Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2010 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 17 | package android.app.admin; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 18 | |
| 19 | import org.xmlpull.v1.XmlPullParserException; |
| 20 | |
| 21 | import android.annotation.SdkConstant; |
| 22 | import android.annotation.SdkConstant.SdkConstantType; |
| 23 | import android.content.ComponentName; |
| 24 | import android.content.Context; |
| 25 | import android.content.pm.ActivityInfo; |
| 26 | import android.content.pm.PackageManager; |
| 27 | import android.content.pm.ResolveInfo; |
| 28 | import android.os.Handler; |
Adam Connors | 776c555 | 2014-01-09 10:42:56 +0000 | [diff] [blame] | 29 | import android.os.Process; |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 30 | import android.os.RemoteCallback; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 31 | import android.os.RemoteException; |
| 32 | import android.os.ServiceManager; |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 33 | import android.os.UserHandle; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 34 | import android.util.Log; |
| 35 | |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 36 | import com.android.org.conscrypt.TrustedCertificateStore; |
| 37 | |
| 38 | import java.io.ByteArrayInputStream; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 39 | import java.io.IOException; |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 40 | import java.net.InetSocketAddress; |
| 41 | import java.net.Proxy; |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 42 | import java.security.cert.CertificateException; |
| 43 | import java.security.cert.CertificateFactory; |
| 44 | import java.security.cert.X509Certificate; |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 45 | import java.util.List; |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 46 | import java.util.Set; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 47 | |
| 48 | /** |
| 49 | * Public interface for managing policies enforced on a device. Most clients |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 50 | * of this class must have published a {@link DeviceAdminReceiver} that the user |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 51 | * has currently enabled. |
Joe Fernandez | 3aef8e1d | 2011-12-20 10:38:34 -0800 | [diff] [blame] | 52 | * |
| 53 | * <div class="special reference"> |
| 54 | * <h3>Developer Guides</h3> |
| 55 | * <p>For more information about managing policies for device adminstration, read the |
| 56 | * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> |
| 57 | * developer guide.</p> |
| 58 | * </div> |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 59 | */ |
| 60 | public class DevicePolicyManager { |
| 61 | private static String TAG = "DevicePolicyManager"; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 62 | |
| 63 | private final Context mContext; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 64 | private final IDevicePolicyManager mService; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 65 | |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 66 | private DevicePolicyManager(Context context, Handler handler) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 67 | mContext = context; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 68 | mService = IDevicePolicyManager.Stub.asInterface( |
| 69 | ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); |
| 70 | } |
| 71 | |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 72 | /** @hide */ |
| 73 | public static DevicePolicyManager create(Context context, Handler handler) { |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 74 | DevicePolicyManager me = new DevicePolicyManager(context, handler); |
| 75 | return me.mService != null ? me : null; |
| 76 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 77 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 78 | /** |
| 79 | * Activity action: ask the user to add a new device administrator to the system. |
| 80 | * The desired policy is the ComponentName of the policy in the |
| 81 | * {@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to |
| 82 | * bring the user through adding the device administrator to the system (or |
| 83 | * allowing them to reject it). |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 84 | * |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 85 | * <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION} |
| 86 | * field to provide the user with additional explanation (in addition |
| 87 | * to your component's description) about what is being added. |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 88 | * |
| 89 | * <p>If your administrator is already active, this will ordinarily return immediately (without |
| 90 | * user intervention). However, if your administrator has been updated and is requesting |
| 91 | * additional uses-policy flags, the user will be presented with the new list. New policies |
| 92 | * will not be available to the updated administrator until the user has accepted the new list. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 93 | */ |
| 94 | @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) |
| 95 | public static final String ACTION_ADD_DEVICE_ADMIN |
| 96 | = "android.app.action.ADD_DEVICE_ADMIN"; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 97 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 98 | /** |
Jim Miller | 284b62e | 2010-06-08 14:27:42 -0700 | [diff] [blame] | 99 | * Activity action: send when any policy admin changes a policy. |
| 100 | * This is generally used to find out when a new policy is in effect. |
Jim Miller | 3e5d3fd | 2011-09-02 17:30:35 -0700 | [diff] [blame] | 101 | * |
Jim Miller | 284b62e | 2010-06-08 14:27:42 -0700 | [diff] [blame] | 102 | * @hide |
| 103 | */ |
| 104 | public static final String ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED |
| 105 | = "android.app.action.DEVICE_POLICY_MANAGER_STATE_CHANGED"; |
| 106 | |
| 107 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 108 | * The ComponentName of the administrator component. |
| 109 | * |
| 110 | * @see #ACTION_ADD_DEVICE_ADMIN |
| 111 | */ |
| 112 | public static final String EXTRA_DEVICE_ADMIN = "android.app.extra.DEVICE_ADMIN"; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 113 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 114 | /** |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 115 | * An optional CharSequence providing additional explanation for why the |
| 116 | * admin is being added. |
| 117 | * |
| 118 | * @see #ACTION_ADD_DEVICE_ADMIN |
| 119 | */ |
| 120 | public static final String EXTRA_ADD_EXPLANATION = "android.app.extra.ADD_EXPLANATION"; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 121 | |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 122 | /** |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 123 | * Activity action: have the user enter a new password. This activity should |
| 124 | * be launched after using {@link #setPasswordQuality(ComponentName, int)}, |
| 125 | * or {@link #setPasswordMinimumLength(ComponentName, int)} to have the user |
| 126 | * enter a new password that meets the current requirements. You can use |
| 127 | * {@link #isActivePasswordSufficient()} to determine whether you need to |
| 128 | * have the user select a new password in order to meet the current |
| 129 | * constraints. Upon being resumed from this activity, you can check the new |
| 130 | * password characteristics to see if they are sufficient. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 131 | */ |
| 132 | @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) |
| 133 | public static final String ACTION_SET_NEW_PASSWORD |
| 134 | = "android.app.action.SET_NEW_PASSWORD"; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 135 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 136 | /** |
| 137 | * Return true if the given administrator component is currently |
| 138 | * active (enabled) in the system. |
| 139 | */ |
| 140 | public boolean isAdminActive(ComponentName who) { |
| 141 | if (mService != null) { |
| 142 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 143 | return mService.isAdminActive(who, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 144 | } catch (RemoteException e) { |
| 145 | Log.w(TAG, "Failed talking with device policy service", e); |
| 146 | } |
| 147 | } |
| 148 | return false; |
| 149 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 150 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 151 | /** |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 152 | * Return a list of all currently active device administrator's component |
| 153 | * names. Note that if there are no administrators than null may be |
| 154 | * returned. |
| 155 | */ |
| 156 | public List<ComponentName> getActiveAdmins() { |
| 157 | if (mService != null) { |
| 158 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 159 | return mService.getActiveAdmins(UserHandle.myUserId()); |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 160 | } catch (RemoteException e) { |
| 161 | Log.w(TAG, "Failed talking with device policy service", e); |
| 162 | } |
| 163 | } |
| 164 | return null; |
| 165 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 166 | |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 167 | /** |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 168 | * Used by package administration code to determine if a package can be stopped |
| 169 | * or uninstalled. |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 170 | * @hide |
| 171 | */ |
| 172 | public boolean packageHasActiveAdmins(String packageName) { |
| 173 | if (mService != null) { |
| 174 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 175 | return mService.packageHasActiveAdmins(packageName, UserHandle.myUserId()); |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 176 | } catch (RemoteException e) { |
| 177 | Log.w(TAG, "Failed talking with device policy service", e); |
| 178 | } |
| 179 | } |
| 180 | return false; |
| 181 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 182 | |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 183 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 184 | * Remove a current administration component. This can only be called |
| 185 | * by the application that owns the administration component; if you |
| 186 | * try to remove someone else's component, a security exception will be |
| 187 | * thrown. |
| 188 | */ |
| 189 | public void removeActiveAdmin(ComponentName who) { |
| 190 | if (mService != null) { |
| 191 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 192 | mService.removeActiveAdmin(who, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 193 | } catch (RemoteException e) { |
| 194 | Log.w(TAG, "Failed talking with device policy service", e); |
| 195 | } |
| 196 | } |
| 197 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 198 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 199 | /** |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 200 | * Returns true if an administrator has been granted a particular device policy. This can |
| 201 | * be used to check if the administrator was activated under an earlier set of policies, |
| 202 | * but requires additional policies after an upgrade. |
| 203 | * |
| 204 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. Must be |
| 205 | * an active administrator, or an exception will be thrown. |
| 206 | * @param usesPolicy Which uses-policy to check, as defined in {@link DeviceAdminInfo}. |
| 207 | */ |
| 208 | public boolean hasGrantedPolicy(ComponentName admin, int usesPolicy) { |
| 209 | if (mService != null) { |
| 210 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 211 | return mService.hasGrantedPolicy(admin, usesPolicy, UserHandle.myUserId()); |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 212 | } catch (RemoteException e) { |
| 213 | Log.w(TAG, "Failed talking with device policy service", e); |
| 214 | } |
| 215 | } |
| 216 | return false; |
| 217 | } |
| 218 | |
| 219 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 220 | * Constant for {@link #setPasswordQuality}: the policy has no requirements |
