Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2010 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 17 | package android.app.admin; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 18 | |
| 19 | import org.xmlpull.v1.XmlPullParserException; |
| 20 | |
| 21 | import android.annotation.SdkConstant; |
| 22 | import android.annotation.SdkConstant.SdkConstantType; |
| 23 | import android.content.ComponentName; |
| 24 | import android.content.Context; |
| 25 | import android.content.pm.ActivityInfo; |
| 26 | import android.content.pm.PackageManager; |
| 27 | import android.content.pm.ResolveInfo; |
| 28 | import android.os.Handler; |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 29 | import android.os.RemoteCallback; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 30 | import android.os.RemoteException; |
| 31 | import android.os.ServiceManager; |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 32 | import android.os.UserHandle; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 33 | import android.util.Log; |
| 34 | |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 35 | import com.android.org.conscrypt.TrustedCertificateStore; |
| 36 | |
| 37 | import java.io.ByteArrayInputStream; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 38 | import java.io.IOException; |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 39 | import java.net.InetSocketAddress; |
| 40 | import java.net.Proxy; |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 41 | import java.security.cert.CertificateException; |
| 42 | import java.security.cert.CertificateFactory; |
| 43 | import java.security.cert.X509Certificate; |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 44 | import java.util.List; |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 45 | import java.util.Set; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 46 | |
| 47 | /** |
| 48 | * Public interface for managing policies enforced on a device. Most clients |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 49 | * of this class must have published a {@link DeviceAdminReceiver} that the user |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 50 | * has currently enabled. |
Joe Fernandez | 3aef8e1d | 2011-12-20 10:38:34 -0800 | [diff] [blame] | 51 | * |
| 52 | * <div class="special reference"> |
| 53 | * <h3>Developer Guides</h3> |
| 54 | * <p>For more information about managing policies for device adminstration, read the |
| 55 | * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> |
| 56 | * developer guide.</p> |
| 57 | * </div> |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 58 | */ |
| 59 | public class DevicePolicyManager { |
| 60 | private static String TAG = "DevicePolicyManager"; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 61 | |
| 62 | private final Context mContext; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 63 | private final IDevicePolicyManager mService; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 64 | |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 65 | private DevicePolicyManager(Context context, Handler handler) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 66 | mContext = context; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 67 | mService = IDevicePolicyManager.Stub.asInterface( |
| 68 | ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); |
| 69 | } |
| 70 | |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 71 | /** @hide */ |
| 72 | public static DevicePolicyManager create(Context context, Handler handler) { |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 73 | DevicePolicyManager me = new DevicePolicyManager(context, handler); |
| 74 | return me.mService != null ? me : null; |
| 75 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 76 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 77 | /** |
| 78 | * Activity action: ask the user to add a new device administrator to the system. |
| 79 | * The desired policy is the ComponentName of the policy in the |
| 80 | * {@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to |
| 81 | * bring the user through adding the device administrator to the system (or |
| 82 | * allowing them to reject it). |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 83 | * |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 84 | * <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION} |
| 85 | * field to provide the user with additional explanation (in addition |
| 86 | * to your component's description) about what is being added. |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 87 | * |
| 88 | * <p>If your administrator is already active, this will ordinarily return immediately (without |
| 89 | * user intervention). However, if your administrator has been updated and is requesting |
| 90 | * additional uses-policy flags, the user will be presented with the new list. New policies |
| 91 | * will not be available to the updated administrator until the user has accepted the new list. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 92 | */ |
| 93 | @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) |
| 94 | public static final String ACTION_ADD_DEVICE_ADMIN |
| 95 | = "android.app.action.ADD_DEVICE_ADMIN"; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 96 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 97 | /** |
Jim Miller | 284b62e | 2010-06-08 14:27:42 -0700 | [diff] [blame] | 98 | * Activity action: send when any policy admin changes a policy. |
| 99 | * This is generally used to find out when a new policy is in effect. |
Jim Miller | 3e5d3fd | 2011-09-02 17:30:35 -0700 | [diff] [blame] | 100 | * |
Jim Miller | 284b62e | 2010-06-08 14:27:42 -0700 | [diff] [blame] | 101 | * @hide |
| 102 | */ |
| 103 | public static final String ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED |
| 104 | = "android.app.action.DEVICE_POLICY_MANAGER_STATE_CHANGED"; |
| 105 | |
| 106 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 107 | * The ComponentName of the administrator component. |
| 108 | * |
| 109 | * @see #ACTION_ADD_DEVICE_ADMIN |
| 110 | */ |
| 111 | public static final String EXTRA_DEVICE_ADMIN = "android.app.extra.DEVICE_ADMIN"; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 112 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 113 | /** |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 114 | * An optional CharSequence providing additional explanation for why the |
| 115 | * admin is being added. |
| 116 | * |
| 117 | * @see #ACTION_ADD_DEVICE_ADMIN |
| 118 | */ |
| 119 | public static final String EXTRA_ADD_EXPLANATION = "android.app.extra.ADD_EXPLANATION"; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 120 | |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 121 | /** |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 122 | * Activity action: have the user enter a new password. This activity should |
| 123 | * be launched after using {@link #setPasswordQuality(ComponentName, int)}, |
| 124 | * or {@link #setPasswordMinimumLength(ComponentName, int)} to have the user |
| 125 | * enter a new password that meets the current requirements. You can use |
| 126 | * {@link #isActivePasswordSufficient()} to determine whether you need to |
| 127 | * have the user select a new password in order to meet the current |
| 128 | * constraints. Upon being resumed from this activity, you can check the new |
| 129 | * password characteristics to see if they are sufficient. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 130 | */ |
| 131 | @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) |
| 132 | public static final String ACTION_SET_NEW_PASSWORD |
| 133 | = "android.app.action.SET_NEW_PASSWORD"; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 134 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 135 | /** |
| 136 | * Return true if the given administrator component is currently |
| 137 | * active (enabled) in the system. |
| 138 | */ |
| 139 | public boolean isAdminActive(ComponentName who) { |
| 140 | if (mService != null) { |
| 141 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 142 | return mService.isAdminActive(who, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 143 | } catch (RemoteException e) { |
| 144 | Log.w(TAG, "Failed talking with device policy service", e); |
| 145 | } |
| 146 | } |
| 147 | return false; |
| 148 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 149 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 150 | /** |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 151 | * Return a list of all currently active device administrator's component |
| 152 | * names. Note that if there are no administrators than null may be |
| 153 | * returned. |
| 154 | */ |
| 155 | public List<ComponentName> getActiveAdmins() { |
| 156 | if (mService != null) { |
| 157 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 158 | return mService.getActiveAdmins(UserHandle.myUserId()); |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 159 | } catch (RemoteException e) { |
| 160 | Log.w(TAG, "Failed talking with device policy service", e); |
| 161 | } |
| 162 | } |
| 163 | return null; |
| 164 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 165 | |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 166 | /** |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 167 | * Used by package administration code to determine if a package can be stopped |
| 168 | * or uninstalled. |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 169 | * @hide |
| 170 | */ |
| 171 | public boolean packageHasActiveAdmins(String packageName) { |
| 172 | if (mService != null) { |
| 173 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 174 | return mService.packageHasActiveAdmins(packageName, UserHandle.myUserId()); |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 175 | } catch (RemoteException e) { |
| 176 | Log.w(TAG, "Failed talking with device policy service", e); |
| 177 | } |
| 178 | } |
| 179 | return false; |
| 180 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 181 | |
Dianne Hackborn | 21f1bd1 | 2010-02-19 17:02:21 -0800 | [diff] [blame] | 182 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 183 | * Remove a current administration component. This can only be called |
| 184 | * by the application that owns the administration component; if you |
| 185 | * try to remove someone else's component, a security exception will be |
| 186 | * thrown. |
| 187 | */ |
| 188 | public void removeActiveAdmin(ComponentName who) { |
| 189 | if (mService != null) { |
| 190 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 191 | mService.removeActiveAdmin(who, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 192 | } catch (RemoteException e) { |
| 193 | Log.w(TAG, "Failed talking with device policy service", e); |
| 194 | } |
| 195 | } |
| 196 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 197 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 198 | /** |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 199 | * Returns true if an administrator has been granted a particular device policy. This can |
| 200 | * be used to check if the administrator was activated under an earlier set of policies, |
| 201 | * but requires additional policies after an upgrade. |
| 202 | * |
| 203 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. Must be |
| 204 | * an active administrator, or an exception will be thrown. |
| 205 | * @param usesPolicy Which uses-policy to check, as defined in {@link DeviceAdminInfo}. |
| 206 | */ |
| 207 | public boolean hasGrantedPolicy(ComponentName admin, int usesPolicy) { |
| 208 | if (mService != null) { |
| 209 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 210 | return mService.hasGrantedPolicy(admin, usesPolicy, UserHandle.myUserId()); |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 211 | } catch (RemoteException e) { |
| 212 | Log.w(TAG, "Failed talking with device policy service", e); |
| 213 | } |
| 214 | } |
