Examples with DevicePolicyManager android.app.admin.DevicePolicyManager used on opensource projects

Example 66 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by crdroidandroid.

the class ContactsInternal method maybeStartManagedQuickContact.

/**
     * If the URI in {@code intent} is of a corp contact, launch quick contact on the managed
     * profile.
     *
     * @return the URI in {@code intent} is of a corp contact thus launched on the managed profile.
     */
private static boolean maybeStartManagedQuickContact(Context context, Intent originalIntent) {
    final Uri uri = originalIntent.getData();
    // Decompose into an ID and a lookup key.
    final List<String> pathSegments = uri.getPathSegments();
    final boolean isContactIdIgnored = pathSegments.size() < 4;
    final long contactId = isContactIdIgnored ? //contact id will be ignored
    ContactsContract.Contacts.ENTERPRISE_CONTACT_ID_BASE : ContentUris.parseId(uri);
    final String lookupKey = pathSegments.get(2);
    final String directoryIdStr = uri.getQueryParameter(ContactsContract.DIRECTORY_PARAM_KEY);
    final long directoryId = (directoryIdStr == null) ? ContactsContract.Directory.ENTERPRISE_DIRECTORY_ID_BASE : Long.parseLong(directoryIdStr);
    // See if it has a corp lookupkey.
    if (TextUtils.isEmpty(lookupKey) || !lookupKey.startsWith(ContactsContract.Contacts.ENTERPRISE_CONTACT_LOOKUP_PREFIX)) {
        // It's not a corp lookup key.
        return false;
    }
    if (!ContactsContract.Contacts.isEnterpriseContactId(contactId)) {
        throw new IllegalArgumentException("Invalid enterprise contact id: " + contactId);
    }
    if (!ContactsContract.Directory.isEnterpriseDirectoryId(directoryId)) {
        throw new IllegalArgumentException("Invalid enterprise directory id: " + directoryId);
    }
    // Launch Quick Contact on the managed profile, if the policy allows.
    final DevicePolicyManager dpm = context.getSystemService(DevicePolicyManager.class);
    final String actualLookupKey = lookupKey.substring(ContactsContract.Contacts.ENTERPRISE_CONTACT_LOOKUP_PREFIX.length());
    final long actualContactId = (contactId - ContactsContract.Contacts.ENTERPRISE_CONTACT_ID_BASE);
    final long actualDirectoryId = (directoryId - ContactsContract.Directory.ENTERPRISE_DIRECTORY_ID_BASE);
    dpm.startManagedQuickContact(actualLookupKey, actualContactId, isContactIdIgnored, actualDirectoryId, originalIntent);
    return true;
}

Example 67 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by crdroidandroid.

the class KeyguardSecurityContainer method reportFailedUnlockAttempt.