| 221 | * for the password. Note that quality constants are ordered so that higher |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 222 | * values are more restrictive. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 223 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 224 | public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 225 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 226 | /** |
Jim Miller | 3e5d3fd | 2011-09-02 17:30:35 -0700 | [diff] [blame] | 227 | * Constant for {@link #setPasswordQuality}: the policy allows for low-security biometric |
| 228 | * recognition technology. This implies technologies that can recognize the identity of |
| 229 | * an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). |
| 230 | * Note that quality constants are ordered so that higher values are more restrictive. |
| 231 | */ |
| 232 | public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK = 0x8000; |
| 233 | |
| 234 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 235 | * Constant for {@link #setPasswordQuality}: the policy requires some kind |
| 236 | * of password, but doesn't care what it is. Note that quality constants |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 237 | * are ordered so that higher values are more restrictive. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 238 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 239 | public static final int PASSWORD_QUALITY_SOMETHING = 0x10000; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 240 | |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 241 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 242 | * Constant for {@link #setPasswordQuality}: the user must have entered a |
| 243 | * password containing at least numeric characters. Note that quality |
| 244 | * constants are ordered so that higher values are more restrictive. |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 245 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 246 | public static final int PASSWORD_QUALITY_NUMERIC = 0x20000; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 247 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 248 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 249 | * Constant for {@link #setPasswordQuality}: the user must have entered a |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 250 | * password containing at least alphabetic (or other symbol) characters. |
| 251 | * Note that quality constants are ordered so that higher values are more |
| 252 | * restrictive. |
| 253 | */ |
| 254 | public static final int PASSWORD_QUALITY_ALPHABETIC = 0x40000; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 255 | |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 256 | /** |
| 257 | * Constant for {@link #setPasswordQuality}: the user must have entered a |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 258 | * password containing at least <em>both></em> numeric <em>and</em> |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 259 | * alphabetic (or other symbol) characters. Note that quality constants are |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 260 | * ordered so that higher values are more restrictive. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 261 | */ |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 262 | public static final int PASSWORD_QUALITY_ALPHANUMERIC = 0x50000; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 263 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 264 | /** |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 265 | * Constant for {@link #setPasswordQuality}: the user must have entered a |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 266 | * password containing at least a letter, a numerical digit and a special |
| 267 | * symbol, by default. With this password quality, passwords can be |
| 268 | * restricted to contain various sets of characters, like at least an |
| 269 | * uppercase letter, etc. These are specified using various methods, |
| 270 | * like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note |
| 271 | * that quality constants are ordered so that higher values are more |
| 272 | * restrictive. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 273 | */ |
| 274 | public static final int PASSWORD_QUALITY_COMPLEX = 0x60000; |
| 275 | |
| 276 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 277 | * Called by an application that is administering the device to set the |
| 278 | * password restrictions it is imposing. After setting this, the user |
| 279 | * will not be able to enter a new password that is not at least as |
| 280 | * restrictive as what has been set. Note that the current password |
| 281 | * will remain until the user has set a new one, so the change does not |
| 282 | * take place immediately. To prompt the user for a new password, use |
| 283 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 284 | * |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 285 | * <p>Quality constants are ordered so that higher values are more restrictive; |
| 286 | * thus the highest requested quality constant (between the policy set here, |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 287 | * the user's preference, and any other considerations) is the one that |
| 288 | * is in effect. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 289 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 290 | * <p>The calling device admin must have requested |
| 291 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 292 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 293 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 294 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 295 | * @param quality The new desired quality. One of |
| 296 | * {@link #PASSWORD_QUALITY_UNSPECIFIED}, {@link #PASSWORD_QUALITY_SOMETHING}, |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 297 | * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC}, |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 298 | * {@link #PASSWORD_QUALITY_ALPHANUMERIC} or {@link #PASSWORD_QUALITY_COMPLEX}. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 299 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 300 | public void setPasswordQuality(ComponentName admin, int quality) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 301 | if (mService != null) { |
| 302 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 303 | mService.setPasswordQuality(admin, quality, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 304 | } catch (RemoteException e) { |
| 305 | Log.w(TAG, "Failed talking with device policy service", e); |
| 306 | } |
| 307 | } |
| 308 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 309 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 310 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 311 | * Retrieve the current minimum password quality for all admins |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 312 | * or a particular one. |
| 313 | * @param admin The name of the admin component to check, or null to aggregate |
| 314 | * all admins. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 315 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 316 | public int getPasswordQuality(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 317 | return getPasswordQuality(admin, UserHandle.myUserId()); |
| 318 | } |
| 319 | |
| 320 | /** @hide per-user version */ |
| 321 | public int getPasswordQuality(ComponentName admin, int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 322 | if (mService != null) { |
| 323 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 324 | return mService.getPasswordQuality(admin, userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 325 | } catch (RemoteException e) { |
| 326 | Log.w(TAG, "Failed talking with device policy service", e); |
| 327 | } |
| 328 | } |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 329 | return PASSWORD_QUALITY_UNSPECIFIED; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 330 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 331 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 332 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 333 | * Called by an application that is administering the device to set the |
| 334 | * minimum allowed password length. After setting this, the user |
| 335 | * will not be able to enter a new password that is not at least as |
| 336 | * restrictive as what has been set. Note that the current password |
| 337 | * will remain until the user has set a new one, so the change does not |
| 338 | * take place immediately. To prompt the user for a new password, use |
| 339 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 340 | * constraint is only imposed if the administrator has also requested either |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 341 | * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC} |
| 342 | * {@link #PASSWORD_QUALITY_ALPHANUMERIC}, or {@link #PASSWORD_QUALITY_COMPLEX} |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 343 | * with {@link #setPasswordQuality}. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 344 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 345 | * <p>The calling device admin must have requested |
| 346 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 347 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 348 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 349 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 350 | * @param length The new desired minimum password length. A value of 0 |
| 351 | * means there is no restriction. |
| 352 | */ |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 353 | public void setPasswordMinimumLength(ComponentName admin, int length) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 354 | if (mService != null) { |
| 355 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 356 | mService.setPasswordMinimumLength(admin, length, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 357 | } catch (RemoteException e) { |
| 358 | Log.w(TAG, "Failed talking with device policy service", e); |
| 359 | } |
| 360 | } |
| 361 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 362 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 363 | /** |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 364 | * Retrieve the current minimum password length for all admins |
| 365 | * or a particular one. |
| 366 | * @param admin The name of the admin component to check, or null to aggregate |
| 367 | * all admins. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 368 | */ |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 369 | public int getPasswordMinimumLength(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 370 | return getPasswordMinimumLength(admin, UserHandle.myUserId()); |
| 371 | } |
| 372 | |
| 373 | /** @hide per-user version */ |
| 374 | public int getPasswordMinimumLength(ComponentName admin, int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 375 | if (mService != null) { |
| 376 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 377 | return mService.getPasswordMinimumLength(admin, userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 378 | } catch (RemoteException e) { |
| 379 | Log.w(TAG, "Failed talking with device policy service", e); |
| 380 | } |
| 381 | } |
| 382 | return 0; |
| 383 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 384 | |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 385 | /** |
| 386 | * Called by an application that is administering the device to set the |
| 387 | * minimum number of upper case letters required in the password. After |
| 388 | * setting this, the user will not be able to enter a new password that is |
| 389 | * not at least as restrictive as what has been set. Note that the current |
| 390 | * password will remain until the user has set a new one, so the change does |
| 391 | * not take place immediately. To prompt the user for a new password, use |
| 392 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 393 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 394 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 395 | * default value is 0. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 396 | * <p> |
| 397 | * The calling device admin must have requested |
| 398 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 399 | * this method; if it has not, a security exception will be thrown. |
| 400 | * |