| 215 | return false; |
| 216 | } |
| 217 | |
| 218 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 219 | * Constant for {@link #setPasswordQuality}: the policy has no requirements |
| 220 | * for the password. Note that quality constants are ordered so that higher |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 221 | * values are more restrictive. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 222 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 223 | public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 224 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 225 | /** |
Jim Miller | 3e5d3fd | 2011-09-02 17:30:35 -0700 | [diff] [blame] | 226 | * Constant for {@link #setPasswordQuality}: the policy allows for low-security biometric |
| 227 | * recognition technology. This implies technologies that can recognize the identity of |
| 228 | * an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). |
| 229 | * Note that quality constants are ordered so that higher values are more restrictive. |
| 230 | */ |
| 231 | public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK = 0x8000; |
| 232 | |
| 233 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 234 | * Constant for {@link #setPasswordQuality}: the policy requires some kind |
| 235 | * of password, but doesn't care what it is. Note that quality constants |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 236 | * are ordered so that higher values are more restrictive. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 237 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 238 | public static final int PASSWORD_QUALITY_SOMETHING = 0x10000; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 239 | |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 240 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 241 | * Constant for {@link #setPasswordQuality}: the user must have entered a |
| 242 | * password containing at least numeric characters. Note that quality |
| 243 | * constants are ordered so that higher values are more restrictive. |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 244 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 245 | public static final int PASSWORD_QUALITY_NUMERIC = 0x20000; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 246 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 247 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 248 | * Constant for {@link #setPasswordQuality}: the user must have entered a |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 249 | * password containing at least alphabetic (or other symbol) characters. |
| 250 | * Note that quality constants are ordered so that higher values are more |
| 251 | * restrictive. |
| 252 | */ |
| 253 | public static final int PASSWORD_QUALITY_ALPHABETIC = 0x40000; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 254 | |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 255 | /** |
| 256 | * Constant for {@link #setPasswordQuality}: the user must have entered a |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 257 | * password containing at least <em>both></em> numeric <em>and</em> |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 258 | * alphabetic (or other symbol) characters. Note that quality constants are |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 259 | * ordered so that higher values are more restrictive. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 260 | */ |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 261 | public static final int PASSWORD_QUALITY_ALPHANUMERIC = 0x50000; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 262 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 263 | /** |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 264 | * Constant for {@link #setPasswordQuality}: the user must have entered a |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 265 | * password containing at least a letter, a numerical digit and a special |
| 266 | * symbol, by default. With this password quality, passwords can be |
| 267 | * restricted to contain various sets of characters, like at least an |
| 268 | * uppercase letter, etc. These are specified using various methods, |
| 269 | * like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note |
| 270 | * that quality constants are ordered so that higher values are more |
| 271 | * restrictive. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 272 | */ |
| 273 | public static final int PASSWORD_QUALITY_COMPLEX = 0x60000; |
| 274 | |
| 275 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 276 | * Called by an application that is administering the device to set the |
| 277 | * password restrictions it is imposing. After setting this, the user |
| 278 | * will not be able to enter a new password that is not at least as |
| 279 | * restrictive as what has been set. Note that the current password |
| 280 | * will remain until the user has set a new one, so the change does not |
| 281 | * take place immediately. To prompt the user for a new password, use |
| 282 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 283 | * |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 284 | * <p>Quality constants are ordered so that higher values are more restrictive; |
| 285 | * thus the highest requested quality constant (between the policy set here, |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 286 | * the user's preference, and any other considerations) is the one that |
| 287 | * is in effect. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 288 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 289 | * <p>The calling device admin must have requested |
| 290 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 291 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 292 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 293 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 294 | * @param quality The new desired quality. One of |
| 295 | * {@link #PASSWORD_QUALITY_UNSPECIFIED}, {@link #PASSWORD_QUALITY_SOMETHING}, |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 296 | * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC}, |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 297 | * {@link #PASSWORD_QUALITY_ALPHANUMERIC} or {@link #PASSWORD_QUALITY_COMPLEX}. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 298 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 299 | public void setPasswordQuality(ComponentName admin, int quality) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 300 | if (mService != null) { |
| 301 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 302 | mService.setPasswordQuality(admin, quality, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 303 | } catch (RemoteException e) { |
| 304 | Log.w(TAG, "Failed talking with device policy service", e); |
| 305 | } |
| 306 | } |
| 307 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 308 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 309 | /** |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 310 | * Retrieve the current minimum password quality for all admins |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 311 | * or a particular one. |
| 312 | * @param admin The name of the admin component to check, or null to aggregate |
| 313 | * all admins. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 314 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 315 | public int getPasswordQuality(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 316 | return getPasswordQuality(admin, UserHandle.myUserId()); |
| 317 | } |
| 318 | |
| 319 | /** @hide per-user version */ |
| 320 | public int getPasswordQuality(ComponentName admin, int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 321 | if (mService != null) { |
| 322 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 323 | return mService.getPasswordQuality(admin, userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 324 | } catch (RemoteException e) { |
| 325 | Log.w(TAG, "Failed talking with device policy service", e); |
| 326 | } |
| 327 | } |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 328 | return PASSWORD_QUALITY_UNSPECIFIED; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 329 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 330 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 331 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 332 | * Called by an application that is administering the device to set the |
| 333 | * minimum allowed password length. After setting this, the user |
| 334 | * will not be able to enter a new password that is not at least as |
| 335 | * restrictive as what has been set. Note that the current password |
| 336 | * will remain until the user has set a new one, so the change does not |
| 337 | * take place immediately. To prompt the user for a new password, use |
| 338 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 339 | * constraint is only imposed if the administrator has also requested either |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 340 | * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC} |
| 341 | * {@link #PASSWORD_QUALITY_ALPHANUMERIC}, or {@link #PASSWORD_QUALITY_COMPLEX} |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 342 | * with {@link #setPasswordQuality}. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 343 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 344 | * <p>The calling device admin must have requested |
| 345 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 346 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 347 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 348 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 349 | * @param length The new desired minimum password length. A value of 0 |
| 350 | * means there is no restriction. |
| 351 | */ |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 352 | public void setPasswordMinimumLength(ComponentName admin, int length) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 353 | if (mService != null) { |
| 354 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 355 | mService.setPasswordMinimumLength(admin, length, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 356 | } catch (RemoteException e) { |
| 357 | Log.w(TAG, "Failed talking with device policy service", e); |
| 358 | } |
| 359 | } |
| 360 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 361 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 362 | /** |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 363 | * Retrieve the current minimum password length for all admins |
| 364 | * or a particular one. |
| 365 | * @param admin The name of the admin component to check, or null to aggregate |
| 366 | * all admins. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 367 | */ |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 368 | public int getPasswordMinimumLength(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 369 | return getPasswordMinimumLength(admin, UserHandle.myUserId()); |
| 370 | } |
| 371 | |
| 372 | /** @hide per-user version */ |
| 373 | public int getPasswordMinimumLength(ComponentName admin, int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 374 | if (mService != null) { |
| 375 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 376 | return mService.getPasswordMinimumLength(admin, userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 377 | } catch (RemoteException e) { |
| 378 | Log.w(TAG, "Failed talking with device policy service", e); |
| 379 | } |
| 380 | } |
| 381 | return 0; |
| 382 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 383 | |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 384 | /** |
| 385 | * Called by an application that is administering the device to set the |
| 386 | * minimum number of upper case letters required in the password. After |
| 387 | * setting this, the user will not be able to enter a new password that is |
