Examples with DevicePolicyManager android.app.admin.DevicePolicyManager used on opensource projects

Example 91 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by crdroidandroid.

the class HardwarePropertiesManagerService method enforceHardwarePropertiesRetrievalAllowed.

/**
     * Throws SecurityException if the calling package is not allowed to retrieve information
     * provided by the service.
     *
     * @param callingPackage The calling package name.
     *
     * @throws SecurityException if something other than the profile or device owner, the
     *        current VR service, or a caller holding the {@link Manifest.permission#DEVICE_POWER}
     *        permission tries to retrieve information provided by this service.
     */
private void enforceHardwarePropertiesRetrievalAllowed(String callingPackage) throws SecurityException {
    final PackageManager pm = mContext.getPackageManager();
    int uid = 0;
    try {
        uid = pm.getPackageUid(callingPackage, 0);
        if (Binder.getCallingUid() != uid) {
            throw new SecurityException("The caller has faked the package name.");
        }
    } catch (PackageManager.NameNotFoundException e) {
        throw new SecurityException("The caller has faked the package name.");
    }
    final int userId = UserHandle.getUserId(uid);
    final VrManagerInternal vrService = LocalServices.getService(VrManagerInternal.class);
    final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);
    if (!dpm.isDeviceOwnerApp(callingPackage) && !dpm.isProfileOwnerApp(callingPackage) && !vrService.isCurrentVrListener(callingPackage, userId) && mContext.checkCallingOrSelfPermission(Manifest.permission.DEVICE_POWER) != PackageManager.PERMISSION_GRANTED) {
        throw new SecurityException("The caller is not a device or profile owner, bound " + "VrListenerService, or holding the DEVICE_POWER permission.");
    }
}

Example 92 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by ResurrectionRemix.

the class KeyguardUpdateMonitor method scheduleStrongAuthTimeout.

private void scheduleStrongAuthTimeout() {
    final DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
    long when = SystemClock.elapsedRealtime() + dpm.getRequiredStrongAuthTimeout(null, sCurrentUser);
    Intent intent = new Intent(ACTION_STRONG_AUTH_TIMEOUT);
    intent.putExtra(USER_ID, sCurrentUser);
    PendingIntent sender = PendingIntent.getBroadcast(mContext, sCurrentUser, intent, PendingIntent.FLAG_CANCEL_CURRENT);
    mAlarmManager.set(AlarmManager.ELAPSED_REALTIME, when, sender);
    notifyStrongAuthStateChanged(sCurrentUser);
}

Example 93 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by ResurrectionRemix.

the class KeyguardSecurityContainer method reportFailedUnlockAttempt.

private void reportFailedUnlockAttempt(int userId, int timeoutMs) {
    final KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(mContext);
    // +1 for this time
    final int failedAttempts = monitor.getFailedUnlockAttempts(userId) + 1;
    if (DEBUG)
        Log.d(TAG, "reportFailedPatternAttempt: #" + failedAttempts);
    SecurityMode mode = mSecurityModel.getSecurityMode();
    final DevicePolicyManager dpm = mLockPatternUtils.getDevicePolicyManager();
    final int failedAttemptsBeforeWipe = dpm.getMaximumFailedPasswordsForWipe(null, userId);
    final int remainingBeforeWipe = failedAttemptsBeforeWipe > 0 ? (failedAttemptsBeforeWipe - failedAttempts) : // because DPM returns 0 if no restriction
    Integer.MAX_VALUE;
    final boolean usingPattern = mode == KeyguardSecurityModel.SecurityMode.Pattern;
    final boolean usingPIN = mode == KeyguardSecurityModel.SecurityMode.PIN;
    final boolean usingPassword = mode == KeyguardSecurityModel.SecurityMode.Password;
    final int maxCountdownTimes = mContext.getResources().getInteger(R.integer.config_max_unlock_countdown_times);
    final boolean enableTimesCounter = maxCountdownTimes > 0 && (usingPattern || usingPIN || usingPassword);
    if (enableTimesCounter && (failedAttempts >= maxCountdownTimes)) {
        showCountdownWipeDialog(failedAttempts);
    } else if (remainingBeforeWipe < LockPatternUtils.FAILED_ATTEMPTS_BEFORE_WIPE_GRACE) {
        // The user has installed a DevicePolicyManager that requests a user/profile to be wiped
        // N attempts. Once we get below the grace period, we post this dialog every time as a
        // clear warning until the deletion fires.
        // Check which profile has the strictest policy for failed password attempts
        final int expiringUser = dpm.getProfileWithMinimumFailedPasswordsForWipe(userId);
        int userType = USER_TYPE_PRIMARY;
        if (expiringUser == userId) {
            // TODO: http://b/23522538
            if (expiringUser != UserHandle.USER_SYSTEM) {
                userType = USER_TYPE_SECONDARY_USER;
            }
        } else if (expiringUser != UserHandle.USER_NULL) {
            userType = USER_TYPE_WORK_PROFILE;
        }
        // If USER_NULL, which shouldn't happen, leave it as USER_TYPE_PRIMARY
        if (remainingBeforeWipe > 0) {
            showAlmostAtWipeDialog(failedAttempts, remainingBeforeWipe, userType);
        } else {
            // Too many attempts. The device will be wiped shortly.
            Slog.i(TAG, "Too many unlock attempts; user " + expiringUser + " will be wiped!");
            showWipeDialog(failedAttempts, userType);
        }
    }
    monitor.reportFailedStrongAuthUnlockAttempt(userId);
    mLockPatternUtils.reportFailedPasswordAttempt(userId);
    if (!enableTimesCounter && (timeoutMs > 0)) {
        showTimeoutDialog(timeoutMs);
    }
}

Example 94 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project android_frameworks_base by ResurrectionRemix.

the class HardwarePropertiesManagerService method enforceHardwarePropertiesRetrievalAllowed.