| 401 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 402 | * with. |
| 403 | * @param length The new desired minimum number of upper case letters |
| 404 | * required in the password. A value of 0 means there is no |
| 405 | * restriction. |
| 406 | */ |
| 407 | public void setPasswordMinimumUpperCase(ComponentName admin, int length) { |
| 408 | if (mService != null) { |
| 409 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 410 | mService.setPasswordMinimumUpperCase(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 411 | } catch (RemoteException e) { |
| 412 | Log.w(TAG, "Failed talking with device policy service", e); |
| 413 | } |
| 414 | } |
| 415 | } |
| 416 | |
| 417 | /** |
| 418 | * Retrieve the current number of upper case letters required in the |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 419 | * password for all admins or a particular one. This is the same value as |
| 420 | * set by {#link {@link #setPasswordMinimumUpperCase(ComponentName, int)} |
| 421 | * and only applies when the password quality is |
| 422 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 423 | * |
| 424 | * @param admin The name of the admin component to check, or null to |
| 425 | * aggregate all admins. |
| 426 | * @return The minimum number of upper case letters required in the |
| 427 | * password. |
| 428 | */ |
| 429 | public int getPasswordMinimumUpperCase(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 430 | return getPasswordMinimumUpperCase(admin, UserHandle.myUserId()); |
| 431 | } |
| 432 | |
| 433 | /** @hide per-user version */ |
| 434 | public int getPasswordMinimumUpperCase(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 435 | if (mService != null) { |
| 436 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 437 | return mService.getPasswordMinimumUpperCase(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 438 | } catch (RemoteException e) { |
| 439 | Log.w(TAG, "Failed talking with device policy service", e); |
| 440 | } |
| 441 | } |
| 442 | return 0; |
| 443 | } |
| 444 | |
| 445 | /** |
| 446 | * Called by an application that is administering the device to set the |
| 447 | * minimum number of lower case letters required in the password. After |
| 448 | * setting this, the user will not be able to enter a new password that is |
| 449 | * not at least as restrictive as what has been set. Note that the current |
| 450 | * password will remain until the user has set a new one, so the change does |
| 451 | * not take place immediately. To prompt the user for a new password, use |
| 452 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 453 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 454 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 455 | * default value is 0. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 456 | * <p> |
| 457 | * The calling device admin must have requested |
| 458 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 459 | * this method; if it has not, a security exception will be thrown. |
| 460 | * |
| 461 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 462 | * with. |
| 463 | * @param length The new desired minimum number of lower case letters |
| 464 | * required in the password. A value of 0 means there is no |
| 465 | * restriction. |
| 466 | */ |
| 467 | public void setPasswordMinimumLowerCase(ComponentName admin, int length) { |
| 468 | if (mService != null) { |
| 469 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 470 | mService.setPasswordMinimumLowerCase(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 471 | } catch (RemoteException e) { |
| 472 | Log.w(TAG, "Failed talking with device policy service", e); |
| 473 | } |
| 474 | } |
| 475 | } |
| 476 | |
| 477 | /** |
| 478 | * Retrieve the current number of lower case letters required in the |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 479 | * password for all admins or a particular one. This is the same value as |
| 480 | * set by {#link {@link #setPasswordMinimumLowerCase(ComponentName, int)} |
| 481 | * and only applies when the password quality is |
| 482 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 483 | * |
| 484 | * @param admin The name of the admin component to check, or null to |
| 485 | * aggregate all admins. |
| 486 | * @return The minimum number of lower case letters required in the |
| 487 | * password. |
| 488 | */ |
| 489 | public int getPasswordMinimumLowerCase(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 490 | return getPasswordMinimumLowerCase(admin, UserHandle.myUserId()); |
| 491 | } |
| 492 | |
| 493 | /** @hide per-user version */ |
| 494 | public int getPasswordMinimumLowerCase(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 495 | if (mService != null) { |
| 496 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 497 | return mService.getPasswordMinimumLowerCase(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 498 | } catch (RemoteException e) { |
| 499 | Log.w(TAG, "Failed talking with device policy service", e); |
| 500 | } |
| 501 | } |
| 502 | return 0; |
| 503 | } |
| 504 | |
| 505 | /** |
| 506 | * Called by an application that is administering the device to set the |
| 507 | * minimum number of letters required in the password. After setting this, |
| 508 | * the user will not be able to enter a new password that is not at least as |
| 509 | * restrictive as what has been set. Note that the current password will |
| 510 | * remain until the user has set a new one, so the change does not take |
| 511 | * place immediately. To prompt the user for a new password, use |
| 512 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 513 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 514 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 515 | * default value is 1. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 516 | * <p> |
| 517 | * The calling device admin must have requested |
| 518 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 519 | * this method; if it has not, a security exception will be thrown. |
| 520 | * |
| 521 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 522 | * with. |
| 523 | * @param length The new desired minimum number of letters required in the |
| 524 | * password. A value of 0 means there is no restriction. |
| 525 | */ |
| 526 | public void setPasswordMinimumLetters(ComponentName admin, int length) { |
| 527 | if (mService != null) { |
| 528 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 529 | mService.setPasswordMinimumLetters(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 530 | } catch (RemoteException e) { |
| 531 | Log.w(TAG, "Failed talking with device policy service", e); |
| 532 | } |
| 533 | } |
| 534 | } |
| 535 | |
| 536 | /** |
| 537 | * Retrieve the current number of letters required in the password for all |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 538 | * admins or a particular one. This is the same value as |
| 539 | * set by {#link {@link #setPasswordMinimumLetters(ComponentName, int)} |
| 540 | * and only applies when the password quality is |
| 541 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 542 | * |
| 543 | * @param admin The name of the admin component to check, or null to |
| 544 | * aggregate all admins. |
| 545 | * @return The minimum number of letters required in the password. |
| 546 | */ |
| 547 | public int getPasswordMinimumLetters(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 548 | return getPasswordMinimumLetters(admin, UserHandle.myUserId()); |
| 549 | } |
| 550 | |
| 551 | /** @hide per-user version */ |
| 552 | public int getPasswordMinimumLetters(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 553 | if (mService != null) { |
| 554 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 555 | return mService.getPasswordMinimumLetters(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 556 | } catch (RemoteException e) { |
| 557 | Log.w(TAG, "Failed talking with device policy service", e); |
| 558 | } |
| 559 | } |
| 560 | return 0; |
| 561 | } |
| 562 | |
| 563 | /** |
| 564 | * Called by an application that is administering the device to set the |
| 565 | * minimum number of numerical digits required in the password. After |
| 566 | * setting this, the user will not be able to enter a new password that is |
| 567 | * not at least as restrictive as what has been set. Note that the current |
| 568 | * password will remain until the user has set a new one, so the change does |
| 569 | * not take place immediately. To prompt the user for a new password, use |
| 570 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 571 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 572 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 573 | * default value is 1. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 574 | * <p> |
| 575 | * The calling device admin must have requested |
| 576 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 577 | * this method; if it has not, a security exception will be thrown. |
| 578 | * |
| 579 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 580 | * with. |
| 581 | * @param length The new desired minimum number of numerical digits required |
| 582 | * in the password. A value of 0 means there is no restriction. |
| 583 | */ |
| 584 | public void setPasswordMinimumNumeric(ComponentName admin, int length) { |
| 585 | if (mService != null) { |
| 586 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 587 | mService.setPasswordMinimumNumeric(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 588 | } catch (RemoteException e) { |
| 589 | Log.w(TAG, "Failed talking with device policy service", e); |
| 590 | } |
| 591 | } |
| 592 | } |
| 593 | |
| 594 | /** |
| 595 | * Retrieve the current number of numerical digits required in the password |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 596 | * for all admins or a particular one. This is the same value as |
| 597 | * set by {#link {@link #setPasswordMinimumNumeric(ComponentName, int)} |
| 598 | * and only applies when the password quality is |
| 599 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 600 | * |
| 601 | * @param admin The name of the admin component to check, or null to |
| 602 | * aggregate all admins. |
| 603 | * @return The minimum number of numerical digits required in the password. |
| 604 | */ |
| 605 | public int getPasswordMinimumNumeric(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 606 | return getPasswordMinimumNumeric(admin, UserHandle.myUserId()); |
| 607 | } |
| 608 | |
| 609 | /** @hide per-user version */ |
| 610 | public int getPasswordMinimumNumeric(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 611 | if (mService != null) { |
| 612 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 613 | return mService.getPasswordMinimumNumeric(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 614 | } catch (RemoteException e) { |
| 615 | Log.w(TAG, "Failed talking with device policy service", e); |
| 616 | } |
| 617 | } |
| 618 | return 0; |
| 619 | } |
| 620 | |
| 621 | /** |
| 622 | * Called by an application that is administering the device to set the |
| 623 | * minimum number of symbols required in the password. After setting this, |
| 624 | * the user will not be able to enter a new password that is not at least as |
| 625 | * restrictive as what has been set. Note that the current password will |
| 626 | * remain until the user has set a new one, so the change does not take |
| 627 | * place immediately. To prompt the user for a new password, use |
| 628 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 629 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 630 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 631 | * default value is 1. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 632 | * <p> |
| 633 | * The calling device admin must have requested |
| 634 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 635 | * this method; if it has not, a security exception will be thrown. |
| 636 | * |
| 637 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 638 | * with. |
| 639 | * @param length The new desired minimum number of symbols required in the |
| 640 | * password. A value of 0 means there is no restriction. |
| 641 | */ |
| 642 | public void setPasswordMinimumSymbols(ComponentName admin, int length) { |
| 643 | if (mService != null) { |
