Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / d47c6ed4a9f2b5bd31f6c806b74701428efe458b / . / services / java / com / android / server / DevicePolicyManagerService.java
blob: 7b8645f7499d8fd31ee7414e548ef6c06ab1e547 [file] [log] [blame]
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]1/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server;
18
19import com.android.common.FastXmlSerializer;
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]20import com.android.internal.widget.LockPatternUtils;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]21
22import org.xmlpull.v1.XmlPullParser;
23import org.xmlpull.v1.XmlPullParserException;
24import org.xmlpull.v1.XmlSerializer;
25
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]26import android.app.Activity;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]27import android.app.DeviceAdmin;
28import android.app.DeviceAdminInfo;
29import android.app.DevicePolicyManager;
30import android.app.IDevicePolicyManager;
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]31import android.content.BroadcastReceiver;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]32import android.content.ComponentName;
33import android.content.Context;
34import android.content.Intent;
35import android.content.pm.PackageManager;
36import android.content.pm.ResolveInfo;
37import android.os.Binder;
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]38import android.os.IBinder;
39import android.os.IPowerManager;
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]40import android.os.RecoverySystem;
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]41import android.os.RemoteCallback;
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]42import android.os.RemoteException;
43import android.os.ServiceManager;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]44import android.util.Log;
45import android.util.Xml;
46
47import java.io.File;
48import java.io.FileInputStream;
49import java.io.FileOutputStream;
50import java.io.IOException;
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]51import java.util.ArrayList;
52import java.util.HashMap;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]53import java.util.List;
54
55/**
56 * Implementation of the device policy APIs.
57 */
58public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
59 private static final String TAG = "DevicePolicyManagerService";
60
61 private final Context mContext;
62
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]63 IPowerManager mIPowerManager;
64
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]65 int mActivePasswordMode = DevicePolicyManager.PASSWORD_MODE_UNSPECIFIED;
66 int mActivePasswordLength = 0;
67 int mFailedPasswordAttempts = 0;
68
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]69 final HashMap<ComponentName, ActiveAdmin> mAdminMap
70 = new HashMap<ComponentName, ActiveAdmin>();
71 final ArrayList<ActiveAdmin> mAdminList
72 = new ArrayList<ActiveAdmin>();
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]73
74 static class ActiveAdmin {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]75 final DeviceAdminInfo info;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]76
77 int passwordMode = DevicePolicyManager.PASSWORD_MODE_UNSPECIFIED;
78 int minimumPasswordLength = 0;
79 long maximumTimeToUnlock = 0;
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]80 int maximumFailedPasswordsForWipe = 0;
81
82 ActiveAdmin(DeviceAdminInfo _info) {
83 info = _info;
84 }
85
86 int getUid() { return info.getActivityInfo().applicationInfo.uid; }
87
88 void writeToXml(XmlSerializer out)
89 throws IllegalArgumentException, IllegalStateException, IOException {
90 if (passwordMode != DevicePolicyManager.PASSWORD_MODE_UNSPECIFIED) {
91 out.startTag(null, "password-mode");
92 out.attribute(null, "value", Integer.toString(passwordMode));
93 out.endTag(null, "password-mode");
94 if (minimumPasswordLength > 0) {
95 out.startTag(null, "min-password-length");
96 out.attribute(null, "value", Integer.toString(minimumPasswordLength));
97 out.endTag(null, "mn-password-length");
98 }
99 }
100 if (maximumTimeToUnlock != DevicePolicyManager.PASSWORD_MODE_UNSPECIFIED) {
101 out.startTag(null, "max-time-to-unlock");
102 out.attribute(null, "value", Long.toString(maximumTimeToUnlock));
103 out.endTag(null, "max-time-to-unlock");
104 }
105 if (maximumFailedPasswordsForWipe != 0) {
106 out.startTag(null, "max-failed-password-wipe");
107 out.attribute(null, "value", Integer.toString(maximumFailedPasswordsForWipe));
108 out.endTag(null, "max-failed-password-wipe");
109 }
110 }
111
112 void readFromXml(XmlPullParser parser)
113 throws XmlPullParserException, IOException {
114 int outerDepth = parser.getDepth();
115 int type;
116 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
117 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
118 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
119 continue;
120 }
121 String tag = parser.getName();
122 if ("password-mode".equals(tag)) {
123 passwordMode = Integer.parseInt(
124 parser.getAttributeValue(null, "value"));
125 } else if ("min-password-length".equals(tag)) {
126 minimumPasswordLength = Integer.parseInt(
127 parser.getAttributeValue(null, "value"));
128 } else if ("max-time-to-unlock".equals(tag)) {
129 maximumTimeToUnlock = Long.parseLong(
130 parser.getAttributeValue(null, "value"));
131 } else if ("max-failed-password-wipe".equals(tag)) {
132 maximumFailedPasswordsForWipe = Integer.parseInt(
133 parser.getAttributeValue(null, "value"));
134 }
135 }
136 }
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]137 }
138
139 /**
140 * Instantiates the service.
