Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2010 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.email; |
| 18 | |
Andy Stadler | e7f4d3e | 2010-12-08 16:06:16 -0800 | [diff] [blame] | 19 | import android.app.admin.DeviceAdminInfo; |
Dianne Hackborn | 6d00162 | 2010-02-26 17:26:45 -0800 | [diff] [blame] | 20 | import android.app.admin.DeviceAdminReceiver; |
| 21 | import android.app.admin.DevicePolicyManager; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 22 | import android.content.ComponentName; |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 23 | import android.content.ContentProviderOperation; |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 24 | import android.content.ContentResolver; |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 25 | import android.content.ContentUris; |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 26 | import android.content.ContentValues; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 27 | import android.content.Context; |
| 28 | import android.content.Intent; |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 29 | import android.content.OperationApplicationException; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 30 | import android.database.Cursor; |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 31 | import android.os.RemoteException; |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 32 | import android.util.Log; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 33 | |
Marc Blank | c6df1d6 | 2011-07-19 14:09:11 -0700 | [diff] [blame] | 34 | import com.android.email.service.EmailBroadcastProcessorService; |
| 35 | import com.android.emailcommon.Logging; |
| 36 | import com.android.emailcommon.provider.Account; |
| 37 | import com.android.emailcommon.provider.EmailContent; |
| 38 | import com.android.emailcommon.provider.EmailContent.AccountColumns; |
| 39 | import com.android.emailcommon.provider.EmailContent.PolicyColumns; |
| 40 | import com.android.emailcommon.provider.Policy; |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 41 | import com.android.emailcommon.utility.TextUtilities; |
Marc Blank | c6df1d6 | 2011-07-19 14:09:11 -0700 | [diff] [blame] | 42 | import com.android.emailcommon.utility.Utility; |
| 43 | import com.google.common.annotations.VisibleForTesting; |
| 44 | |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 45 | import java.util.ArrayList; |
| 46 | |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 47 | /** |
Andrew Stadler | d71d0b2 | 2010-02-09 17:24:55 -0800 | [diff] [blame] | 48 | * Utility functions to support reading and writing security policies, and handshaking the device |
| 49 | * into and out of various security states. |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 50 | */ |
| 51 | public class SecurityPolicy { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 52 | private static final String TAG = "Email/SecurityPolicy"; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 53 | private static SecurityPolicy sInstance = null; |
| 54 | private Context mContext; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 55 | private DevicePolicyManager mDPM; |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 56 | private final ComponentName mAdminName; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 57 | private Policy mAggregatePolicy; |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 58 | |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 59 | // Messages used for DevicePolicyManager callbacks |
| 60 | private static final int DEVICE_ADMIN_MESSAGE_ENABLED = 1; |
| 61 | private static final int DEVICE_ADMIN_MESSAGE_DISABLED = 2; |
| 62 | private static final int DEVICE_ADMIN_MESSAGE_PASSWORD_CHANGED = 3; |
| 63 | private static final int DEVICE_ADMIN_MESSAGE_PASSWORD_EXPIRING = 4; |
| 64 | |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 65 | private static final String HAS_PASSWORD_EXPIRATION = |
| 66 | PolicyColumns.PASSWORD_EXPIRATION_DAYS + ">0"; |
| 67 | |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 68 | /** |
| 69 | * Get the security policy instance |
| 70 | */ |
| 71 | public synchronized static SecurityPolicy getInstance(Context context) { |
| 72 | if (sInstance == null) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 73 | sInstance = new SecurityPolicy(context.getApplicationContext()); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 74 | } |
| 75 | return sInstance; |
| 76 | } |
| 77 | |
| 78 | /** |
| 79 | * Private constructor (one time only) |
| 80 | */ |
| 81 | private SecurityPolicy(Context context) { |
Makoto Onuki | 968be44 | 2010-05-20 16:11:26 -0700 | [diff] [blame] | 82 | mContext = context.getApplicationContext(); |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 83 | mDPM = null; |
| 84 | mAdminName = new ComponentName(context, PolicyAdmin.class); |
| 85 | mAggregatePolicy = null; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 86 | } |
| 87 | |
| 88 | /** |
| 89 | * For testing only: Inject context into already-created instance |
| 90 | */ |
| 91 | /* package */ void setContext(Context context) { |
| 92 | mContext = context; |
| 93 | } |
| 94 | |
| 95 | /** |