| 388 | * not at least as restrictive as what has been set. Note that the current |
| 389 | * password will remain until the user has set a new one, so the change does |
| 390 | * not take place immediately. To prompt the user for a new password, use |
| 391 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 392 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 393 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 394 | * default value is 0. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 395 | * <p> |
| 396 | * The calling device admin must have requested |
| 397 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 398 | * this method; if it has not, a security exception will be thrown. |
| 399 | * |
| 400 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 401 | * with. |
| 402 | * @param length The new desired minimum number of upper case letters |
| 403 | * required in the password. A value of 0 means there is no |
| 404 | * restriction. |
| 405 | */ |
| 406 | public void setPasswordMinimumUpperCase(ComponentName admin, int length) { |
| 407 | if (mService != null) { |
| 408 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 409 | mService.setPasswordMinimumUpperCase(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 410 | } catch (RemoteException e) { |
| 411 | Log.w(TAG, "Failed talking with device policy service", e); |
| 412 | } |
| 413 | } |
| 414 | } |
| 415 | |
| 416 | /** |
| 417 | * Retrieve the current number of upper case letters required in the |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 418 | * password for all admins or a particular one. This is the same value as |
| 419 | * set by {#link {@link #setPasswordMinimumUpperCase(ComponentName, int)} |
| 420 | * and only applies when the password quality is |
| 421 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 422 | * |
| 423 | * @param admin The name of the admin component to check, or null to |
| 424 | * aggregate all admins. |
| 425 | * @return The minimum number of upper case letters required in the |
| 426 | * password. |
| 427 | */ |
| 428 | public int getPasswordMinimumUpperCase(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 429 | return getPasswordMinimumUpperCase(admin, UserHandle.myUserId()); |
| 430 | } |
| 431 | |
| 432 | /** @hide per-user version */ |
| 433 | public int getPasswordMinimumUpperCase(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 434 | if (mService != null) { |
| 435 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 436 | return mService.getPasswordMinimumUpperCase(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 437 | } catch (RemoteException e) { |
| 438 | Log.w(TAG, "Failed talking with device policy service", e); |
| 439 | } |
| 440 | } |
| 441 | return 0; |
| 442 | } |
| 443 | |
| 444 | /** |
| 445 | * Called by an application that is administering the device to set the |
| 446 | * minimum number of lower case letters required in the password. After |
| 447 | * setting this, the user will not be able to enter a new password that is |
| 448 | * not at least as restrictive as what has been set. Note that the current |
| 449 | * password will remain until the user has set a new one, so the change does |
| 450 | * not take place immediately. To prompt the user for a new password, use |
| 451 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 452 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 453 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 454 | * default value is 0. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 455 | * <p> |
| 456 | * The calling device admin must have requested |
| 457 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 458 | * this method; if it has not, a security exception will be thrown. |
| 459 | * |
| 460 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 461 | * with. |
| 462 | * @param length The new desired minimum number of lower case letters |
| 463 | * required in the password. A value of 0 means there is no |
| 464 | * restriction. |
| 465 | */ |
| 466 | public void setPasswordMinimumLowerCase(ComponentName admin, int length) { |
| 467 | if (mService != null) { |
| 468 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 469 | mService.setPasswordMinimumLowerCase(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 470 | } catch (RemoteException e) { |
| 471 | Log.w(TAG, "Failed talking with device policy service", e); |
| 472 | } |
| 473 | } |
| 474 | } |
| 475 | |
| 476 | /** |
| 477 | * Retrieve the current number of lower case letters required in the |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 478 | * password for all admins or a particular one. This is the same value as |
| 479 | * set by {#link {@link #setPasswordMinimumLowerCase(ComponentName, int)} |
| 480 | * and only applies when the password quality is |
| 481 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 482 | * |
| 483 | * @param admin The name of the admin component to check, or null to |
| 484 | * aggregate all admins. |
| 485 | * @return The minimum number of lower case letters required in the |
| 486 | * password. |
| 487 | */ |
| 488 | public int getPasswordMinimumLowerCase(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 489 | return getPasswordMinimumLowerCase(admin, UserHandle.myUserId()); |
| 490 | } |
| 491 | |
| 492 | /** @hide per-user version */ |
| 493 | public int getPasswordMinimumLowerCase(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 494 | if (mService != null) { |
| 495 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 496 | return mService.getPasswordMinimumLowerCase(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 497 | } catch (RemoteException e) { |
| 498 | Log.w(TAG, "Failed talking with device policy service", e); |
| 499 | } |
| 500 | } |
| 501 | return 0; |
| 502 | } |
| 503 | |
| 504 | /** |
| 505 | * Called by an application that is administering the device to set the |
| 506 | * minimum number of letters required in the password. After setting this, |
| 507 | * the user will not be able to enter a new password that is not at least as |
| 508 | * restrictive as what has been set. Note that the current password will |
| 509 | * remain until the user has set a new one, so the change does not take |
| 510 | * place immediately. To prompt the user for a new password, use |
| 511 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 512 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 513 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 514 | * default value is 1. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 515 | * <p> |
| 516 | * The calling device admin must have requested |
| 517 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 518 | * this method; if it has not, a security exception will be thrown. |
| 519 | * |
| 520 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 521 | * with. |
| 522 | * @param length The new desired minimum number of letters required in the |
| 523 | * password. A value of 0 means there is no restriction. |
| 524 | */ |
| 525 | public void setPasswordMinimumLetters(ComponentName admin, int length) { |
| 526 | if (mService != null) { |
| 527 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 528 | mService.setPasswordMinimumLetters(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 529 | } catch (RemoteException e) { |
| 530 | Log.w(TAG, "Failed talking with device policy service", e); |
| 531 | } |
| 532 | } |
| 533 | } |
| 534 | |
| 535 | /** |
| 536 | * Retrieve the current number of letters required in the password for all |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 537 | * admins or a particular one. This is the same value as |
| 538 | * set by {#link {@link #setPasswordMinimumLetters(ComponentName, int)} |
| 539 | * and only applies when the password quality is |
| 540 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 541 | * |
| 542 | * @param admin The name of the admin component to check, or null to |
| 543 | * aggregate all admins. |
| 544 | * @return The minimum number of letters required in the password. |
| 545 | */ |
| 546 | public int getPasswordMinimumLetters(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 547 | return getPasswordMinimumLetters(admin, UserHandle.myUserId()); |
| 548 | } |
| 549 | |
| 550 | /** @hide per-user version */ |
| 551 | public int getPasswordMinimumLetters(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 552 | if (mService != null) { |
| 553 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 554 | return mService.getPasswordMinimumLetters(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 555 | } catch (RemoteException e) { |
| 556 | Log.w(TAG, "Failed talking with device policy service", e); |
| 557 | } |
| 558 | } |
| 559 | return 0; |
| 560 | } |
| 561 | |
| 562 | /** |
| 563 | * Called by an application that is administering the device to set the |
| 564 | * minimum number of numerical digits required in the password. After |
| 565 | * setting this, the user will not be able to enter a new password that is |
| 566 | * not at least as restrictive as what has been set. Note that the current |
| 567 | * password will remain until the user has set a new one, so the change does |
| 568 | * not take place immediately. To prompt the user for a new password, use |
| 569 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 570 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 571 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 572 | * default value is 1. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 573 | * <p> |
| 574 | * The calling device admin must have requested |
| 575 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 576 | * this method; if it has not, a security exception will be thrown. |
| 577 | * |
| 578 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 579 | * with. |
| 580 | * @param length The new desired minimum number of numerical digits required |
| 581 | * in the password. A value of 0 means there is no restriction. |
| 582 | */ |
| 583 | public void setPasswordMinimumNumeric(ComponentName admin, int length) { |
| 584 | if (mService != null) { |
| 585 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 586 | mService.setPasswordMinimumNumeric(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 587 | } catch (RemoteException e) { |
| 588 | Log.w(TAG, "Failed talking with device policy service", e); |
| 589 | } |
| 590 | } |
| 591 | } |
| 592 | |
| 593 | /** |
| 594 | * Retrieve the current number of numerical digits required in the password |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 595 | * for all admins or a particular one. This is the same value as |
| 596 | * set by {#link {@link #setPasswordMinimumNumeric(ComponentName, int)} |
| 597 | * and only applies when the password quality is |
| 598 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 599 | * |
| 600 | * @param admin The name of the admin component to check, or null to |
| 601 | * aggregate all admins. |
| 602 | * @return The minimum number of numerical digits required in the password. |
| 603 | */ |
| 604 | public int getPasswordMinimumNumeric(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 605 | return getPasswordMinimumNumeric(admin, UserHandle.myUserId()); |
| 606 | } |
| 607 | |
| 608 | /** @hide per-user version */ |
| 609 | public int getPasswordMinimumNumeric(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 610 | if (mService != null) { |
| 611 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 612 | return mService.getPasswordMinimumNumeric(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 613 | } catch (RemoteException e) { |
| 614 | Log.w(TAG, "Failed talking with device policy service", e); |
| 615 | } |
| 616 | } |
| 617 | return 0; |
| 618 | } |
| 619 | |
| 620 | /** |
| 621 | * Called by an application that is administering the device to set the |
| 622 | * minimum number of symbols required in the password. After setting this, |
| 623 | * the user will not be able to enter a new password that is not at least as |