141 */
142 public DevicePolicyManagerService(Context context) {
143 mContext = context;
144 }
145
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]146 private IPowerManager getIPowerManager() {
147 if (mIPowerManager == null) {
148 IBinder b = ServiceManager.getService(Context.POWER_SERVICE);
149 mIPowerManager = IPowerManager.Stub.asInterface(b);
150 }
151 return mIPowerManager;
152 }
153
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]154 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]155 ActiveAdmin admin = mAdminMap.get(who);
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]156 if (admin != null
157 && who.getPackageName().equals(admin.info.getActivityInfo().packageName)
158 && who.getClassName().equals(admin.info.getActivityInfo().name)) {
159 return admin;
160 }
161 return null;
162 }
163
164 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who)
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]165 throws SecurityException {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]166 ActiveAdmin admin = mAdminMap.get(who);
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]167 if (admin != null && admin.getUid() == Binder.getCallingUid()) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]168 if (who != null) {
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]169 if (!who.getPackageName().equals(admin.info.getActivityInfo().packageName)
170 || !who.getClassName().equals(admin.info.getActivityInfo().name)) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]171 throw new SecurityException("Current admin is not " + who);
172 }
173 }
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]174 return admin;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]175 }
176 throw new SecurityException("Current admin is not owned by uid " + Binder.getCallingUid());
177 }
178
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]179 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy)
180 throws SecurityException {
181 ActiveAdmin admin = getActiveAdminForCallerLocked(who);
182 if (!admin.info.usesPolicy(reqPolicy)) {
183 throw new SecurityException("Admin " + admin.info.getComponent()
184 + " did not specify uses-policy for: "
185 + admin.info.getTagForPolicy(reqPolicy));
186 }
187 return admin;
188 }
189
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]190 void sendAdminCommandLocked(ActiveAdmin admin, String action) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]191 Intent intent = new Intent(action);
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]192 intent.setComponent(admin.info.getComponent());
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]193 mContext.sendBroadcast(intent);
194 }
195
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]196 void sendAdminCommandLocked(String action, int reqPolicy) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]197 final int N = mAdminList.size();
198 if (N > 0) {
199 for (int i=0; i<N; i++) {
200 ActiveAdmin admin = mAdminList.get(i);
201 if (admin.info.usesPolicy(reqPolicy)) {
202 sendAdminCommandLocked(admin, action);
203 }
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]204 }
Dianne Hackborn4141d032010-01-21 16:29:00 -0800[diff] [blame]205 }
206 }
207
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]208 void removeActiveAdminLocked(ComponentName adminReceiver) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]209 ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver);
210 if (admin != null) {
211 sendAdminCommandLocked(admin,
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]212 DeviceAdmin.ACTION_DEVICE_ADMIN_DISABLED);
213 // XXX need to wait for it to complete.
