Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2010 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 17 | package android.app.admin; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 18 | |
| 19 | import android.annotation.SdkConstant; |
| 20 | import android.annotation.SdkConstant.SdkConstantType; |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 21 | import android.app.Service; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 22 | import android.content.BroadcastReceiver; |
| 23 | import android.content.ComponentName; |
| 24 | import android.content.Context; |
| 25 | import android.content.Intent; |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 26 | import android.os.Bundle; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 27 | |
| 28 | /** |
| 29 | * Base class for implementing a device administration component. This |
| 30 | * class provides a convenience for interpreting the raw intent actions |
| 31 | * that are sent by the system. |
| 32 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 33 | * <p>The callback methods, like the base |
| 34 | * {@link BroadcastReceiver#onReceive(Context, Intent) BroadcastReceiver.onReceive()} |
| 35 | * method, happen on the main thread of the process. Thus long running |
| 36 | * operations must be done on another thread. Note that because a receiver |
| 37 | * is done once returning from its receive function, such long-running operations |
| 38 | * should probably be done in a {@link Service}. |
| 39 | * |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 40 | * <p>When publishing your DeviceAdmin subclass as a receiver, it must |
| 41 | * handle {@link #ACTION_DEVICE_ADMIN_ENABLED} and require the |
| 42 | * {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission. A typical |
| 43 | * manifest entry would look like:</p> |
| 44 | * |
Dianne Hackborn | ab8a8ed | 2010-01-29 19:03:06 -0800 | [diff] [blame] | 45 | * {@sample development/samples/ApiDemos/AndroidManifest.xml device_admin_declaration} |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 46 | * |
| 47 | * <p>The meta-data referenced here provides addition information specific |
| 48 | * to the device administrator, as parsed by the {@link DeviceAdminInfo} class. |
| 49 | * A typical file would be:</p> |
| 50 | * |
Andrew Stadler | 88209d1 | 2010-02-08 22:59:36 -0800 | [diff] [blame] | 51 | * {@sample development/samples/ApiDemos/res/xml/device_admin_sample.xml meta_data} |
Joe Fernandez | 3aef8e1d | 2011-12-20 10:38:34 -0800 | [diff] [blame] | 52 | * |
| 53 | * <div class="special reference"> |
| 54 | * <h3>Developer Guides</h3> |
| 55 | * <p>For more information about device administration, read the |
| 56 | * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> |
| 57 | * developer guide.</p> |
| 58 | * </div> |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 59 | */ |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 60 | public class DeviceAdminReceiver extends BroadcastReceiver { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 61 | private static String TAG = "DevicePolicy"; |
Joe Onorato | 43a1765 | 2011-04-06 19:22:23 -0700 | [diff] [blame] | 62 | private static boolean localLOGV = false; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 63 | |
| 64 | /** |
| 65 | * This is the primary action that a device administrator must implement to be |
| 66 | * allowed to manage a device. This will be set to the receiver |
| 67 | * when the user enables it for administration. You will generally |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 68 | * handle this in {@link DeviceAdminReceiver#onEnabled(Context, Intent)}. To be |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 69 | * supported, the receiver must also require the |
| 70 | * {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission so |
| 71 | * that other applications can not abuse it. |
| 72 | */ |
| 73 | @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) |
| 74 | public static final String ACTION_DEVICE_ADMIN_ENABLED |
| 75 | = "android.app.action.DEVICE_ADMIN_ENABLED"; |
| 76 | |
| 77 | /** |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 78 | * Action sent to a device administrator when the user has requested to |
| 79 | * disable it, but before this has actually been done. This gives you |
| 80 | * a chance to supply a message to the user about the impact of |