| 624 | * restrictive as what has been set. Note that the current password will |
| 625 | * remain until the user has set a new one, so the change does not take |
| 626 | * place immediately. To prompt the user for a new password, use |
| 627 | * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This |
| 628 | * constraint is only imposed if the administrator has also requested |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 629 | * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The |
| 630 | * default value is 1. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 631 | * <p> |
| 632 | * The calling device admin must have requested |
| 633 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 634 | * this method; if it has not, a security exception will be thrown. |
| 635 | * |
| 636 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 637 | * with. |
| 638 | * @param length The new desired minimum number of symbols required in the |
| 639 | * password. A value of 0 means there is no restriction. |
| 640 | */ |
| 641 | public void setPasswordMinimumSymbols(ComponentName admin, int length) { |
| 642 | if (mService != null) { |
| 643 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 644 | mService.setPasswordMinimumSymbols(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 645 | } catch (RemoteException e) { |
| 646 | Log.w(TAG, "Failed talking with device policy service", e); |
| 647 | } |
| 648 | } |
| 649 | } |
| 650 | |
| 651 | /** |
| 652 | * Retrieve the current number of symbols required in the password for all |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 653 | * admins or a particular one. This is the same value as |
| 654 | * set by {#link {@link #setPasswordMinimumSymbols(ComponentName, int)} |
| 655 | * and only applies when the password quality is |
| 656 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 657 | * |
| 658 | * @param admin The name of the admin component to check, or null to |
| 659 | * aggregate all admins. |
| 660 | * @return The minimum number of symbols required in the password. |
| 661 | */ |
| 662 | public int getPasswordMinimumSymbols(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 663 | return getPasswordMinimumSymbols(admin, UserHandle.myUserId()); |
| 664 | } |
| 665 | |
| 666 | /** @hide per-user version */ |
| 667 | public int getPasswordMinimumSymbols(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 668 | if (mService != null) { |
| 669 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 670 | return mService.getPasswordMinimumSymbols(admin, userHandle); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 671 | } catch (RemoteException e) { |
| 672 | Log.w(TAG, "Failed talking with device policy service", e); |
| 673 | } |
| 674 | } |
| 675 | return 0; |
| 676 | } |
| 677 | |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 678 | /** |
| 679 | * Called by an application that is administering the device to set the |
| 680 | * minimum number of non-letter characters (numerical digits or symbols) |
| 681 | * required in the password. After setting this, the user will not be able |
| 682 | * to enter a new password that is not at least as restrictive as what has |
| 683 | * been set. Note that the current password will remain until the user has |
| 684 | * set a new one, so the change does not take place immediately. To prompt |
| 685 | * the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} after |
| 686 | * setting this value. This constraint is only imposed if the administrator |
| 687 | * has also requested {@link #PASSWORD_QUALITY_COMPLEX} with |
| 688 | * {@link #setPasswordQuality}. The default value is 0. |
| 689 | * <p> |
| 690 | * The calling device admin must have requested |
| 691 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 692 | * this method; if it has not, a security exception will be thrown. |
| 693 | * |
| 694 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 695 | * with. |
| 696 | * @param length The new desired minimum number of letters required in the |
| 697 | * password. A value of 0 means there is no restriction. |
| 698 | */ |
| 699 | public void setPasswordMinimumNonLetter(ComponentName admin, int length) { |
| 700 | if (mService != null) { |
| 701 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 702 | mService.setPasswordMinimumNonLetter(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 703 | } catch (RemoteException e) { |
| 704 | Log.w(TAG, "Failed talking with device policy service", e); |
| 705 | } |
| 706 | } |
| 707 | } |
| 708 | |
| 709 | /** |
| 710 | * Retrieve the current number of non-letter characters required in the |
| 711 | * password for all admins or a particular one. This is the same value as |
| 712 | * set by {#link {@link #setPasswordMinimumNonLetter(ComponentName, int)} |
| 713 | * and only applies when the password quality is |
| 714 | * {@link #PASSWORD_QUALITY_COMPLEX}. |
| 715 | * |
| 716 | * @param admin The name of the admin component to check, or null to |
| 717 | * aggregate all admins. |
| 718 | * @return The minimum number of letters required in the password. |
| 719 | */ |
| 720 | public int getPasswordMinimumNonLetter(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 721 | return getPasswordMinimumNonLetter(admin, UserHandle.myUserId()); |
| 722 | } |
| 723 | |
| 724 | /** @hide per-user version */ |
| 725 | public int getPasswordMinimumNonLetter(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 726 | if (mService != null) { |
| 727 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 728 | return mService.getPasswordMinimumNonLetter(admin, userHandle); |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 729 | } catch (RemoteException e) { |
| 730 | Log.w(TAG, "Failed talking with device policy service", e); |
| 731 | } |
| 732 | } |
| 733 | return 0; |
| 734 | } |
| 735 | |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 736 | /** |
| 737 | * Called by an application that is administering the device to set the length |
| 738 | * of the password history. After setting this, the user will not be able to |
| 739 | * enter a new password that is the same as any password in the history. Note |
| 740 | * that the current password will remain until the user has set a new one, so |
| 741 | * the change does not take place immediately. To prompt the user for a new |
| 742 | * password, use {@link #ACTION_SET_NEW_PASSWORD} after setting this value. |
| 743 | * This constraint is only imposed if the administrator has also requested |
| 744 | * either {@link #PASSWORD_QUALITY_NUMERIC}, |
| 745 | * {@link #PASSWORD_QUALITY_ALPHABETIC}, or |
| 746 | * {@link #PASSWORD_QUALITY_ALPHANUMERIC} with {@link #setPasswordQuality}. |
| 747 | * |
| 748 | * <p> |
| 749 | * The calling device admin must have requested |
| 750 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this |
| 751 | * method; if it has not, a security exception will be thrown. |
| 752 | * |
| 753 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 754 | * with. |
| 755 | * @param length The new desired length of password history. A value of 0 |
| 756 | * means there is no restriction. |
| 757 | */ |
| 758 | public void setPasswordHistoryLength(ComponentName admin, int length) { |
| 759 | if (mService != null) { |
| 760 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 761 | mService.setPasswordHistoryLength(admin, length, UserHandle.myUserId()); |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 762 | } catch (RemoteException e) { |
| 763 | Log.w(TAG, "Failed talking with device policy service", e); |
| 764 | } |
| 765 | } |
| 766 | } |
| 767 | |
| 768 | /** |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 769 | * Called by a device admin to set the password expiration timeout. Calling this method |
| 770 | * will restart the countdown for password expiration for the given admin, as will changing |
| 771 | * the device password (for all admins). |
| 772 | * |
| 773 | * <p>The provided timeout is the time delta in ms and will be added to the current time. |
| 774 | * For example, to have the password expire 5 days from now, timeout would be |
| 775 | * 5 * 86400 * 1000 = 432000000 ms for timeout. |
| 776 | * |
| 777 | * <p>To disable password expiration, a value of 0 may be used for timeout. |
| 778 | * |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 779 | * <p>The calling device admin must have requested |
| 780 | * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this |
| 781 | * method; if it has not, a security exception will be thrown. |
| 782 | * |
| 783 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
| 784 | * @param timeout The limit (in ms) that a password can remain in effect. A value of 0 |
| 785 | * means there is no restriction (unlimited). |
| 786 | */ |
| 787 | public void setPasswordExpirationTimeout(ComponentName admin, long timeout) { |
| 788 | if (mService != null) { |
| 789 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 790 | mService.setPasswordExpirationTimeout(admin, timeout, UserHandle.myUserId()); |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 791 | } catch (RemoteException e) { |
| 792 | Log.w(TAG, "Failed talking with device policy service", e); |
| 793 | } |
| 794 | } |
| 795 | } |
| 796 | |
| 797 | /** |
Jim Miller | 6b85768 | 2011-02-16 16:27:41 -0800 | [diff] [blame] | 798 | * Get the password expiration timeout for the given admin. The expiration timeout is the |
| 799 | * recurring expiration timeout provided in the call to |
| 800 | * {@link #setPasswordExpirationTimeout(ComponentName, long)} for the given admin or the |
| 801 | * aggregate of all policy administrators if admin is null. |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 802 | * |
| 803 | * @param admin The name of the admin component to check, or null to aggregate all admins. |
| 804 | * @return The timeout for the given admin or the minimum of all timeouts |
| 805 | */ |
| 806 | public long getPasswordExpirationTimeout(ComponentName admin) { |
| 807 | if (mService != null) { |
| 808 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 809 | return mService.getPasswordExpirationTimeout(admin, UserHandle.myUserId()); |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 810 | } catch (RemoteException e) { |
| 811 | Log.w(TAG, "Failed talking with device policy service", e); |
| 812 | } |
| 813 | } |
| 814 | return 0; |
| 815 | } |
| 816 | |
| 817 | /** |
| 818 | * Get the current password expiration time for the given admin or an aggregate of |
Jim Miller | 6b85768 | 2011-02-16 16:27:41 -0800 | [diff] [blame] | 819 | * all admins if admin is null. If the password is expired, this will return the time since |
| 820 | * the password expired as a negative number. If admin is null, then a composite of all |
| 821 | * expiration timeouts is returned - which will be the minimum of all timeouts. |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 822 | * |
| 823 | * @param admin The name of the admin component to check, or null to aggregate all admins. |
| 824 | * @return The password expiration time, in ms. |
| 825 | */ |
| 826 | public long getPasswordExpiration(ComponentName admin) { |
| 827 | if (mService != null) { |
| 828 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 829 | return mService.getPasswordExpiration(admin, UserHandle.myUserId()); |
Jim Miller | a4e28d1 | 2010-11-08 16:15:47 -0800 | [diff] [blame] | 830 | } catch (RemoteException e) { |
| 831 | Log.w(TAG, "Failed talking with device policy service", e); |
| 832 | } |
| 833 | } |
| 834 | return 0; |
| 835 | } |
| 836 | |
| 837 | /** |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 838 | * Retrieve the current password history length for all admins |
| 839 | * or a particular one. |
| 840 | * @param admin The name of the admin component to check, or null to aggregate |
| 841 | * all admins. |
| 842 | * @return The length of the password history |
| 843 | */ |