| 96 | * Compute the aggregate policy for all accounts that require it, and record it. |
| 97 | * |
| 98 | * The business logic is as follows: |
| 99 | * min password length take the max |
| 100 | * password mode take the max (strongest mode) |
| 101 | * max password fails take the min |
| 102 | * max screen lock time take the min |
| 103 | * require remote wipe take the max (logical or) |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 104 | * password history take the max (strongest mode) |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 105 | * password expiration take the min (strongest mode) |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 106 | * password complex chars take the max (strongest mode) |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 107 | * encryption take the max (logical or) |
Makoto Onuki | 968be44 | 2010-05-20 16:11:26 -0700 | [diff] [blame] | 108 | * |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 109 | * @return a policy representing the strongest aggregate. If no policy sets are defined, |
| 110 | * a lightweight "nothing required" policy will be returned. Never null. |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 111 | */ |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 112 | @VisibleForTesting |
| 113 | Policy computeAggregatePolicy() { |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 114 | boolean policiesFound = false; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 115 | Policy aggregate = new Policy(); |
| 116 | aggregate.mPasswordMinLength = Integer.MIN_VALUE; |
| 117 | aggregate.mPasswordMode = Integer.MIN_VALUE; |
| 118 | aggregate.mPasswordMaxFails = Integer.MAX_VALUE; |
| 119 | aggregate.mPasswordHistory = Integer.MIN_VALUE; |
| 120 | aggregate.mPasswordExpirationDays = Integer.MAX_VALUE; |
| 121 | aggregate.mPasswordComplexChars = Integer.MIN_VALUE; |
| 122 | aggregate.mMaxScreenLockTime = Integer.MAX_VALUE; |
| 123 | aggregate.mRequireRemoteWipe = false; |
| 124 | aggregate.mRequireEncryption = false; |
Ben Komalo | e76962b | 2011-07-01 12:34:03 -0700 | [diff] [blame] | 125 | |
| 126 | // This can never be supported at this time. It exists only for historic reasons where |
| 127 | // this was able to be supported prior to the introduction of proper removable storage |
| 128 | // support for external storage. |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 129 | aggregate.mRequireEncryptionExternal = false; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 130 | |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 131 | Cursor c = mContext.getContentResolver().query(Policy.CONTENT_URI, |
| 132 | Policy.CONTENT_PROJECTION, null, null, null); |
| 133 | Policy policy = new Policy(); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 134 | try { |
| 135 | while (c.moveToNext()) { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 136 | policy.restore(c); |
| 137 | if (Email.DEBUG) { |
| 138 | Log.d(TAG, "Aggregate from: " + policy); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 139 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 140 | aggregate.mPasswordMinLength = |
| 141 | Math.max(policy.mPasswordMinLength, aggregate.mPasswordMinLength); |
| 142 | aggregate.mPasswordMode = Math.max(policy.mPasswordMode, aggregate.mPasswordMode); |
| 143 | if (policy.mPasswordMaxFails > 0) { |
| 144 | aggregate.mPasswordMaxFails = |
| 145 | Math.min(policy.mPasswordMaxFails, aggregate.mPasswordMaxFails); |
| 146 | } |
| 147 | if (policy.mMaxScreenLockTime > 0) { |
| 148 | aggregate.mMaxScreenLockTime = Math.min(policy.mMaxScreenLockTime, |
| 149 | aggregate.mMaxScreenLockTime); |
| 150 | } |
| 151 | if (policy.mPasswordHistory > 0) { |
| 152 | aggregate.mPasswordHistory = |
| 153 | Math.max(policy.mPasswordHistory, aggregate.mPasswordHistory); |
| 154 | } |
| 155 | if (policy.mPasswordExpirationDays > 0) { |
| 156 | aggregate.mPasswordExpirationDays = |
| 157 | Math.min(policy.mPasswordExpirationDays, aggregate.mPasswordExpirationDays); |
| 158 | } |
| 159 | if (policy.mPasswordComplexChars > 0) { |
| 160 | aggregate.mPasswordComplexChars = Math.max(policy.mPasswordComplexChars, |
| 161 | aggregate.mPasswordComplexChars); |
| 162 | } |
| 163 | aggregate.mRequireRemoteWipe |= policy.mRequireRemoteWipe; |
| 164 | aggregate.mRequireEncryption |= policy.mRequireEncryption; |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 165 | aggregate.mDontAllowCamera |= policy.mDontAllowCamera; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 166 | policiesFound = true; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 167 | } |
| 168 | } finally { |
| 169 | c.close(); |
| 170 | } |
| 171 | if (policiesFound) { |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 172 | // final cleanup pass converts any untouched min/max values to zero (not specified) |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 173 | if (aggregate.mPasswordMinLength == Integer.MIN_VALUE) aggregate.mPasswordMinLength = 0; |
| 174 | if (aggregate.mPasswordMode == Integer.MIN_VALUE) aggregate.mPasswordMode = 0; |
| 175 | if (aggregate.mPasswordMaxFails == Integer.MAX_VALUE) aggregate.mPasswordMaxFails = 0; |
