Examples with DevicePolicyManager android.app.admin.DevicePolicyManager used on opensource projects

Example 96 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class LockPatternUtils method saveLockPassword.

/**
     * Save a lock password.  Does not ensure that the password is as good
     * as the requested mode, but will adjust the mode to be as good as the
     * password.
     * @param password The password to save
     * @param savedPassword The previously saved lock password, or null if none
     * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}
     * @param userHandle The userId of the user to change the password for
     */
public void saveLockPassword(String password, String savedPassword, int quality, int userHandle) {
    try {
        DevicePolicyManager dpm = getDevicePolicyManager();
        if (password == null || password.length() < MIN_LOCK_PASSWORD_SIZE) {
            throw new IllegalArgumentException("password must not be null and at least " + "of length " + MIN_LOCK_PASSWORD_SIZE);
        }
        getLockSettings().setLockPassword(password, savedPassword, userHandle);
        getLockSettings().setSeparateProfileChallengeEnabled(userHandle, true, null);
        int computedQuality = computePasswordQuality(password);
        // Update the device encryption password.
        if (userHandle == UserHandle.USER_SYSTEM && LockPatternUtils.isDeviceEncryptionEnabled()) {
            if (!shouldEncryptWithCredentials(true)) {
                clearEncryptionPassword();
            } else {
                boolean numeric = computedQuality == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC;
                boolean numericComplex = computedQuality == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX;
                int type = numeric || numericComplex ? StorageManager.CRYPT_TYPE_PIN : StorageManager.CRYPT_TYPE_PASSWORD;
                updateEncryptionPassword(type, password);
            }
        }
        setLong(PASSWORD_TYPE_KEY, Math.max(quality, computedQuality), userHandle);
        if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
            int letters = 0;
            int uppercase = 0;
            int lowercase = 0;
            int numbers = 0;
            int symbols = 0;
            int nonletter = 0;
            for (int i = 0; i < password.length(); i++) {
                char c = password.charAt(i);
                if (c >= 'A' && c <= 'Z') {
                    letters++;
                    uppercase++;
                } else if (c >= 'a' && c <= 'z') {
                    letters++;
                    lowercase++;
                } else if (c >= '0' && c <= '9') {
                    numbers++;
                    nonletter++;
                } else {
                    symbols++;
                    nonletter++;
                }
            }
            dpm.setActivePasswordState(Math.max(quality, computedQuality), password.length(), letters, uppercase, lowercase, numbers, symbols, nonletter, userHandle);
        } else {
            // The password is not anything.
            dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0, 0, userHandle);
        }
        // Add the password to the password history. We assume all
        // password hashes have the same length for simplicity of implementation.
        String passwordHistory = getString(PASSWORD_HISTORY_KEY, userHandle);
        if (passwordHistory == null) {
            passwordHistory = "";
        }
        int passwordHistoryLength = getRequestedPasswordHistoryLength(userHandle);
        if (passwordHistoryLength == 0) {
            passwordHistory = "";
        } else {
            byte[] hash = passwordToHash(password, userHandle);
            passwordHistory = new String(hash, StandardCharsets.UTF_8) + "," + passwordHistory;
            // Cut it to contain passwordHistoryLength hashes
            // and passwordHistoryLength -1 commas.
            passwordHistory = passwordHistory.substring(0, Math.min(hash.length * passwordHistoryLength + passwordHistoryLength - 1, passwordHistory.length()));
        }
        setString(PASSWORD_HISTORY_KEY, passwordHistory, userHandle);
        onAfterChangingPassword(userHandle);
    } catch (RemoteException re) {
        // Cant do much
        Log.e(TAG, "Unable to save lock password " + re);
    }
}

Example 97 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class KeyguardSecurityContainer method reportFailedUnlockAttempt.

