a fuse filesystem, this seems to fail unless the device is wholly encrypted. Bypass ExternalStorageFormatter in those cases and just wipe as normal. Bug: 5458396 Change-Id: Iec759ef894c6bd3863cb4e7329f4de4584c60c1a
2011-10-17 17:30:21 -07:00
import android.os.Environment;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
import android.os.Handler;
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
import android.os.IBinder;
import android.os.IPowerManager;
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
import android.os.PowerManager;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
import android.os.Process;
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
import android.os.RecoverySystem;
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
import android.os.RemoteCallback;
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
import android.os.RemoteException;
import android.os.ServiceManager;
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
import android.os.SystemClock;
Read actual device encryption status Bug: 3346770 Change-Id: Ie70c14b1b4584a5f340a27102145f7860ba9e14b
2011-01-20 16:35:09 -08:00
import android.os.SystemProperties;
Improve multi-user broadcasts. You can now use ALL and CURRENT when sending broadcasts, to specify where the broadcast goes. Sticky broadcasts are now correctly separated per user, and registered receivers are filtered based on the requested target user. New Context APIs for more kinds of sending broadcasts as users. Updating a bunch of system code that sends broadcasts to explicitly specify which user the broadcast goes to. Made a single version of the code for interpreting the requested target user ID that all entries to activity manager (start activity, send broadcast, start service) use. Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
2012-08-29 18:32:08 -07:00
import android.os.UserHandle;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
import android.os.UserManager;
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
import android.provider.Settings;
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
import android.util.PrintWriterPrinter;
import android.util.Printer;
Fixes to DevicePolicyManager.setPasswordExpirationTimeout * Fix permissions problem in DevicePolicyManager * Allow short timeouts (primarily for testing) * Remove unused debugging code Bug: 3212583 Change-Id: I3770b1c6f090363e8e8d65db92839cd53de05c45
2010-11-19 15:39:41 -08:00
import android.util.Slog;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
import android.util.SparseArray;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import android.util.Xml;
Fix 5863053: Add method to lock screen immediately. This fixes a bug where the device fails to lock when DevicePolicyManagerService requests the device to be locked and the screen was off because the user hit the power button. The change allows DPMS to directly invoke screen lock, bypasssing the screen state. Change-Id: Iecdda6fc61e9c519119de495be23c69c3b983921
2012-01-17 15:55:31 -08:00
import android.view.IWindowManager;
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
import android.view.WindowManagerPolicy;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import java.io.File;
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
import java.io.FileDescriptor;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import java.io.FileInputStream;
Rub in a little 'ol log-b-gone. Mmmmmm... great fresh scent! Change-Id: I050e70b31b5d4a9c6731f15a4b51a3620a33a78d
2010-09-30 18:27:22 -07:00
import java.io.FileNotFoundException;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import java.io.FileOutputStream;
import java.io.IOException;
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
import java.io.PrintWriter;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
import java.text.DateFormat;
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
import java.util.ArrayList;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
import java.util.Date;
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
import java.util.HashMap;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
import java.util.List;
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
import java.util.Set;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
/**
* Implementation of the device policy APIs.
*/
public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private static final String DEVICE_POLICIES_XML = "device_policies.xml";
Fix 3197205: Minor edits to device policy admin strings and documentation Change-Id: I3788772c375b916752cd8a98ff5d3751448e4334
2011-02-16 16:27:41 -08:00
private static final String TAG = "DevicePolicyManagerService";
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
Fix 3197205: Minor edits to device policy admin strings and documentation Change-Id: I3788772c375b916752cd8a98ff5d3751448e4334
2011-02-16 16:27:41 -08:00
private static final int REQUEST_EXPIRE_PASSWORD = 5571;
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private static final long MS_PER_DAY = 86400 * 1000;
private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
protected static final String ACTION_EXPIRED_PASSWORD_NOTIFICATION
= "com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION";
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private static final boolean DBG = false;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
final Context mContext;
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
final PowerManager.WakeLock mWakeLock;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
IPowerManager mIPowerManager;
Fix 5863053: Add method to lock screen immediately. This fixes a bug where the device fails to lock when DevicePolicyManagerService requests the device to be locked and the screen was off because the user hit the power button. The change allows DPMS to directly invoke screen lock, bypasssing the screen state. Change-Id: Iecdda6fc61e9c519119de495be23c69c3b983921
2012-01-17 15:55:31 -08:00
IWindowManager mIWindowManager;
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public static class DevicePolicyData {
int mActivePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
int mActivePasswordLength = 0;
int mActivePasswordUpperCase = 0;
int mActivePasswordLowerCase = 0;
int mActivePasswordLetters = 0;
int mActivePasswordNumeric = 0;
int mActivePasswordSymbols = 0;
int mActivePasswordNonLetter = 0;
int mFailedPasswordAttempts = 0;
int mUserHandle;;
int mPasswordOwner = -1;
long mLastMaximumTimeToLock = -1;
final HashMap<ComponentName, ActiveAdmin> mAdminMap
= new HashMap<ComponentName, ActiveAdmin>();
final ArrayList<ActiveAdmin> mAdminList
= new ArrayList<ActiveAdmin>();
public DevicePolicyData(int userHandle) {
mUserHandle = userHandle;
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final SparseArray<DevicePolicyData> mUserData = new SparseArray<DevicePolicyData>();
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
Handler mHandler = new Handler();
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
BroadcastReceiver mReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final String action = intent.getAction();
final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE,
getSendingUserId());
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (Intent.ACTION_BOOT_COMPLETED.equals(action)
|| ACTION_EXPIRED_PASSWORD_NOTIFICATION.equals(action)) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
Slog.v(TAG, "Sending password expiration notifications for action " + action
+ " for user " + userHandle);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
mHandler.post(new Runnable() {
public void run() {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
handlePasswordExpirationNotification(getUserData(userHandle));
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
});
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
} else if (Intent.ACTION_USER_REMOVED.equals(action)) {
removeUserData(userHandle);
} else if (Intent.ACTION_USER_STARTED.equals(action)
|| Intent.ACTION_PACKAGE_CHANGED.equals(action)
|| Intent.ACTION_PACKAGE_REMOVED.equals(action)
|| Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) {
if (Intent.ACTION_USER_STARTED.equals(action)) {
// Reset the policy data
synchronized (DevicePolicyManagerService.this) {
mUserData.remove(userHandle);
}
}
handlePackagesChanged(userHandle);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
}
};
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
static class ActiveAdmin {
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
final DeviceAdminInfo info;
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
int passwordQuality = DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
static final int DEF_MINIMUM_PASSWORD_LENGTH = 0;
int minimumPasswordLength = DEF_MINIMUM_PASSWORD_LENGTH;
static final int DEF_PASSWORD_HISTORY_LENGTH = 0;
int passwordHistoryLength = DEF_PASSWORD_HISTORY_LENGTH;
static final int DEF_MINIMUM_PASSWORD_UPPER_CASE = 0;
int minimumPasswordUpperCase = DEF_MINIMUM_PASSWORD_UPPER_CASE;
static final int DEF_MINIMUM_PASSWORD_LOWER_CASE = 0;
int minimumPasswordLowerCase = DEF_MINIMUM_PASSWORD_LOWER_CASE;
static final int DEF_MINIMUM_PASSWORD_LETTERS = 1;
I am a dummy. Change-Id: Ie6908a8931954f83ab0e9b905173b576dbf3661d
2011-05-26 11:45:00 -07:00
int minimumPasswordLetters = DEF_MINIMUM_PASSWORD_LETTERS;
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
static final int DEF_MINIMUM_PASSWORD_NUMERIC = 1;
int minimumPasswordNumeric = DEF_MINIMUM_PASSWORD_NUMERIC;
static final int DEF_MINIMUM_PASSWORD_SYMBOLS = 1;
int minimumPasswordSymbols = DEF_MINIMUM_PASSWORD_SYMBOLS;
static final int DEF_MINIMUM_PASSWORD_NON_LETTER = 0;
int minimumPasswordNonLetter = DEF_MINIMUM_PASSWORD_NON_LETTER;
static final long DEF_MAXIMUM_TIME_TO_UNLOCK = 0;
long maximumTimeToUnlock = DEF_MAXIMUM_TIME_TO_UNLOCK;
static final int DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE = 0;
int maximumFailedPasswordsForWipe = DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE;
static final long DEF_PASSWORD_EXPIRATION_TIMEOUT = 0;
long passwordExpirationTimeout = DEF_PASSWORD_EXPIRATION_TIMEOUT;
static final long DEF_PASSWORD_EXPIRATION_DATE = 0;
long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE;
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
static final int DEF_KEYGUARD_FEATURES_DISABLED = 0; // none
int disabledKeyguardFeatures = DEF_KEYGUARD_FEATURES_DISABLED;
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
boolean encryptionRequested = false;
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
boolean disableCamera = false;
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
// TODO: review implementation decisions with frameworks team
boolean specifiesGlobalProxy = false;
String globalProxySpec = null;
String globalProxyExclusionList = null;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
ActiveAdmin(DeviceAdminInfo _info) {
info = _info;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
int getUid() { return info.getActivityInfo().applicationInfo.uid; }
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public UserHandle getUserHandle() {
return new UserHandle(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid));
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
void writeToXml(XmlSerializer out)
throws IllegalArgumentException, IllegalStateException, IOException {
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
out.startTag(null, "policies");
info.writePoliciesToXml(out);
out.endTag(null, "policies");
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
if (passwordQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
out.startTag(null, "password-quality");
out.attribute(null, "value", Integer.toString(passwordQuality));
out.endTag(null, "password-quality");
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (minimumPasswordLength != DEF_MINIMUM_PASSWORD_LENGTH) {
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
out.startTag(null, "min-password-length");
out.attribute(null, "value", Integer.toString(minimumPasswordLength));
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
out.endTag(null, "min-password-length");
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if(passwordHistoryLength != DEF_PASSWORD_HISTORY_LENGTH) {
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
out.startTag(null, "password-history-length");
out.attribute(null, "value", Integer.toString(passwordHistoryLength));
out.endTag(null, "password-history-length");
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (minimumPasswordUpperCase != DEF_MINIMUM_PASSWORD_UPPER_CASE) {
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
out.startTag(null, "min-password-uppercase");
out.attribute(null, "value", Integer.toString(minimumPasswordUpperCase));
out.endTag(null, "min-password-uppercase");
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (minimumPasswordLowerCase != DEF_MINIMUM_PASSWORD_LOWER_CASE) {
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
out.startTag(null, "min-password-lowercase");
out.attribute(null, "value", Integer.toString(minimumPasswordLowerCase));
out.endTag(null, "min-password-lowercase");
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (minimumPasswordLetters != DEF_MINIMUM_PASSWORD_LETTERS) {
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
out.startTag(null, "min-password-letters");
out.attribute(null, "value", Integer.toString(minimumPasswordLetters));
out.endTag(null, "min-password-letters");
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (minimumPasswordNumeric != DEF_MINIMUM_PASSWORD_NUMERIC) {
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