| 644 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 645 | mService.setPasswordMinimumSymbols(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 646 | } catch (RemoteException e) { |
| 647 | Log.w(TAG, "Failed talking with device policy service", e); |
| 648 | } |
| 649 | } |
| 650 | } |
| 651 | |
| 652 | /** |
| 653 | * Retrieve the current number of symbols required in the password for all |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 654 | * admins or a particular one. This is the same value as |
| 655 | * set by {#link {@link #setPasswordMinimumSymbols(ComponentName, int)} |
| 656 | * and only applies when the password quality is |
| 657 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 658 | * |
| 659 | * @param admin The name of the admin component to check, or null to |
| 660 | * aggregate all admins. |
| 661 | * @return The minimum number of symbols required in the password. |
| 662 | */ |
| 663 | public int getPasswordMinimumSymbols(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 664 | return getPasswordMinimumSymbols(admin, UserHandle.myUserId()); |
| 665 | } |
| 666 | |
| 667 | /** @hide per-user version */ |
| 668 | public int getPasswordMinimumSymbols(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 669 | if (mService != null) { |
| 670 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 671 | return mService.getPasswordMinimumSymbols(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 672 | } catch (RemoteException e) { |
| 673 | Log.w(TAG, "Failed talking with device policy service", e); |
| 674 | } |
| 675 | } |
| 676 | return 0; |
| 677 | } |
| 678 | |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 679 | /** |
| 680 | * Called by an application that is administering the device to set the |
| 681 | * minimum number of non-letter characters (numerical digits or symbols) |
| 682 | * required in the password. After setting this, the user will not be able |
| 683 | * to enter a new password that is not at least as restrictive as what has |
| 684 | * been set. Note that the current password will remain until the user has |
| 685 | * set a new one, so the change does not take place immediately. To prompt |
| 686 | * the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} after |
| 687 | * setting this value. This constraint is only imposed if the administrator |
| 688 | * has also requested {@link #PASSWORD_QUALITY_COMPLEX} with |
| 689 | * {@link #setPasswordQuality}. The default value is 0. |
| 690 | * <p> |
| 691 | * The calling device admin must have requested |
| 692 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 693 | * this method; if it has not, a security exception will be thrown. |
| 694 | * |
| 695 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 696 | * with. |
| 697 | * @param length The new desired minimum number of letters required in the |
| 698 | * password. A value of 0 means there is no restriction. |
| 699 | */ |
| 700 | public void setPasswordMinimumNonLetter(ComponentName admin, int length) { |
| 701 | if (mService != null) { |
| 702 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 703 | mService.setPasswordMinimumNonLetter(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 704 | } catch (RemoteException e) { |
| 705 | Log.w(TAG, "Failed talking with device policy service", e); |
| 706 | } |
| 707 | } |
| 708 | } |
| 709 | |
| 710 | /** |
| 711 | * Retrieve the current number of non-letter characters required in the |
| 712 | * password for all admins or a particular one. This is the same value as |
| 713 | * set by {#link {@link #setPasswordMinimumNonLetter(ComponentName, int)} |
| 714 | * and only applies when the password quality is |
| 715 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
| 716 | * |
| 717 | * @param admin The name of the admin component to check, or null to |
| 718 | * aggregate all admins. |
| 719 | * @return The minimum number of letters required in the password. |
| 720 | */ |
| 721 | public int getPasswordMinimumNonLetter(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 722 | return getPasswordMinimumNonLetter(admin, UserHandle.myUserId()); |
| 723 | } |
| 724 | |
| 725 | /** @hide per-user version */ |
| 726 | public int getPasswordMinimumNonLetter(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 727 | if (mService != null) { |
| 728 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 729 | return mService.getPasswordMinimumNonLetter(admin, userHandle); |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 730 | } catch (RemoteException e) { |
| 731 | Log.w(TAG, "Failed talking with device policy service", e); |
| 732 | } |
| 733 | } |
| 734 | return 0; |
| 735 | } |
| 736 | |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 737 | /** |
| 738 | * Called by an application that is administering the device to set the length |
| 739 | * of the password history. After setting this, the user will not be able to |
| 740 | * enter a new password that is the same as any password in the history. Note |
| 741 | * that the current password will remain until the user has set a new one, so |
| 742 | * the change does not take place immediately. To prompt the user for a new |
| 743 | * password, use {@link #ACTION_SET_NEW_PASSWORD} after setting this value. |
| 744 | * This constraint is only imposed if the administrator has also requested |
| 745 | * either {@link #PASSWORD_QUALITY_NUMERIC}, |
| 746 | * {@link #PASSWORD_QUALITY_ALPHABETIC}, or |
| 747 | * {@link #PASSWORD_QUALITY_ALPHANUMERIC} with {@link #setPasswordQuality}. |
| 748 | * |
| 749 | * <p> |
| 750 | * The calling device admin must have requested |
| 751 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this |
| 752 | * method; if it has not, a security exception will be thrown. |
| 753 | * |
| 754 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 755 | * with. |
| 756 | * @param length The new desired length of password history. A value of 0 |
| 757 | * means there is no restriction. |
| 758 | */ |
| 759 | public void setPasswordHistoryLength(ComponentName admin, int length) { |
| 760 | if (mService != null) { |
| 761 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 762 | mService.setPasswordHistoryLength(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 763 | } catch (RemoteException e) { |
| 764 | Log.w(TAG, "Failed talking with device policy service", e); |
| 765 | } |
| 766 | } |
| 767 | } |
| 768 | |
| 769 | /** |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 770 | * Called by a device admin to set the password expiration timeout. Calling this method |
| 771 | * will restart the countdown for password expiration for the given admin, as will changing |
| 772 | * the device password (for all admins). |
| 773 | * |
| 774 | * <p>The provided timeout is the time delta in ms and will be added to the current time. |
| 775 | * For example, to have the password expire 5 days from now, timeout would be |
| 776 | * 5 * 86400 * 1000 = 432000000 ms for timeout. |
| 777 | * |
| 778 | * <p>To disable password expiration, a value of 0 may be used for timeout. |
| 779 | * |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 780 | * <p>The calling device admin must have requested |
| 781 | * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this |
| 782 | * method; if it has not, a security exception will be thrown. |
| 783 | * |
| 784 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
| 785 | * @param timeout The limit (in ms) that a password can remain in effect. A value of 0 |
| 786 | * means there is no restriction (unlimited). |
| 787 | */ |
| 788 | public void setPasswordExpirationTimeout(ComponentName admin, long timeout) { |
| 789 | if (mService != null) { |
| 790 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 791 | mService.setPasswordExpirationTimeout(admin, timeout, UserHandle.myUserId()); |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 792 | } catch (RemoteException e) { |
| 793 | Log.w(TAG, "Failed talking with device policy service", e); |
| 794 | } |
| 795 | } |
| 796 | } |
| 797 | |
| 798 | /** |
Jim Miller | 6b85768 | 2011-02-16 16:27:41 -0800 | [diff] [blame] | 799 | * Get the password expiration timeout for the given admin. The expiration timeout is the |
| 800 | * recurring expiration timeout provided in the call to |
| 801 | * {@link #setPasswordExpirationTimeout(ComponentName, long)} for the given admin or the |
| 802 | * aggregate of all policy administrators if admin is null. |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 803 | * |
| 804 | * @param admin The name of the admin component to check, or null to aggregate all admins. |
| 805 | * @return The timeout for the given admin or the minimum of all timeouts |
| 806 | */ |
| 807 | public long getPasswordExpirationTimeout(ComponentName admin) { |
| 808 | if (mService != null) { |
| 809 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 810 | return mService.getPasswordExpirationTimeout(admin, UserHandle.myUserId()); |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 811 | } catch (RemoteException e) { |
| 812 | Log.w(TAG, "Failed talking with device policy service", e); |
| 813 | } |
| 814 | } |
| 815 | return 0; |
| 816 | } |
| 817 | |
| 818 | /** |
| 819 | * Get the current password expiration time for the given admin or an aggregate of |
Jim Miller | 6b85768 | 2011-02-16 16:27:41 -0800 | [diff] [blame] | 820 | * all admins if admin is null. If the password is expired, this will return the time since |
| 821 | * the password expired as a negative number. If admin is null, then a composite of all |
| 822 | * expiration timeouts is returned - which will be the minimum of all timeouts. |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 823 | * |
| 824 | * @param admin The name of the admin component to check, or null to aggregate all admins. |
| 825 | * @return The password expiration time, in ms. |
| 826 | */ |
| 827 | public long getPasswordExpiration(ComponentName admin) { |
| 828 | if (mService != null) { |
| 829 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 830 | return mService.getPasswordExpiration(admin, UserHandle.myUserId()); |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 831 | } catch (RemoteException e) { |
| 832 | Log.w(TAG, "Failed talking with device policy service", e); |
| 833 | } |
| 834 | } |
| 835 | return 0; |
| 836 | } |
| 837 | |
| 838 | /** |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 839 | * Retrieve the current password history length for all admins |
| 840 | * or a particular one. |
| 841 | * @param admin The name of the admin component to check, or null to aggregate |
| 842 | * all admins. |
| 843 | * @return The length of the password history |
| 844 | */ |
| 845 | public int getPasswordHistoryLength(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 846 | return getPasswordHistoryLength(admin, UserHandle.myUserId()); |
| 847 | } |
| 848 | |
| 849 | /** @hide per-user version */ |
| 850 | public int getPasswordHistoryLength(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 851 | if (mService != null) { |
| 852 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 853 | return mService.getPasswordHistoryLength(admin, userHandle); |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 854 | } catch (RemoteException e) { |
| 855 | Log.w(TAG, "Failed talking with device policy service", e); |
| 856 | } |
| 857 | } |
| 858 | return 0; |
| 859 | } |
| 860 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 861 | /** |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 862 | * Return the maximum password length that the device supports for a |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 863 | * particular password quality. |
Dianne Hackborn | 364f6e3 | 2010-01-29 17:38:20 -0800 | [diff] [blame] | 864 | * @param quality The quality being interrogated. |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 865 | * @return Returns the maximum length that the user can enter. |
| 866 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 867 | public int getPasswordMaximumLength(int quality) { |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 868 | // Kind-of arbitrary. |
| 869 | return 16; |