private void reportFailedUnlockAttempt(int userId, int timeoutMs) {
    final KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(mContext);
    // +1 for this time
    final int failedAttempts = monitor.getFailedUnlockAttempts(userId) + 1;
    if (DEBUG)
        Log.d(TAG, "reportFailedPatternAttempt: #" + failedAttempts);
    SecurityMode mode = mSecurityModel.getSecurityMode();
    final DevicePolicyManager dpm = mLockPatternUtils.getDevicePolicyManager();
    final int failedAttemptsBeforeWipe = dpm.getMaximumFailedPasswordsForWipe(null, userId);
    final int remainingBeforeWipe = failedAttemptsBeforeWipe > 0 ? (failedAttemptsBeforeWipe - failedAttempts) : // because DPM returns 0 if no restriction
    Integer.MAX_VALUE;
    final boolean usingPattern = mode == KeyguardSecurityModel.SecurityMode.Pattern;
    final boolean usingPIN = mode == KeyguardSecurityModel.SecurityMode.PIN;
    final boolean usingPassword = mode == KeyguardSecurityModel.SecurityMode.Password;
    final int maxCountdownTimes = mContext.getResources().getInteger(R.integer.config_max_unlock_countdown_times);
    final boolean enableTimesCounter = maxCountdownTimes > 0 && (usingPattern || usingPIN || usingPassword);
    if (enableTimesCounter && (failedAttempts >= maxCountdownTimes)) {
        showCountdownWipeDialog(failedAttempts);
    } else if (remainingBeforeWipe < LockPatternUtils.FAILED_ATTEMPTS_BEFORE_WIPE_GRACE) {
        // The user has installed a DevicePolicyManager that requests a user/profile to be wiped
        // N attempts. Once we get below the grace period, we post this dialog every time as a
        // clear warning until the deletion fires.
        // Check which profile has the strictest policy for failed password attempts
        final int expiringUser = dpm.getProfileWithMinimumFailedPasswordsForWipe(userId);
        int userType = USER_TYPE_PRIMARY;
        if (expiringUser == userId) {
            // TODO: http://b/23522538
            if (expiringUser != UserHandle.USER_SYSTEM) {
                userType = USER_TYPE_SECONDARY_USER;
            }
        } else if (expiringUser != UserHandle.USER_NULL) {
            userType = USER_TYPE_WORK_PROFILE;
        }
        // If USER_NULL, which shouldn't happen, leave it as USER_TYPE_PRIMARY
        if (remainingBeforeWipe > 0) {
            showAlmostAtWipeDialog(failedAttempts, remainingBeforeWipe, userType);
        } else {
            // Too many attempts. The device will be wiped shortly.
            Slog.i(TAG, "Too many unlock attempts; user " + expiringUser + " will be wiped!");
            showWipeDialog(failedAttempts, userType);
        }
    }
    monitor.reportFailedStrongAuthUnlockAttempt(userId);
    mLockPatternUtils.reportFailedPasswordAttempt(userId);
    if (!enableTimesCounter && (timeoutMs > 0)) {
        showTimeoutDialog(timeoutMs);
    }
}

Example 68 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by crdroidandroid.

the class TrustAgentWrapper method updateDevicePolicyFeatures.

boolean updateDevicePolicyFeatures() {
    boolean trustDisabled = false;
    if (DEBUG)
        Slog.v(TAG, "updateDevicePolicyFeatures(" + mName + ")");
    try {
        if (mTrustAgentService != null) {
            DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
            if ((dpm.getKeyguardDisabledFeatures(null, mUserId) & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0) {
                List<PersistableBundle> config = dpm.getTrustAgentConfiguration(null, mName, mUserId);
                trustDisabled = true;
                if (DEBUG)
                    Slog.v(TAG, "Detected trust agents disabled. Config = " + config);
                if (config != null && config.size() > 0) {
                    if (DEBUG) {
                        Slog.v(TAG, "TrustAgent " + mName.flattenToShortString() + " disabled until it acknowledges " + config);
                    }
                    mSetTrustAgentFeaturesToken = new Binder();
                    mTrustAgentService.onConfigure(config, mSetTrustAgentFeaturesToken);
                }
            } else {
                mTrustAgentService.onConfigure(Collections.EMPTY_LIST, null);
            }
            final long maxTimeToLock = dpm.getMaximumTimeToLockForUserAndProfiles(mUserId);
            if (maxTimeToLock != mMaximumTimeToLock) {
                // If the timeout changes, cancel the alarm and send a timeout event to have
                // the agent re-evaluate trust.
                mMaximumTimeToLock = maxTimeToLock;
                if (mAlarmPendingIntent != null) {
                    mAlarmManager.cancel(mAlarmPendingIntent);
                    mAlarmPendingIntent = null;
                    mHandler.sendEmptyMessage(MSG_TRUST_TIMEOUT);
                }
            }
        }
    } catch (RemoteException e) {
        onError(e);
    }
    if (mTrustDisabledByDpm != trustDisabled) {
        mTrustDisabledByDpm = trustDisabled;
        mTrustManagerService.updateTrust(mUserId, 0);
    }
    return trustDisabled;
}

Example 69 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by crdroidandroid.

the class TrustManagerService method refreshAgentList.