| 81 | * disabling your admin, by setting the extra field |
| 82 | * {@link #EXTRA_DISABLE_WARNING} in the result Intent. If not set, |
| 83 | * no warning will be displayed. If set, the given text will be shown |
| 84 | * to the user before they disable your admin. |
| 85 | */ |
| 86 | @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) |
| 87 | public static final String ACTION_DEVICE_ADMIN_DISABLE_REQUESTED |
| 88 | = "android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED"; |
| 89 | |
| 90 | /** |
| 91 | * A CharSequence that can be shown to the user informing them of the |
| 92 | * impact of disabling your admin. |
| 93 | * |
| 94 | * @see #ACTION_DEVICE_ADMIN_DISABLE_REQUESTED |
| 95 | */ |
| 96 | public static final String EXTRA_DISABLE_WARNING = "android.app.extra.DISABLE_WARNING"; |
| 97 | |
| 98 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 99 | * Action sent to a device administrator when the user has disabled |
| 100 | * it. Upon return, the application no longer has access to the |
| 101 | * protected device policy manager APIs. You will generally |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 102 | * handle this in {@link DeviceAdminReceiver#onDisabled(Context, Intent)}. Note |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 103 | * that this action will be |
| 104 | * sent the receiver regardless of whether it is explicitly listed in |
| 105 | * its intent filter. |
| 106 | */ |
| 107 | @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) |
| 108 | public static final String ACTION_DEVICE_ADMIN_DISABLED |
| 109 | = "android.app.action.DEVICE_ADMIN_DISABLED"; |
| 110 | |
| 111 | /** |
| 112 | * Action sent to a device administrator when the user has changed the |
| 113 | * password of their device. You can at this point check the characteristics |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 114 | * of the new password with {@link DevicePolicyManager#isActivePasswordSufficient() |
| 115 | * DevicePolicyManager.isActivePasswordSufficient()}. |
| 116 | * You will generally |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 117 | * handle this in {@link DeviceAdminReceiver#onPasswordChanged}. |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 118 | * |
| 119 | * <p>The calling device admin must have requested |
| 120 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to receive |
| 121 | * this broadcast. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 122 | */ |
| 123 | @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) |
| 124 | public static final String ACTION_PASSWORD_CHANGED |
| 125 | = "android.app.action.ACTION_PASSWORD_CHANGED"; |
| 126 | |
| 127 | /** |
| 128 | * Action sent to a device administrator when the user has failed at |
| 129 | * attempted to enter the password. You can at this point check the |
| 130 | * number of failed password attempts there have been with |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 131 | * {@link DevicePolicyManager#getCurrentFailedPasswordAttempts |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 132 | * DevicePolicyManager.getCurrentFailedPasswordAttempts()}. You will generally |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 133 | * handle this in {@link DeviceAdminReceiver#onPasswordFailed}. |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 134 | * |
| 135 | * <p>The calling device admin must have requested |
| 136 | * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to receive |
| 137 | * this broadcast. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 138 | */ |
| 139 | @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) |
| 140 | public static final String ACTION_PASSWORD_FAILED |
| 141 | = "android.app.action.ACTION_PASSWORD_FAILED"; |
| 142 | |
| 143 | /** |
| 144 | * Action sent to a device administrator when the user has successfully |
| 145 | * entered their password, after failing one or more times. |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 146 | * |
| 147 | * <p>The calling device admin must have requested |
| 148 | * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to receive |
| 149 | * this broadcast. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 150 | */ |
| 151 | @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) |
| 152 | public static final String ACTION_PASSWORD_SUCCEEDED |