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]214 mAdminList.remove(admin);
215 mAdminMap.remove(adminReceiver);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]216 }
217 }
218
219 public DeviceAdminInfo findAdmin(ComponentName adminName) {
220 Intent resolveIntent = new Intent();
221 resolveIntent.setComponent(adminName);
222 List<ResolveInfo> infos = mContext.getPackageManager().queryBroadcastReceivers(
223 resolveIntent, PackageManager.GET_META_DATA);
224 if (infos == null || infos.size() <= 0) {
225 throw new IllegalArgumentException("Unknown admin: " + adminName);
226 }
227
228 try {
229 return new DeviceAdminInfo(mContext, infos.get(0));
230 } catch (XmlPullParserException e) {
231 Log.w(TAG, "Bad device admin requested: " + adminName, e);
232 return null;
233 } catch (IOException e) {
234 Log.w(TAG, "Bad device admin requested: " + adminName, e);
235 return null;
236 }
237 }
238
239 private static JournaledFile makeJournaledFile() {
240 final String base = "/data/system/device_policies.xml";
241 return new JournaledFile(new File(base), new File(base + ".tmp"));
242 }
243
244 private void saveSettingsLocked() {
245 JournaledFile journal = makeJournaledFile();
246 FileOutputStream stream = null;
247 try {
248 stream = new FileOutputStream(journal.chooseForWrite(), false);
249 XmlSerializer out = new FastXmlSerializer();
250 out.setOutput(stream, "utf-8");
251 out.startDocument(null, true);
252
253 out.startTag(null, "policies");
254
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]255 final int N = mAdminList.size();
256 for (int i=0; i<N; i++) {
257 ActiveAdmin ap = mAdminList.get(i);
258 if (ap != null) {
259 out.startTag(null, "admin");
260 out.attribute(null, "name", ap.info.getComponent().flattenToString());
261 ap.writeToXml(out);
262 out.endTag(null, "admin");
263 }
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]264 }
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]265
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]266 out.endTag(null, "policies");
267
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]268 if (mFailedPasswordAttempts != 0) {
269 out.startTag(null, "failed-password-attempts");
270 out.attribute(null, "value", Integer.toString(mFailedPasswordAttempts));
271 out.endTag(null, "failed-password-attempts");
272 }
273
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]274 out.endDocument();
275 stream.close();
276 journal.commit();
277 } catch (IOException e) {
278 try {
279 if (stream != null) {
280 stream.close();
281 }
282 } catch (IOException ex) {
283 // Ignore
284 }
285 journal.rollback();
286 }
287 }
288
289 private void loadSettingsLocked() {
290 JournaledFile journal = makeJournaledFile();
291 FileInputStream stream = null;
292 File file = journal.chooseForRead();
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]293 try {
294 stream = new FileInputStream(file);
295 XmlPullParser parser = Xml.newPullParser();
296 parser.setInput(stream, null);
297
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]298 int type;
299 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
300 && type != XmlPullParser.START_TAG) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]301 }
302 String tag = parser.getName();
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]303 if (!"policies".equals(tag)) {
304 throw new XmlPullParserException(
305 "Settings do not start with policies tag: found " + tag);
306 }
307 type = parser.next();
308 int outerDepth = parser.getDepth();
309 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
310 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
311 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
312 continue;
313 }
314 tag = parser.getName();
315 if ("admin".equals(tag)) {
316 DeviceAdminInfo dai = findAdmin(
317 ComponentName.unflattenFromString(
318 parser.getAttributeValue(null, "name")));
319 if (dai != null) {
320 ActiveAdmin ap = new ActiveAdmin(dai);
321 ap.readFromXml(parser);
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]322 mAdminMap.put(ap.info.getComponent(), ap);
323 mAdminList.add(ap);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]324 }
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]325 } else if ("failed-password-attempts".equals(tag)) {
326 mFailedPasswordAttempts = Integer.parseInt(
327 parser.getAttributeValue(null, "value"));
328 }
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]329 }
330 } catch (NullPointerException e) {
331 Log.w(TAG, "failed parsing " + file + " " + e);
332 } catch (NumberFormatException e) {
333 Log.w(TAG, "failed parsing " + file + " " + e);
334 } catch (XmlPullParserException e) {
335 Log.w(TAG, "failed parsing " + file + " " + e);
336 } catch (IOException e) {
337 Log.w(TAG, "failed parsing " + file + " " + e);
338 } catch (IndexOutOfBoundsException e) {
339 Log.w(TAG, "failed parsing " + file + " " + e);
340 }
341 try {
342 if (stream != null) {
343 stream.close();
344 }
345 } catch (IOException e) {
346 // Ignore
347 }
348
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]349 long timeMs = getMaximumTimeToLock();
350 if (timeMs <= 0) {
351 timeMs = Integer.MAX_VALUE;
352 }
353 try {
354 getIPowerManager().setMaximumScreenOffTimeount((int)timeMs);
355 } catch (RemoteException e) {
356 Log.w(TAG, "Failure talking with power manager", e);
357 }
358
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]359 }