out.startTag(null, "min-password-numeric");
out.attribute(null, "value", Integer.toString(minimumPasswordNumeric));
out.endTag(null, "min-password-numeric");
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (minimumPasswordSymbols != DEF_MINIMUM_PASSWORD_SYMBOLS) {
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
out.startTag(null, "min-password-symbols");
out.attribute(null, "value", Integer.toString(minimumPasswordSymbols));
out.endTag(null, "min-password-symbols");
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (minimumPasswordNonLetter > DEF_MINIMUM_PASSWORD_NON_LETTER) {
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
out.startTag(null, "min-password-nonletter");
out.attribute(null, "value", Integer.toString(minimumPasswordNonLetter));
out.endTag(null, "min-password-nonletter");
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (maximumTimeToUnlock != DEF_MAXIMUM_TIME_TO_UNLOCK) {
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
out.startTag(null, "max-time-to-unlock");
out.attribute(null, "value", Long.toString(maximumTimeToUnlock));
out.endTag(null, "max-time-to-unlock");
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (maximumFailedPasswordsForWipe != DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) {
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
out.startTag(null, "max-failed-password-wipe");
out.attribute(null, "value", Integer.toString(maximumFailedPasswordsForWipe));
out.endTag(null, "max-failed-password-wipe");
}
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
if (specifiesGlobalProxy) {
out.startTag(null, "specifies-global-proxy");
out.attribute(null, "value", Boolean.toString(specifiesGlobalProxy));
out.endTag(null, "specifies_global_proxy");
if (globalProxySpec != null) {
out.startTag(null, "global-proxy-spec");
out.attribute(null, "value", globalProxySpec);
out.endTag(null, "global-proxy-spec");
}
if (globalProxyExclusionList != null) {
out.startTag(null, "global-proxy-exclusion-list");
out.attribute(null, "value", globalProxyExclusionList);
out.endTag(null, "global-proxy-exclusion-list");
}
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (passwordExpirationTimeout != DEF_PASSWORD_EXPIRATION_TIMEOUT) {
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
out.startTag(null, "password-expiration-timeout");
out.attribute(null, "value", Long.toString(passwordExpirationTimeout));
out.endTag(null, "password-expiration-timeout");
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (passwordExpirationDate != DEF_PASSWORD_EXPIRATION_DATE) {
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
out.startTag(null, "password-expiration-date");
out.attribute(null, "value", Long.toString(passwordExpirationDate));
out.endTag(null, "password-expiration-date");
}
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
if (encryptionRequested) {
out.startTag(null, "encryption-requested");
out.attribute(null, "value", Boolean.toString(encryptionRequested));
out.endTag(null, "encryption-requested");
}
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
if (disableCamera) {
out.startTag(null, "disable-camera");
out.attribute(null, "value", Boolean.toString(disableCamera));
out.endTag(null, "disable-camera");
}
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
if (disabledKeyguardFeatures != DEF_KEYGUARD_FEATURES_DISABLED) {
out.startTag(null, "disable-keyguard-features");
out.attribute(null, "value", Integer.toString(disabledKeyguardFeatures));
out.endTag(null, "disable-keyguard-features");
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
void readFromXml(XmlPullParser parser)
throws XmlPullParserException, IOException {
int outerDepth = parser.getDepth();
int type;
while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
&& (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
continue;
}
String tag = parser.getName();
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
if ("policies".equals(tag)) {
info.readPoliciesFromXml(parser);
} else if ("password-quality".equals(tag)) {
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
passwordQuality = Integer.parseInt(
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
parser.getAttributeValue(null, "value"));
} else if ("min-password-length".equals(tag)) {
minimumPasswordLength = Integer.parseInt(
parser.getAttributeValue(null, "value"));
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
} else if ("password-history-length".equals(tag)) {
passwordHistoryLength = Integer.parseInt(
parser.getAttributeValue(null, "value"));
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
} else if ("min-password-uppercase".equals(tag)) {
minimumPasswordUpperCase = Integer.parseInt(
parser.getAttributeValue(null, "value"));
} else if ("min-password-lowercase".equals(tag)) {
minimumPasswordLowerCase = Integer.parseInt(
parser.getAttributeValue(null, "value"));
} else if ("min-password-letters".equals(tag)) {
minimumPasswordLetters = Integer.parseInt(
parser.getAttributeValue(null, "value"));
} else if ("min-password-numeric".equals(tag)) {
minimumPasswordNumeric = Integer.parseInt(
parser.getAttributeValue(null, "value"));
} else if ("min-password-symbols".equals(tag)) {
minimumPasswordSymbols = Integer.parseInt(
parser.getAttributeValue(null, "value"));
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
} else if ("min-password-nonletter".equals(tag)) {
minimumPasswordNonLetter = Integer.parseInt(
parser.getAttributeValue(null, "value"));
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
} else if ("max-time-to-unlock".equals(tag)) {
maximumTimeToUnlock = Long.parseLong(
parser.getAttributeValue(null, "value"));
} else if ("max-failed-password-wipe".equals(tag)) {
maximumFailedPasswordsForWipe = Integer.parseInt(
parser.getAttributeValue(null, "value"));
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
} else if ("specifies-global-proxy".equals(tag)) {
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
specifiesGlobalProxy = Boolean.parseBoolean(
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
parser.getAttributeValue(null, "value"));
} else if ("global-proxy-spec".equals(tag)) {
globalProxySpec =
parser.getAttributeValue(null, "value");
} else if ("global-proxy-exclusion-list".equals(tag)) {
globalProxyExclusionList =
parser.getAttributeValue(null, "value");
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
} else if ("password-expiration-timeout".equals(tag)) {
passwordExpirationTimeout = Long.parseLong(
parser.getAttributeValue(null, "value"));
} else if ("password-expiration-date".equals(tag)) {
passwordExpirationDate = Long.parseLong(
parser.getAttributeValue(null, "value"));
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
} else if ("encryption-requested".equals(tag)) {
encryptionRequested = Boolean.parseBoolean(
parser.getAttributeValue(null, "value"));
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
} else if ("disable-camera".equals(tag)) {
disableCamera = Boolean.parseBoolean(
parser.getAttributeValue(null, "value"));
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
} else {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "Unknown admin tag: " + tag);
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
}
XmlUtils.skipCurrentTag(parser);
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
void dump(String prefix, PrintWriter pw) {
pw.print(prefix); pw.print("uid="); pw.println(getUid());
pw.print(prefix); pw.println("policies:");
ArrayList<DeviceAdminInfo.PolicyInfo> pols = info.getUsedPolicies();
if (pols != null) {
for (int i=0; i<pols.size(); i++) {
pw.print(prefix); pw.print(" "); pw.println(pols.get(i).tag);
}
}
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
pw.print(prefix); pw.print("passwordQuality=0x");
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
pw.println(Integer.toHexString(passwordQuality));
pw.print(prefix); pw.print("minimumPasswordLength=");
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
pw.println(minimumPasswordLength);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
pw.print(prefix); pw.print("passwordHistoryLength=");
pw.println(passwordHistoryLength);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
pw.print(prefix); pw.print("minimumPasswordUpperCase=");
pw.println(minimumPasswordUpperCase);
pw.print(prefix); pw.print("minimumPasswordLowerCase=");
pw.println(minimumPasswordLowerCase);
pw.print(prefix); pw.print("minimumPasswordLetters=");
pw.println(minimumPasswordLetters);
pw.print(prefix); pw.print("minimumPasswordNumeric=");
pw.println(minimumPasswordNumeric);
pw.print(prefix); pw.print("minimumPasswordSymbols=");
pw.println(minimumPasswordSymbols);
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
pw.print(prefix); pw.print("minimumPasswordNonLetter=");
pw.println(minimumPasswordNonLetter);
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
pw.print(prefix); pw.print("maximumTimeToUnlock=");
pw.println(maximumTimeToUnlock);
pw.print(prefix); pw.print("maximumFailedPasswordsForWipe=");
pw.println(maximumFailedPasswordsForWipe);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
pw.print(prefix); pw.print("specifiesGlobalProxy=");
pw.println(specifiesGlobalProxy);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
pw.print(prefix); pw.print("passwordExpirationTimeout=");
pw.println(passwordExpirationTimeout);
pw.print(prefix); pw.print("passwordExpirationDate=");
pw.println(passwordExpirationDate);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
if (globalProxySpec != null) {
pw.print(prefix); pw.print("globalProxySpec=");
pw.println(globalProxySpec);
}
if (globalProxyExclusionList != null) {
pw.print(prefix); pw.print("globalProxyEclusionList=");
pw.println(globalProxyExclusionList);
}
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
pw.print(prefix); pw.print("encryptionRequested=");
pw.println(encryptionRequested);
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
pw.print(prefix); pw.print("disableCamera=");
pw.println(disableCamera);
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
}
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private void handlePackagesChanged(int userHandle) {
boolean removed = false;
Slog.d(TAG, "Handling package changes for user " + userHandle);
DevicePolicyData policy = getUserData(userHandle);
IPackageManager pm = AppGlobals.getPackageManager();
for (int i = policy.mAdminList.size() - 1; i >= 0; i--) {
ActiveAdmin aa = policy.mAdminList.get(i);
try {
if (pm.getPackageInfo(aa.info.getPackageName(), 0, userHandle) == null
|| pm.getReceiverInfo(aa.info.getComponent(), 0, userHandle) == null) {
removed = true;
policy.mAdminList.remove(i);
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
} catch (RemoteException re) {
// Shouldn't happen
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (removed) {
validatePasswordOwnerLocked(policy);
syncDeviceCapabilitiesLocked(policy);
saveSettingsLocked(policy.mUserHandle);
}
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
/**
* Instantiates the service.
*/
public DevicePolicyManagerService(Context context) {
mContext = context;
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
mWakeLock = ((PowerManager)context.getSystemService(Context.POWER_SERVICE))
.newWakeLock(PowerManager.PARTIAL_WAKE_LOCK, "DPM");
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
IntentFilter filter = new IntentFilter();
filter.addAction(Intent.ACTION_BOOT_COMPLETED);
filter.addAction(ACTION_EXPIRED_PASSWORD_NOTIFICATION);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
filter.addAction(Intent.ACTION_USER_REMOVED);
filter.addAction(Intent.ACTION_USER_STARTED);
context.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
filter = new IntentFilter();
filter.addAction(Intent.ACTION_PACKAGE_CHANGED);
filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
filter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE);
filter.addDataScheme("package");
context.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
}
/**
* Creates and loads the policy data from xml.
* @param userHandle the user for whom to load the policy data
* @return
*/
DevicePolicyData getUserData(int userHandle) {
synchronized (this) {
DevicePolicyData policy = mUserData.get(userHandle);
if (policy == null) {
policy = new DevicePolicyData(userHandle);
mUserData.append(userHandle, policy);
loadSettingsLocked(policy, userHandle);
}
return policy;
}
}
void removeUserData(int userHandle) {
synchronized (this) {
if (userHandle == UserHandle.USER_OWNER) {
Slog.w(TAG, "Tried to remove device policy file for user 0! Ignoring.");
return;
}
DevicePolicyData policy = mUserData.get(userHandle);
if (policy != null) {
mUserData.remove(userHandle);
}
File policyFile = new File(Environment.getUserSystemDirectory(userHandle),
DEVICE_POLICIES_XML);
policyFile.delete();
Slog.i(TAG, "Removed device policy file " + policyFile.getAbsolutePath());
}
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
/**
* Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration
* reminders. Clears alarm if no expirations are configured.
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
protected void setExpirationAlarmCheckLocked(Context context, DevicePolicyData policy) {
final long expiration = getPasswordExpirationLocked(null, policy.mUserHandle);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
final long now = System.currentTimeMillis();
final long timeToExpire = expiration - now;
final long alarmTime;
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
if (expiration == 0) {
// No expirations are currently configured: Cancel alarm.
alarmTime = 0;
} else if (timeToExpire <= 0) {
// The password has already expired: Repeat every 24 hours.