| 176 | if (aggregate.mMaxScreenLockTime == Integer.MAX_VALUE) aggregate.mMaxScreenLockTime = 0; |
| 177 | if (aggregate.mPasswordHistory == Integer.MIN_VALUE) aggregate.mPasswordHistory = 0; |
| 178 | if (aggregate.mPasswordExpirationDays == Integer.MAX_VALUE) |
| 179 | aggregate.mPasswordExpirationDays = 0; |
| 180 | if (aggregate.mPasswordComplexChars == Integer.MIN_VALUE) |
| 181 | aggregate.mPasswordComplexChars = 0; |
| 182 | if (Email.DEBUG) { |
| 183 | Log.d(TAG, "Calculated Aggregate: " + aggregate); |
| 184 | } |
| 185 | return aggregate; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 186 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 187 | if (Email.DEBUG) { |
| 188 | Log.d(TAG, "Calculated Aggregate: no policy"); |
| 189 | } |
| 190 | return Policy.NO_POLICY; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 191 | } |
| 192 | |
| 193 | /** |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 194 | * Return updated aggregate policy, from cached value if possible |
| 195 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 196 | public synchronized Policy getAggregatePolicy() { |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 197 | if (mAggregatePolicy == null) { |
| 198 | mAggregatePolicy = computeAggregatePolicy(); |
| 199 | } |
| 200 | return mAggregatePolicy; |
| 201 | } |
| 202 | |
| 203 | /** |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 204 | * Get the dpm. This mainly allows us to make some utility calls without it, for testing. |
| 205 | */ |
Andy Stadler | a0d0805 | 2011-01-19 11:40:48 -0800 | [diff] [blame] | 206 | /* package */ synchronized DevicePolicyManager getDPM() { |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 207 | if (mDPM == null) { |
| 208 | mDPM = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); |
| 209 | } |
| 210 | return mDPM; |
| 211 | } |
| 212 | |
| 213 | /** |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 214 | * API: Report that policies may have been updated due to rewriting values in an Account; we |
| 215 | * clear the aggregate policy (so it can be recomputed) and set the policies in the DPM |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 216 | */ |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 217 | public synchronized void policiesUpdated() { |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 218 | mAggregatePolicy = null; |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 219 | setActivePolicies(); |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 220 | } |
| 221 | |
| 222 | /** |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 223 | * API: Report that policies may have been updated *and* the caller vouches that the |
| 224 | * change is a reduction in policies. This forces an immediate change to device state. |
| 225 | * Typically used when deleting accounts, although we may use it for server-side policy |
| 226 | * rollbacks. |
| 227 | */ |
| 228 | public void reducePolicies() { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 229 | if (Email.DEBUG) { |
| 230 | Log.d(TAG, "reducePolicies"); |
| 231 | } |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 232 | policiesUpdated(); |
Andy Stadler | a0d0805 | 2011-01-19 11:40:48 -0800 | [diff] [blame] | 233 | } |
| 234 | |
| 235 | /** |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 236 | * API: Query used to determine if a given policy is "active" (the device is operating at |
| 237 | * the required security level). |
| 238 | * |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 239 | * @param policy the policies requested, or null to check aggregate stored policies |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 240 | * @return true if the requested policies are active, false if not. |
| 241 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 242 | public boolean isActive(Policy policy) { |
| 243 | int reasons = getInactiveReasons(policy); |
| 244 | if (Email.DEBUG && (reasons != 0)) { |
| 245 | StringBuilder sb = new StringBuilder("isActive for " + policy + ": "); |
| 246 | if (reasons == 0) { |
| 247 | sb.append("true"); |
| 248 | } else { |
| 249 | sb.append("FALSE -> "); |
| 250 | } |
| 251 | if ((reasons & INACTIVE_NEED_ACTIVATION) != 0) { |
| 252 | sb.append("no_admin "); |
| 253 | } |
| 254 | if ((reasons & INACTIVE_NEED_CONFIGURATION) != 0) { |
| 255 | sb.append("config "); |
| 256 | } |
| 257 | if ((reasons & INACTIVE_NEED_PASSWORD) != 0) { |
| 258 | sb.append("password "); |
| 259 | } |
| 260 | if ((reasons & INACTIVE_NEED_ENCRYPTION) != 0) { |
| 261 | sb.append("encryption "); |
| 262 | } |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 263 | if ((reasons & INACTIVE_PROTOCOL_POLICIES) != 0) { |
| 264 | sb.append("protocol "); |
| 265 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 266 | Log.d(TAG, sb.toString()); |
| 267 | } |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 268 | return reasons == 0; |
| 269 | } |
| 270 | |
| 271 | /** |
| 272 | * Return bits from isActive: Device Policy Manager has not been activated |
| 273 | */ |
| 274 | public final static int INACTIVE_NEED_ACTIVATION = 1; |
| 275 | |
| 276 | /** |