360
361 public void systemReady() {
362 synchronized (this) {
363 loadSettingsLocked();
364 }
365 }
366
367 public void setActiveAdmin(ComponentName adminReceiver) {
368 mContext.enforceCallingOrSelfPermission(
369 android.Manifest.permission.BIND_DEVICE_ADMIN, null);
370
371 DeviceAdminInfo info = findAdmin(adminReceiver);
372 if (info == null) {
373 throw new IllegalArgumentException("Bad admin: " + adminReceiver);
374 }
375 synchronized (this) {
376 long ident = Binder.clearCallingIdentity();
377 try {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]378 if (getActiveAdminUncheckedLocked(adminReceiver) != null) {
379 throw new IllegalArgumentException("Admin is already added");
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]380 }
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]381 ActiveAdmin admin = new ActiveAdmin(info);
382 mAdminMap.put(adminReceiver, admin);
383 mAdminList.add(admin);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]384 saveSettingsLocked();
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]385 sendAdminCommandLocked(admin,
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]386 DeviceAdmin.ACTION_DEVICE_ADMIN_ENABLED);
387 } finally {
388 Binder.restoreCallingIdentity(ident);
389 }
390 }
391 }
392
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]393 public boolean isAdminActive(ComponentName adminReceiver) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]394 synchronized (this) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]395 return getActiveAdminUncheckedLocked(adminReceiver) != null;
396 }
397 }
398
399 public List<ComponentName> getActiveAdmins() {
400 synchronized (this) {
401 final int N = mAdminList.size();
402 if (N <= 0) {
403 return null;
404 }
405 ArrayList<ComponentName> res = new ArrayList<ComponentName>(N);
406 for (int i=0; i<N; i++) {
407 res.add(mAdminList.get(i).info.getComponent());
408 }
409 return res;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]410 }
411 }
412
413 public void removeActiveAdmin(ComponentName adminReceiver) {
414 synchronized (this) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]415 ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver);
416 if (admin == null) {
417 return;
418 }
419 if (admin.getUid() != Binder.getCallingUid()) {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]420 mContext.enforceCallingOrSelfPermission(
421 android.Manifest.permission.BIND_DEVICE_ADMIN, null);
422 }
423 long ident = Binder.clearCallingIdentity();
424 try {
425 removeActiveAdminLocked(adminReceiver);
426 } finally {
427 Binder.restoreCallingIdentity(ident);
428 }
429 }
430 }
431
432 public void setPasswordMode(ComponentName who, int mode) {
433 synchronized (this) {
434 if (who == null) {
435 throw new NullPointerException("ComponentName is null");
436 }
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]437 ActiveAdmin ap = getActiveAdminForCallerLocked(who,
438 DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]439 if (ap.passwordMode != mode) {
440 ap.passwordMode = mode;
441 saveSettingsLocked();
442 }
443 }
444 }
445
446 public int getPasswordMode() {
447 synchronized (this) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]448 final int N = mAdminList.size();
449 int mode = DevicePolicyManager.PASSWORD_MODE_UNSPECIFIED;
450 for (int i=0; i<N; i++) {
451 ActiveAdmin admin = mAdminList.get(i);
452 if (mode < admin.passwordMode) {
453 mode = admin.passwordMode;
454 }
455 }
456 return mode;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]457 }
458 }
459
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]460 public void setMinimumPasswordLength(ComponentName who, int length) {
461 synchronized (this) {
462 if (who == null) {
463 throw new NullPointerException("ComponentName is null");
464 }
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]465 ActiveAdmin ap = getActiveAdminForCallerLocked(who,
466 DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]467 if (ap.minimumPasswordLength != length) {
468 ap.minimumPasswordLength = length;
469 saveSettingsLocked();
470 }
471 }
472 }
473
474 public int getMinimumPasswordLength() {
475 synchronized (this) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]476 final int N = mAdminList.size();
477 int length = 0;
478 for (int i=0; i<N; i++) {
479 ActiveAdmin admin = mAdminList.get(i);
480 if (length < admin.minimumPasswordLength) {
481 length = admin.minimumPasswordLength;
482 }
483 }
484 return length;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]485 }
486 }
487
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]488 public boolean isActivePasswordSufficient() {
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]489 synchronized (this) {
490 // This API can only be called by an active device admin,
491 // so try to retrieve it to check that the caller is one.
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]492 getActiveAdminForCallerLocked(null,
493 DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]494 return mActivePasswordMode >= getPasswordMode()
495 && mActivePasswordLength >= getMinimumPasswordLength();
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]496 }
497 }
498
499 public int getCurrentFailedPasswordAttempts() {
500 synchronized (this) {
501 // This API can only be called by an active device admin,
502 // so try to retrieve it to check that the caller is one.