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
alarmTime = now + MS_PER_DAY;
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
} else {
// Selecting the next alarm time: Roll forward to the next 24 hour multiple before
// the expiration time.
long alarmInterval = timeToExpire % MS_PER_DAY;
if (alarmInterval == 0) {
alarmInterval = MS_PER_DAY;
}
alarmTime = now + alarmInterval;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
Fixes to DevicePolicyManager.setPasswordExpirationTimeout * Fix permissions problem in DevicePolicyManager * Allow short timeouts (primarily for testing) * Remove unused debugging code Bug: 3212583 Change-Id: I3770b1c6f090363e8e8d65db92839cd53de05c45
2010-11-19 15:39:41 -08:00
long token = Binder.clearCallingIdentity();
try {
AlarmManager am = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
PendingIntent pi = PendingIntent.getBroadcastAsUser(context, REQUEST_EXPIRE_PASSWORD,
Fixes to DevicePolicyManager.setPasswordExpirationTimeout * Fix permissions problem in DevicePolicyManager * Allow short timeouts (primarily for testing) * Remove unused debugging code Bug: 3212583 Change-Id: I3770b1c6f090363e8e8d65db92839cd53de05c45
2010-11-19 15:39:41 -08:00
new Intent(ACTION_EXPIRED_PASSWORD_NOTIFICATION),
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_UPDATE_CURRENT,
new UserHandle(policy.mUserHandle));
Fixes to DevicePolicyManager.setPasswordExpirationTimeout * Fix permissions problem in DevicePolicyManager * Allow short timeouts (primarily for testing) * Remove unused debugging code Bug: 3212583 Change-Id: I3770b1c6f090363e8e8d65db92839cd53de05c45
2010-11-19 15:39:41 -08:00
am.cancel(pi);
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
if (alarmTime != 0) {
am.set(AlarmManager.RTC, alarmTime, pi);
}
Fixes to DevicePolicyManager.setPasswordExpirationTimeout * Fix permissions problem in DevicePolicyManager * Allow short timeouts (primarily for testing) * Remove unused debugging code Bug: 3212583 Change-Id: I3770b1c6f090363e8e8d65db92839cd53de05c45
2010-11-19 15:39:41 -08:00
} finally {
Binder.restoreCallingIdentity(token);
}
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
private IPowerManager getIPowerManager() {
if (mIPowerManager == null) {
IBinder b = ServiceManager.getService(Context.POWER_SERVICE);
mIPowerManager = IPowerManager.Stub.asInterface(b);
}
return mIPowerManager;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Fix 5863053: Add method to lock screen immediately. This fixes a bug where the device fails to lock when DevicePolicyManagerService requests the device to be locked and the screen was off because the user hit the power button. The change allows DPMS to directly invoke screen lock, bypasssing the screen state. Change-Id: Iecdda6fc61e9c519119de495be23c69c3b983921
2012-01-17 15:55:31 -08:00
private IWindowManager getWindowManager() {
if (mIWindowManager == null) {
IBinder b = ServiceManager.getService(Context.WINDOW_SERVICE);
mIWindowManager = IWindowManager.Stub.asInterface(b);
}
return mIWindowManager;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) {
ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
if (admin != null
&& who.getPackageName().equals(admin.info.getActivityInfo().packageName)
&& who.getClassName().equals(admin.info.getActivityInfo().name)) {
return admin;
}
return null;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy)
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
throws SecurityException {
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
final int callingUid = Binder.getCallingUid();
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int userHandle = UserHandle.getUserId(callingUid);
final DevicePolicyData policy = getUserData(userHandle);
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminMap.get(who);
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
if (admin == null) {
throw new SecurityException("No active admin " + who);
}
if (admin.getUid() != callingUid) {
throw new SecurityException("Admin " + who + " is not owned by uid "
+ Binder.getCallingUid());
}
if (!admin.info.usesPolicy(reqPolicy)) {
throw new SecurityException("Admin " + admin.info.getComponent()
+ " did not specify uses-policy for: "
+ admin.info.getTagForPolicy(reqPolicy));
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
return admin;
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
} else {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
if (admin.getUid() == callingUid && admin.info.usesPolicy(reqPolicy)) {
return admin;
}
}
throw new SecurityException("No active admin owned by uid "
+ Binder.getCallingUid() + " for policy #" + reqPolicy);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
void sendAdminCommandLocked(ActiveAdmin admin, String action) {
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
sendAdminCommandLocked(admin, action, null);
}
void sendAdminCommandLocked(ActiveAdmin admin, String action, BroadcastReceiver result) {
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
Intent intent = new Intent(action);
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
intent.setComponent(admin.info.getComponent());
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (action.equals(DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING)) {
intent.putExtra("expiration", admin.passwordExpirationDate);
}
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (result != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
mContext.sendOrderedBroadcastAsUser(intent, admin.getUserHandle(),
Improve multi-user broadcasts. You can now use ALL and CURRENT when sending broadcasts, to specify where the broadcast goes. Sticky broadcasts are now correctly separated per user, and registered receivers are filtered based on the requested target user. New Context APIs for more kinds of sending broadcasts as users. Updating a bunch of system code that sends broadcasts to explicitly specify which user the broadcast goes to. Made a single version of the code for interpreting the requested target user ID that all entries to activity manager (start activity, send broadcast, start service) use. Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
2012-08-29 18:32:08 -07:00
null, result, mHandler, Activity.RESULT_OK, null, null);
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
} else {
Improve multi-user broadcasts. You can now use ALL and CURRENT when sending broadcasts, to specify where the broadcast goes. Sticky broadcasts are now correctly separated per user, and registered receivers are filtered based on the requested target user. New Context APIs for more kinds of sending broadcasts as users. Updating a bunch of system code that sends broadcasts to explicitly specify which user the broadcast goes to. Made a single version of the code for interpreting the requested target user ID that all entries to activity manager (start activity, send broadcast, start service) use. Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
2012-08-29 18:32:08 -07:00
mContext.sendBroadcastAsUser(intent, UserHandle.OWNER);
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
}
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
void sendAdminCommandLocked(String action, int reqPolicy, int userHandle) {
final DevicePolicyData policy = getUserData(userHandle);
final int count = policy.mAdminList.size();
if (count > 0) {
for (int i = 0; i < count; i++) {
ActiveAdmin admin = policy.mAdminList.get(i);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
if (admin.info.usesPolicy(reqPolicy)) {
sendAdminCommandLocked(admin, action);
}
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
}
Don't crash when there is no admin.
2010-01-21 16:29:00 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
void removeActiveAdminLocked(final ComponentName adminReceiver, int userHandle) {
final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
if (admin != null) {
sendAdminCommandLocked(admin,
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED,
new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
synchronized (DevicePolicyManagerService.this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int userHandle = admin.getUserHandle().getIdentifier();
DevicePolicyData policy = getUserData(userHandle);
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
boolean doProxyCleanup = admin.info.usesPolicy(
DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mAdminList.remove(admin);
policy.mAdminMap.remove(adminReceiver);
validatePasswordOwnerLocked(policy);
syncDeviceCapabilitiesLocked(policy);
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
if (doProxyCleanup) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
resetGlobalProxyLocked(getUserData(userHandle));
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
updateMaximumTimeToLockLocked(policy);
Fix issue #4445007: DPM initializes some values to 1, instead of 0 Also fix not writing the settings file when an admin is removed. And take care of an old to-do about not removing an admin until after it has received the broadcast about it being disabled. Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
2011-05-25 10:48:28 -07:00
}
}
});
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public DeviceAdminInfo findAdmin(ComponentName adminName, int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
Intent resolveIntent = new Intent();
resolveIntent.setComponent(adminName);
List<ResolveInfo> infos = mContext.getPackageManager().queryBroadcastReceivers(
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
resolveIntent, PackageManager.GET_META_DATA, userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
if (infos == null || infos.size() <= 0) {
throw new IllegalArgumentException("Unknown admin: " + adminName);
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
try {
return new DeviceAdminInfo(mContext, infos.get(0));
} catch (XmlPullParserException e) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
Slog.w(TAG, "Bad device admin requested for user=" + userHandle + ": " + adminName, e);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
return null;
} catch (IOException e) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
Slog.w(TAG, "Bad device admin requested for user=" + userHandle + ": " + adminName, e);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
return null;
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private static JournaledFile makeJournaledFile(int userHandle) {
final String base = userHandle == 0
? "/data/system/" + DEVICE_POLICIES_XML
: new File(Environment.getUserSystemDirectory(userHandle), DEVICE_POLICIES_XML)
.getAbsolutePath();
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
return new JournaledFile(new File(base), new File(base + ".tmp"));
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private void saveSettingsLocked(int userHandle) {
DevicePolicyData policy = getUserData(userHandle);
JournaledFile journal = makeJournaledFile(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
FileOutputStream stream = null;
try {
stream = new FileOutputStream(journal.chooseForWrite(), false);
XmlSerializer out = new FastXmlSerializer();
out.setOutput(stream, "utf-8");
out.startDocument(null, true);
out.startTag(null, "policies");
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin ap = policy.mAdminList.get(i);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
if (ap != null) {
out.startTag(null, "admin");
out.attribute(null, "name", ap.info.getComponent().flattenToString());
ap.writeToXml(out);
out.endTag(null, "admin");
}
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (policy.mPasswordOwner >= 0) {
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
out.startTag(null, "password-owner");
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
out.attribute(null, "value", Integer.toString(policy.mPasswordOwner));
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
out.endTag(null, "password-owner");
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (policy.mFailedPasswordAttempts != 0) {
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
out.startTag(null, "failed-password-attempts");
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
out.attribute(null, "value", Integer.toString(policy.mFailedPasswordAttempts));
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
out.endTag(null, "failed-password-attempts");
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (policy.mActivePasswordQuality != 0 || policy.mActivePasswordLength != 0
|| policy.mActivePasswordUpperCase != 0 || policy.mActivePasswordLowerCase != 0
|| policy.mActivePasswordLetters != 0 || policy.mActivePasswordNumeric != 0
|| policy.mActivePasswordSymbols != 0 || policy.mActivePasswordNonLetter != 0) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
out.startTag(null, "active-password");
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
out.attribute(null, "quality", Integer.toString(policy.mActivePasswordQuality));
out.attribute(null, "length", Integer.toString(policy.mActivePasswordLength));
out.attribute(null, "uppercase", Integer.toString(policy.mActivePasswordUpperCase));
out.attribute(null, "lowercase", Integer.toString(policy.mActivePasswordLowerCase));
out.attribute(null, "letters", Integer.toString(policy.mActivePasswordLetters));
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
out.attribute(null, "numeric", Integer
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
.toString(policy.mActivePasswordNumeric));
out.attribute(null, "symbols", Integer.toString(policy.mActivePasswordSymbols));
out.attribute(null, "nonletter", Integer.toString(policy.mActivePasswordNonLetter));
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
out.endTag(null, "active-password");
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
out.endTag(null, "policies");
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
out.endDocument();
stream.close();
journal.commit();
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
