Example 56 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by AOSPA.
the class HardwarePropertiesManagerService method enforceHardwarePropertiesRetrievalAllowed.
/**
* Throws SecurityException if the calling package is not allowed to retrieve information
* provided by the service.
*
* @param callingPackage The calling package name.
*
* @throws SecurityException if something other than the profile or device owner, the
* current VR service, or a caller holding the {@link Manifest.permission#DEVICE_POWER}
* permission tries to retrieve information provided by this service.
*/
private void enforceHardwarePropertiesRetrievalAllowed(String callingPackage) throws SecurityException {
final PackageManager pm = mContext.getPackageManager();
int uid = 0;
try {
uid = pm.getPackageUid(callingPackage, 0);
if (Binder.getCallingUid() != uid) {
throw new SecurityException("The caller has faked the package name.");
}
} catch (PackageManager.NameNotFoundException e) {
throw new SecurityException("The caller has faked the package name.");
}
final int userId = UserHandle.getUserId(uid);
final VrManagerInternal vrService = LocalServices.getService(VrManagerInternal.class);
final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);
if (!dpm.isDeviceOwnerApp(callingPackage) && !dpm.isProfileOwnerApp(callingPackage) && !vrService.isCurrentVrListener(callingPackage, userId) && mContext.checkCallingOrSelfPermission(Manifest.permission.DEVICE_POWER) != PackageManager.PERMISSION_GRANTED) {
throw new SecurityException("The caller is not a device or profile owner, bound " + "VrListenerService, or holding the DEVICE_POWER permission.");
}
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
PackageManager(android.content.pm.PackageManager)
VrManagerInternal(com.android.server.vr.VrManagerInternal)
Example 57 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by AOSPA.
the class RestrictedLockUtils method checkIfPasswordQualityIsSet.
/**
* Checks if an admin has enforced minimum password quality requirements on the given user.
*
* @return EnforcedAdmin Object containing the enforced admin component and admin user details,
* or {@code null} if no quality requirements are set. If the requirements are set by
* multiple device admins, then the admin component will be set to {@code null} and userId to
* {@link UserHandle#USER_NULL}.
*
*/
public static EnforcedAdmin checkIfPasswordQualityIsSet(Context context, int userId) {
final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
if (dpm == null) {
return null;
}
LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
EnforcedAdmin enforcedAdmin = null;
if (lockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
// userId is managed profile and has a separate challenge, only consider
// the admins in that user.
final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userId);
if (admins == null) {
return null;
}
for (ComponentName admin : admins) {
if (dpm.getPasswordQuality(admin, userId) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userId);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
}
}
} else {
// Return all admins for this user and the profiles that are visible from this
// user that do not use a separate work challenge.
final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
for (UserInfo userInfo : um.getProfiles(userId)) {
final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
if (admins == null) {
continue;
}
final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id);
for (ComponentName admin : admins) {
if (!isSeparateProfileChallengeEnabled) {
if (dpm.getPasswordQuality(admin, userInfo.id) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
// has set policy on the parent admin.
continue;
}
}
if (userInfo.isManagedProfile()) {
// If userInfo.id is a managed profile, we also need to look at
// the policies set on the parent.
DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
if (parentDpm.getPasswordQuality(admin, userInfo.id) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
}
}
}
}
}
return enforcedAdmin;
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
UserManager(android.os.UserManager)
LockPatternUtils(com.android.internal.widget.LockPatternUtils)
ComponentName(android.content.ComponentName)
UserInfo(android.content.pm.UserInfo)
Example 58 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by AOSPA.
the class RestrictedLockUtils method checkIfMaximumTimeToLockIsSet.
/**
* Checks if any admin has set maximum time to lock.
*
* @return EnforcedAdmin Object containing the enforced admin component and admin user details,
* or {@code null} if no admin has set this restriction. If multiple admins has set this, then
* the admin component will be set to {@code null} and userId to {@link UserHandle#USER_NULL}
*/
public static EnforcedAdmin checkIfMaximumTimeToLockIsSet(Context context) {
final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
if (dpm == null) {
return null;
}
LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
EnforcedAdmin enforcedAdmin = null;
final int userId = UserHandle.myUserId();
final UserManager um = UserManager.get(context);
final List<UserInfo> profiles = um.getProfiles(userId);
final int profilesSize = profiles.size();
// enabled.