private void reportFailedUnlockAttempt(int userId, int timeoutMs) {
    final KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(mContext);
    // +1 for this time
    final int failedAttempts = monitor.getFailedUnlockAttempts(userId) + 1;
    if (DEBUG)
        Log.d(TAG, "reportFailedPatternAttempt: #" + failedAttempts);
    final DevicePolicyManager dpm = mLockPatternUtils.getDevicePolicyManager();
    final int failedAttemptsBeforeWipe = dpm.getMaximumFailedPasswordsForWipe(null, userId);
    final int remainingBeforeWipe = failedAttemptsBeforeWipe > 0 ? (failedAttemptsBeforeWipe - failedAttempts) : // because DPM returns 0 if no restriction
    Integer.MAX_VALUE;
    if (remainingBeforeWipe < LockPatternUtils.FAILED_ATTEMPTS_BEFORE_WIPE_GRACE) {
        // The user has installed a DevicePolicyManager that requests a user/profile to be wiped
        // N attempts. Once we get below the grace period, we post this dialog every time as a
        // clear warning until the deletion fires.
        // Check which profile has the strictest policy for failed password attempts
        final int expiringUser = dpm.getProfileWithMinimumFailedPasswordsForWipe(userId);
        int userType = USER_TYPE_PRIMARY;
        if (expiringUser == userId) {
            // TODO: http://b/23522538
            if (expiringUser != UserHandle.USER_SYSTEM) {
                userType = USER_TYPE_SECONDARY_USER;
            }
        } else if (expiringUser != UserHandle.USER_NULL) {
            userType = USER_TYPE_WORK_PROFILE;
        }
        // If USER_NULL, which shouldn't happen, leave it as USER_TYPE_PRIMARY
        if (remainingBeforeWipe > 0) {
            showAlmostAtWipeDialog(failedAttempts, remainingBeforeWipe, userType);
        } else {
            // Too many attempts. The device will be wiped shortly.
            Slog.i(TAG, "Too many unlock attempts; user " + expiringUser + " will be wiped!");
            showWipeDialog(failedAttempts, userType);
        }
    }
    monitor.reportFailedStrongAuthUnlockAttempt(userId);
    mLockPatternUtils.reportFailedPasswordAttempt(userId);
    if (timeoutMs > 0) {
        showTimeoutDialog(timeoutMs);
    }
}

Example 98 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class KeyguardUpdateMonitor method scheduleStrongAuthTimeout.

private void scheduleStrongAuthTimeout() {
    final DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
    long when = SystemClock.elapsedRealtime() + dpm.getRequiredStrongAuthTimeout(null, sCurrentUser);
    Intent intent = new Intent(ACTION_STRONG_AUTH_TIMEOUT);
    intent.putExtra(USER_ID, sCurrentUser);
    PendingIntent sender = PendingIntent.getBroadcast(mContext, sCurrentUser, intent, PendingIntent.FLAG_CANCEL_CURRENT);
    mAlarmManager.set(AlarmManager.ELAPSED_REALTIME, when, sender);
    notifyStrongAuthStateChanged(sCurrentUser);
}

Example 99 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class RestrictedLockUtils method checkIfMaximumTimeToLockIsSet.

/**
     * Checks if any admin has set maximum time to lock.
     *
     * @return EnforcedAdmin Object containing the enforced admin component and admin user details,
     * or {@code null} if no admin has set this restriction. If multiple admins has set this, then
     * the admin component will be set to {@code null} and userId to {@link UserHandle#USER_NULL}
     */
public static EnforcedAdmin checkIfMaximumTimeToLockIsSet(Context context) {
    final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
    if (dpm == null) {
        return null;
    }
    LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
    EnforcedAdmin enforcedAdmin = null;
    final int userId = UserHandle.myUserId();
    final UserManager um = UserManager.get(context);
    final List<UserInfo> profiles = um.getProfiles(userId);
    final int profilesSize = profiles.size();
    // enabled.
    for (int i = 0; i < profilesSize; i++) {
        final UserInfo userInfo = profiles.get(i);
        final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
        if (admins == null) {
            continue;
        }
        for (ComponentName admin : admins) {
            if (dpm.getMaximumTimeToLock(admin, userInfo.id) > 0) {
                if (enforcedAdmin == null) {
                    enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
                } else {
                    return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
                }
                // has set policy on the parent admin.
                continue;
            }
            if (userInfo.isManagedProfile()) {
                // If userInfo.id is a managed profile, we also need to look at
                // the policies set on the parent.
                final DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
                if (parentDpm.getMaximumTimeToLock(admin, userInfo.id) > 0) {
                    if (enforcedAdmin == null) {
                        enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
                    } else {
                        return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
                    }
                }
            }
        }
    }
    return enforcedAdmin;
}

Example 100 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class RestrictedLockUtils method checkIfRemoteContactSearchDisallowed.

/**
     * @param context
     * @param userId user id of a managed profile.
     * @return is remote contacts search disallowed.
     */
public static EnforcedAdmin checkIfRemoteContactSearchDisallowed(Context context, int userId) {
    DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
    if (dpm == null) {
        return null;
    }
    EnforcedAdmin admin = getProfileOwner(context, userId);
    if (admin == null) {
        return null;
    }
    UserHandle userHandle = UserHandle.of(userId);
    if (dpm.getCrossProfileContactsSearchDisabled(userHandle) && dpm.getCrossProfileCallerIdDisabled(userHandle)) {
        return admin;
    }
    return null;
}