sendChangedNotification(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} catch (IOException e) {
try {
if (stream != null) {
stream.close();
}
} catch (IOException ex) {
// Ignore
}
journal.rollback();
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private void sendChangedNotification(int userHandle) {
Fix 2737842: Disable KeguardManager API if device policy is enabled This change adds notification to find out when the device policy has changed. When an admin adds or changes a policy, we get notified and reset the state of keyguard to be enabled. It also moves disabling keyguard into the TokenWatcher.acquired() method to avoid disabling keyguard when a policy doesn't permit it. This avoids reference counting issues in TokenWatcher and hence relieves the ordering issue. There is one remaining caveat. An application that uses KeyguardManager to disable keyguard will need to disable keyguard again after any policy change. Tested: Install and run app that disables keyguard with no admin. Result: keyguard is enabled/disabled as expected. Enable admin and set quality = "something" after installing & running app. Result: keyguard is enabled. Change admin password quality to "unspecified" and re-run app (per caveat). Result: keyguard is disabled. Change admin password quality to "something" again. Result: keyguard is enabled. Disable admin : Result: keyguard is enabled until app runs again (per caveat). Added minor cosmetic changes after review. Change-Id: I302f2b01446bf031f746b0f3e8b5fd7a6cc0e648
2010-06-08 14:27:42 -07:00
Intent intent = new Intent(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED);
intent.setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
Fix DevicePolicyManager crash when settings password quality (and possibly others). Bug: 7130570 Clear the calling identity before broadcasting to all users. Change-Id: Ibe84af1ee00aecfe4b2d5bb7731a952f617b4885
2012-09-10 10:24:36 -07:00
long ident = Binder.clearCallingIdentity();
try {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
mContext.sendBroadcastAsUser(intent, new UserHandle(userHandle));
Fix DevicePolicyManager crash when settings password quality (and possibly others). Bug: 7130570 Clear the calling identity before broadcasting to all users. Change-Id: Ibe84af1ee00aecfe4b2d5bb7731a952f617b4885
2012-09-10 10:24:36 -07:00
} finally {
Binder.restoreCallingIdentity(ident);
}
Fix 2737842: Disable KeguardManager API if device policy is enabled This change adds notification to find out when the device policy has changed. When an admin adds or changes a policy, we get notified and reset the state of keyguard to be enabled. It also moves disabling keyguard into the TokenWatcher.acquired() method to avoid disabling keyguard when a policy doesn't permit it. This avoids reference counting issues in TokenWatcher and hence relieves the ordering issue. There is one remaining caveat. An application that uses KeyguardManager to disable keyguard will need to disable keyguard again after any policy change. Tested: Install and run app that disables keyguard with no admin. Result: keyguard is enabled/disabled as expected. Enable admin and set quality = "something" after installing & running app. Result: keyguard is enabled. Change admin password quality to "unspecified" and re-run app (per caveat). Result: keyguard is disabled. Change admin password quality to "something" again. Result: keyguard is enabled. Disable admin : Result: keyguard is enabled until app runs again (per caveat). Added minor cosmetic changes after review. Change-Id: I302f2b01446bf031f746b0f3e8b5fd7a6cc0e648
2010-06-08 14:27:42 -07:00
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private void loadSettingsLocked(DevicePolicyData policy, int userHandle) {
JournaledFile journal = makeJournaledFile(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
FileInputStream stream = null;
File file = journal.chooseForRead();
try {
stream = new FileInputStream(file);
XmlPullParser parser = Xml.newPullParser();
parser.setInput(stream, null);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
int type;
while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
&& type != XmlPullParser.START_TAG) {
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
String tag = parser.getName();
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
if (!"policies".equals(tag)) {
throw new XmlPullParserException(
"Settings do not start with policies tag: found " + tag);
}
type = parser.next();
int outerDepth = parser.getDepth();
while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
&& (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
continue;
}
tag = parser.getName();
if ("admin".equals(tag)) {
New external storage APIs. This implements the spec for external storage organization, and properly reflects how the media scanner organizes the files it finds. Also includes package manager support for removing app private files from external storage when the application is uninstalled. For the new APIs and paths, the main place to look is Environment and Context.
2010-02-04 17:38:14 -08:00
String name = parser.getAttributeValue(null, "name");
try {
DeviceAdminInfo dai = findAdmin(
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ComponentName.unflattenFromString(name), userHandle);
if (DBG && (UserHandle.getUserId(dai.getActivityInfo().applicationInfo.uid)
!= userHandle)) {
Slog.w(TAG, "findAdmin returned an incorrect uid "
+ dai.getActivityInfo().applicationInfo.uid + " for user "
+ userHandle);
}
New external storage APIs. This implements the spec for external storage organization, and properly reflects how the media scanner organizes the files it finds. Also includes package manager support for removing app private files from external storage when the application is uninstalled. For the new APIs and paths, the main place to look is Environment and Context.
2010-02-04 17:38:14 -08:00
if (dai != null) {
ActiveAdmin ap = new ActiveAdmin(dai);
ap.readFromXml(parser);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mAdminMap.put(ap.info.getComponent(), ap);
policy.mAdminList.add(ap);
New external storage APIs. This implements the spec for external storage organization, and properly reflects how the media scanner organizes the files it finds. Also includes package manager support for removing app private files from external storage when the application is uninstalled. For the new APIs and paths, the main place to look is Environment and Context.
2010-02-04 17:38:14 -08:00
}
} catch (RuntimeException e) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "Failed loading admin " + name, e);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
} else if ("failed-password-attempts".equals(tag)) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mFailedPasswordAttempts = Integer.parseInt(
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
parser.getAttributeValue(null, "value"));
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
XmlUtils.skipCurrentTag(parser);
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
} else if ("password-owner".equals(tag)) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mPasswordOwner = Integer.parseInt(
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
parser.getAttributeValue(null, "value"));
XmlUtils.skipCurrentTag(parser);
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
} else if ("active-password".equals(tag)) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordQuality = Integer.parseInt(
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
parser.getAttributeValue(null, "quality"));
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordLength = Integer.parseInt(
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
parser.getAttributeValue(null, "length"));
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordUpperCase = Integer.parseInt(
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
parser.getAttributeValue(null, "uppercase"));
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordLowerCase = Integer.parseInt(
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
parser.getAttributeValue(null, "lowercase"));
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordLetters = Integer.parseInt(
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
parser.getAttributeValue(null, "letters"));
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordNumeric = Integer.parseInt(
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
parser.getAttributeValue(null, "numeric"));
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordSymbols = Integer.parseInt(
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
parser.getAttributeValue(null, "symbols"));
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordNonLetter = Integer.parseInt(
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
parser.getAttributeValue(null, "nonletter"));
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
XmlUtils.skipCurrentTag(parser);
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
} else {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "Unknown tag: " + tag);
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
XmlUtils.skipCurrentTag(parser);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
} catch (NullPointerException e) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "failed parsing " + file + " " + e);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} catch (NumberFormatException e) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "failed parsing " + file + " " + e);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} catch (XmlPullParserException e) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "failed parsing " + file + " " + e);
Rub in a little 'ol log-b-gone. Mmmmmm... great fresh scent! Change-Id: I050e70b31b5d4a9c6731f15a4b51a3620a33a78d
2010-09-30 18:27:22 -07:00
} catch (FileNotFoundException e) {
// Don't be noisy, this is normal if we haven't defined any policies.
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} catch (IOException e) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "failed parsing " + file + " " + e);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} catch (IndexOutOfBoundsException e) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "failed parsing " + file + " " + e);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
try {
if (stream != null) {
stream.close();
}
} catch (IOException e) {
// Ignore
}
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
// Validate that what we stored for the password quality matches
// sufficiently what is currently set. Note that this is only
// a sanity check in case the two get out of sync; this should
// never normally happen.
LockPatternUtils utils = new LockPatternUtils(mContext);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (utils.getActivePasswordQuality() < policy.mActivePasswordQuality) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "Active password quality 0x"
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
+ Integer.toHexString(policy.mActivePasswordQuality)
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
+ " does not match actual quality 0x"
+ Integer.toHexString(utils.getActivePasswordQuality()));
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mActivePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
policy.mActivePasswordLength = 0;
policy.mActivePasswordUpperCase = 0;
policy.mActivePasswordLowerCase = 0;
policy.mActivePasswordLetters = 0;
policy.mActivePasswordNumeric = 0;
policy.mActivePasswordSymbols = 0;
policy.mActivePasswordNonLetter = 0;
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
validatePasswordOwnerLocked(policy);
syncDeviceCapabilitiesLocked(policy);
updateMaximumTimeToLockLocked(policy);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
static void validateQualityConstant(int quality) {
switch (quality) {
case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED:
DO NOT MERGE - Cherry picking from master to MR1 Fix 5783857: Device Policy Manager doesn't allow Face Unlock This makes it so that if face unlock is enabled and then a device policy manager that requires something more secure than face unlock is installed, the user will be forced to choose a new acceptable lock type. This was previously fixed for the case where the device had been reset, or the shell was restarted after setting face unlock, but not for the case where the device remained on between setting face unlock and setting up a device policy manager. Also changed the function ordering of saveLockPattern() so that the overloaded wrapper function is next to the main function. Change-Id: Ibed8c4ab137ebbc07fb143faef6f047bc6dc4474
2011-12-21 17:02:32 -05:00
case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK:
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC:
case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
return;
}
throw new IllegalArgumentException("Invalid quality constant: 0x"
+ Integer.toHexString(quality));
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
void validatePasswordOwnerLocked(DevicePolicyData policy) {
if (policy.mPasswordOwner >= 0) {
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
boolean haveOwner = false;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
for (int i = policy.mAdminList.size() - 1; i >= 0; i--) {
if (policy.mAdminList.get(i).getUid() == policy.mPasswordOwner) {
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
haveOwner = true;
break;
}
}
if (!haveOwner) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
Slog.w(TAG, "Previous password owner " + policy.mPasswordOwner
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
+ " no longer active; disabling");
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mPasswordOwner = -1;
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
/**
* Pushes down policy information to the system for any policies related to general device
* capabilities that need to be enforced by lower level services (e.g. Camera services).