for (int i = 0; i < profilesSize; i++) {
final UserInfo userInfo = profiles.get(i);
final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
if (admins == null) {
continue;
}
for (ComponentName admin : admins) {
if (dpm.getMaximumTimeToLock(admin, userInfo.id) > 0) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
// has set policy on the parent admin.
continue;
}
if (userInfo.isManagedProfile()) {
// If userInfo.id is a managed profile, we also need to look at
// the policies set on the parent.
final DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
if (parentDpm.getMaximumTimeToLock(admin, userInfo.id) > 0) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
}
}
}
}
return enforcedAdmin;
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
UserManager(android.os.UserManager)
LockPatternUtils(com.android.internal.widget.LockPatternUtils)
UserInfo(android.content.pm.UserInfo)
ComponentName(android.content.ComponentName)
Example 59 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by AOSPA.
the class RestrictedLockUtils method isAdminInCurrentUserOrProfile.
public static boolean isAdminInCurrentUserOrProfile(Context context, ComponentName admin) {
DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
UserManager um = UserManager.get(context);
for (UserInfo userInfo : um.getProfiles(UserHandle.myUserId())) {
if (dpm.isAdminActiveAsUser(admin, userInfo.id)) {
return true;
}
}
return false;
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
UserManager(android.os.UserManager)
UserInfo(android.content.pm.UserInfo)
Example 60 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by AOSPA.
the class RestrictedLockUtils method checkIfKeyguardFeaturesDisabled.
/**
* Checks if keyguard features are disabled by policy.
*
* @param keyguardFeatures Could be any of keyguard features that can be
* disabled by {@link android.app.admin.DevicePolicyManager#setKeyguardDisabledFeatures}.
* @return EnforcedAdmin Object containing the enforced admin component and admin user details,
* or {@code null} If the notification features are not disabled. If the restriction is set by
* multiple admins, then the admin component will be set to {@code null} and userId to
* {@link UserHandle#USER_NULL}.
*/
public static EnforcedAdmin checkIfKeyguardFeaturesDisabled(Context context, int keyguardFeatures, int userId) {
final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
if (dpm == null) {
return null;
}
final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
EnforcedAdmin enforcedAdmin = null;
if (um.getUserInfo(userId).isManagedProfile()) {
final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userId);
if (admins == null) {
return null;
}
for (ComponentName admin : admins) {
if ((dpm.getKeyguardDisabledFeatures(admin, userId) & keyguardFeatures) != 0) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userId);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
}
}
} else {
// user that do not use a separate work challenge.
for (UserInfo userInfo : um.getProfiles(userId)) {
final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
if (admins == null) {
continue;
}
final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id);
for (ComponentName admin : admins) {
if (!isSeparateProfileChallengeEnabled) {
if ((dpm.getKeyguardDisabledFeatures(admin, userInfo.id) & keyguardFeatures) != 0) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
// has set policy on the parent admin.
continue;
}
}
if (userInfo.isManagedProfile()) {
// If userInfo.id is a managed profile, we also need to look at
// the policies set on the parent.
DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
if ((parentDpm.getKeyguardDisabledFeatures(admin, userInfo.id) & keyguardFeatures) != 0) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
}
}
}
}
}
return enforcedAdmin;
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
UserManager(android.os.UserManager)
LockPatternUtils(com.android.internal.widget.LockPatternUtils)
ComponentName(android.content.ComponentName)
UserInfo(android.content.pm.UserInfo)
Aggregations
DevicePolicyManager (android.app.admin.DevicePolicyManager)159
ComponentName (android.content.ComponentName)45
UserManager (android.os.UserManager)29
UserInfo (android.content.pm.UserInfo)25
RemoteException (android.os.RemoteException)24
LockPatternUtils (com.android.internal.widget.LockPatternUtils)19
Intent (android.content.Intent)18
PackageManager (android.content.pm.PackageManager)14
PersistableBundle (android.os.PersistableBundle)8
PendingIntent (android.app.PendingIntent)6
IBinder (android.os.IBinder)6
UserHandle (android.os.UserHandle)6
IPackageManager (android.content.pm.IPackageManager)5
Uri (android.net.Uri)5
VrManagerInternal (com.android.server.vr.VrManagerInternal)5
ResolveInfo (android.content.pm.ResolveInfo)4
Point (android.graphics.Point)4
Binder (android.os.Binder)4
KeyStore (android.security.KeyStore)4
ArraySet (android.util.ArraySet)4