| 153 | = "android.app.action.ACTION_PASSWORD_SUCCEEDED"; |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 154 | |
| 155 | /** |
| 156 | * Action periodically sent to a device administrator when the device password |
Jim Miller | 6b85768 | 2011-02-16 16:27:41 -0800 | [diff] [blame] | 157 | * is expiring. |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 158 | * |
| 159 | * <p>The calling device admin must have requested |
| 160 | * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to receive |
| 161 | * this broadcast. |
| 162 | */ |
| 163 | @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) |
| 164 | public static final String ACTION_PASSWORD_EXPIRING |
| 165 | = "android.app.action.ACTION_PASSWORD_EXPIRING"; |
| 166 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 167 | /** |
| 168 | * Name under which an DevicePolicy component publishes information |
| 169 | * about itself. This meta-data must reference an XML resource containing |
| 170 | * a device-admin tag. XXX TO DO: describe syntax. |
| 171 | */ |
| 172 | public static final String DEVICE_ADMIN_META_DATA = "android.app.device_admin"; |
| 173 | |
| 174 | private DevicePolicyManager mManager; |
| 175 | private ComponentName mWho; |
| 176 | |
| 177 | /** |
| 178 | * Retrieve the DevicePolicyManager interface for this administrator to work |
| 179 | * with the system. |
| 180 | */ |
| 181 | public DevicePolicyManager getManager(Context context) { |
| 182 | if (mManager != null) { |
| 183 | return mManager; |
| 184 | } |
| 185 | mManager = (DevicePolicyManager)context.getSystemService( |
| 186 | Context.DEVICE_POLICY_SERVICE); |
| 187 | return mManager; |
| 188 | } |
| 189 | |
| 190 | /** |
| 191 | * Retrieve the ComponentName describing who this device administrator is, for |
| 192 | * use in {@link DevicePolicyManager} APIs that require the administrator to |
| 193 | * identify itself. |
| 194 | */ |
| 195 | public ComponentName getWho(Context context) { |
| 196 | if (mWho != null) { |
| 197 | return mWho; |
| 198 | } |
| 199 | mWho = new ComponentName(context, getClass()); |
| 200 | return mWho; |
| 201 | } |
| 202 | |
| 203 | /** |
| 204 | * Called after the administrator is first enabled, as a result of |
| 205 | * receiving {@link #ACTION_DEVICE_ADMIN_ENABLED}. At this point you |
| 206 | * can use {@link DevicePolicyManager} to set your desired policies. |
| 207 | * @param context The running context as per {@link #onReceive}. |
| 208 | * @param intent The received intent as per {@link #onReceive}. |
| 209 | */ |
| 210 | public void onEnabled(Context context, Intent intent) { |
| 211 | } |
| 212 | |
| 213 | /** |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 214 | * Called when the user has asked to disable the administrator, as a result of |
| 215 | * receiving {@link #ACTION_DEVICE_ADMIN_DISABLE_REQUESTED}, giving you |
| 216 | * a chance to present a warning message to them. The message is returned |
| 217 | * as the result; if null is returned (the default implementation), no |
| 218 | * message will be displayed. |
| 219 | * @param context The running context as per {@link #onReceive}. |
| 220 | * @param intent The received intent as per {@link #onReceive}. |
| 221 | * @return Return the warning message to display to the user before |
| 222 | * being disabled; if null is returned, no message is displayed. |
| 223 | */ |
| 224 | public CharSequence onDisableRequested(Context context, Intent intent) { |
| 225 | return null; |
| 226 | } |
| 227 | |
| 228 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 229 | * Called prior to the administrator being disabled, as a result of |
| 230 | * receiving {@link #ACTION_DEVICE_ADMIN_DISABLED}. Upon return, you |
| 231 | * can no longer use the protected parts of the {@link DevicePolicyManager} |
| 232 | * API. |
| 233 | * @param context The running context as per {@link #onReceive}. |
| 234 | * @param intent The received intent as per {@link #onReceive}. |
| 235 | */ |
| 236 | public void onDisabled(Context context, Intent intent) { |
| 237 | } |
| 238 | |
| 239 | /** |
| 240 | * Called after the user has changed their password, as a result of |
| 241 | * receiving {@link #ACTION_PASSWORD_CHANGED}. At this point you |
| 242 | * can use {@link DevicePolicyManager#getCurrentFailedPasswordAttempts() |
| 243 | * DevicePolicyManager.getCurrentFailedPasswordAttempts()} |
| 244 | * to retrieve the active password characteristics. |