| 870 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 871 | |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 872 | /** |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 873 | * Determine whether the current password the user has set is sufficient |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 874 | * to meet the policy requirements (quality, minimum length) that have been |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 875 | * requested. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 876 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 877 | * <p>The calling device admin must have requested |
| 878 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 879 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 880 | * |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 881 | * @return Returns true if the password meets the current requirements, |
| 882 | * else false. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 883 | */ |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 884 | public boolean isActivePasswordSufficient() { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 885 | if (mService != null) { |
| 886 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 887 | return mService.isActivePasswordSufficient(UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 888 | } catch (RemoteException e) { |
| 889 | Log.w(TAG, "Failed talking with device policy service", e); |
| 890 | } |
| 891 | } |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 892 | return false; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 893 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 894 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 895 | /** |
| 896 | * Retrieve the number of times the user has failed at entering a |
| 897 | * password since that last successful password entry. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 898 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 899 | * <p>The calling device admin must have requested |
| 900 | * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call |
| 901 | * this method; if it has not, a security exception will be thrown. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 902 | */ |
| 903 | public int getCurrentFailedPasswordAttempts() { |
| 904 | if (mService != null) { |
| 905 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 906 | return mService.getCurrentFailedPasswordAttempts(UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 907 | } catch (RemoteException e) { |
| 908 | Log.w(TAG, "Failed talking with device policy service", e); |
| 909 | } |
| 910 | } |
| 911 | return -1; |
| 912 | } |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 913 | |
| 914 | /** |
Andrew Stadler | 88209d1 | 2010-02-08 22:59:36 -0800 | [diff] [blame] | 915 | * Setting this to a value greater than zero enables a built-in policy |
| 916 | * that will perform a device wipe after too many incorrect |
| 917 | * device-unlock passwords have been entered. This built-in policy combines |
| 918 | * watching for failed passwords and wiping the device, and requires |
| 919 | * that you request both {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 920 | * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}}. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 921 | * |
Andrew Stadler | 88209d1 | 2010-02-08 22:59:36 -0800 | [diff] [blame] | 922 | * <p>To implement any other policy (e.g. wiping data for a particular |
| 923 | * application only, erasing or revoking credentials, or reporting the |
| 924 | * failure to a server), you should implement |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 925 | * {@link DeviceAdminReceiver#onPasswordFailed(Context, android.content.Intent)} |
Andrew Stadler | 88209d1 | 2010-02-08 22:59:36 -0800 | [diff] [blame] | 926 | * instead. Do not use this API, because if the maximum count is reached, |
| 927 | * the device will be wiped immediately, and your callback will not be invoked. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 928 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 929 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 930 | * @param num The number of failed password attempts at which point the |
| 931 | * device will wipe its data. |
| 932 | */ |
| 933 | public void setMaximumFailedPasswordsForWipe(ComponentName admin, int num) { |
| 934 | if (mService != null) { |
| 935 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 936 | mService.setMaximumFailedPasswordsForWipe(admin, num, UserHandle.myUserId()); |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 937 | } catch (RemoteException e) { |
| 938 | Log.w(TAG, "Failed talking with device policy service", e); |
| 939 | } |
| 940 | } |
| 941 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 942 | |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 943 | /** |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 944 | * Retrieve the current maximum number of login attempts that are allowed |
| 945 | * before the device wipes itself, for all admins |
| 946 | * or a particular one. |
| 947 | * @param admin The name of the admin component to check, or null to aggregate |
| 948 | * all admins. |
| 949 | */ |
| 950 | public int getMaximumFailedPasswordsForWipe(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 951 | return getMaximumFailedPasswordsForWipe(admin, UserHandle.myUserId()); |
| 952 | } |
| 953 | |
| 954 | /** @hide per-user version */ |
| 955 | public int getMaximumFailedPasswordsForWipe(ComponentName admin, int userHandle) { |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 956 | if (mService != null) { |
| 957 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 958 | return mService.getMaximumFailedPasswordsForWipe(admin, userHandle); |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 959 | } catch (RemoteException e) { |
| 960 | Log.w(TAG, "Failed talking with device policy service", e); |
| 961 | } |
| 962 | } |
| 963 | return 0; |
| 964 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 965 | |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 966 | /** |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 967 | * Flag for {@link #resetPassword}: don't allow other admins to change |
| 968 | * the password again until the user has entered it. |
| 969 | */ |
| 970 | public static final int RESET_PASSWORD_REQUIRE_ENTRY = 0x0001; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 971 | |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 972 | /** |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 973 | * Force a new device unlock password (the password needed to access the |
| 974 | * entire device, not for individual accounts) on the user. This takes |
| 975 | * effect immediately. |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 976 | * The given password must be sufficient for the |
| 977 | * current password quality and length constraints as returned by |
| 978 | * {@link #getPasswordQuality(ComponentName)} and |
| 979 | * {@link #getPasswordMinimumLength(ComponentName)}; if it does not meet |
| 980 | * these constraints, then it will be rejected and false returned. Note |
| 981 | * that the password may be a stronger quality (containing alphanumeric |
| 982 | * characters when the requested quality is only numeric), in which case |
| 983 | * the currently active quality will be increased to match. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 984 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 985 | * <p>The calling device admin must have requested |
| 986 | * {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call |
| 987 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 988 | * |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 989 | * @param password The new password for the user. |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 990 | * @param flags May be 0 or {@link #RESET_PASSWORD_REQUIRE_ENTRY}. |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 991 | * @return Returns true if the password was applied, or false if it is |
| 992 | * not acceptable for the current constraints. |
| 993 | */ |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 994 | public boolean resetPassword(String password, int flags) { |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 995 | if (mService != null) { |
| 996 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 997 | return mService.resetPassword(password, flags, UserHandle.myUserId()); |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 998 | } catch (RemoteException e) { |
| 999 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1000 | } |
| 1001 | } |
| 1002 | return false; |
| 1003 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1004 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1005 | /** |
| 1006 | * Called by an application that is administering the device to set the |
| 1007 | * maximum time for user activity until the device will lock. This limits |
| 1008 | * the length that the user can set. It takes effect immediately. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1009 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 1010 | * <p>The calling device admin must have requested |
Dianne Hackborn | 315ada7 | 2010-02-11 12:14:08 -0800 | [diff] [blame] | 1011 | * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 1012 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1013 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 1014 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1015 | * @param timeMs The new desired maximum time to lock in milliseconds. |
| 1016 | * A value of 0 means there is no restriction. |
| 1017 | */ |
| 1018 | public void setMaximumTimeToLock(ComponentName admin, long timeMs) { |
| 1019 | if (mService != null) { |
| 1020 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1021 | mService.setMaximumTimeToLock(admin, timeMs, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1022 | } catch (RemoteException e) { |
| 1023 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1024 | } |
| 1025 | } |
| 1026 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1027 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1028 | /** |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 1029 | * Retrieve the current maximum time to unlock for all admins |
| 1030 | * or a particular one. |
| 1031 | * @param admin The name of the admin component to check, or null to aggregate |
| 1032 | * all admins. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1033 | */ |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 1034 | public long getMaximumTimeToLock(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1035 | return getMaximumTimeToLock(admin, UserHandle.myUserId()); |
| 1036 | } |
| 1037 | |
| 1038 | /** @hide per-user version */ |
| 1039 | public long getMaximumTimeToLock(ComponentName admin, int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1040 | if (mService != null) { |
| 1041 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1042 | return mService.getMaximumTimeToLock(admin, userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1043 | } catch (RemoteException e) { |
| 1044 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1045 | } |
| 1046 | } |
| 1047 | return 0; |
| 1048 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1049 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1050 | /** |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 1051 | * Make the device lock immediately, as if the lock screen timeout has |
| 1052 | * expired at the point of this call. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1053 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 1054 | * <p>The calling device admin must have requested |
| 1055 | * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call |
| 1056 | * this method; if it has not, a security exception will be thrown. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1057 | */ |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 1058 | public void lockNow() { |
| 1059 | if (mService != null) { |
| 1060 | try { |
| 1061 | mService.lockNow(); |
| 1062 | } catch (RemoteException e) { |
| 1063 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1064 | } |
| 1065 | } |
| 1066 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1067 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1068 | /** |
Dianne Hackborn | 4249917 | 2010-10-15 18:45:07 -0700 | [diff] [blame] | 1069 | * Flag for {@link #wipeData(int)}: also erase the device's external |
| 1070 | * storage. |
| 1071 | */ |
| 1072 | public static final int WIPE_EXTERNAL_STORAGE = 0x0001; |
| 1073 | |