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]503 getActiveAdminForCallerLocked(null,
504 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]505 return mFailedPasswordAttempts;
506 }
507 }
508
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]509 public void setMaximumFailedPasswordsForWipe(ComponentName who, int num) {
510 synchronized (this) {
511 // This API can only be called by an active device admin,
512 // so try to retrieve it to check that the caller is one.
513 getActiveAdminForCallerLocked(who,
514 DeviceAdminInfo.USES_POLICY_WIPE_DATA);
515 ActiveAdmin ap = getActiveAdminForCallerLocked(who,
516 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN);
517 if (ap.maximumFailedPasswordsForWipe != num) {
518 ap.maximumFailedPasswordsForWipe = num;
519 saveSettingsLocked();
520 }
521 }
522 }
523
524 public int getMaximumFailedPasswordsForWipe() {
525 synchronized (this) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]526 final int N = mAdminList.size();
527 int count = 0;
528 for (int i=0; i<N; i++) {
529 ActiveAdmin admin = mAdminList.get(i);
530 if (count == 0) {
531 count = admin.maximumFailedPasswordsForWipe;
532 } else if (admin.maximumFailedPasswordsForWipe != 0
533 && count > admin.maximumFailedPasswordsForWipe) {
534 count = admin.maximumFailedPasswordsForWipe;
535 }
536 }
537 return count;
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]538 }
539 }
540
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]541 public boolean resetPassword(String password) {
542 int mode;
543 synchronized (this) {
544 // This API can only be called by an active device admin,
545 // so try to retrieve it to check that the caller is one.
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]546 getActiveAdminForCallerLocked(null,
547 DeviceAdminInfo.USES_POLICY_RESET_PASSWORD);
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]548 mode = getPasswordMode();
549 if (password.length() < getMinimumPasswordLength()) {
550 return false;
551 }
552 }
553
554 // Don't do this with the lock held, because it is going to call
555 // back in to the service.
556 long ident = Binder.clearCallingIdentity();
557 try {
558 LockPatternUtils utils = new LockPatternUtils(mContext);
559 utils.saveLockPassword(password, mode);
560 } finally {
561 Binder.restoreCallingIdentity(ident);
562 }
563
564 return true;
565 }
566
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]567 public void setMaximumTimeToLock(ComponentName who, long timeMs) {
568 synchronized (this) {
569 if (who == null) {
570 throw new NullPointerException("ComponentName is null");
571 }
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]572 ActiveAdmin ap = getActiveAdminForCallerLocked(who,
573 DeviceAdminInfo.USES_POLICY_LIMIT_UNLOCK);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]574 if (ap.maximumTimeToUnlock != timeMs) {
575 ap.maximumTimeToUnlock = timeMs;
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]576
577 long ident = Binder.clearCallingIdentity();
578 try {
579 saveSettingsLocked();
580 if (timeMs <= 0) {
581 timeMs = Integer.MAX_VALUE;
582 }
583 try {
584 getIPowerManager().setMaximumScreenOffTimeount((int)timeMs);
585 } catch (RemoteException e) {
586 Log.w(TAG, "Failure talking with power manager", e);
587 }
588 } finally {
589 Binder.restoreCallingIdentity(ident);
590 }
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]591 }
592 }
593 }
594
595 public long getMaximumTimeToLock() {
596 synchronized (this) {
Dianne Hackbornd47c6ed2010-01-27 16:21:20 -0800[diff] [blame^]597 final int N = mAdminList.size();
598 long time = 0;
599 for (int i=0; i<N; i++) {
600 ActiveAdmin admin = mAdminList.get(i);
601 if (time == 0) {
602 time = admin.maximumTimeToUnlock;
603 } else if (admin.maximumTimeToUnlock != 0
604 && time > admin.maximumTimeToUnlock) {
605 time = admin.maximumTimeToUnlock;
606 }
607 }
608 return time;
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]609 }
610 }
611
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]612 public void lockNow() {
613 synchronized (this) {
614 // This API can only be called by an active device admin,
615 // so try to retrieve it to check that the caller is one.
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]616 getActiveAdminForCallerLocked(null,
617 DeviceAdminInfo.USES_POLICY_FORCE_LOCK);
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]618 // STOPSHIP need to implement.