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
void syncDeviceCapabilitiesLocked(DevicePolicyData policy) {
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
// Ensure the status of the camera is synced down to the system. Interested native services
// should monitor this value and act accordingly.
boolean systemState = SystemProperties.getBoolean(SYSTEM_PROP_DISABLE_CAMERA, false);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
boolean cameraDisabled = getCameraDisabled(null, policy.mUserHandle);
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
if (cameraDisabled != systemState) {
long token = Binder.clearCallingIdentity();
try {
String value = cameraDisabled ? "1" : "0";
Slog.v(TAG, "Change in camera state ["
+ SYSTEM_PROP_DISABLE_CAMERA + "] = " + value);
SystemProperties.set(SYSTEM_PROP_DISABLE_CAMERA, value);
} finally {
Binder.restoreCallingIdentity(token);
}
}
}
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
public void systemReady() {
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
loadSettingsLocked(getUserData(UserHandle.USER_OWNER), UserHandle.USER_OWNER);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private void handlePasswordExpirationNotification(DevicePolicyData policy) {
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
synchronized (this) {
final long now = System.currentTimeMillis();
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (N <= 0) {
return;
}
for (int i=0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)
&& admin.passwordExpirationTimeout > 0L
&& admin.passwordExpirationDate > 0L
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
&& now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS) {
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING);
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
setExpirationAlarmCheckLocked(mContext, policy);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
}
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
/**
* @param adminReceiver The admin to add
* @param refreshing true = update an active admin, no error
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle) {
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
enforceCrossUserPermission(userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
DeviceAdminInfo info = findAdmin(adminReceiver, userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
if (info == null) {
throw new IllegalArgumentException("Bad admin: " + adminReceiver);
}
synchronized (this) {
long ident = Binder.clearCallingIdentity();
try {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (!refreshing && getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null) {
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
throw new IllegalArgumentException("Admin is already added");
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
ActiveAdmin newAdmin = new ActiveAdmin(info);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mAdminMap.put(adminReceiver, newAdmin);
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
int replaceIndex = -1;
if (refreshing) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
for (int i=0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin oldAdmin = policy.mAdminList.get(i);
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
if (oldAdmin.info.getComponent().equals(adminReceiver)) {
replaceIndex = i;
break;
}
}
}
if (replaceIndex == -1) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mAdminList.add(newAdmin);
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
} else {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mAdminList.set(replaceIndex, newAdmin);
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
sendAdminCommandLocked(newAdmin, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} finally {
Binder.restoreCallingIdentity(ident);
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public boolean isAdminActive(ComponentName adminReceiver, int userHandle) {
enforceCrossUserPermission(userHandle);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
return getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null;
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public boolean hasGrantedPolicy(ComponentName adminReceiver, int policyId, int userHandle) {
enforceCrossUserPermission(userHandle);
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
API CHANGE - Add hasGrantedPolicy() API * Allows an app to detect that it needs to have additional policies granted * Add "refreshing" parameter to setActiveAdmin() to handle this case * Minor cleanups to eliminate warnings (mostly for unused things) Bug: 3253179 Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
2010-12-08 15:56:45 -08:00
if (administrator == null) {
throw new SecurityException("No active admin " + adminReceiver);
}
return administrator.info.usesPolicy(policyId);
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public List<ComponentName> getActiveAdmins(int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
if (N <= 0) {
return null;
}
ArrayList<ComponentName> res = new ArrayList<ComponentName>(N);
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
res.add(policy.mAdminList.get(i).info.getComponent());
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
}
return res;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public boolean packageHasActiveAdmins(String packageName, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (policy.mAdminList.get(i).info.getPackageName().equals(packageName)) {
Fix issue #2438980: Implement package watcher for voice recognizer service setting I am getting tired of writing package monitor code, realized this is missing in a number of places, and at this point it has gotten complicated enough that I don't think anyone actually does it 100% right so: Introducing PackageMonitor. Yes there are no Java docs. I am still playing around with just what this thing is to figure out what makes sense and how people will use it. It is being used to fix this bug for monitoring voice recognizers (integrating the code from the settings provider for setting an initial value), to replace the existing code for monitoring input methods (and fix the bug where we wouldn't remove an input method from the enabled list when it got uninstalled), to now monitor live wallpaper package changes (now allowing us to avoid reverting back to the default live wallpaper when the current one is updated!), and to monitor device admin changes. Also includes a fix so you can't uninstall an .apk that is currently enabled as a device admin. Also includes a fix where the default time zone was not initialized early enough which should fix issue #2455507 (Observed Google services frame work crash). In addition, this finally introduces a mechanism to determine if the "force stop" button should be enabled, with convenience in PackageMonitor for system services to handle it. All services have been updated to support this. There is also new infrastructure for reporting battery usage as an applicatin error report.
2010-02-19 17:02:21 -08:00
return true;
}
}
return false;
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void removeActiveAdmin(ComponentName adminReceiver, int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
if (admin == null) {
return;
}
if (admin.getUid() != Binder.getCallingUid()) {
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
}
long ident = Binder.clearCallingIdentity();
try {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
removeActiveAdminLocked(adminReceiver, userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} finally {
Binder.restoreCallingIdentity(ident);
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordQuality(ComponentName who, int quality, int userHandle) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
validateQualityConstant(quality);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
enforceCrossUserPermission(userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
if (ap.passwordQuality != quality) {
ap.passwordQuality = quality;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordQuality(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
int mode = DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
return admin != null ? admin.passwordQuality : mode;
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
if (mode < admin.passwordQuality) {
mode = admin.passwordQuality;
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
}
}
return mode;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordMinimumLength(ComponentName who, int length, int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
if (ap.minimumPasswordLength != length) {
ap.minimumPasswordLength = length;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordMinimumLength(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
int length = 0;
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
return admin != null ? admin.minimumPasswordLength : length;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
if (length < admin.minimumPasswordLength) {
length = admin.minimumPasswordLength;
}
}
return length;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordHistoryLength(ComponentName who, int length, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
if (ap.passwordHistoryLength != length) {
ap.passwordHistoryLength = length;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
}
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordHistoryLength(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
int length = 0;
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
return admin != null ? admin.passwordHistoryLength : length;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
if (length < admin.passwordHistoryLength) {
length = admin.passwordHistoryLength;
}
}
return length;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordExpirationTimeout(ComponentName who, long timeout, int userHandle) {
enforceCrossUserPermission(userHandle);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
Fixes to DevicePolicyManager.setPasswordExpirationTimeout * Fix permissions problem in DevicePolicyManager * Allow short timeouts (primarily for testing) * Remove unused debugging code Bug: 3212583 Change-Id: I3770b1c6f090363e8e8d65db92839cd53de05c45
2010-11-19 15:39:41 -08:00
if (timeout < 0) {
throw new IllegalArgumentException("Timeout must be >= 0 ms");
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD);
// Calling this API automatically bumps the expiration date
final long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L;
ap.passwordExpirationDate = expiration;
ap.passwordExpirationTimeout = timeout;
if (timeout > 0L) {
Slog.w(TAG, "setPasswordExpiration(): password will expire on "
+ DateFormat.getDateTimeInstance(DateFormat.DEFAULT, DateFormat.DEFAULT)
.format(new Date(expiration)));
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
// in case this is the first one
setExpirationAlarmCheckLocked(mContext, getUserData(userHandle));
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
}
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
/**
* Return a single admin's expiration cycle time, or the min of all cycle times.
* Returns 0 if not configured.
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public long getPasswordExpirationTimeout(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
synchronized (this) {
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
return admin != null ? admin.passwordExpirationTimeout : 0L;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
long timeout = 0L;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (timeout == 0L || (admin.passwordExpirationTimeout != 0L
&& timeout > admin.passwordExpirationTimeout)) {
timeout = admin.passwordExpirationTimeout;
}
}
return timeout;
}
}
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
/**
* Return a single admin's expiration date/time, or the min (soonest) for all admins.
* Returns 0 if not configured.
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private long getPasswordExpirationLocked(ComponentName who, int userHandle) {
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
return admin != null ? admin.passwordExpirationDate : 0L;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
long timeout = 0L;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (timeout == 0L || (admin.passwordExpirationDate != 0
&& timeout > admin.passwordExpirationDate)) {
timeout = admin.passwordExpirationDate;
}
}
return timeout;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public long getPasswordExpiration(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
return getPasswordExpirationLocked(who, userHandle);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordMinimumUpperCase(ComponentName who, int length, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
if (ap.minimumPasswordUpperCase != length) {
ap.minimumPasswordUpperCase = length;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
}
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordMinimumUpperCase(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
int length = 0;
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
return admin != null ? admin.minimumPasswordUpperCase : length;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (length < admin.minimumPasswordUpperCase) {
length = admin.minimumPasswordUpperCase;
}
}
return length;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordMinimumLowerCase(ComponentName who, int length, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
if (ap.minimumPasswordLowerCase != length) {
ap.minimumPasswordLowerCase = length;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
}
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordMinimumLowerCase(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
int length = 0;
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
return admin != null ? admin.minimumPasswordLowerCase : length;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (length < admin.minimumPasswordLowerCase) {
length = admin.minimumPasswordLowerCase;
}
}
return length;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordMinimumLetters(ComponentName who, int length, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
if (ap.minimumPasswordLetters != length) {
ap.minimumPasswordLetters = length;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
}
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordMinimumLetters(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
int length = 0;
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
return admin != null ? admin.minimumPasswordLetters : length;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (length < admin.minimumPasswordLetters) {
length = admin.minimumPasswordLetters;
}
}
return length;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordMinimumNumeric(ComponentName who, int length, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
if (ap.minimumPasswordNumeric != length) {
ap.minimumPasswordNumeric = length;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
}
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordMinimumNumeric(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
int length = 0;
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
return admin != null ? admin.minimumPasswordNumeric : length;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (length < admin.minimumPasswordNumeric) {
length = admin.minimumPasswordNumeric;
}
}
return length;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordMinimumSymbols(ComponentName who, int length, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
if (ap.minimumPasswordSymbols != length) {
ap.minimumPasswordSymbols = length;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
}
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordMinimumSymbols(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
synchronized (this) {
int length = 0;
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
return admin != null ? admin.minimumPasswordSymbols : length;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (length < admin.minimumPasswordSymbols) {
length = admin.minimumPasswordSymbols;
}
}
return length;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setPasswordMinimumNonLetter(ComponentName who, int length, int userHandle) {
enforceCrossUserPermission(userHandle);
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
if (ap.minimumPasswordNonLetter != length) {
ap.minimumPasswordNonLetter = length;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
}
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getPasswordMinimumNonLetter(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
synchronized (this) {
int length = 0;
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
return admin != null ? admin.minimumPasswordNonLetter : length;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
if (length < admin.minimumPasswordNonLetter) {
length = admin.minimumPasswordNonLetter;
}
}
return length;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public boolean isActivePasswordSufficient(int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
getActiveAdminForCallerLocked(null,
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (policy.mActivePasswordQuality < getPasswordQuality(null, userHandle)
|| policy.mActivePasswordLength < getPasswordMinimumLength(null, userHandle)) {
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
return false;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (policy.mActivePasswordQuality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
return true;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
return policy.mActivePasswordUpperCase >= getPasswordMinimumUpperCase(null, userHandle)
&& policy.mActivePasswordLowerCase >= getPasswordMinimumLowerCase(null, userHandle)
&& policy.mActivePasswordLetters >= getPasswordMinimumLetters(null, userHandle)
&& policy.mActivePasswordNumeric >= getPasswordMinimumNumeric(null, userHandle)
&& policy.mActivePasswordSymbols >= getPasswordMinimumSymbols(null, userHandle)
&& policy.mActivePasswordNonLetter >= getPasswordMinimumNonLetter(null, userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getCurrentFailedPasswordAttempts(int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
getActiveAdminForCallerLocked(null,
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
return getUserData(userHandle).mFailedPasswordAttempts;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setMaximumFailedPasswordsForWipe(ComponentName who, int num, int userHandle) {
enforceCrossUserPermission(userHandle);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
synchronized (this) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_WIPE_DATA);
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN);
if (ap.maximumFailedPasswordsForWipe != num) {
ap.maximumFailedPasswordsForWipe = num;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getMaximumFailedPasswordsForWipe(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
int count = 0;
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
return admin != null ? admin.maximumFailedPasswordsForWipe : count;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
if (count == 0) {
count = admin.maximumFailedPasswordsForWipe;
} else if (admin.maximumFailedPasswordsForWipe != 0
&& count > admin.maximumFailedPasswordsForWipe) {
count = admin.maximumFailedPasswordsForWipe;
}
}
return count;
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public boolean resetPassword(String password, int flags, int userHandle) {
enforceCrossUserPermission(userHandle);
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
int quality;
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
synchronized (this) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
getActiveAdminForCallerLocked(null,
DeviceAdminInfo.USES_POLICY_RESET_PASSWORD);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
quality = getPasswordQuality(null, userHandle);
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
if (quality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
int realQuality = LockPatternUtils.computePasswordQuality(password);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (realQuality < quality
&& quality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "resetPassword: password quality 0x"
+ Integer.toHexString(quality)
+ " does not meet required quality 0x"
+ Integer.toHexString(quality));
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
return false;
}
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
quality = Math.max(realQuality, quality);
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int length = getPasswordMinimumLength(null, userHandle);
More device policy work: clarify password modes, monkeying. Clarifies what the password modes mean, renaming them to "quality" and updating their documentation and the implementation to follow. Also adds a facility to find out if a monkey is running, which I need for the api demo to avoid letting it wipe the device.