| 1074 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1075 | * Ask the user date be wiped. This will cause the device to reboot, |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 1076 | * erasing all user data while next booting up. External storage such |
Masanori Ogino | f535cb04 | 2012-02-15 19:25:50 +0900 | [diff] [blame] | 1077 | * as SD cards will be also erased if the flag {@link #WIPE_EXTERNAL_STORAGE} |
| 1078 | * is set. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1079 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 1080 | * <p>The calling device admin must have requested |
| 1081 | * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call |
| 1082 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1083 | * |
Masanori Ogino | f535cb04 | 2012-02-15 19:25:50 +0900 | [diff] [blame] | 1084 | * @param flags Bit mask of additional options: currently 0 and |
| 1085 | * {@link #WIPE_EXTERNAL_STORAGE} are supported. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1086 | */ |
| 1087 | public void wipeData(int flags) { |
| 1088 | if (mService != null) { |
| 1089 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1090 | mService.wipeData(flags, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1091 | } catch (RemoteException e) { |
| 1092 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1093 | } |
| 1094 | } |
| 1095 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1096 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1097 | /** |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1098 | * Called by an application that is administering the device to set the |
| 1099 | * global proxy and exclusion list. |
| 1100 | * <p> |
| 1101 | * The calling device admin must have requested |
| 1102 | * {@link DeviceAdminInfo#USES_POLICY_SETS_GLOBAL_PROXY} to be able to call |
| 1103 | * this method; if it has not, a security exception will be thrown. |
| 1104 | * Only the first device admin can set the proxy. If a second admin attempts |
| 1105 | * to set the proxy, the {@link ComponentName} of the admin originally setting the |
| 1106 | * proxy will be returned. If successful in setting the proxy, null will |
| 1107 | * be returned. |
| 1108 | * The method can be called repeatedly by the device admin alrady setting the |
| 1109 | * proxy to update the proxy and exclusion list. |
| 1110 | * |
| 1111 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 1112 | * with. |
| 1113 | * @param proxySpec the global proxy desired. Must be an HTTP Proxy. |
| 1114 | * Pass Proxy.NO_PROXY to reset the proxy. |
| 1115 | * @param exclusionList a list of domains to be excluded from the global proxy. |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1116 | * @return returns null if the proxy was successfully set, or a {@link ComponentName} |
| 1117 | * of the device admin that sets thew proxy otherwise. |
Andy Stadler | d267272 | 2011-02-16 10:53:33 -0800 | [diff] [blame] | 1118 | * @hide |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1119 | */ |
| 1120 | public ComponentName setGlobalProxy(ComponentName admin, Proxy proxySpec, |
| 1121 | List<String> exclusionList ) { |
| 1122 | if (proxySpec == null) { |
| 1123 | throw new NullPointerException(); |
| 1124 | } |
| 1125 | if (mService != null) { |
| 1126 | try { |
| 1127 | String hostSpec; |
| 1128 | String exclSpec; |
| 1129 | if (proxySpec.equals(Proxy.NO_PROXY)) { |
| 1130 | hostSpec = null; |
| 1131 | exclSpec = null; |
| 1132 | } else { |
| 1133 | if (!proxySpec.type().equals(Proxy.Type.HTTP)) { |
| 1134 | throw new IllegalArgumentException(); |
| 1135 | } |
| 1136 | InetSocketAddress sa = (InetSocketAddress)proxySpec.address(); |
| 1137 | String hostName = sa.getHostName(); |
| 1138 | int port = sa.getPort(); |
| 1139 | StringBuilder hostBuilder = new StringBuilder(); |
| 1140 | hostSpec = hostBuilder.append(hostName) |
| 1141 | .append(":").append(Integer.toString(port)).toString(); |
| 1142 | if (exclusionList == null) { |
| 1143 | exclSpec = ""; |
| 1144 | } else { |
| 1145 | StringBuilder listBuilder = new StringBuilder(); |
| 1146 | boolean firstDomain = true; |
| 1147 | for (String exclDomain : exclusionList) { |
| 1148 | if (!firstDomain) { |
| 1149 | listBuilder = listBuilder.append(","); |
| 1150 | } else { |
| 1151 | firstDomain = false; |
| 1152 | } |
| 1153 | listBuilder = listBuilder.append(exclDomain.trim()); |
| 1154 | } |
| 1155 | exclSpec = listBuilder.toString(); |
| 1156 | } |
| 1157 | android.net.Proxy.validate(hostName, Integer.toString(port), exclSpec); |
| 1158 | } |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1159 | return mService.setGlobalProxy(admin, hostSpec, exclSpec, UserHandle.myUserId()); |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1160 | } catch (RemoteException e) { |
| 1161 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1162 | } |
| 1163 | } |
| 1164 | return null; |
| 1165 | } |
| 1166 | |
| 1167 | /** |
| 1168 | * Returns the component name setting the global proxy. |
| 1169 | * @return ComponentName object of the device admin that set the global proxy, or |
| 1170 | * null if no admin has set the proxy. |
Andy Stadler | d267272 | 2011-02-16 10:53:33 -0800 | [diff] [blame] | 1171 | * @hide |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1172 | */ |
| 1173 | public ComponentName getGlobalProxyAdmin() { |
| 1174 | if (mService != null) { |
| 1175 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1176 | return mService.getGlobalProxyAdmin(UserHandle.myUserId()); |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1177 | } catch (RemoteException e) { |
| 1178 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1179 | } |
| 1180 | } |
| 1181 | return null; |
| 1182 | } |
| 1183 | |
| 1184 | /** |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1185 | * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1186 | * indicating that encryption is not supported. |
| 1187 | */ |
| 1188 | public static final int ENCRYPTION_STATUS_UNSUPPORTED = 0; |
| 1189 | |
| 1190 | /** |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1191 | * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1192 | * indicating that encryption is supported, but is not currently active. |
| 1193 | */ |
| 1194 | public static final int ENCRYPTION_STATUS_INACTIVE = 1; |
| 1195 | |
| 1196 | /** |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1197 | * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1198 | * indicating that encryption is not currently active, but is currently |
| 1199 | * being activated. This is only reported by devices that support |
| 1200 | * encryption of data and only when the storage is currently |
| 1201 | * undergoing a process of becoming encrypted. A device that must reboot and/or wipe data |
| 1202 | * to become encrypted will never return this value. |
| 1203 | */ |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1204 | public static final int ENCRYPTION_STATUS_ACTIVATING = 2; |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1205 | |
| 1206 | /** |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1207 | * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1208 | * indicating that encryption is active. |
| 1209 | */ |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1210 | public static final int ENCRYPTION_STATUS_ACTIVE = 3; |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1211 | |
| 1212 | /** |
| 1213 | * Activity action: begin the process of encrypting data on the device. This activity should |
| 1214 | * be launched after using {@link #setStorageEncryption} to request encryption be activated. |
| 1215 | * After resuming from this activity, use {@link #getStorageEncryption} |
| 1216 | * to check encryption status. However, on some devices this activity may never return, as |
| 1217 | * it may trigger a reboot and in some cases a complete data wipe of the device. |
| 1218 | */ |
| 1219 | @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) |
| 1220 | public static final String ACTION_START_ENCRYPTION |
| 1221 | = "android.app.action.START_ENCRYPTION"; |
| 1222 | |
| 1223 | /** |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1224 | * Widgets are enabled in keyguard |
| 1225 | */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1226 | public static final int KEYGUARD_DISABLE_FEATURES_NONE = 0; |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1227 | |
| 1228 | /** |
| 1229 | * Disable all keyguard widgets |
| 1230 | */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1231 | public static final int KEYGUARD_DISABLE_WIDGETS_ALL = 1 << 0; |
| 1232 | |
| 1233 | /** |
| 1234 | * Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password) |
| 1235 | */ |
| 1236 | public static final int KEYGUARD_DISABLE_SECURE_CAMERA = 1 << 1; |
| 1237 | |
| 1238 | /** |
Jim Miller | 3520774 | 2012-11-02 15:33:20 -0700 | [diff] [blame] | 1239 | * Disable all current and future keyguard customizations. |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1240 | */ |
| 1241 | public static final int KEYGUARD_DISABLE_FEATURES_ALL = 0x7fffffff; |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1242 | |
| 1243 | /** |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1244 | * Called by an application that is administering the device to |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1245 | * request that the storage system be encrypted. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1246 | * |
| 1247 | * <p>When multiple device administrators attempt to control device |
| 1248 | * encryption, the most secure, supported setting will always be |
| 1249 | * used. If any device administrator requests device encryption, |
| 1250 | * it will be enabled; Conversely, if a device administrator |
| 1251 | * attempts to disable device encryption while another |
| 1252 | * device administrator has enabled it, the call to disable will |
| 1253 | * fail (most commonly returning {@link #ENCRYPTION_STATUS_ACTIVE}). |
| 1254 | * |
| 1255 | * <p>This policy controls encryption of the secure (application data) storage area. Data |
Andy Stadler | 50c294f | 2011-03-07 19:13:42 -0800 | [diff] [blame] | 1256 | * written to other storage areas may or may not be encrypted, and this policy does not require |
| 1257 | * or control the encryption of any other storage areas. |
| 1258 | * There is one exception: If {@link android.os.Environment#isExternalStorageEmulated()} is |
| 1259 | * {@code true}, then the directory returned by |
| 1260 | * {@link android.os.Environment#getExternalStorageDirectory()} must be written to disk |
| 1261 | * within the encrypted storage area. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1262 | * |
| 1263 | * <p>Important Note: On some devices, it is possible to encrypt storage without requiring |
| 1264 | * the user to create a device PIN or Password. In this case, the storage is encrypted, but |
| 1265 | * the encryption key may not be fully secured. For maximum security, the administrator should |
| 1266 | * also require (and check for) a pattern, PIN, or password. |
| 1267 | * |
| 1268 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
| 1269 | * @param encrypt true to request encryption, false to release any previous request |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1270 | * @return the new request status (for all active admins) - will be one of |
| 1271 | * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, or |
| 1272 | * {@link #ENCRYPTION_STATUS_ACTIVE}. This is the value of the requests; Use |
| 1273 | * {@link #getStorageEncryptionStatus()} to query the actual device state. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1274 | */ |
| 1275 | public int setStorageEncryption(ComponentName admin, boolean encrypt) { |
| 1276 | if (mService != null) { |
| 1277 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1278 | return mService.setStorageEncryption(admin, encrypt, UserHandle.myUserId()); |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1279 | } catch (RemoteException e) { |
| 1280 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1281 | } |
| 1282 | } |
| 1283 | return ENCRYPTION_STATUS_UNSUPPORTED; |
| 1284 | } |
| 1285 | |
| 1286 | /** |
| 1287 | * Called by an application that is administering the device to |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1288 | * determine the requested setting for secure storage. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1289 | * |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1290 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. If null, |