619 }
620 }
621
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]622 void wipeDataLocked(int flags) {
623 try {
624 RecoverySystem.rebootWipeUserData(mContext);
625 } catch (IOException e) {
626 Log.w(TAG, "Failed requesting data wipe", e);
627 }
628 }
629
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]630 public void wipeData(int flags) {
631 synchronized (this) {
632 // This API can only be called by an active device admin,
633 // so try to retrieve it to check that the caller is one.
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]634 getActiveAdminForCallerLocked(null,
635 DeviceAdminInfo.USES_POLICY_WIPE_DATA);
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]636 long ident = Binder.clearCallingIdentity();
637 try {
638 wipeDataLocked(flags);
639 } finally {
640 Binder.restoreCallingIdentity(ident);
641 }
Dianne Hackborndf83afa2010-01-20 13:37:26 -0800[diff] [blame]642 }
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]643 }
644
645 public void getRemoveWarning(ComponentName comp, final RemoteCallback result) {
646 mContext.enforceCallingOrSelfPermission(
647 android.Manifest.permission.BIND_DEVICE_ADMIN, null);
648
649 synchronized (this) {
650 ActiveAdmin admin = getActiveAdminUncheckedLocked(comp);
651 if (admin == null) {
652 try {
653 result.sendResult(null);
654 } catch (RemoteException e) {
655 }
656 return;
657 }
658 Intent intent = new Intent(DeviceAdmin.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED);
659 intent.setComponent(admin.info.getComponent());
660 mContext.sendOrderedBroadcast(intent, null, new BroadcastReceiver() {
661 @Override
662 public void onReceive(Context context, Intent intent) {
663 try {
664 result.sendResult(getResultExtras(false));
665 } catch (RemoteException e) {
666 }
667 }
668 }, null, Activity.RESULT_OK, null, null);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]669 }
670 }
671
672 public void setActivePasswordState(int mode, int length) {
673 mContext.enforceCallingOrSelfPermission(
674 android.Manifest.permission.BIND_DEVICE_ADMIN, null);
675
676 synchronized (this) {
677 if (mActivePasswordMode != mode || mActivePasswordLength != length
678 || mFailedPasswordAttempts != 0) {
679 long ident = Binder.clearCallingIdentity();
680 try {
681 mActivePasswordMode = mode;
682 mActivePasswordLength = length;
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]683 if (mFailedPasswordAttempts != 0) {
684 mFailedPasswordAttempts = 0;
685 saveSettingsLocked();
686 }
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]687 sendAdminCommandLocked(DeviceAdmin.ACTION_PASSWORD_CHANGED,
688 DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]689 } finally {
690 Binder.restoreCallingIdentity(ident);
691 }
692 }
693 }
694 }
695
696 public void reportFailedPasswordAttempt() {
697 mContext.enforceCallingOrSelfPermission(
698 android.Manifest.permission.BIND_DEVICE_ADMIN, null);
699
700 synchronized (this) {
701 long ident = Binder.clearCallingIdentity();
702 try {
703 mFailedPasswordAttempts++;
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]704 saveSettingsLocked();
705 int max = getMaximumFailedPasswordsForWipe();
706 if (max > 0 && mFailedPasswordAttempts >= max) {
707 wipeDataLocked(0);
708 }
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]709 sendAdminCommandLocked(DeviceAdmin.ACTION_PASSWORD_FAILED,
710 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]711 } finally {
712 Binder.restoreCallingIdentity(ident);
713 }
714 }
715 }
716
717 public void reportSuccessfulPasswordAttempt() {
718 mContext.enforceCallingOrSelfPermission(
719 android.Manifest.permission.BIND_DEVICE_ADMIN, null);
720
721 synchronized (this) {
722 if (mFailedPasswordAttempts != 0) {
723 long ident = Binder.clearCallingIdentity();
724 try {
725 mFailedPasswordAttempts = 0;
Dianne Hackborn8ea138c2010-01-26 18:01:04 -0800[diff] [blame]726 saveSettingsLocked();
Dianne Hackborn8aa2e892010-01-22 11:31:30 -0800[diff] [blame]727 sendAdminCommandLocked(DeviceAdmin.ACTION_PASSWORD_SUCCEEDED,
728 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN);
Dianne Hackbornd6847842010-01-12 18:14:19 -0800[diff] [blame]729 } finally {
730 Binder.restoreCallingIdentity(ident);
731 }
732 }
733 }
734 }
735}