| 844 | public int getPasswordHistoryLength(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 845 | return getPasswordHistoryLength(admin, UserHandle.myUserId()); |
| 846 | } |
| 847 | |
| 848 | /** @hide per-user version */ |
| 849 | public int getPasswordHistoryLength(ComponentName admin, int userHandle) { |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 850 | if (mService != null) { |
| 851 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 852 | return mService.getPasswordHistoryLength(admin, userHandle); |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 853 | } catch (RemoteException e) { |
| 854 | Log.w(TAG, "Failed talking with device policy service", e); |
| 855 | } |
| 856 | } |
| 857 | return 0; |
| 858 | } |
| 859 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 860 | /** |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 861 | * Return the maximum password length that the device supports for a |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 862 | * particular password quality. |
Dianne Hackborn | 364f6e3 | 2010-01-29 17:38:20 -0800 | [diff] [blame] | 863 | * @param quality The quality being interrogated. |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 864 | * @return Returns the maximum length that the user can enter. |
| 865 | */ |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 866 | public int getPasswordMaximumLength(int quality) { |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 867 | // Kind-of arbitrary. |
| 868 | return 16; |
| 869 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 870 | |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 871 | /** |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 872 | * Determine whether the current password the user has set is sufficient |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 873 | * to meet the policy requirements (quality, minimum length) that have been |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 874 | * requested. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 875 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 876 | * <p>The calling device admin must have requested |
| 877 | * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call |
| 878 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 879 | * |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 880 | * @return Returns true if the password meets the current requirements, |
| 881 | * else false. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 882 | */ |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 883 | public boolean isActivePasswordSufficient() { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 884 | if (mService != null) { |
| 885 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 886 | return mService.isActivePasswordSufficient(UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 887 | } catch (RemoteException e) { |
| 888 | Log.w(TAG, "Failed talking with device policy service", e); |
| 889 | } |
| 890 | } |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 891 | return false; |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 892 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 893 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 894 | /** |
| 895 | * Retrieve the number of times the user has failed at entering a |
| 896 | * password since that last successful password entry. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 897 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 898 | * <p>The calling device admin must have requested |
| 899 | * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call |
| 900 | * this method; if it has not, a security exception will be thrown. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 901 | */ |
| 902 | public int getCurrentFailedPasswordAttempts() { |
| 903 | if (mService != null) { |
| 904 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 905 | return mService.getCurrentFailedPasswordAttempts(UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 906 | } catch (RemoteException e) { |
| 907 | Log.w(TAG, "Failed talking with device policy service", e); |
| 908 | } |
| 909 | } |
| 910 | return -1; |
| 911 | } |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 912 | |
| 913 | /** |
Andrew Stadler | 88209d1 | 2010-02-08 22:59:36 -0800 | [diff] [blame] | 914 | * Setting this to a value greater than zero enables a built-in policy |
| 915 | * that will perform a device wipe after too many incorrect |
| 916 | * device-unlock passwords have been entered. This built-in policy combines |
| 917 | * watching for failed passwords and wiping the device, and requires |
| 918 | * that you request both {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 919 | * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}}. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 920 | * |
Andrew Stadler | 88209d1 | 2010-02-08 22:59:36 -0800 | [diff] [blame] | 921 | * <p>To implement any other policy (e.g. wiping data for a particular |
| 922 | * application only, erasing or revoking credentials, or reporting the |
| 923 | * failure to a server), you should implement |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 924 | * {@link DeviceAdminReceiver#onPasswordFailed(Context, android.content.Intent)} |
Andrew Stadler | 88209d1 | 2010-02-08 22:59:36 -0800 | [diff] [blame] | 925 | * instead. Do not use this API, because if the maximum count is reached, |
| 926 | * the device will be wiped immediately, and your callback will not be invoked. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 927 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 928 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 929 | * @param num The number of failed password attempts at which point the |
| 930 | * device will wipe its data. |
| 931 | */ |
| 932 | public void setMaximumFailedPasswordsForWipe(ComponentName admin, int num) { |
| 933 | if (mService != null) { |
| 934 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 935 | mService.setMaximumFailedPasswordsForWipe(admin, num, UserHandle.myUserId()); |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 936 | } catch (RemoteException e) { |
| 937 | Log.w(TAG, "Failed talking with device policy service", e); |
| 938 | } |
| 939 | } |
| 940 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 941 | |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 942 | /** |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 943 | * Retrieve the current maximum number of login attempts that are allowed |
| 944 | * before the device wipes itself, for all admins |
| 945 | * or a particular one. |
| 946 | * @param admin The name of the admin component to check, or null to aggregate |
| 947 | * all admins. |
| 948 | */ |
| 949 | public int getMaximumFailedPasswordsForWipe(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 950 | return getMaximumFailedPasswordsForWipe(admin, UserHandle.myUserId()); |
| 951 | } |
| 952 | |
| 953 | /** @hide per-user version */ |
| 954 | public int getMaximumFailedPasswordsForWipe(ComponentName admin, int userHandle) { |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 955 | if (mService != null) { |
| 956 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 957 | return mService.getMaximumFailedPasswordsForWipe(admin, userHandle); |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 958 | } catch (RemoteException e) { |
| 959 | Log.w(TAG, "Failed talking with device policy service", e); |
| 960 | } |
| 961 | } |
| 962 | return 0; |
| 963 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 964 | |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 965 | /** |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 966 | * Flag for {@link #resetPassword}: don't allow other admins to change |
| 967 | * the password again until the user has entered it. |
| 968 | */ |
| 969 | public static final int RESET_PASSWORD_REQUIRE_ENTRY = 0x0001; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 970 | |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 971 | /** |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 972 | * Force a new device unlock password (the password needed to access the |
| 973 | * entire device, not for individual accounts) on the user. This takes |
| 974 | * effect immediately. |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 975 | * The given password must be sufficient for the |
| 976 | * current password quality and length constraints as returned by |
| 977 | * {@link #getPasswordQuality(ComponentName)} and |
| 978 | * {@link #getPasswordMinimumLength(ComponentName)}; if it does not meet |
| 979 | * these constraints, then it will be rejected and false returned. Note |
| 980 | * that the password may be a stronger quality (containing alphanumeric |
| 981 | * characters when the requested quality is only numeric), in which case |
| 982 | * the currently active quality will be increased to match. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 983 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 984 | * <p>The calling device admin must have requested |
| 985 | * {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call |
| 986 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 987 | * |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 988 | * @param password The new password for the user. |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 989 | * @param flags May be 0 or {@link #RESET_PASSWORD_REQUIRE_ENTRY}. |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 990 | * @return Returns true if the password was applied, or false if it is |
| 991 | * not acceptable for the current constraints. |
| 992 | */ |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 993 | public boolean resetPassword(String password, int flags) { |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 994 | if (mService != null) { |
| 995 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 996 | return mService.resetPassword(password, flags, UserHandle.myUserId()); |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 997 | } catch (RemoteException e) { |
| 998 | Log.w(TAG, "Failed talking with device policy service", e); |
| 999 | } |
| 1000 | } |
| 1001 | return false; |
| 1002 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1003 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1004 | /** |
| 1005 | * Called by an application that is administering the device to set the |
| 1006 | * maximum time for user activity until the device will lock. This limits |
| 1007 | * the length that the user can set. It takes effect immediately. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1008 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 1009 | * <p>The calling device admin must have requested |
Dianne Hackborn | 315ada7 | 2010-02-11 12:14:08 -0800 | [diff] [blame] | 1010 | * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 1011 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1012 | * |
Dianne Hackborn | ef6b22f | 2010-02-16 20:38:49 -0800 | [diff] [blame] | 1013 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1014 | * @param timeMs The new desired maximum time to lock in milliseconds. |
| 1015 | * A value of 0 means there is no restriction. |
| 1016 | */ |
| 1017 | public void setMaximumTimeToLock(ComponentName admin, long timeMs) { |
| 1018 | if (mService != null) { |
| 1019 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1020 | mService.setMaximumTimeToLock(admin, timeMs, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1021 | } catch (RemoteException e) { |
| 1022 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1023 | } |
| 1024 | } |
| 1025 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1026 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1027 | /** |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 1028 | * Retrieve the current maximum time to unlock for all admins |
| 1029 | * or a particular one. |
| 1030 | * @param admin The name of the admin component to check, or null to aggregate |
