Example 81 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by crdroidandroid.
the class RestrictedLockUtils method checkIfAccessibilityServiceDisallowed.
public static EnforcedAdmin checkIfAccessibilityServiceDisallowed(Context context, String packageName, int userId) {
DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
if (dpm == null) {
return null;
}
EnforcedAdmin admin = getProfileOrDeviceOwner(context, userId);
boolean permitted = true;
if (admin != null) {
permitted = dpm.isAccessibilityServicePermittedByAdmin(admin.component, packageName, userId);
}
int managedProfileId = getManagedProfileId(context, userId);
EnforcedAdmin profileAdmin = getProfileOrDeviceOwner(context, managedProfileId);
boolean permittedByProfileAdmin = true;
if (profileAdmin != null) {
permittedByProfileAdmin = dpm.isAccessibilityServicePermittedByAdmin(profileAdmin.component, packageName, managedProfileId);
}
if (!permitted && !permittedByProfileAdmin) {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
} else if (!permitted) {
return admin;
} else if (!permittedByProfileAdmin) {
return profileAdmin;
}
return null;
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
Example 82 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by crdroidandroid.
the class RestrictedLockUtils method checkIfPasswordQualityIsSet.
/**
* Checks if an admin has enforced minimum password quality requirements on the given user.
*
* @return EnforcedAdmin Object containing the enforced admin component and admin user details,
* or {@code null} if no quality requirements are set. If the requirements are set by
* multiple device admins, then the admin component will be set to {@code null} and userId to
* {@link UserHandle#USER_NULL}.
*
*/
public static EnforcedAdmin checkIfPasswordQualityIsSet(Context context, int userId) {
final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
if (dpm == null) {
return null;
}
LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
EnforcedAdmin enforcedAdmin = null;
if (lockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
// userId is managed profile and has a separate challenge, only consider
// the admins in that user.
final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userId);
if (admins == null) {
return null;
}
for (ComponentName admin : admins) {
if (dpm.getPasswordQuality(admin, userId) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userId);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
}
}
} else {
// Return all admins for this user and the profiles that are visible from this
// user that do not use a separate work challenge.
final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
for (UserInfo userInfo : um.getProfiles(userId)) {
final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
if (admins == null) {
continue;
}
final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id);
for (ComponentName admin : admins) {
if (!isSeparateProfileChallengeEnabled) {
if (dpm.getPasswordQuality(admin, userInfo.id) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
// has set policy on the parent admin.
continue;
}
}
if (userInfo.isManagedProfile()) {
// If userInfo.id is a managed profile, we also need to look at
// the policies set on the parent.
DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
if (parentDpm.getPasswordQuality(admin, userInfo.id) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
if (enforcedAdmin == null) {
enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
} else {
return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
}
}
}
}
}
}
return enforcedAdmin;
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
UserManager(android.os.UserManager)
LockPatternUtils(com.android.internal.widget.LockPatternUtils)
ComponentName(android.content.ComponentName)
UserInfo(android.content.pm.UserInfo)
Example 83 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by AOSPA.
the class KeyguardUpdateMonitor method scheduleStrongAuthTimeout.
private void scheduleStrongAuthTimeout() {
final DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
long when = SystemClock.elapsedRealtime() + dpm.getRequiredStrongAuthTimeout(null, sCurrentUser);
Intent intent = new Intent(ACTION_STRONG_AUTH_TIMEOUT);
intent.putExtra(USER_ID, sCurrentUser);
PendingIntent sender = PendingIntent.getBroadcast(mContext, sCurrentUser, intent, PendingIntent.FLAG_CANCEL_CURRENT);
mAlarmManager.set(AlarmManager.ELAPSED_REALTIME, when, sender);
notifyStrongAuthStateChanged(sCurrentUser);
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
PendingIntent(android.app.PendingIntent)
Intent(android.content.Intent)
PendingIntent(android.app.PendingIntent)
Example 84 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by DirtyUnicorns.
the class PackageInstallerService method uninstall.
@Override
public void uninstall(String packageName, String callerPackageName, int flags, IntentSender statusReceiver, int userId) {
final int callingUid = Binder.getCallingUid();
mPm.enforceCrossUserPermission(callingUid, userId, true, true, "uninstall");
if ((callingUid != Process.SHELL_UID) && (callingUid != Process.ROOT_UID)) {
mAppOps.checkPackage(callingUid, callerPackageName);
}
// Check whether the caller is device owner, in which case we do it silently.
DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
boolean isDeviceOwner = (dpm != null) && dpm.isDeviceOwnerAppOnCallingUser(callerPackageName);
final PackageDeleteObserverAdapter adapter = new PackageDeleteObserverAdapter(mContext, statusReceiver, packageName, isDeviceOwner, userId);
if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DELETE_PACKAGES) == PackageManager.PERMISSION_GRANTED) {
// Sweet, call straight through!
mPm.deletePackage(packageName, adapter.getBinder(), userId, flags);
} else if (isDeviceOwner) {
// Allow the DeviceOwner to silently delete packages
// Need to clear the calling identity to get DELETE_PACKAGES permission
long ident = Binder.clearCallingIdentity();
try {
mPm.deletePackage(packageName, adapter.getBinder(), userId, flags);
} finally {
Binder.restoreCallingIdentity(ident);
}
} else {
// Take a short detour to confirm with user
final Intent intent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE);
intent.setData(Uri.fromParts("package", packageName, null));
intent.putExtra(PackageInstaller.EXTRA_CALLBACK, adapter.getBinder().asBinder());
adapter.onUserActionRequired(intent);
}
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
Intent(android.content.Intent)
Example 85 with DevicePolicyManager
use of android.app.admin.DevicePolicyManager in project android_frameworks_base by DirtyUnicorns.
the class TrustAgentWrapper method updateDevicePolicyFeatures.
boolean updateDevicePolicyFeatures() {
boolean trustDisabled = false;
if (DEBUG)
Slog.v(TAG, "updateDevicePolicyFeatures(" + mName + ")");
try {
if (mTrustAgentService != null) {
DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
if ((dpm.getKeyguardDisabledFeatures(null, mUserId) & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0) {
List<PersistableBundle> config = dpm.getTrustAgentConfiguration(null, mName, mUserId);
trustDisabled = true;
if (DEBUG)
Slog.v(TAG, "Detected trust agents disabled. Config = " + config);
if (config != null && config.size() > 0) {
if (DEBUG) {
Slog.v(TAG, "TrustAgent " + mName.flattenToShortString() + " disabled until it acknowledges " + config);
}
mSetTrustAgentFeaturesToken = new Binder();
mTrustAgentService.onConfigure(config, mSetTrustAgentFeaturesToken);
}
} else {
mTrustAgentService.onConfigure(Collections.EMPTY_LIST, null);
}
final long maxTimeToLock = dpm.getMaximumTimeToLockForUserAndProfiles(mUserId);
if (maxTimeToLock != mMaximumTimeToLock) {
// If the timeout changes, cancel the alarm and send a timeout event to have
// the agent re-evaluate trust.
mMaximumTimeToLock = maxTimeToLock;
if (mAlarmPendingIntent != null) {
mAlarmManager.cancel(mAlarmPendingIntent);
mAlarmPendingIntent = null;
mHandler.sendEmptyMessage(MSG_TRUST_TIMEOUT);
}
}
}
} catch (RemoteException e) {
onError(e);
}
if (mTrustDisabledByDpm != trustDisabled) {
mTrustDisabledByDpm = trustDisabled;
mTrustManagerService.updateTrust(mUserId, 0);
}
return trustDisabled;
}
Also used :
DevicePolicyManager(android.app.admin.DevicePolicyManager)
IBinder(android.os.IBinder)
Binder(android.os.Binder)
PersistableBundle(android.os.PersistableBundle)
RemoteException(android.os.RemoteException)
Aggregations
DevicePolicyManager (android.app.admin.DevicePolicyManager)159
ComponentName (android.content.ComponentName)45
UserManager (android.os.UserManager)29
UserInfo (android.content.pm.UserInfo)25
RemoteException (android.os.RemoteException)24
LockPatternUtils (com.android.internal.widget.LockPatternUtils)19
Intent (android.content.Intent)18
PackageManager (android.content.pm.PackageManager)14
PersistableBundle (android.os.PersistableBundle)8
PendingIntent (android.app.PendingIntent)6
IBinder (android.os.IBinder)6
UserHandle (android.os.UserHandle)6
IPackageManager (android.content.pm.IPackageManager)5
Uri (android.net.Uri)5
VrManagerInternal (com.android.server.vr.VrManagerInternal)5
ResolveInfo (android.content.pm.ResolveInfo)4
Point (android.graphics.Point)4
Binder (android.os.Binder)4
KeyStore (android.security.KeyStore)4
ArraySet (android.util.ArraySet)4
