Examples with DevicePolicyManager android.app.admin.DevicePolicyManager used on opensource projects

Example 11 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class RestrictedLockUtils method checkIfKeyguardFeaturesDisabled.

/**
     * Checks if keyguard features are disabled by policy.
     *
     * @param keyguardFeatures Could be any of keyguard features that can be
     * disabled by {@link android.app.admin.DevicePolicyManager#setKeyguardDisabledFeatures}.
     * @return EnforcedAdmin Object containing the enforced admin component and admin user details,
     * or {@code null} If the notification features are not disabled. If the restriction is set by
     * multiple admins, then the admin component will be set to {@code null} and userId to
     * {@link UserHandle#USER_NULL}.
     */
public static EnforcedAdmin checkIfKeyguardFeaturesDisabled(Context context, int keyguardFeatures, int userId) {
    final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
    if (dpm == null) {
        return null;
    }
    final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
    LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
    EnforcedAdmin enforcedAdmin = null;
    if (um.getUserInfo(userId).isManagedProfile()) {
        final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userId);
        if (admins == null) {
            return null;
        }
        for (ComponentName admin : admins) {
            if ((dpm.getKeyguardDisabledFeatures(admin, userId) & keyguardFeatures) != 0) {
                if (enforcedAdmin == null) {
                    enforcedAdmin = new EnforcedAdmin(admin, userId);
                } else {
                    return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
                }
            }
        }
    } else {
        // user that do not use a separate work challenge.
        for (UserInfo userInfo : um.getProfiles(userId)) {
            final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
            if (admins == null) {
                continue;
            }
            final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id);
            for (ComponentName admin : admins) {
                if (!isSeparateProfileChallengeEnabled) {
                    if ((dpm.getKeyguardDisabledFeatures(admin, userInfo.id) & keyguardFeatures) != 0) {
                        if (enforcedAdmin == null) {
                            enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
                        } else {
                            return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
                        }
                        // has set policy on the parent admin.
                        continue;
                    }
                }
                if (userInfo.isManagedProfile()) {
                    // If userInfo.id is a managed profile, we also need to look at
                    // the policies set on the parent.
                    DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
                    if ((parentDpm.getKeyguardDisabledFeatures(admin, userInfo.id) & keyguardFeatures) != 0) {
                        if (enforcedAdmin == null) {
                            enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
                        } else {
                            return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
                        }
                    }
                }
            }
        }
    }
    return enforcedAdmin;
}

Example 12 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class RestrictedLockUtils method getProfileOrDeviceOwner.

public static EnforcedAdmin getProfileOrDeviceOwner(Context context, int userId) {
    if (userId == UserHandle.USER_NULL) {
        return null;
    }
    final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
    if (dpm == null) {
        return null;
    }
    ComponentName adminComponent = dpm.getProfileOwnerAsUser(userId);
    if (adminComponent != null) {
        return new EnforcedAdmin(adminComponent, userId);
    }
    if (dpm.getDeviceOwnerUserId() == userId) {
        adminComponent = dpm.getDeviceOwnerComponentOnAnyUser();
        if (adminComponent != null) {
            return new EnforcedAdmin(adminComponent, userId);
        }
    }
    return null;
}

Example 13 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class RestrictedLockUtils method checkIfAccountManagementDisabled.

/**
     * Check if account management for a specific type of account is disabled by admin.
     * Only a profile or device owner can disable account management. So, we check if account
     * management is disabled and return profile or device owner on the calling user.
     *
     * @return EnforcedAdmin Object containing the enforced admin component and admin user details,
     * or {@code null} if the account management is not disabled.
     */
public static EnforcedAdmin checkIfAccountManagementDisabled(Context context, String accountType, int userId) {
    if (accountType == null) {
        return null;
    }
    DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
    if (dpm == null) {
        return null;
    }
    boolean isAccountTypeDisabled = false;
    String[] disabledTypes = dpm.getAccountTypesWithManagementDisabledAsUser(userId);
    for (String type : disabledTypes) {
        if (accountType.equals(type)) {
            isAccountTypeDisabled = true;
            break;
        }
    }
    if (!isAccountTypeDisabled) {
        return null;
    }
    return getProfileOrDeviceOwner(context, userId);
}

Example 14 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class HardwarePropertiesManagerService method enforceHardwarePropertiesRetrievalAllowed.

/**
     * Throws SecurityException if the calling package is not allowed to retrieve information
     * provided by the service.
     *
     * @param callingPackage The calling package name.
     *
     * @throws SecurityException if something other than the profile or device owner, or the
     *        current VR service tries to retrieve information provided by this service.
     */
private void enforceHardwarePropertiesRetrievalAllowed(String callingPackage) throws SecurityException {
    final PackageManager pm = mContext.getPackageManager();
    int uid = 0;
    try {
        uid = pm.getPackageUid(callingPackage, 0);
        if (Binder.getCallingUid() != uid) {
            throw new SecurityException("The caller has faked the package name.");
        }
    } catch (PackageManager.NameNotFoundException e) {
        throw new SecurityException("The caller has faked the package name.");
    }
    final int userId = UserHandle.getUserId(uid);
    final VrManagerInternal vrService = LocalServices.getService(VrManagerInternal.class);
    final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);
    if (!dpm.isDeviceOwnerApp(callingPackage) && !dpm.isProfileOwnerApp(callingPackage) && !vrService.isCurrentVrListener(callingPackage, userId)) {
        throw new SecurityException("The caller is not a device or profile owner or bound " + "VrListenerService.");
    }
}

Example 15 with DevicePolicyManager

use of android.app.admin.DevicePolicyManager in project platform_frameworks_base by android.

the class PackageInstallerService method uninstall.

@Override
public void uninstall(String packageName, String callerPackageName, int flags, IntentSender statusReceiver, int userId) {
    final int callingUid = Binder.getCallingUid();
    mPm.enforceCrossUserPermission(callingUid, userId, true, true, "uninstall");
    if ((callingUid != Process.SHELL_UID) && (callingUid != Process.ROOT_UID)) {
        mAppOps.checkPackage(callingUid, callerPackageName);
    }
    // Check whether the caller is device owner, in which case we do it silently.
    DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
    boolean isDeviceOwner = (dpm != null) && dpm.isDeviceOwnerAppOnCallingUser(callerPackageName);
    final PackageDeleteObserverAdapter adapter = new PackageDeleteObserverAdapter(mContext, statusReceiver, packageName, isDeviceOwner, userId);
    if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DELETE_PACKAGES) == PackageManager.PERMISSION_GRANTED) {
        // Sweet, call straight through!
        mPm.deletePackage(packageName, adapter.getBinder(), userId, flags);
    } else if (isDeviceOwner) {
        // Allow the DeviceOwner to silently delete packages
        // Need to clear the calling identity to get DELETE_PACKAGES permission
        long ident = Binder.clearCallingIdentity();
        try {
            mPm.deletePackage(packageName, adapter.getBinder(), userId, flags);
        } finally {
            Binder.restoreCallingIdentity(ident);
        }
    } else {
        // Take a short detour to confirm with user
        final Intent intent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE);
        intent.setData(Uri.fromParts("package", packageName, null));
        intent.putExtra(PackageInstaller.EXTRA_CALLBACK, adapter.getBinder().asBinder());
        adapter.onUserActionRequired(intent);
    }
}