| 1031 | * all admins. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1032 | */ |
Dianne Hackborn | 254cb44 | 2010-01-27 19:23:59 -0800 | [diff] [blame] | 1033 | public long getMaximumTimeToLock(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1034 | return getMaximumTimeToLock(admin, UserHandle.myUserId()); |
| 1035 | } |
| 1036 | |
| 1037 | /** @hide per-user version */ |
| 1038 | public long getMaximumTimeToLock(ComponentName admin, int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1039 | if (mService != null) { |
| 1040 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1041 | return mService.getMaximumTimeToLock(admin, userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1042 | } catch (RemoteException e) { |
| 1043 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1044 | } |
| 1045 | } |
| 1046 | return 0; |
| 1047 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1048 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1049 | /** |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 1050 | * Make the device lock immediately, as if the lock screen timeout has |
| 1051 | * expired at the point of this call. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1052 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 1053 | * <p>The calling device admin must have requested |
| 1054 | * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call |
| 1055 | * this method; if it has not, a security exception will be thrown. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1056 | */ |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 1057 | public void lockNow() { |
| 1058 | if (mService != null) { |
| 1059 | try { |
| 1060 | mService.lockNow(); |
| 1061 | } catch (RemoteException e) { |
| 1062 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1063 | } |
| 1064 | } |
| 1065 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1066 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1067 | /** |
Dianne Hackborn | 4249917 | 2010-10-15 18:45:07 -0700 | [diff] [blame] | 1068 | * Flag for {@link #wipeData(int)}: also erase the device's external |
| 1069 | * storage. |
| 1070 | */ |
| 1071 | public static final int WIPE_EXTERNAL_STORAGE = 0x0001; |
| 1072 | |
| 1073 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1074 | * Ask the user date be wiped. This will cause the device to reboot, |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 1075 | * erasing all user data while next booting up. External storage such |
Masanori Ogino | f535cb04 | 2012-02-15 19:25:50 +0900 | [diff] [blame] | 1076 | * as SD cards will be also erased if the flag {@link #WIPE_EXTERNAL_STORAGE} |
| 1077 | * is set. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1078 | * |
Dianne Hackborn | 8aa2e89 | 2010-01-22 11:31:30 -0800 | [diff] [blame] | 1079 | * <p>The calling device admin must have requested |
| 1080 | * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call |
| 1081 | * this method; if it has not, a security exception will be thrown. |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1082 | * |
Masanori Ogino | f535cb04 | 2012-02-15 19:25:50 +0900 | [diff] [blame] | 1083 | * @param flags Bit mask of additional options: currently 0 and |
| 1084 | * {@link #WIPE_EXTERNAL_STORAGE} are supported. |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1085 | */ |
| 1086 | public void wipeData(int flags) { |
| 1087 | if (mService != null) { |
| 1088 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1089 | mService.wipeData(flags, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1090 | } catch (RemoteException e) { |
| 1091 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1092 | } |
| 1093 | } |
| 1094 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1095 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1096 | /** |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1097 | * Called by an application that is administering the device to set the |
| 1098 | * global proxy and exclusion list. |
| 1099 | * <p> |
| 1100 | * The calling device admin must have requested |
| 1101 | * {@link DeviceAdminInfo#USES_POLICY_SETS_GLOBAL_PROXY} to be able to call |
| 1102 | * this method; if it has not, a security exception will be thrown. |
| 1103 | * Only the first device admin can set the proxy. If a second admin attempts |
| 1104 | * to set the proxy, the {@link ComponentName} of the admin originally setting the |
| 1105 | * proxy will be returned. If successful in setting the proxy, null will |
| 1106 | * be returned. |
| 1107 | * The method can be called repeatedly by the device admin alrady setting the |
| 1108 | * proxy to update the proxy and exclusion list. |
| 1109 | * |
| 1110 | * @param admin Which {@link DeviceAdminReceiver} this request is associated |
| 1111 | * with. |
| 1112 | * @param proxySpec the global proxy desired. Must be an HTTP Proxy. |
| 1113 | * Pass Proxy.NO_PROXY to reset the proxy. |
| 1114 | * @param exclusionList a list of domains to be excluded from the global proxy. |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1115 | * @return returns null if the proxy was successfully set, or a {@link ComponentName} |
| 1116 | * of the device admin that sets thew proxy otherwise. |
Andy Stadler | d267272 | 2011-02-16 10:53:33 -0800 | [diff] [blame] | 1117 | * @hide |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1118 | */ |
| 1119 | public ComponentName setGlobalProxy(ComponentName admin, Proxy proxySpec, |
| 1120 | List<String> exclusionList ) { |
| 1121 | if (proxySpec == null) { |
| 1122 | throw new NullPointerException(); |
| 1123 | } |
| 1124 | if (mService != null) { |
| 1125 | try { |
| 1126 | String hostSpec; |
| 1127 | String exclSpec; |
| 1128 | if (proxySpec.equals(Proxy.NO_PROXY)) { |
| 1129 | hostSpec = null; |
| 1130 | exclSpec = null; |
| 1131 | } else { |
| 1132 | if (!proxySpec.type().equals(Proxy.Type.HTTP)) { |
| 1133 | throw new IllegalArgumentException(); |
| 1134 | } |
| 1135 | InetSocketAddress sa = (InetSocketAddress)proxySpec.address(); |
| 1136 | String hostName = sa.getHostName(); |
| 1137 | int port = sa.getPort(); |
| 1138 | StringBuilder hostBuilder = new StringBuilder(); |
| 1139 | hostSpec = hostBuilder.append(hostName) |
| 1140 | .append(":").append(Integer.toString(port)).toString(); |
| 1141 | if (exclusionList == null) { |
| 1142 | exclSpec = ""; |
| 1143 | } else { |
| 1144 | StringBuilder listBuilder = new StringBuilder(); |
| 1145 | boolean firstDomain = true; |
| 1146 | for (String exclDomain : exclusionList) { |
| 1147 | if (!firstDomain) { |
| 1148 | listBuilder = listBuilder.append(","); |
| 1149 | } else { |
| 1150 | firstDomain = false; |
| 1151 | } |
| 1152 | listBuilder = listBuilder.append(exclDomain.trim()); |
| 1153 | } |
| 1154 | exclSpec = listBuilder.toString(); |
| 1155 | } |
| 1156 | android.net.Proxy.validate(hostName, Integer.toString(port), exclSpec); |
| 1157 | } |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1158 | return mService.setGlobalProxy(admin, hostSpec, exclSpec, UserHandle.myUserId()); |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1159 | } catch (RemoteException e) { |
| 1160 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1161 | } |
| 1162 | } |
| 1163 | return null; |
| 1164 | } |
| 1165 | |
| 1166 | /** |
| 1167 | * Returns the component name setting the global proxy. |
| 1168 | * @return ComponentName object of the device admin that set the global proxy, or |
| 1169 | * null if no admin has set the proxy. |
Andy Stadler | d267272 | 2011-02-16 10:53:33 -0800 | [diff] [blame] | 1170 | * @hide |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1171 | */ |
| 1172 | public ComponentName getGlobalProxyAdmin() { |
| 1173 | if (mService != null) { |
| 1174 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1175 | return mService.getGlobalProxyAdmin(UserHandle.myUserId()); |
Oscar Montemayor | 69238c6 | 2010-08-03 10:51:06 -0700 | [diff] [blame] | 1176 | } catch (RemoteException e) { |
| 1177 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1178 | } |
| 1179 | } |
| 1180 | return null; |
| 1181 | } |
| 1182 | |
| 1183 | /** |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1184 | * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1185 | * indicating that encryption is not supported. |
| 1186 | */ |
| 1187 | public static final int ENCRYPTION_STATUS_UNSUPPORTED = 0; |
| 1188 | |
| 1189 | /** |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1190 | * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1191 | * indicating that encryption is supported, but is not currently active. |
| 1192 | */ |
| 1193 | public static final int ENCRYPTION_STATUS_INACTIVE = 1; |
| 1194 | |
| 1195 | /** |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1196 | * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1197 | * indicating that encryption is not currently active, but is currently |
| 1198 | * being activated. This is only reported by devices that support |
| 1199 | * encryption of data and only when the storage is currently |
| 1200 | * undergoing a process of becoming encrypted. A device that must reboot and/or wipe data |
| 1201 | * to become encrypted will never return this value. |
| 1202 | */ |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1203 | public static final int ENCRYPTION_STATUS_ACTIVATING = 2; |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1204 | |
| 1205 | /** |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1206 | * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1207 | * indicating that encryption is active. |
| 1208 | */ |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1209 | public static final int ENCRYPTION_STATUS_ACTIVE = 3; |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1210 | |
| 1211 | /** |
| 1212 | * Activity action: begin the process of encrypting data on the device. This activity should |
| 1213 | * be launched after using {@link #setStorageEncryption} to request encryption be activated. |
| 1214 | * After resuming from this activity, use {@link #getStorageEncryption} |
| 1215 | * to check encryption status. However, on some devices this activity may never return, as |
| 1216 | * it may trigger a reboot and in some cases a complete data wipe of the device. |
| 1217 | */ |
| 1218 | @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) |
| 1219 | public static final String ACTION_START_ENCRYPTION |
| 1220 | = "android.app.action.START_ENCRYPTION"; |
| 1221 | |
| 1222 | /** |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1223 | * Widgets are enabled in keyguard |
| 1224 | */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1225 | public static final int KEYGUARD_DISABLE_FEATURES_NONE = 0; |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1226 | |
| 1227 | /** |
| 1228 | * Disable all keyguard widgets |
| 1229 | */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1230 | public static final int KEYGUARD_DISABLE_WIDGETS_ALL = 1 << 0; |
| 1231 | |
| 1232 | /** |
| 1233 | * Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password) |
| 1234 | */ |
| 1235 | public static final int KEYGUARD_DISABLE_SECURE_CAMERA = 1 << 1; |
| 1236 | |
| 1237 | /** |
Jim Miller | 3520774 | 2012-11-02 15:33:20 -0700 | [diff] [blame] | 1238 | * Disable all current and future keyguard customizations. |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1239 | */ |
| 1240 | public static final int KEYGUARD_DISABLE_FEATURES_ALL = 0x7fffffff; |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1241 | |
| 1242 | /** |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1243 | * Called by an application that is administering the device to |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1244 | * request that the storage system be encrypted. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1245 | * |
| 1246 | * <p>When multiple device administrators attempt to control device |
| 1247 | * encryption, the most secure, supported setting will always be |
| 1248 | * used. If any device administrator requests device encryption, |