2010-01-29 10:38:29 -08:00
if (password.length() < length) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "resetPassword: password length " + password.length()
+ " does not meet required length " + length);
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
return false;
}
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (quality == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
int letters = 0;
int uppercase = 0;
int lowercase = 0;
int numbers = 0;
int symbols = 0;
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
int nonletter = 0;
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
for (int i = 0; i < password.length(); i++) {
char c = password.charAt(i);
if (c >= 'A' && c <= 'Z') {
letters++;
uppercase++;
} else if (c >= 'a' && c <= 'z') {
letters++;
lowercase++;
} else if (c >= '0' && c <= '9') {
numbers++;
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
nonletter++;
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
} else {
symbols++;
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
nonletter++;
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int neededLetters = getPasswordMinimumLetters(null, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if(letters < neededLetters) {
Slog.w(TAG, "resetPassword: number of letters " + letters
+ " does not meet required number of letters " + neededLetters);
return false;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int neededNumbers = getPasswordMinimumNumeric(null, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (numbers < neededNumbers) {
Slog
.w(TAG, "resetPassword: number of numerical digits " + numbers
+ " does not meet required number of numerical digits "
+ neededNumbers);
return false;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int neededLowerCase = getPasswordMinimumLowerCase(null, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (lowercase < neededLowerCase) {
Slog.w(TAG, "resetPassword: number of lowercase letters " + lowercase
+ " does not meet required number of lowercase letters "
+ neededLowerCase);
return false;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int neededUpperCase = getPasswordMinimumUpperCase(null, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (uppercase < neededUpperCase) {
Slog.w(TAG, "resetPassword: number of uppercase letters " + uppercase
+ " does not meet required number of uppercase letters "
+ neededUpperCase);
return false;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int neededSymbols = getPasswordMinimumSymbols(null, userHandle);
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
if (symbols < neededSymbols) {
Slog.w(TAG, "resetPassword: number of special symbols " + symbols
+ " does not meet required number of special symbols " + neededSymbols);
return false;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int neededNonLetter = getPasswordMinimumNonLetter(null, userHandle);
Adding support for minimum number of non letter characters. Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
2010-06-04 17:15:02 -07:00
if (nonletter < neededNonLetter) {
Slog.w(TAG, "resetPassword: number of non-letter characters " + nonletter
+ " does not meet required number of non-letter characters "
+ neededNonLetter);
return false;
}
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
}
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
int callingUid = Binder.getCallingUid();
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
if (policy.mPasswordOwner >= 0 && policy.mPasswordOwner != callingUid) {
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
Slog.w(TAG, "resetPassword: already set by another uid and not entered by user");
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
return false;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
// Don't do this with the lock held, because it is going to call
// back in to the service.
long ident = Binder.clearCallingIdentity();
try {
LockPatternUtils utils = new LockPatternUtils(mContext);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
utils.saveLockPassword(password, quality, false, userHandle);
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
synchronized (this) {
int newOwner = (flags&DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY)
!= 0 ? callingUid : -1;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (policy.mPasswordOwner != newOwner) {
policy.mPasswordOwner = newOwner;
saveSettingsLocked(userHandle);
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
}
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
}
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
} finally {
Binder.restoreCallingIdentity(ident);
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
return true;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setMaximumTimeToLock(ComponentName who, long timeMs, int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
Get rid of the limit-unlock policy control. This is merged with force-lock. These both allow effectively the same thing, so there is no reason to junk up the user experience with them as separate entities.
2010-02-11 12:14:08 -08:00
DeviceAdminInfo.USES_POLICY_FORCE_LOCK);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
if (ap.maximumTimeToUnlock != timeMs) {
ap.maximumTimeToUnlock = timeMs;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
updateMaximumTimeToLockLocked(getUserData(userHandle));
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
void updateMaximumTimeToLockLocked(DevicePolicyData policy) {
long timeMs = getMaximumTimeToLock(null, policy.mUserHandle);
if (policy.mLastMaximumTimeToLock == timeMs) {
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
return;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
long ident = Binder.clearCallingIdentity();
try {
if (timeMs <= 0) {
timeMs = Integer.MAX_VALUE;
} else {
// Make sure KEEP_SCREEN_ON is disabled, since that
// would allow bypassing of the maximum time to lock.
Refer to STAY_ON_WHILE_PLUGGED_IN via the Global namespace It moved from System to Global, so writes are not automatically redirected to the new namespace (else apps would start crashing). Bug 7126575 Change-Id: Ief31fcb5a6107a098da04d30d146e16921dee776
2012-09-07 15:00:54 -07:00
Settings.Global.putInt(mContext.getContentResolver(),
Settings.Global.STAY_ON_WHILE_PLUGGED_IN, 0);
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mLastMaximumTimeToLock = timeMs;
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
try {
Power manager rewrite. The major goal of this rewrite is to make it easier to implement power management policies correctly. According, the new implementation primarily uses state-based rather than event-based triggers for applying changes to the current power state. For example, when an application requests that the proximity sensor be used to manage the screen state (by way of a wake lock), the power manager makes note of the fact that the set of wake locks changed. Then it executes a common update function that recalculates the entire state, first looking at wake locks, then considering user activity, and eventually determining whether the screen should be turned on or off. At this point it may make a request to a component called the DisplayPowerController to asynchronously update the display's powe state. Likewise, DisplayPowerController makes note of the updated power request and schedules its own update function to figure out what needs to be changed. The big benefit of this approach is that it's easy to mutate multiple properties of the power state simultaneously then apply their joint effects together all at once. Transitions between states are detected and resolved by the update in a consistent manner. The new power manager service has is implemented as a set of loosely coupled components. For the most part, information only flows one way through these components (by issuing a request to that component) although some components support sending a message back to indicate when the work has been completed. For example, the DisplayPowerController posts a callback runnable asynchronously to tell the PowerManagerService when the display is ready. An important feature of this approach is that each component neatly encapsulates its state and maintains its own invariants. Moreover, we do not need to worry about deadlocks or awkward mutual exclusion semantics because most of the requests are asynchronous. The benefits of this design are especially apparent in the implementation of the screen on / off and brightness control animations which are able to take advantage of framework features like properties, ObjectAnimator and Choreographer. The screen on / off animation is now the responsibility of the power manager (instead of surface flinger). This change makes it much easier to ensure that the animation is properly coordinated with other power state changes and eliminates the cause of race conditions in the older implementation. The because of the userActivity() function has been changed so that it never wakes the device from sleep. This change removes ambiguity around forcing or disabling user activity for various purposes. To wake the device, use wakeUp(). To put it to sleep, use goToSleep(). Simple. The power manager service interface and API has been significantly simplified and consolidated. Also fixed some inconsistencies related to how the minimum and maximum screen brightness setting was presented in brightness control widgets and enforced behind the scenes. At present the following features are implemented: - Wake locks. - User activity. - Wake up / go to sleep. - Power state broadcasts. - Battery stats and event log notifications. - Dreams. - Proximity screen off. - Animated screen on / off transitions. - Auto-dimming. - Auto-brightness control for the screen backlight with different timeouts for ramping up versus ramping down. - Auto-on when plugged or unplugged. - Stay on when plugged. - Device administration maximum user activity timeout. - Application controlled brightness via window manager. The following features are not yet implemented: - Reduced user activity timeout for the key guard. - Reduced user activity timeout for the phone application. - Coordinating screen on barriers with the window manager. - Preventing auto-rotation during power state changes. - Auto-brightness adjustment setting (feature was disabled in previous version of the power manager service pending an improved UI design so leaving it out for now). - Interpolated brightness control (a proposed new scheme for more compactly specifying auto-brightness levels in config.xml). - Button / keyboard backlight control. - Change window manager to associated WorkSource with KEEP_SCREEN_ON_FLAG wake lock instead of talking directly to the battery stats service. - Optionally support animating screen brightness when turning on/off instead of playing electron beam animation (config_animateScreenLights). Change-Id: I1d7a52e98f0449f76d70bf421f6a7f245957d1d7
2012-07-27 15:51:34 -07:00
getIPowerManager().setMaximumScreenOffTimeoutFromDeviceAdmin((int)timeMs);
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
} catch (RemoteException e) {
Slog.w(TAG, "Failure talking with power manager", e);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
} finally {
Binder.restoreCallingIdentity(ident);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public long getMaximumTimeToLock(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
long time = 0;
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
More device admin. - Clean up device policy manager APIs. - Implement lockNow(). For now this just turns the screen off to lock the device.
2010-01-27 19:23:59 -08:00
return admin != null ? admin.maximumTimeToUnlock : time;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Bite the bullet and add support for multiple device admins.
2010-01-27 16:21:20 -08:00
if (time == 0) {
time = admin.maximumTimeToUnlock;
} else if (admin.maximumTimeToUnlock != 0
&& time > admin.maximumTimeToUnlock) {
time = admin.maximumTimeToUnlock;
}
}
return time;
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
public void lockNow() {
synchronized (this) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
getActiveAdminForCallerLocked(null,
DeviceAdminInfo.USES_POLICY_FORCE_LOCK);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
lockNowUnchecked();
}
}
private void lockNowUnchecked() {
long ident = Binder.clearCallingIdentity();
try {
// Power off the display
getIPowerManager().goToSleep(SystemClock.uptimeMillis(),
PowerManager.GO_TO_SLEEP_REASON_DEVICE_ADMIN);
// Ensure the device is locked
getWindowManager().lockNow();
} catch (RemoteException e) {
} finally {
Binder.restoreCallingIdentity(ident);
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Fix remote device wipe to not hang. The DPM seemed to always go through ExternalStorageFormatter to wipe the device and SD card. For SD cards emulated on a fuse filesystem, this seems to fail unless the device is wholly encrypted. Bypass ExternalStorageFormatter in those cases and just wipe as normal. Bug: 5458396 Change-Id: Iec759ef894c6bd3863cb4e7329f4de4584c60c1a
2011-10-17 17:30:21 -07:00
private boolean isExtStorageEncrypted() {
String state = SystemProperties.get("vold.decrypt");
return !"".equals(state);
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
void wipeDataLocked(int flags) {
Fix remote device wipe to not hang. The DPM seemed to always go through ExternalStorageFormatter to wipe the device and SD card. For SD cards emulated on a fuse filesystem, this seems to fail unless the device is wholly encrypted. Bypass ExternalStorageFormatter in those cases and just wipe as normal. Bug: 5458396 Change-Id: Iec759ef894c6bd3863cb4e7329f4de4584c60c1a
2011-10-17 17:30:21 -07:00
// If the SD card is encrypted and non-removable, we have to force a wipe.
boolean forceExtWipe = !Environment.isExternalStorageRemovable() && isExtStorageEncrypted();
boolean wipeExtRequested = (flags&DevicePolicyManager.WIPE_EXTERNAL_STORAGE) != 0;
// Note: we can only do the wipe via ExternalStorageFormatter if the volume is not emulated.
if ((forceExtWipe || wipeExtRequested) && !Environment.isExternalStorageEmulated()) {
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
Intent intent = new Intent(ExternalStorageFormatter.FORMAT_AND_FACTORY_RESET);
Wipe the user data out in any case. When the external storage is not mounted, the android system won't wipe out the user data (i.e. "/data") if wipeData() is called with the flag WIPE_EXTERNAL_STORAGE. We think that the user data should be wiped out in any options and also wipeData(int) method currently supports also for a external storage. So we will also change the API reference comment. If we should care about backward compatibility of this method behavior with the option WIPE_EXTERNAL_STORAGE, then we would add an another bitmask something like a ALWAYS_RESET. Change-Id: Id7bf673c722bacc0480d32e46553b9a348513879
2012-02-15 19:25:50 +09:00
intent.putExtra(ExternalStorageFormatter.EXTRA_ALWAYS_RESET, true);
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
intent.setComponent(ExternalStorageFormatter.COMPONENT_NAME);
mWakeLock.acquire(10000);
mContext.startService(intent);
} else {
try {
RecoverySystem.rebootWipeUserData(mContext);
} catch (IOException e) {
Slog.w(TAG, "Failed requesting data wipe", e);
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void wipeData(int flags, final int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
More device admin work: description, policy control. There is now a description attribute associated with all components, that can supply user-visible information about what the component does. We use this to show such information about device admins, and wallpapers are also updated to be able to show this in addition to the existing description in their meta-data. This also defines security control for admins, requiring that they declare the policies they will touch, and enforcing that they do so to be able to use various APIs.