| 1291 | * this will return the requested encryption setting as an aggregate of all active |
| 1292 | * administrators. |
| 1293 | * @return true if the admin(s) are requesting encryption, false if not. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1294 | */ |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1295 | public boolean getStorageEncryption(ComponentName admin) { |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1296 | if (mService != null) { |
| 1297 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1298 | return mService.getStorageEncryption(admin, UserHandle.myUserId()); |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1299 | } catch (RemoteException e) { |
| 1300 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1301 | } |
| 1302 | } |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1303 | return false; |
| 1304 | } |
| 1305 | |
| 1306 | /** |
| 1307 | * Called by an application that is administering the device to |
| 1308 | * determine the current encryption status of the device. |
| 1309 | * |
| 1310 | * Depending on the returned status code, the caller may proceed in different |
| 1311 | * ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the |
| 1312 | * storage system does not support encryption. If the |
| 1313 | * result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link |
| 1314 | * #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the |
| 1315 | * storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or |
| 1316 | * {@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required. |
| 1317 | * |
| 1318 | * @return current status of encryption. The value will be one of |
| 1319 | * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, |
| 1320 | * {@link #ENCRYPTION_STATUS_ACTIVATING}, or{@link #ENCRYPTION_STATUS_ACTIVE}. |
| 1321 | */ |
| 1322 | public int getStorageEncryptionStatus() { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1323 | return getStorageEncryptionStatus(UserHandle.myUserId()); |
| 1324 | } |
| 1325 | |
| 1326 | /** @hide per-user version */ |
| 1327 | public int getStorageEncryptionStatus(int userHandle) { |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1328 | if (mService != null) { |
| 1329 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1330 | return mService.getStorageEncryptionStatus(userHandle); |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1331 | } catch (RemoteException e) { |
| 1332 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1333 | } |
| 1334 | } |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1335 | return ENCRYPTION_STATUS_UNSUPPORTED; |
| 1336 | } |
| 1337 | |
| 1338 | /** |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 1339 | * Installs the given certificate as a User CA. |
| 1340 | * |
| 1341 | * @return false if the certBuffer cannot be parsed or installation is |
| 1342 | * interrupted, otherwise true |
| 1343 | * @hide |
| 1344 | */ |
| 1345 | public boolean installCaCert(byte[] certBuffer) { |
| 1346 | if (mService != null) { |
| 1347 | try { |
| 1348 | return mService.installCaCert(certBuffer); |
| 1349 | } catch (RemoteException e) { |
| 1350 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1351 | } |
| 1352 | } |
| 1353 | return false; |
| 1354 | } |
| 1355 | |
| 1356 | /** |
| 1357 | * Uninstalls the given certificate from the list of User CAs, if present. |
| 1358 | * |
| 1359 | * @hide |
| 1360 | */ |
| 1361 | public void uninstallCaCert(byte[] certBuffer) { |
| 1362 | if (mService != null) { |
| 1363 | try { |
| 1364 | mService.uninstallCaCert(certBuffer); |
| 1365 | } catch (RemoteException e) { |
| 1366 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1367 | } |
| 1368 | } |
| 1369 | } |
| 1370 | |
| 1371 | /** |
| 1372 | * Returns whether there are any user-installed CA certificates. |
| 1373 | * |
| 1374 | * @hide |
| 1375 | */ |
Maggie Benthall | 0469f41 | 2013-09-05 15:30:26 -0400 | [diff] [blame] | 1376 | public static boolean hasAnyCaCertsInstalled() { |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 1377 | TrustedCertificateStore certStore = new TrustedCertificateStore(); |
| 1378 | Set<String> aliases = certStore.userAliases(); |
| 1379 | return aliases != null && !aliases.isEmpty(); |
| 1380 | } |
| 1381 | |
| 1382 | /** |
| 1383 | * Returns whether this certificate has been installed as a User CA. |
| 1384 | * |
| 1385 | * @hide |
| 1386 | */ |
| 1387 | public boolean hasCaCertInstalled(byte[] certBuffer) { |
| 1388 | TrustedCertificateStore certStore = new TrustedCertificateStore(); |
| 1389 | String alias; |
| 1390 | byte[] pemCert; |
| 1391 | try { |
| 1392 | CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); |
| 1393 | X509Certificate cert = (X509Certificate) certFactory.generateCertificate( |
| 1394 | new ByteArrayInputStream(certBuffer)); |
| 1395 | return certStore.getCertificateAlias(cert) != null; |
| 1396 | } catch (CertificateException ce) { |
| 1397 | Log.w(TAG, "Could not parse certificate", ce); |
| 1398 | } |
| 1399 | return false; |
| 1400 | } |
| 1401 | |
| 1402 | /** |
Ben Komalo | 2447edd | 2011-05-09 16:05:33 -0700 | [diff] [blame] | 1403 | * Called by an application that is administering the device to disable all cameras |
| 1404 | * on the device. After setting this, no applications will be able to access any cameras |
| 1405 | * on the device. |
| 1406 | * |
| 1407 | * <p>The calling device admin must have requested |
| 1408 | * {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call |
| 1409 | * this method; if it has not, a security exception will be thrown. |
| 1410 | * |
| 1411 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
| 1412 | * @param disabled Whether or not the camera should be disabled. |
| 1413 | */ |
| 1414 | public void setCameraDisabled(ComponentName admin, boolean disabled) { |
| 1415 | if (mService != null) { |
| 1416 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1417 | mService.setCameraDisabled(admin, disabled, UserHandle.myUserId()); |
Ben Komalo | 2447edd | 2011-05-09 16:05:33 -0700 | [diff] [blame] | 1418 | } catch (RemoteException e) { |
| 1419 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1420 | } |
| 1421 | } |
| 1422 | } |
| 1423 | |
| 1424 | /** |
| 1425 | * Determine whether or not the device's cameras have been disabled either by the current |
| 1426 | * admin, if specified, or all admins. |
| 1427 | * @param admin The name of the admin component to check, or null to check if any admins |
| 1428 | * have disabled the camera |
| 1429 | */ |
| 1430 | public boolean getCameraDisabled(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1431 | return getCameraDisabled(admin, UserHandle.myUserId()); |
| 1432 | } |
| 1433 | |
| 1434 | /** @hide per-user version */ |
| 1435 | public boolean getCameraDisabled(ComponentName admin, int userHandle) { |
Ben Komalo | 2447edd | 2011-05-09 16:05:33 -0700 | [diff] [blame] | 1436 | if (mService != null) { |
| 1437 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1438 | return mService.getCameraDisabled(admin, userHandle); |
Ben Komalo | 2447edd | 2011-05-09 16:05:33 -0700 | [diff] [blame] | 1439 | } catch (RemoteException e) { |
| 1440 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1441 | } |
| 1442 | } |
| 1443 | return false; |
| 1444 | } |
| 1445 | |
| 1446 | /** |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1447 | * Called by an application that is administering the device to disable keyguard customizations, |
| 1448 | * such as widgets. After setting this, keyguard features will be disabled according to the |
| 1449 | * provided feature list. |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1450 | * |
| 1451 | * <p>The calling device admin must have requested |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1452 | * {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1453 | * this method; if it has not, a security exception will be thrown. |
| 1454 | * |
| 1455 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Jim Miller | 3520774 | 2012-11-02 15:33:20 -0700 | [diff] [blame] | 1456 | * @param which {@link #KEYGUARD_DISABLE_FEATURES_NONE} (default), |
| 1457 | * {@link #KEYGUARD_DISABLE_WIDGETS_ALL}, {@link #KEYGUARD_DISABLE_SECURE_CAMERA}, |
| 1458 | * {@link #KEYGUARD_DISABLE_FEATURES_ALL} |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1459 | */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1460 | public void setKeyguardDisabledFeatures(ComponentName admin, int which) { |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1461 | if (mService != null) { |
| 1462 | try { |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1463 | mService.setKeyguardDisabledFeatures(admin, which, UserHandle.myUserId()); |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1464 | } catch (RemoteException e) { |
| 1465 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1466 | } |
| 1467 | } |
| 1468 | } |
| 1469 | |
| 1470 | /** |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1471 | * Determine whether or not features have been disabled in keyguard either by the current |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1472 | * admin, if specified, or all admins. |
| 1473 | * @param admin The name of the admin component to check, or null to check if any admins |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1474 | * have disabled features in keyguard. |
Jim Miller | 3520774 | 2012-11-02 15:33:20 -0700 | [diff] [blame] | 1475 | * @return bitfield of flags. See {@link #setKeyguardDisabledFeatures(ComponentName, int)} |
| 1476 | * for a list. |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1477 | */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1478 | public int getKeyguardDisabledFeatures(ComponentName admin) { |
| 1479 | return getKeyguardDisabledFeatures(admin, UserHandle.myUserId()); |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1480 | } |
| 1481 | |
| 1482 | /** @hide per-user version */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1483 | public int getKeyguardDisabledFeatures(ComponentName admin, int userHandle) { |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1484 | if (mService != null) { |
| 1485 | try { |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1486 | return mService.getKeyguardDisabledFeatures(admin, userHandle); |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1487 | } catch (RemoteException e) { |
| 1488 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1489 | } |
| 1490 | } |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1491 | return KEYGUARD_DISABLE_FEATURES_NONE; |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1492 | } |
| 1493 | |
| 1494 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1495 | * @hide |
| 1496 | */ |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 1497 | public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1498 | if (mService != null) { |
| 1499 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1500 | mService.setActiveAdmin(policyReceiver, refreshing, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1501 | } catch (RemoteException e) { |
| 1502 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1503 | } |
| 1504 | } |
| 1505 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1506 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1507 | /** |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 1508 | * Returns the DeviceAdminInfo as defined by the administrator's package info & meta-data |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1509 | * @hide |
| 1510 | */ |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 1511 | public DeviceAdminInfo getAdminInfo(ComponentName cn) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1512 | ActivityInfo ai; |
| 1513 | try { |
| 1514 | ai = mContext.getPackageManager().getReceiverInfo(cn, |
| 1515 | PackageManager.GET_META_DATA); |
| 1516 | } catch (PackageManager.NameNotFoundException e) { |
| 1517 | Log.w(TAG, "Unable to retrieve device policy " + cn, e); |
| 1518 | return null; |
| 1519 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1520 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1521 | ResolveInfo ri = new ResolveInfo(); |
| 1522 | ri.activityInfo = ai; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1523 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1524 | try { |