| 245 | * @param context The running context as per {@link #onReceive}. |
| 246 | * @param intent The received intent as per {@link #onReceive}. |
| 247 | */ |
| 248 | public void onPasswordChanged(Context context, Intent intent) { |
| 249 | } |
| 250 | |
| 251 | /** |
| 252 | * Called after the user has failed at entering their current password, as a result of |
| 253 | * receiving {@link #ACTION_PASSWORD_FAILED}. At this point you |
| 254 | * can use {@link DevicePolicyManager} to retrieve the number of failed |
| 255 | * password attempts. |
| 256 | * @param context The running context as per {@link #onReceive}. |
| 257 | * @param intent The received intent as per {@link #onReceive}. |
| 258 | */ |
| 259 | public void onPasswordFailed(Context context, Intent intent) { |
| 260 | } |
| 261 | |
| 262 | /** |
| 263 | * Called after the user has succeeded at entering their current password, |
| 264 | * as a result of receiving {@link #ACTION_PASSWORD_SUCCEEDED}. This will |
| 265 | * only be received the first time they succeed after having previously |
| 266 | * failed. |
| 267 | * @param context The running context as per {@link #onReceive}. |
| 268 | * @param intent The received intent as per {@link #onReceive}. |
| 269 | */ |
| 270 | public void onPasswordSucceeded(Context context, Intent intent) { |
| 271 | } |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 272 | |
| 273 | /** |
| 274 | * Called periodically when the password is about to expire or has expired. It will typically |
Jim Miller | 6b85768 | 2011-02-16 16:27:41 -0800 | [diff] [blame] | 275 | * be called at these times: on device boot, once per day before the password expires, |
| 276 | * and at the time when the password expires. |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 277 | * |
| 278 | * <p>If the password is not updated by the user, this method will continue to be called |
| 279 | * once per day until the password is changed or the device admin disables password expiration. |
| 280 | * |
| 281 | * <p>The admin will typically post a notification requesting the user to change their password |
| 282 | * in response to this call. The actual password expiration time can be obtained by calling |
| 283 | * {@link DevicePolicyManager#getPasswordExpiration(ComponentName) } |
| 284 | * |
| 285 | * <p>The admin should be sure to take down any notifications it posted in response to this call |
| 286 | * when it receives {@link DeviceAdminReceiver#onPasswordChanged(Context, Intent) }. |
| 287 | * |
| 288 | * @param context The running context as per {@link #onReceive}. |
| 289 | * @param intent The received intent as per {@link #onReceive}. |
| 290 | */ |
| 291 | public void onPasswordExpiring(Context context, Intent intent) { |
| 292 | } |
| 293 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 294 | /** |
| 295 | * Intercept standard device administrator broadcasts. Implementations |
| 296 | * should not override this method; it is better to implement the |
| 297 | * convenience callbacks for each action. |
| 298 | */ |
| 299 | @Override |
| 300 | public void onReceive(Context context, Intent intent) { |
| 301 | String action = intent.getAction(); |
| 302 | if (ACTION_PASSWORD_CHANGED.equals(action)) { |
| 303 | onPasswordChanged(context, intent); |
| 304 | } else if (ACTION_PASSWORD_FAILED.equals(action)) { |
| 305 | onPasswordFailed(context, intent); |
| 306 | } else if (ACTION_PASSWORD_SUCCEEDED.equals(action)) { |
| 307 | onPasswordSucceeded(context, intent); |
| 308 | } else if (ACTION_DEVICE_ADMIN_ENABLED.equals(action)) { |
| 309 | onEnabled(context, intent); |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 310 | } else if (ACTION_DEVICE_ADMIN_DISABLE_REQUESTED.equals(action)) { |
| 311 | CharSequence res = onDisableRequested(context, intent); |
| 312 | if (res != null) { |
| 313 | Bundle extras = getResultExtras(true); |
| 314 | extras.putCharSequence(EXTRA_DISABLE_WARNING, res); |
| 315 | } |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 316 | } else if (ACTION_DEVICE_ADMIN_DISABLED.equals(action)) { |
| 317 | onDisabled(context, intent); |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 318 | } else if (ACTION_PASSWORD_EXPIRING.equals(action)) { |
| 319 | onPasswordExpiring(context, intent); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 320 | } |
| 321 | } |
| 322 | } |