2010-01-22 11:31:30 -08:00
getActiveAdminForCallerLocked(null,
DeviceAdminInfo.USES_POLICY_WIPE_DATA);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
long ident = Binder.clearCallingIdentity();
try {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (userHandle == UserHandle.USER_OWNER) {
wipeDataLocked(flags);
} else {
lockNowUnchecked();
mHandler.post(new Runnable() {
public void run() {
try {
ActivityManagerNative.getDefault().switchUser(0);
((UserManager) mContext.getSystemService(Context.USER_SERVICE))
.removeUser(userHandle);
} catch (RemoteException re) {
// Shouldn't happen
}
}
});
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
} finally {
Binder.restoreCallingIdentity(ident);
}
More device policy manager / admin work. Update API with some new features, re-arrange how you check for valid passwords, and start hooking up the back-end implementation.
2010-01-20 13:37:26 -08:00
}
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) {
enforceCrossUserPermission(userHandle);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(comp, userHandle);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
if (admin == null) {
try {
result.sendResult(null);
} catch (RemoteException e) {
}
return;
}
Fix issue #2420412: API review: DeviceAdmin API changes Note in docs that callbacks are on main thread. Rename to DeviceAdminReceiver? Document resetPassword is the device's password. Also hide android.R.attr.neverEncrypt.
2010-02-16 20:38:49 -08:00
Intent intent = new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED);
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
intent.setComponent(admin.info.getComponent());
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
mContext.sendOrderedBroadcastAsUser(intent, new UserHandle(userHandle),
Improve multi-user broadcasts. You can now use ALL and CURRENT when sending broadcasts, to specify where the broadcast goes. Sticky broadcasts are now correctly separated per user, and registered receivers are filtered based on the requested target user. New Context APIs for more kinds of sending broadcasts as users. Updating a bunch of system code that sends broadcasts to explicitly specify which user the broadcast goes to. Made a single version of the code for interpreting the requested target user ID that all entries to activity manager (start activity, send broadcast, start service) use. Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
2012-08-29 18:32:08 -07:00
null, new BroadcastReceiver() {
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
@Override
public void onReceive(Context context, Intent intent) {
try {
result.sendResult(getResultExtras(false));
} catch (RemoteException e) {
}
}
}, null, Activity.RESULT_OK, null, null);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Fix 2677197: Adding minimum complex character support. Change-Id: I520bc5f9aa924bf9b5585b2235a91cc96cb99c25
2010-05-24 17:10:56 -07:00
public void setActivePasswordState(int quality, int length, int letters, int uppercase,
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int lowercase, int numbers, int symbols, int nonletter, int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData p = getUserData(userHandle);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Fix issue #2530103: ActivePassword data in Device Policy Manager needs to be persisted Also fixes how the quality vs. mode is handled to be more consistent, which also required introducing a new "alphabetic" quality since it is possible for the user to enter such a password. The current password quality and length is stored in the DPM, since at boot it couldn't figure this out from the stored password. Change-Id: I519d9b76dd0b4431bcf42920c34dda38c9f1136e
2010-03-22 11:12:48 -07:00
validateQualityConstant(quality);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (p.mActivePasswordQuality != quality || p.mActivePasswordLength != length
|| p.mFailedPasswordAttempts != 0 || p.mActivePasswordLetters != letters
|| p.mActivePasswordUpperCase != uppercase
|| p.mActivePasswordLowerCase != lowercase || p.mActivePasswordNumeric != numbers
|| p.mActivePasswordSymbols != symbols || p.mActivePasswordNonLetter != nonletter) {
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
long ident = Binder.clearCallingIdentity();
try {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
p.mActivePasswordQuality = quality;
p.mActivePasswordLength = length;
p.mActivePasswordLetters = letters;
p.mActivePasswordLowerCase = lowercase;
p.mActivePasswordUpperCase = uppercase;
p.mActivePasswordNumeric = numbers;
p.mActivePasswordSymbols = symbols;
p.mActivePasswordNonLetter = nonletter;
p.mFailedPasswordAttempts = 0;
saveSettingsLocked(userHandle);
updatePasswordExpirationsLocked(userHandle);
setExpirationAlarmCheckLocked(mContext, p);
Fix issue #2420412: API review: DeviceAdmin API changes Note in docs that callbacks are on main thread. Rename to DeviceAdminReceiver? Document resetPassword is the device's password. Also hide android.R.attr.neverEncrypt.
2010-02-16 20:38:49 -08:00
sendAdminCommandLocked(DeviceAdminReceiver.ACTION_PASSWORD_CHANGED,
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} finally {
Binder.restoreCallingIdentity(ident);
}
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
/**
* Called any time the device password is updated. Resets all password expiration clocks.
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private void updatePasswordExpirationsLocked(int userHandle) {
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (N > 0) {
for (int i=0; i<N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {
Update device password expiration/alarm behavior * Change alarm math to snap to multiples of 24h before expiration * Stop recurring alarm when no expirations upcoming * Fix small bug in update logic when device password is updated Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
2010-11-29 17:43:32 -08:00
long timeout = admin.passwordExpirationTimeout;
long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L;
admin.passwordExpirationDate = expiration;
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Add password expiration support to DevicePolicyManager. Change-Id: Ib2629ec547c123ac489d7f4cbd4e0a1d4aa07620
2010-11-08 16:15:47 -08:00
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void reportFailedPasswordAttempt(int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
long ident = Binder.clearCallingIdentity();
try {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mFailedPasswordAttempts++;
saveSettingsLocked(userHandle);
int max = getMaximumFailedPasswordsForWipe(null, userHandle);
if (max > 0 && policy.mFailedPasswordAttempts >= max) {
More work on device admins: - You can now show a dynamic message to the user when asking to have your DeviceAdmin added. - A DeviceAdmin can now provide a warning message that is displayed before a user disables it. - Better ordering (and text) of the policy warnings. - New API to set the maximum failed password attempts before the device wipes itself. - We now store the number of failed unlock attempts in persistent storage. - New managed dialog APIs that will be used by the settings app. Also a little bit of cleanup as I was working on this - removed the long unused MailboxNotAvailableException, fixed a java doc in Messenger.
2010-01-26 18:01:04 -08:00
wipeDataLocked(0);
}
Fix issue #2420412: API review: DeviceAdmin API changes Note in docs that callbacks are on main thread. Rename to DeviceAdminReceiver? Document resetPassword is the device's password. Also hide android.R.attr.neverEncrypt.
2010-02-16 20:38:49 -08:00
sendAdminCommandLocked(DeviceAdminReceiver.ACTION_PASSWORD_FAILED,
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} finally {
Binder.restoreCallingIdentity(ident);
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void reportSuccessfulPasswordAttempt(int userHandle) {
enforceCrossUserPermission(userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
synchronized (this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
if (policy.mFailedPasswordAttempts != 0 || policy.mPasswordOwner >= 0) {
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
long ident = Binder.clearCallingIdentity();
try {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
policy.mFailedPasswordAttempts = 0;
policy.mPasswordOwner = -1;
saveSettingsLocked(userHandle);
Fix issue #2420412: API review: DeviceAdmin API changes Note in docs that callbacks are on main thread. Rename to DeviceAdminReceiver? Document resetPassword is the device's password. Also hide android.R.attr.neverEncrypt.
2010-02-16 20:38:49 -08:00
sendAdminCommandLocked(DeviceAdminReceiver.ACTION_PASSWORD_SUCCEEDED,
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle);
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
} finally {
Binder.restoreCallingIdentity(ident);
}
}
}
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
public ComponentName setGlobalProxy(ComponentName who, String proxySpec,
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
String exclusionList, int userHandle) {
enforceCrossUserPermission(userHandle);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
synchronized(this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
// Only check if owner has set global proxy. We don't allow other users to set it.
DevicePolicyData policy = getUserData(UserHandle.USER_OWNER);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY);
// Scan through active admins and find if anyone has already
// set the global proxy.
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
Set<ComponentName> compSet = policy.mAdminMap.keySet();
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
for (ComponentName component : compSet) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin ap = policy.mAdminMap.get(component);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
if ((ap.specifiesGlobalProxy) && (!component.equals(who))) {
// Another admin already sets the global proxy
// Return it to the caller.
return component;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
// If the user is not the owner, don't set the global proxy. Fail silently.
if (UserHandle.getCallingUserId() != UserHandle.USER_OWNER) {
Slog.w(TAG, "Only the owner is allowed to set the global proxy. User "
+ userHandle + " is not permitted.");
return null;
}
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
if (proxySpec == null) {
admin.specifiesGlobalProxy = false;
admin.globalProxySpec = null;
admin.globalProxyExclusionList = null;
} else {
admin.specifiesGlobalProxy = true;
admin.globalProxySpec = proxySpec;
admin.globalProxyExclusionList = exclusionList;
}
// Reset the global proxy accordingly
// Do this using system permissions, as apps cannot write to secure settings
long origId = Binder.clearCallingIdentity();
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
resetGlobalProxyLocked(policy);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
Binder.restoreCallingIdentity(origId);
return null;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public ComponentName getGlobalProxyAdmin(int userHandle) {
enforceCrossUserPermission(userHandle);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
synchronized(this) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(UserHandle.USER_OWNER);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
// Scan through active admins and find if anyone has already
// set the global proxy.