| 1249 | * it will be enabled; Conversely, if a device administrator |
| 1250 | * attempts to disable device encryption while another |
| 1251 | * device administrator has enabled it, the call to disable will |
| 1252 | * fail (most commonly returning {@link #ENCRYPTION_STATUS_ACTIVE}). |
| 1253 | * |
| 1254 | * <p>This policy controls encryption of the secure (application data) storage area. Data |
Andy Stadler | 50c294f | 2011-03-07 19:13:42 -0800 | [diff] [blame] | 1255 | * written to other storage areas may or may not be encrypted, and this policy does not require |
| 1256 | * or control the encryption of any other storage areas. |
| 1257 | * There is one exception: If {@link android.os.Environment#isExternalStorageEmulated()} is |
| 1258 | * {@code true}, then the directory returned by |
| 1259 | * {@link android.os.Environment#getExternalStorageDirectory()} must be written to disk |
| 1260 | * within the encrypted storage area. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1261 | * |
| 1262 | * <p>Important Note: On some devices, it is possible to encrypt storage without requiring |
| 1263 | * the user to create a device PIN or Password. In this case, the storage is encrypted, but |
| 1264 | * the encryption key may not be fully secured. For maximum security, the administrator should |
| 1265 | * also require (and check for) a pattern, PIN, or password. |
| 1266 | * |
| 1267 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
| 1268 | * @param encrypt true to request encryption, false to release any previous request |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1269 | * @return the new request status (for all active admins) - will be one of |
| 1270 | * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, or |
| 1271 | * {@link #ENCRYPTION_STATUS_ACTIVE}. This is the value of the requests; Use |
| 1272 | * {@link #getStorageEncryptionStatus()} to query the actual device state. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1273 | */ |
| 1274 | public int setStorageEncryption(ComponentName admin, boolean encrypt) { |
| 1275 | if (mService != null) { |
| 1276 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1277 | return mService.setStorageEncryption(admin, encrypt, UserHandle.myUserId()); |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1278 | } catch (RemoteException e) { |
| 1279 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1280 | } |
| 1281 | } |
| 1282 | return ENCRYPTION_STATUS_UNSUPPORTED; |
| 1283 | } |
| 1284 | |
| 1285 | /** |
| 1286 | * Called by an application that is administering the device to |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1287 | * determine the requested setting for secure storage. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1288 | * |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1289 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. If null, |
| 1290 | * this will return the requested encryption setting as an aggregate of all active |
| 1291 | * administrators. |
| 1292 | * @return true if the admin(s) are requesting encryption, false if not. |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1293 | */ |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1294 | public boolean getStorageEncryption(ComponentName admin) { |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1295 | if (mService != null) { |
| 1296 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1297 | return mService.getStorageEncryption(admin, UserHandle.myUserId()); |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1298 | } catch (RemoteException e) { |
| 1299 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1300 | } |
| 1301 | } |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1302 | return false; |
| 1303 | } |
| 1304 | |
| 1305 | /** |
| 1306 | * Called by an application that is administering the device to |
| 1307 | * determine the current encryption status of the device. |
| 1308 | * |
| 1309 | * Depending on the returned status code, the caller may proceed in different |
| 1310 | * ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the |
| 1311 | * storage system does not support encryption. If the |
| 1312 | * result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link |
| 1313 | * #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the |
| 1314 | * storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or |
| 1315 | * {@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required. |
| 1316 | * |
| 1317 | * @return current status of encryption. The value will be one of |
| 1318 | * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, |
| 1319 | * {@link #ENCRYPTION_STATUS_ACTIVATING}, or{@link #ENCRYPTION_STATUS_ACTIVE}. |
| 1320 | */ |
| 1321 | public int getStorageEncryptionStatus() { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1322 | return getStorageEncryptionStatus(UserHandle.myUserId()); |
| 1323 | } |
| 1324 | |
| 1325 | /** @hide per-user version */ |
| 1326 | public int getStorageEncryptionStatus(int userHandle) { |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1327 | if (mService != null) { |
| 1328 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1329 | return mService.getStorageEncryptionStatus(userHandle); |
Andy Stadler | 22dbfda | 2011-01-17 12:47:31 -0800 | [diff] [blame] | 1330 | } catch (RemoteException e) { |
| 1331 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1332 | } |
| 1333 | } |
Andy Stadler | 7b0f8f0 | 2011-01-12 14:59:52 -0800 | [diff] [blame] | 1334 | return ENCRYPTION_STATUS_UNSUPPORTED; |
| 1335 | } |
| 1336 | |
| 1337 | /** |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 1338 | * Installs the given certificate as a User CA. |
| 1339 | * |
| 1340 | * @return false if the certBuffer cannot be parsed or installation is |
| 1341 | * interrupted, otherwise true |
| 1342 | * @hide |
| 1343 | */ |
| 1344 | public boolean installCaCert(byte[] certBuffer) { |
| 1345 | if (mService != null) { |
| 1346 | try { |
| 1347 | return mService.installCaCert(certBuffer); |
| 1348 | } catch (RemoteException e) { |
| 1349 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1350 | } |
| 1351 | } |
| 1352 | return false; |
| 1353 | } |
| 1354 | |
| 1355 | /** |
| 1356 | * Uninstalls the given certificate from the list of User CAs, if present. |
| 1357 | * |
| 1358 | * @hide |
| 1359 | */ |
| 1360 | public void uninstallCaCert(byte[] certBuffer) { |
| 1361 | if (mService != null) { |
| 1362 | try { |
| 1363 | mService.uninstallCaCert(certBuffer); |
| 1364 | } catch (RemoteException e) { |
| 1365 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1366 | } |
| 1367 | } |
| 1368 | } |
| 1369 | |
| 1370 | /** |
| 1371 | * Returns whether there are any user-installed CA certificates. |
| 1372 | * |
| 1373 | * @hide |
| 1374 | */ |
Maggie Benthall | 0469f41 | 2013-09-05 15:30:26 -0400 | [diff] [blame] | 1375 | public static boolean hasAnyCaCertsInstalled() { |
Maggie Benthall | da51e68 | 2013-08-08 22:35:44 -0400 | [diff] [blame] | 1376 | TrustedCertificateStore certStore = new TrustedCertificateStore(); |
| 1377 | Set<String> aliases = certStore.userAliases(); |
| 1378 | return aliases != null && !aliases.isEmpty(); |
| 1379 | } |
| 1380 | |
| 1381 | /** |
| 1382 | * Returns whether this certificate has been installed as a User CA. |
| 1383 | * |
| 1384 | * @hide |
| 1385 | */ |
| 1386 | public boolean hasCaCertInstalled(byte[] certBuffer) { |
| 1387 | TrustedCertificateStore certStore = new TrustedCertificateStore(); |
| 1388 | String alias; |
| 1389 | byte[] pemCert; |
| 1390 | try { |
| 1391 | CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); |
| 1392 | X509Certificate cert = (X509Certificate) certFactory.generateCertificate( |
| 1393 | new ByteArrayInputStream(certBuffer)); |
| 1394 | return certStore.getCertificateAlias(cert) != null; |
| 1395 | } catch (CertificateException ce) { |
| 1396 | Log.w(TAG, "Could not parse certificate", ce); |
| 1397 | } |
| 1398 | return false; |
| 1399 | } |
| 1400 | |
| 1401 | /** |
Ben Komalo | 2447edd | 2011-05-09 16:05:33 -0700 | [diff] [blame] | 1402 | * Called by an application that is administering the device to disable all cameras |
| 1403 | * on the device. After setting this, no applications will be able to access any cameras |
| 1404 | * on the device. |
| 1405 | * |
| 1406 | * <p>The calling device admin must have requested |
| 1407 | * {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call |
| 1408 | * this method; if it has not, a security exception will be thrown. |
| 1409 | * |
| 1410 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
| 1411 | * @param disabled Whether or not the camera should be disabled. |
| 1412 | */ |
| 1413 | public void setCameraDisabled(ComponentName admin, boolean disabled) { |
| 1414 | if (mService != null) { |
| 1415 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1416 | mService.setCameraDisabled(admin, disabled, UserHandle.myUserId()); |
Ben Komalo | 2447edd | 2011-05-09 16:05:33 -0700 | [diff] [blame] | 1417 | } catch (RemoteException e) { |
| 1418 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1419 | } |
| 1420 | } |
| 1421 | } |
| 1422 | |
| 1423 | /** |
| 1424 | * Determine whether or not the device's cameras have been disabled either by the current |
| 1425 | * admin, if specified, or all admins. |
| 1426 | * @param admin The name of the admin component to check, or null to check if any admins |
| 1427 | * have disabled the camera |
| 1428 | */ |
| 1429 | public boolean getCameraDisabled(ComponentName admin) { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1430 | return getCameraDisabled(admin, UserHandle.myUserId()); |
| 1431 | } |
| 1432 | |
| 1433 | /** @hide per-user version */ |
| 1434 | public boolean getCameraDisabled(ComponentName admin, int userHandle) { |
Ben Komalo | 2447edd | 2011-05-09 16:05:33 -0700 | [diff] [blame] | 1435 | if (mService != null) { |
| 1436 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1437 | return mService.getCameraDisabled(admin, userHandle); |
Ben Komalo | 2447edd | 2011-05-09 16:05:33 -0700 | [diff] [blame] | 1438 | } catch (RemoteException e) { |
| 1439 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1440 | } |
| 1441 | } |
| 1442 | return false; |
| 1443 | } |
| 1444 | |
| 1445 | /** |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1446 | * Called by an application that is administering the device to disable keyguard customizations, |
| 1447 | * such as widgets. After setting this, keyguard features will be disabled according to the |
| 1448 | * provided feature list. |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1449 | * |
| 1450 | * <p>The calling device admin must have requested |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1451 | * {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1452 | * this method; if it has not, a security exception will be thrown. |
| 1453 | * |
| 1454 | * @param admin Which {@link DeviceAdminReceiver} this request is associated with. |
Jim Miller | 3520774 | 2012-11-02 15:33:20 -0700 | [diff] [blame] | 1455 | * @param which {@link #KEYGUARD_DISABLE_FEATURES_NONE} (default), |
| 1456 | * {@link #KEYGUARD_DISABLE_WIDGETS_ALL}, {@link #KEYGUARD_DISABLE_SECURE_CAMERA}, |
| 1457 | * {@link #KEYGUARD_DISABLE_FEATURES_ALL} |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1458 | */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1459 | public void setKeyguardDisabledFeatures(ComponentName admin, int which) { |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1460 | if (mService != null) { |
| 1461 | try { |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1462 | mService.setKeyguardDisabledFeatures(admin, which, UserHandle.myUserId()); |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1463 | } catch (RemoteException e) { |
| 1464 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1465 | } |
| 1466 | } |
| 1467 | } |
| 1468 | |