| 1525 | return new DeviceAdminInfo(mContext, ri); |
| 1526 | } catch (XmlPullParserException e) { |
| 1527 | Log.w(TAG, "Unable to parse device policy " + cn, e); |
| 1528 | return null; |
| 1529 | } catch (IOException e) { |
| 1530 | Log.w(TAG, "Unable to parse device policy " + cn, e); |
| 1531 | return null; |
| 1532 | } |
| 1533 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1534 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1535 | /** |
| 1536 | * @hide |
| 1537 | */ |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 1538 | public void getRemoveWarning(ComponentName admin, RemoteCallback result) { |
| 1539 | if (mService != null) { |
| 1540 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1541 | mService.getRemoveWarning(admin, result, UserHandle.myUserId()); |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 1542 | } catch (RemoteException e) { |
| 1543 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1544 | } |
| 1545 | } |
| 1546 | } |
| 1547 | |
| 1548 | /** |
| 1549 | * @hide |
| 1550 | */ |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 1551 | public void setActivePasswordState(int quality, int length, int letters, int uppercase, |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1552 | int lowercase, int numbers, int symbols, int nonletter, int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1553 | if (mService != null) { |
| 1554 | try { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 1555 | mService.setActivePasswordState(quality, length, letters, uppercase, lowercase, |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1556 | numbers, symbols, nonletter, userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1557 | } catch (RemoteException e) { |
| 1558 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1559 | } |
| 1560 | } |
| 1561 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1562 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1563 | /** |
| 1564 | * @hide |
| 1565 | */ |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1566 | public void reportFailedPasswordAttempt(int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1567 | if (mService != null) { |
| 1568 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1569 | mService.reportFailedPasswordAttempt(userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1570 | } catch (RemoteException e) { |
| 1571 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1572 | } |
| 1573 | } |
| 1574 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1575 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1576 | /** |
| 1577 | * @hide |
| 1578 | */ |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1579 | public void reportSuccessfulPasswordAttempt(int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1580 | if (mService != null) { |
| 1581 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1582 | mService.reportSuccessfulPasswordAttempt(userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1583 | } catch (RemoteException e) { |
| 1584 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1585 | } |
| 1586 | } |
| 1587 | } |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1588 | |
| 1589 | /** |
| 1590 | * @hide |
| 1591 | * Sets the given package as the device owner. The package must already be installed and there |
| 1592 | * shouldn't be an existing device owner registered, for this call to succeed. Also, this |
| 1593 | * method must be called before the device is provisioned. |
| 1594 | * @param packageName the package name of the application to be registered as the device owner. |
| 1595 | * @return whether the package was successfully registered as the device owner. |
| 1596 | * @throws IllegalArgumentException if the package name is null or invalid |
| 1597 | * @throws IllegalStateException if a device owner is already registered or the device has |
| 1598 | * already been provisioned. |
| 1599 | */ |
| 1600 | public boolean setDeviceOwner(String packageName) throws IllegalArgumentException, |
| 1601 | IllegalStateException { |
Geoffrey Borggaard | 334c7e3 | 2013-08-08 14:31:36 -0400 | [diff] [blame] | 1602 | return setDeviceOwner(packageName, null); |
| 1603 | } |
| 1604 | |
| 1605 | /** |
| 1606 | * @hide |
| 1607 | * Sets the given package as the device owner. The package must already be installed and there |
| 1608 | * shouldn't be an existing device owner registered, for this call to succeed. Also, this |
| 1609 | * method must be called before the device is provisioned. |
| 1610 | * @param packageName the package name of the application to be registered as the device owner. |
| 1611 | * @param ownerName the human readable name of the institution that owns this device. |
| 1612 | * @return whether the package was successfully registered as the device owner. |
| 1613 | * @throws IllegalArgumentException if the package name is null or invalid |
| 1614 | * @throws IllegalStateException if a device owner is already registered or the device has |
| 1615 | * already been provisioned. |
| 1616 | */ |
| 1617 | public boolean setDeviceOwner(String packageName, String ownerName) |
| 1618 | throws IllegalArgumentException, IllegalStateException { |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1619 | if (mService != null) { |
| 1620 | try { |
Geoffrey Borggaard | 334c7e3 | 2013-08-08 14:31:36 -0400 | [diff] [blame] | 1621 | return mService.setDeviceOwner(packageName, ownerName); |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1622 | } catch (RemoteException re) { |
| 1623 | Log.w(TAG, "Failed to set device owner"); |
| 1624 | } |
| 1625 | } |
| 1626 | return false; |
| 1627 | } |
| 1628 | |
Amith Yamasani | 3b458ad | 2013-04-18 18:40:07 -0700 | [diff] [blame] | 1629 | |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1630 | /** |
Amith Yamasani | 3b458ad | 2013-04-18 18:40:07 -0700 | [diff] [blame] | 1631 | * Used to determine if a particular package has been registered as a Device Owner app. |
| 1632 | * A device owner app is a special device admin that cannot be deactivated by the user, once |
| 1633 | * activated as a device admin. It also cannot be uninstalled. To check if a particular |
| 1634 | * package is currently registered as the device owner app, pass in the package name from |
| 1635 | * {@link Context#getPackageName()} to this method.<p/>This is useful for device |
| 1636 | * admin apps that want to check if they are also registered as the device owner app. The |
| 1637 | * exact mechanism by which a device admin app is registered as a device owner app is defined by |
| 1638 | * the setup process. |
| 1639 | * @param packageName the package name of the app, to compare with the registered device owner |
| 1640 | * app, if any. |
| 1641 | * @return whether or not the package is registered as the device owner app. |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1642 | */ |
Amith Yamasani | 3b458ad | 2013-04-18 18:40:07 -0700 | [diff] [blame] | 1643 | public boolean isDeviceOwnerApp(String packageName) { |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1644 | if (mService != null) { |
| 1645 | try { |
| 1646 | return mService.isDeviceOwner(packageName); |
| 1647 | } catch (RemoteException re) { |
| 1648 | Log.w(TAG, "Failed to check device owner"); |
| 1649 | } |
| 1650 | } |
| 1651 | return false; |
| 1652 | } |
| 1653 | |
Amith Yamasani | 3b458ad | 2013-04-18 18:40:07 -0700 | [diff] [blame] | 1654 | /** |
| 1655 | * @hide |
| 1656 | * Redirect to isDeviceOwnerApp. |
| 1657 | */ |
| 1658 | public boolean isDeviceOwner(String packageName) { |
| 1659 | return isDeviceOwnerApp(packageName); |
| 1660 | } |
| 1661 | |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1662 | /** @hide */ |
| 1663 | public String getDeviceOwner() { |
| 1664 | if (mService != null) { |
| 1665 | try { |
| 1666 | return mService.getDeviceOwner(); |
| 1667 | } catch (RemoteException re) { |
| 1668 | Log.w(TAG, "Failed to get device owner"); |
| 1669 | } |
| 1670 | } |
| 1671 | return null; |
| 1672 | } |
Geoffrey Borggaard | 334c7e3 | 2013-08-08 14:31:36 -0400 | [diff] [blame] | 1673 | |
| 1674 | /** @hide */ |
| 1675 | public String getDeviceOwnerName() { |
| 1676 | if (mService != null) { |
| 1677 | try { |
| 1678 | return mService.getDeviceOwnerName(); |
| 1679 | } catch (RemoteException re) { |
| 1680 | Log.w(TAG, "Failed to get device owner"); |
| 1681 | } |
| 1682 | } |
| 1683 | return null; |
| 1684 | } |
Adam Connors | 776c555 | 2014-01-09 10:42:56 +0000 | [diff] [blame] | 1685 | |
| 1686 | /** |
| 1687 | * @hide |
| 1688 | * Sets the given package as the profile owner of the given user profile. The package must |
| 1689 | * already be installed and there shouldn't be an existing profile owner registered for this |
| 1690 | * user. Also, this method must be called before the user has been used for the first time. |
| 1691 | * @param packageName the package name of the application to be registered as profile owner. |
| 1692 | * @param ownerName the human readable name of the organisation associated with this DPM. |
| 1693 | * @return whether the package was successfully registered as the profile owner. |
| 1694 | * @throws IllegalArgumentException if packageName is null, the package isn't installed, or |
| 1695 | * the user has already been set up. |
| 1696 | */ |
| 1697 | public boolean setProfileOwner(String packageName, String ownerName) |
| 1698 | throws IllegalArgumentException { |
| 1699 | if (mService != null) { |
| 1700 | try { |
| 1701 | return mService.setProfileOwner(packageName, ownerName, |
| 1702 | Process.myUserHandle().getIdentifier()); |
| 1703 | } catch (RemoteException re) { |
| 1704 | Log.w(TAG, "Failed to set profile owner", re); |
| 1705 | throw new IllegalArgumentException("Couldn't set profile owner.", re); |
| 1706 | } |
| 1707 | } |
| 1708 | return false; |
| 1709 | } |
| 1710 | |
| 1711 | /** |
| 1712 | * Used to determine if a particular package is registered as the Profile Owner for the |
| 1713 | * current user. A profile owner is a special device admin that has additional priviledges |
| 1714 | * within the managed profile. |
| 1715 | * |
| 1716 | * @param packageName The package name of the app to compare with the registered profile owner. |
| 1717 | * @return Whether or not the package is registered as the profile owner. |
| 1718 | */ |
| 1719 | public boolean isProfileOwnerApp(String packageName) { |
| 1720 | if (mService != null) { |
| 1721 | try { |
| 1722 | String profileOwnerPackage = mService.getProfileOwner( |
| 1723 | Process.myUserHandle().getIdentifier()); |
| 1724 | return profileOwnerPackage != null && profileOwnerPackage.equals(packageName); |
| 1725 | } catch (RemoteException re) { |
| 1726 | Log.w(TAG, "Failed to check profile owner"); |
| 1727 | } |
| 1728 | } |
| 1729 | return false; |
| 1730 | } |
| 1731 | |
| 1732 | /** |
| 1733 | * @hide |
| 1734 | * @return the packageName of the owner of the given user profile or null if no profile |
| 1735 | * owner has been set for that user. |
| 1736 | * @throws IllegalArgumentException if the userId is invalid. |
| 1737 | */ |
| 1738 | public String getProfileOwner() throws IllegalArgumentException { |
| 1739 | if (mService != null) { |
| 1740 | try { |
| 1741 | return mService.getProfileOwner(Process.myUserHandle().getIdentifier()); |
| 1742 | } catch (RemoteException re) { |
| 1743 | Log.w(TAG, "Failed to get profile owner"); |
| 1744 | throw new IllegalArgumentException( |
| 1745 | "Requested profile owner for invalid userId", re); |
| 1746 | } |
| 1747 | } |
| 1748 | return null; |
| 1749 | } |
| 1750 | |
| 1751 | /** |
| 1752 | * @hide |
| 1753 | * @return the human readable name of the organisation associated with this DPM or null if |
| 1754 | * one is not set. |
| 1755 | * @throws IllegalArgumentException if the userId is invalid. |
| 1756 | */ |
| 1757 | public String getProfileOwnerName() throws IllegalArgumentException { |
| 1758 | if (mService != null) { |
| 1759 | try { |
| 1760 | return mService.getProfileOwnerName(Process.myUserHandle().getIdentifier()); |
| 1761 | } catch (RemoteException re) { |
| 1762 | Log.w(TAG, "Failed to get profile owner"); |
| 1763 | throw new IllegalArgumentException( |
| 1764 | "Requested profile owner for invalid userId", re); |
| 1765 | } |
| 1766 | } |
| 1767 | return null; |
| 1768 | } |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1769 | } |