/**
     * Throws SecurityException if the calling package is not allowed to retrieve information
     * provided by the service.
     *
     * @param callingPackage The calling package name.
     *
     * @throws SecurityException if something other than the profile or device owner, the
     *        current VR service, or a caller holding the {@link Manifest.permission#DEVICE_POWER}
     *        permission tries to retrieve information provided by this service.
     */
private void enforceHardwarePropertiesRetrievalAllowed(String callingPackage) throws SecurityException {
    final PackageManager pm = mContext.getPackageManager();
    int uid = 0;
    try {
        uid = pm.getPackageUid(callingPackage, 0);
        if (Binder.getCallingUid() != uid) {
            throw new SecurityException("The caller has faked the package name.");
        }
    } catch (PackageManager.NameNotFoundException e) {
        throw new SecurityException("The caller has faked the package name.");
    }
    final int userId = UserHandle.getUserId(uid);
    final VrManagerInternal vrService = LocalServices.getService(VrManagerInternal.class);
    final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);
    if (!dpm.isDeviceOwnerApp(callingPackage) && !dpm.isProfileOwnerApp(callingPackage) && !vrService.isCurrentVrListener(callingPackage, userId) && mContext.checkCallingOrSelfPermission(Manifest.permission.DEVICE_POWER) != PackageManager.PERMISSION_GRANTED) {
        throw new SecurityException("The caller is not a device or profile owner, bound " + "VrListenerService, or holding the DEVICE_POWER permission.");
    }
}

Example 95 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class LockPatternUtils method saveLockPassword.

/**
     * Save a lock password.  Does not ensure that the password is as good
     * as the requested mode, but will adjust the mode to be as good as the
     * password.
     * @param password The password to save
     * @param savedPassword The previously saved lock password, or null if none
     * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}
     * @param userHandle The userId of the user to change the password for
     */
public void saveLockPassword(String password, String savedPassword, int quality, int userHandle) {
    try {
        DevicePolicyManager dpm = getDevicePolicyManager();
        if (password == null || password.length() < MIN_LOCK_PASSWORD_SIZE) {
            throw new IllegalArgumentException("password must not be null and at least " + "of length " + MIN_LOCK_PASSWORD_SIZE);
        }
        getLockSettings().setLockPassword(password, savedPassword, userHandle);
        getLockSettings().setSeparateProfileChallengeEnabled(userHandle, true, null);
        int computedQuality = computePasswordQuality(password);
        // Update the device encryption password.
        if (userHandle == UserHandle.USER_SYSTEM && LockPatternUtils.isDeviceEncryptionEnabled()) {
            if (!shouldEncryptWithCredentials(true)) {
                clearEncryptionPassword();
            } else {
                boolean numeric = computedQuality == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC;
                boolean numericComplex = computedQuality == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX;
                int type = numeric || numericComplex ? StorageManager.CRYPT_TYPE_PIN : StorageManager.CRYPT_TYPE_PASSWORD;
                updateEncryptionPassword(type, password);
            }
        }
        setLong(PASSWORD_TYPE_KEY, Math.max(quality, computedQuality), userHandle);
        if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
            int letters = 0;
            int uppercase = 0;
            int lowercase = 0;
            int numbers = 0;
            int symbols = 0;
            int nonletter = 0;
            for (int i = 0; i < password.length(); i++) {
                char c = password.charAt(i);
                if (c >= 'A' && c <= 'Z') {
                    letters++;
                    uppercase++;
                } else if (c >= 'a' && c <= 'z') {
                    letters++;
                    lowercase++;
                } else if (c >= '0' && c <= '9') {
                    numbers++;
                    nonletter++;
                } else {
                    symbols++;
                    nonletter++;
                }
            }
            dpm.setActivePasswordState(Math.max(quality, computedQuality), password.length(), letters, uppercase, lowercase, numbers, symbols, nonletter, userHandle);
        } else {
            // The password is not anything.
            dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0, 0, userHandle);
        }
        // Add the password to the password history. We assume all
        // password hashes have the same length for simplicity of implementation.
        String passwordHistory = getString(PASSWORD_HISTORY_KEY, userHandle);
        if (passwordHistory == null) {
            passwordHistory = "";
        }
        int passwordHistoryLength = getRequestedPasswordHistoryLength(userHandle);
        if (passwordHistoryLength == 0) {
            passwordHistory = "";
        } else {
            byte[] hash = passwordToHash(password, userHandle);
            passwordHistory = new String(hash, StandardCharsets.UTF_8) + "," + passwordHistory;
            // Cut it to contain passwordHistoryLength hashes
            // and passwordHistoryLength -1 commas.
            passwordHistory = passwordHistory.substring(0, Math.min(hash.length * passwordHistoryLength + passwordHistoryLength - 1, passwordHistory.length()));
        }
        setString(PASSWORD_HISTORY_KEY, passwordHistory, userHandle);
        onAfterChangingPassword(userHandle);
    } catch (RemoteException re) {
        // Cant do much
        Log.e(TAG, "Unable to save lock password " + re);
    }
}