| 1469 | /** |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1470 | * Determine whether or not features have been disabled in keyguard either by the current |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1471 | * admin, if specified, or all admins. |
| 1472 | * @param admin The name of the admin component to check, or null to check if any admins |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1473 | * have disabled features in keyguard. |
Jim Miller | 3520774 | 2012-11-02 15:33:20 -0700 | [diff] [blame] | 1474 | * @return bitfield of flags. See {@link #setKeyguardDisabledFeatures(ComponentName, int)} |
| 1475 | * for a list. |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1476 | */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1477 | public int getKeyguardDisabledFeatures(ComponentName admin) { |
| 1478 | return getKeyguardDisabledFeatures(admin, UserHandle.myUserId()); |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1479 | } |
| 1480 | |
| 1481 | /** @hide per-user version */ |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1482 | public int getKeyguardDisabledFeatures(ComponentName admin, int userHandle) { |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1483 | if (mService != null) { |
| 1484 | try { |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1485 | return mService.getKeyguardDisabledFeatures(admin, userHandle); |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1486 | } catch (RemoteException e) { |
| 1487 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1488 | } |
| 1489 | } |
Jim Miller | 48b9b0d | 2012-09-19 23:16:50 -0700 | [diff] [blame] | 1490 | return KEYGUARD_DISABLE_FEATURES_NONE; |
Jim Miller | b8ec470 | 2012-08-31 17:19:10 -0700 | [diff] [blame] | 1491 | } |
| 1492 | |
| 1493 | /** |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1494 | * @hide |
| 1495 | */ |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 1496 | public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1497 | if (mService != null) { |
| 1498 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1499 | mService.setActiveAdmin(policyReceiver, refreshing, UserHandle.myUserId()); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1500 | } catch (RemoteException e) { |
| 1501 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1502 | } |
| 1503 | } |
| 1504 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1505 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1506 | /** |
Andy Stadler | c25f70a | 2010-12-08 15:56:45 -0800 | [diff] [blame] | 1507 | * Returns the DeviceAdminInfo as defined by the administrator's package info & meta-data |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1508 | * @hide |
| 1509 | */ |
Dianne Hackborn | d47c6ed | 2010-01-27 16:21:20 -0800 | [diff] [blame] | 1510 | public DeviceAdminInfo getAdminInfo(ComponentName cn) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1511 | ActivityInfo ai; |
| 1512 | try { |
| 1513 | ai = mContext.getPackageManager().getReceiverInfo(cn, |
| 1514 | PackageManager.GET_META_DATA); |
| 1515 | } catch (PackageManager.NameNotFoundException e) { |
| 1516 | Log.w(TAG, "Unable to retrieve device policy " + cn, e); |
| 1517 | return null; |
| 1518 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1519 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1520 | ResolveInfo ri = new ResolveInfo(); |
| 1521 | ri.activityInfo = ai; |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1522 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1523 | try { |
| 1524 | return new DeviceAdminInfo(mContext, ri); |
| 1525 | } catch (XmlPullParserException e) { |
| 1526 | Log.w(TAG, "Unable to parse device policy " + cn, e); |
| 1527 | return null; |
| 1528 | } catch (IOException e) { |
| 1529 | Log.w(TAG, "Unable to parse device policy " + cn, e); |
| 1530 | return null; |
| 1531 | } |
| 1532 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1533 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1534 | /** |
| 1535 | * @hide |
| 1536 | */ |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 1537 | public void getRemoveWarning(ComponentName admin, RemoteCallback result) { |
| 1538 | if (mService != null) { |
| 1539 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1540 | mService.getRemoveWarning(admin, result, UserHandle.myUserId()); |
Dianne Hackborn | 8ea138c | 2010-01-26 18:01:04 -0800 | [diff] [blame] | 1541 | } catch (RemoteException e) { |
| 1542 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1543 | } |
| 1544 | } |
| 1545 | } |
| 1546 | |
| 1547 | /** |
| 1548 | * @hide |
| 1549 | */ |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 1550 | public void setActivePasswordState(int quality, int length, int letters, int uppercase, |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1551 | int lowercase, int numbers, int symbols, int nonletter, int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1552 | if (mService != null) { |
| 1553 | try { |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 1554 | mService.setActivePasswordState(quality, length, letters, uppercase, lowercase, |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1555 | numbers, symbols, nonletter, userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1556 | } catch (RemoteException e) { |
| 1557 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1558 | } |
| 1559 | } |
| 1560 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1561 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1562 | /** |
| 1563 | * @hide |
| 1564 | */ |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1565 | public void reportFailedPasswordAttempt(int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1566 | if (mService != null) { |
| 1567 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1568 | mService.reportFailedPasswordAttempt(userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1569 | } catch (RemoteException e) { |
| 1570 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1571 | } |
| 1572 | } |
| 1573 | } |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 1574 | |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1575 | /** |
| 1576 | * @hide |
| 1577 | */ |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1578 | public void reportSuccessfulPasswordAttempt(int userHandle) { |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1579 | if (mService != null) { |
| 1580 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1581 | mService.reportSuccessfulPasswordAttempt(userHandle); |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1582 | } catch (RemoteException e) { |
| 1583 | Log.w(TAG, "Failed talking with device policy service", e); |
| 1584 | } |
| 1585 | } |
| 1586 | } |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1587 | |
| 1588 | /** |
| 1589 | * @hide |
| 1590 | * Sets the given package as the device owner. The package must already be installed and there |
| 1591 | * shouldn't be an existing device owner registered, for this call to succeed. Also, this |
| 1592 | * method must be called before the device is provisioned. |
| 1593 | * @param packageName the package name of the application to be registered as the device owner. |
| 1594 | * @return whether the package was successfully registered as the device owner. |
| 1595 | * @throws IllegalArgumentException if the package name is null or invalid |
| 1596 | * @throws IllegalStateException if a device owner is already registered or the device has |
| 1597 | * already been provisioned. |
| 1598 | */ |
| 1599 | public boolean setDeviceOwner(String packageName) throws IllegalArgumentException, |
| 1600 | IllegalStateException { |
Geoffrey Borggaard | 334c7e3 | 2013-08-08 14:31:36 -0400 | [diff] [blame] | 1601 | return setDeviceOwner(packageName, null); |
| 1602 | } |
| 1603 | |
| 1604 | /** |
| 1605 | * @hide |
| 1606 | * Sets the given package as the device owner. The package must already be installed and there |
| 1607 | * shouldn't be an existing device owner registered, for this call to succeed. Also, this |
| 1608 | * method must be called before the device is provisioned. |
| 1609 | * @param packageName the package name of the application to be registered as the device owner. |
| 1610 | * @param ownerName the human readable name of the institution that owns this device. |
| 1611 | * @return whether the package was successfully registered as the device owner. |
| 1612 | * @throws IllegalArgumentException if the package name is null or invalid |
| 1613 | * @throws IllegalStateException if a device owner is already registered or the device has |
| 1614 | * already been provisioned. |
| 1615 | */ |
| 1616 | public boolean setDeviceOwner(String packageName, String ownerName) |
| 1617 | throws IllegalArgumentException, IllegalStateException { |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1618 | if (mService != null) { |
| 1619 | try { |
Geoffrey Borggaard | 334c7e3 | 2013-08-08 14:31:36 -0400 | [diff] [blame] | 1620 | return mService.setDeviceOwner(packageName, ownerName); |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1621 | } catch (RemoteException re) { |
| 1622 | Log.w(TAG, "Failed to set device owner"); |
| 1623 | } |
| 1624 | } |
| 1625 | return false; |
| 1626 | } |
| 1627 | |
Amith Yamasani | 3b458ad | 2013-04-18 18:40:07 -0700 | [diff] [blame] | 1628 | |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1629 | /** |
Amith Yamasani | 3b458ad | 2013-04-18 18:40:07 -0700 | [diff] [blame] | 1630 | * Used to determine if a particular package has been registered as a Device Owner app. |
| 1631 | * A device owner app is a special device admin that cannot be deactivated by the user, once |
| 1632 | * activated as a device admin. It also cannot be uninstalled. To check if a particular |
| 1633 | * package is currently registered as the device owner app, pass in the package name from |
| 1634 | * {@link Context#getPackageName()} to this method.<p/>This is useful for device |
| 1635 | * admin apps that want to check if they are also registered as the device owner app. The |
| 1636 | * exact mechanism by which a device admin app is registered as a device owner app is defined by |
| 1637 | * the setup process. |
| 1638 | * @param packageName the package name of the app, to compare with the registered device owner |
| 1639 | * app, if any. |
| 1640 | * @return whether or not the package is registered as the device owner app. |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1641 | */ |
Amith Yamasani | 3b458ad | 2013-04-18 18:40:07 -0700 | [diff] [blame] | 1642 | public boolean isDeviceOwnerApp(String packageName) { |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1643 | if (mService != null) { |
| 1644 | try { |
| 1645 | return mService.isDeviceOwner(packageName); |
| 1646 | } catch (RemoteException re) { |
| 1647 | Log.w(TAG, "Failed to check device owner"); |
| 1648 | } |
| 1649 | } |
| 1650 | return false; |
| 1651 | } |
| 1652 | |
Amith Yamasani | 3b458ad | 2013-04-18 18:40:07 -0700 | [diff] [blame] | 1653 | /** |
| 1654 | * @hide |
| 1655 | * Redirect to isDeviceOwnerApp. |
| 1656 | */ |
| 1657 | public boolean isDeviceOwner(String packageName) { |
| 1658 | return isDeviceOwnerApp(packageName); |
| 1659 | } |
| 1660 | |
Amith Yamasani | 71e6c69 | 2013-03-24 17:39:28 -0700 | [diff] [blame] | 1661 | /** @hide */ |
| 1662 | public String getDeviceOwner() { |
| 1663 | if (mService != null) { |
| 1664 | try { |
| 1665 | return mService.getDeviceOwner(); |
| 1666 | } catch (RemoteException re) { |
| 1667 | Log.w(TAG, "Failed to get device owner"); |
| 1668 | } |
| 1669 | } |
| 1670 | return null; |
| 1671 | } |
Geoffrey Borggaard | 334c7e3 | 2013-08-08 14:31:36 -0400 | [diff] [blame] | 1672 | |
| 1673 | /** @hide */ |
| 1674 | public String getDeviceOwnerName() { |
| 1675 | if (mService != null) { |
| 1676 | try { |
| 1677 | return mService.getDeviceOwnerName(); |
| 1678 | } catch (RemoteException re) { |
| 1679 | Log.w(TAG, "Failed to get device owner"); |
| 1680 | } |
| 1681 | } |
| 1682 | return null; |
| 1683 | } |
Dianne Hackborn | d684784 | 2010-01-12 18:14:19 -0800 | [diff] [blame] | 1684 | } |