void refreshAgentList(int userIdOrAll) {
    if (DEBUG)
        Slog.d(TAG, "refreshAgentList(" + userIdOrAll + ")");
    if (!mTrustAgentsCanRun) {
        return;
    }
    if (userIdOrAll != UserHandle.USER_ALL && userIdOrAll < UserHandle.USER_SYSTEM) {
        Log.e(TAG, "refreshAgentList(userId=" + userIdOrAll + "): Invalid user handle," + " must be USER_ALL or a specific user.", new Throwable("here"));
        userIdOrAll = UserHandle.USER_ALL;
    }
    PackageManager pm = mContext.getPackageManager();
    List<UserInfo> userInfos;
    if (userIdOrAll == UserHandle.USER_ALL) {
        userInfos = mUserManager.getUsers(true);
    } else {
        userInfos = new ArrayList<>();
        userInfos.add(mUserManager.getUserInfo(userIdOrAll));
    }
    LockPatternUtils lockPatternUtils = mLockPatternUtils;
    ArraySet<AgentInfo> obsoleteAgents = new ArraySet<>();
    obsoleteAgents.addAll(mActiveAgents);
    for (UserInfo userInfo : userInfos) {
        if (userInfo == null || userInfo.partial || !userInfo.isEnabled() || userInfo.guestToRemove)
            continue;
        if (!userInfo.supportsSwitchToByUser())
            continue;
        if (!StorageManager.isUserKeyUnlocked(userInfo.id))
            continue;
        if (!mActivityManager.isUserRunning(userInfo.id))
            continue;
        if (!lockPatternUtils.isSecure(userInfo.id))
            continue;
        if (!mStrongAuthTracker.canAgentsRunForUser(userInfo.id))
            continue;
        DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();
        int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);
        final boolean disableTrustAgents = (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;
        List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id);
        if (enabledAgents == null) {
            continue;
        }
        List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userInfo.id);
        for (ResolveInfo resolveInfo : resolveInfos) {
            ComponentName name = getComponentName(resolveInfo);
            if (!enabledAgents.contains(name))
                continue;
            if (disableTrustAgents) {
                List<PersistableBundle> config = dpm.getTrustAgentConfiguration(null, /* admin */
                name, userInfo.id);
                // Disable agent if no features are enabled.
                if (config == null || config.isEmpty())
                    continue;
            }
            AgentInfo agentInfo = new AgentInfo();
            agentInfo.component = name;
            agentInfo.userId = userInfo.id;
            if (!mActiveAgents.contains(agentInfo)) {
                agentInfo.label = resolveInfo.loadLabel(pm);
                agentInfo.icon = resolveInfo.loadIcon(pm);
                agentInfo.settings = getSettingsComponentName(pm, resolveInfo);
                agentInfo.agent = new TrustAgentWrapper(mContext, this, new Intent().setComponent(name), userInfo.getUserHandle());
                mActiveAgents.add(agentInfo);
            } else {
                obsoleteAgents.remove(agentInfo);
            }
        }
    }
    boolean trustMayHaveChanged = false;
    for (int i = 0; i < obsoleteAgents.size(); i++) {
        AgentInfo info = obsoleteAgents.valueAt(i);
        if (userIdOrAll == UserHandle.USER_ALL || userIdOrAll == info.userId) {
            if (info.agent.isManagingTrust()) {
                trustMayHaveChanged = true;
            }
            info.agent.destroy();
            mActiveAgents.remove(info);
        }
    }
    if (trustMayHaveChanged) {
        if (userIdOrAll == UserHandle.USER_ALL) {
            updateTrustAll();
        } else {
            updateTrust(userIdOrAll, 0);
        }
    }
}

Example 70 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by crdroidandroid.

the class RestrictedLockUtils method checkIfAccountManagementDisabled.

/**
     * Check if account management for a specific type of account is disabled by admin.
     * Only a profile or device owner can disable account management. So, we check if account
     * management is disabled and return profile or device owner on the calling user.
     *
     * @return EnforcedAdmin Object containing the enforced admin component and admin user details,
     * or {@code null} if the account management is not disabled.
     */
public static EnforcedAdmin checkIfAccountManagementDisabled(Context context, String accountType, int userId) {
    if (accountType == null) {
        return null;
    }
    DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
    if (dpm == null) {
        return null;
    }
    boolean isAccountTypeDisabled = false;
    String[] disabledTypes = dpm.getAccountTypesWithManagementDisabledAsUser(userId);
    for (String type : disabledTypes) {
        if (accountType.equals(type)) {
            isAccountTypeDisabled = true;
            break;
        }
    }
    if (!isAccountTypeDisabled) {
        return null;
    }
    return getProfileOrDeviceOwner(context, userId);
}