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin ap = policy.mAdminList.get(i);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
if (ap.specifiesGlobalProxy) {
// Device admin sets the global proxy
// Return it to the caller.
return ap.info.getComponent();
}
}
}
// No device admin sets the global proxy.
return null;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private void resetGlobalProxyLocked(DevicePolicyData policy) {
final int N = policy.mAdminList.size();
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin ap = policy.mAdminList.get(i);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
if (ap.specifiesGlobalProxy) {
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
saveGlobalProxyLocked(ap.globalProxySpec, ap.globalProxyExclusionList);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
return;
}
}
// No device admins defining global proxies - reset global proxy settings to none
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
saveGlobalProxyLocked(null, null);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
}
Fix issue #6664140: Time to lock should work even Stay awake... ...in Developer options is on Don't respect stay awake while on as long as a time to lock limit is being enforced. When we start enforcing one, make sure the setting is off (since we won't be respecting it anyway). Bug: 6664140 Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
2012-06-15 17:05:25 -07:00
private void saveGlobalProxyLocked(String proxySpec, String exclusionList) {
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
if (exclusionList == null) {
exclusionList = "";
}
if (proxySpec == null) {
proxySpec = "";
}
// Remove white spaces
proxySpec = proxySpec.trim();
Notify all VMs when proxy changes. bug:2700664 Change-Id: I74cc6e0bd6e66847bf18f524ce851e3e9d2c4e87
2010-10-11 16:00:27 -07:00
String data[] = proxySpec.split(":");
int proxyPort = 8080;
if (data.length > 1) {
try {
proxyPort = Integer.parseInt(data[1]);
} catch (NumberFormatException e) {}
}
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
exclusionList = exclusionList.trim();
ContentResolver res = mContext.getContentResolver();
Migrate more Secure settings to Global. Migrate networking, storage, battery, DropBox, and PackageManager related Secure settings to Global table. Bug: 7232014, 7231331, 7231198 Change-Id: I772c2a9586a2f708c9db95622477f235064b8f4d
2012-09-26 22:03:49 -07:00
Settings.Global.putString(res, Settings.Global.GLOBAL_HTTP_PROXY_HOST, data[0]);
Settings.Global.putInt(res, Settings.Global.GLOBAL_HTTP_PROXY_PORT, proxyPort);
Settings.Global.putString(res, Settings.Global.GLOBAL_HTTP_PROXY_EXCLUSION_LIST,
Notify all VMs when proxy changes. bug:2700664 Change-Id: I74cc6e0bd6e66847bf18f524ce851e3e9d2c4e87
2010-10-11 16:00:27 -07:00
exclusionList);
Device Policy Manager changes to enable Global Proxy. Change-Id: I8489df7d28e4c5312e10d5cecc8e2a182413a034
2010-08-03 10:51:06 -07:00
}
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
/**
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
* Set the storage encryption request for a single admin. Returns the new total request
* status (for all admins).
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int setStorageEncryption(ComponentName who, boolean encrypt, int userHandle) {
enforceCrossUserPermission(userHandle);
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
synchronized (this) {
// Check for permissions
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
// Only owner can set storage encryption
if (userHandle != UserHandle.USER_OWNER
|| UserHandle.getCallingUserId() != UserHandle.USER_OWNER) {
Slog.w(TAG, "Only owner is allowed to set storage encryption. User "
+ UserHandle.getCallingUserId() + " is not permitted.");
return 0;
}
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_ENCRYPTED_STORAGE);
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
// Quick exit: If the filesystem does not support encryption, we can exit early.
if (!isEncryptionSupported()) {
return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
}
// (1) Record the value for the admin so it's sticky
if (ap.encryptionRequested != encrypt) {
ap.encryptionRequested = encrypt;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(UserHandle.USER_OWNER);
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
// (2) Compute "max" for all admins
boolean newRequested = false;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
newRequested |= policy.mAdminList.get(i).encryptionRequested;
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
}
// Notify OS of new request
setEncryptionRequested(newRequested);
// Return the new global request status
return newRequested
? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
: DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
}
}
/**
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
* Get the current storage encryption request status for a given admin, or aggregate of all
* active admins.
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public boolean getStorageEncryption(ComponentName who, int userHandle) {
enforceCrossUserPermission(userHandle);
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
synchronized (this) {
// Check for permissions if a particular caller is specified
if (who != null) {
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
// When checking for a single caller, status is based on caller's request
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin ap = getActiveAdminUncheckedLocked(who, userHandle);
Use unchecked admin lookup for getStorageEncryption() Due to a copy/paste typo, getStorageEncryption() was protected by getActiveAdminForCallerLocked(), which made the API unreadable if the caller is not an admin. This doesn't match the rest of the DPM API which allows the "get" calls to be made anonymously. This fix supercedes the proposed workaround CL in the DPM ApiDemo sample. Change-Id: If1a6237634e97ced09a7c6a8876bb6b0f60c9be9
2011-06-01 15:30:54 -07:00
return ap != null ? ap.encryptionRequested : false;
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
}
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
// If no particular caller is specified, return the aggregate set of requests.
// This is short circuited by returning true on the first hit.
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
if (policy.mAdminList.get(i).encryptionRequested) {
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
return true;
}
}
return false;
API changes to support encryption in DPM * New uses-policies value * Definitions for storage domain and encryption status * API to get and set encryption status * Intent to launch encryption changes * Both new calls bottom out in the DPM service and are suitable for a device that does not support encryption. NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver to be built in Settings (different CL). Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
2011-01-12 14:59:52 -08:00
}
}
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
/**
* Get the current encryption status of the device.
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public int getStorageEncryptionStatus(int userHandle) {
enforceCrossUserPermission(userHandle);
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
return getEncryptionStatus();
}
/**
* Hook to low-levels: This should report if the filesystem supports encrypted storage.
*/
private boolean isEncryptionSupported() {
// Note, this can be implemented as
// return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
// But is provided as a separate internal method if there's a faster way to do a
// simple check for supported-or-not.
return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
}
/**
* Hook to low-levels: Reporting the current status of encryption.
* @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED} or
* {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE} or
* {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}.
*/
private int getEncryptionStatus() {
Read actual device encryption status Bug: 3346770 Change-Id: Ie70c14b1b4584a5f340a27102145f7860ba9e14b
2011-01-20 16:35:09 -08:00
String status = SystemProperties.get("ro.crypto.state", "unsupported");
if ("encrypted".equalsIgnoreCase(status)) {
return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
} else if ("unencrypted".equalsIgnoreCase(status)) {
return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
} else {
return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
}
Add internal plumbing to DPM for encryption * Add code to persist per-admin setting * Add hooks for OS-level tie-in (is supported, get / set status) * Add 3rd API call to get OS status (irrespective of admin settings) * Remove "REQUESTED" status, no longer relevant with 3rd API * Fixed bug that impacted global proxy settings * Update api/11.xml to match current.xml Bug: 3346770 Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
2011-01-17 12:47:31 -08:00
}
/**
* Hook to low-levels: If needed, record the new admin setting for encryption.
*/
private void setEncryptionRequested(boolean encrypt) {
}
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
/**
* The system property used to share the state of the camera. The native camera service
* is expected to read this property and act accordingly.
*/
public static final String SYSTEM_PROP_DISABLE_CAMERA = "sys.secpolicy.camera.disabled";
/**
* Disables all device cameras according to the specified admin.
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public void setCameraDisabled(ComponentName who, boolean disabled, int userHandle) {
enforceCrossUserPermission(userHandle);
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA);
if (ap.disableCamera != disabled) {
ap.disableCamera = disabled;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
syncDeviceCapabilitiesLocked(getUserData(userHandle));
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
}
}
/**
* Gets whether or not all device cameras are disabled for a given admin, or disabled for any
* active admins.
*/
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
public boolean getCameraDisabled(ComponentName who, int userHandle) {
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
synchronized (this) {
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
return (admin != null) ? admin.disableCamera : false;
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
// Determine whether or not the device camera is disabled for any active admins.
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
final int N = policy.mAdminList.size();
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
New device policy to disable camera. This introduces a new policy that a DeviceAdmin can use to disable _all_ cameras on the device. A separate CL will be made on the media side to watch this policy bit and act accordingly. Bug: 4185303 Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
2011-05-09 16:05:33 -07:00
if (admin.disableCamera) {
return true;
}
}
return false;
}
}
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
/**
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
* Selectively disable keyguard features.
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
*/
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
public void setKeyguardDisabledFeatures(ComponentName who, int which, int userHandle) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
enforceCrossUserPermission(userHandle);
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");
}
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES);
if (ap.disabledKeyguardFeatures != which) {
ap.disabledKeyguardFeatures = which;
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
saveSettingsLocked(userHandle);
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
syncDeviceCapabilitiesLocked(getUserData(userHandle));
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
}
}
/**
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
* Gets the disabled state for features in keyguard for the given admin,
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
* or the aggregate of all active admins if who is null.
*/
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
public int getKeyguardDisabledFeatures(ComponentName who, int userHandle) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
enforceCrossUserPermission(userHandle);
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
synchronized (this) {
if (who != null) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
return (admin != null) ? admin.disabledKeyguardFeatures : 0;
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
}
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
// Determine which keyguard features are disabled for any active admins.
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
int which = 0;
for (int i = 0; i < N; i++) {
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
ActiveAdmin admin = policy.mAdminList.get(i);
Make DPM API for disabling keyguard widgets more generic This change renames the widget-specific API to be more generic to allow further disabling of keyguard-specific customizations in the future. Currently only allows disabling widgets and the secure camera but can now easily be extended to disable other features we add. Fixes bug: 7021368 Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
2012-09-19 23:16:50 -07:00
which |= admin.disabledKeyguardFeatures;
Update DevicePolicyManager with ability to disable keyguard widgets Change-Id: I5876e9e180b2a995aaa355fbbb2b67cebb86104d
2012-08-31 17:19:10 -07:00
}
return which;
}
}
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
private void enforceCrossUserPermission(int userHandle) {
if (userHandle < 0) {
throw new IllegalArgumentException("Invalid userId " + userHandle);
}
final int callingUid = Binder.getCallingUid();
if (userHandle == UserHandle.getUserId(callingUid)) return;
if (callingUid != Process.SYSTEM_UID && callingUid != 0) {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, "Must be system or have"
+ " INTERACT_ACROSS_USERS_FULL permission");
}
}
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
!= PackageManager.PERMISSION_GRANTED) {
pw.println("Permission Denial: can't dump DevicePolicyManagerService from from pid="
+ Binder.getCallingPid()
+ ", uid=" + Binder.getCallingUid());
return;
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
final Printer p = new PrintWriterPrinter(pw);
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
synchronized (this) {
p.println("Current Device Policy Manager state:");
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
int userCount = mUserData.size();
for (int u = 0; u < userCount; u++) {
DevicePolicyData policy = getUserData(mUserData.keyAt(u));
p.println(" Enabled Device Admins (User " + policy.mUserHandle + "):");
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
ActiveAdmin ap = policy.mAdminList.get(i);
if (ap != null) {
pw.print(" "); pw.print(ap.info.getComponent().flattenToShortString());
pw.println(":");
ap.dump(" ", pw);
}
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
}
Fix 2673731: Adding support for password history to Device Admin. Change-Id: If3240048813e32b2bae79fe5cb8a73aea20ec56c
2010-05-20 16:18:05 -07:00
DevicePolicyManager per user Bug: 7136483 Store device policy information for each user and apply them when user switches. Global proxy can only be controlled by owner. Camera restriction applies to all users, if any one has an admin that disables it. Storage encryption can only be controlled by owner, although other users can query the state. Wipe data will only remove the user if non-zero, wipe the device, if zero. Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
2012-09-14 23:20:08 -07:00
pw.println(" ");
pw.print(" mPasswordOwner="); pw.println(policy.mPasswordOwner);
}
Move DeviceAdmin APIs to android.app.admin. Also add ability for admins to hide themselves when not in use, a facility for admins to not allow other admins to reset their password, and debug dumping.
2010-02-26 17:25:54 -08:00
}
}
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
}
Reference in New Issue Copy Permalink