| 277 | * Return bits from isActive: Some required configuration is not correct (no user action). |
| 278 | */ |
| 279 | public final static int INACTIVE_NEED_CONFIGURATION = 2; |
| 280 | |
| 281 | /** |
| 282 | * Return bits from isActive: Password needs to be set or updated |
| 283 | */ |
| 284 | public final static int INACTIVE_NEED_PASSWORD = 4; |
| 285 | |
| 286 | /** |
| 287 | * Return bits from isActive: Encryption has not be enabled |
| 288 | */ |
| 289 | public final static int INACTIVE_NEED_ENCRYPTION = 8; |
| 290 | |
| 291 | /** |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 292 | * Return bits from isActive: Protocol-specific policies cannot be enforced |
| 293 | */ |
| 294 | public final static int INACTIVE_PROTOCOL_POLICIES = 16; |
| 295 | |
| 296 | /** |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 297 | * API: Query used to determine if a given policy is "active" (the device is operating at |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 298 | * the required security level). |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 299 | * |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 300 | * This can be used when syncing a specific account, by passing a specific set of policies |
| 301 | * for that account. Or, it can be used at any time to compare the device |
| 302 | * state against the aggregate set of device policies stored in all accounts. |
| 303 | * |
| 304 | * This method is for queries only, and does not trigger any change in device state. |
| 305 | * |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 306 | * NOTE: If there are multiple accounts with password expiration policies, the device |
| 307 | * password will be set to expire in the shortest required interval (most secure). This method |
| 308 | * will return 'false' as soon as the password expires - irrespective of which account caused |
| 309 | * the expiration. In other words, all accounts (that require expiration) will run/stop |
| 310 | * based on the requirements of the account with the shortest interval. |
| 311 | * |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 312 | * @param policy the policies requested, or null to check aggregate stored policies |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 313 | * @return zero if the requested policies are active, non-zero bits indicates that more work |
| 314 | * is needed (typically, by the user) before the required security polices are fully active. |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 315 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 316 | public int getInactiveReasons(Policy policy) { |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 317 | // select aggregate set if needed |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 318 | if (policy == null) { |
| 319 | policy = getAggregatePolicy(); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 320 | } |
| 321 | // quick check for the "empty set" of no policies |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 322 | if (policy == Policy.NO_POLICY) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 323 | return 0; |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 324 | } |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 325 | int reasons = 0; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 326 | DevicePolicyManager dpm = getDPM(); |
Andy Stadler | e7f4d3e | 2010-12-08 16:06:16 -0800 | [diff] [blame] | 327 | if (isActiveAdmin()) { |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 328 | // check each policy explicitly |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 329 | if (policy.mPasswordMinLength > 0) { |
| 330 | if (dpm.getPasswordMinimumLength(mAdminName) < policy.mPasswordMinLength) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 331 | reasons |= INACTIVE_NEED_PASSWORD; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 332 | } |
| 333 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 334 | if (policy.mPasswordMode > 0) { |
| 335 | if (dpm.getPasswordQuality(mAdminName) < policy.getDPManagerPasswordQuality()) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 336 | reasons |= INACTIVE_NEED_PASSWORD; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 337 | } |
| 338 | if (!dpm.isActivePasswordSufficient()) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 339 | reasons |= INACTIVE_NEED_PASSWORD; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 340 | } |
| 341 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 342 | if (policy.mMaxScreenLockTime > 0) { |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 343 | // Note, we use seconds, dpm uses milliseconds |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 344 | if (dpm.getMaximumTimeToLock(mAdminName) > policy.mMaxScreenLockTime * 1000) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 345 | reasons |= INACTIVE_NEED_CONFIGURATION; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 346 | } |
| 347 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 348 | if (policy.mPasswordExpirationDays > 0) { |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 349 | // confirm that expirations are currently set |
| 350 | long currentTimeout = dpm.getPasswordExpirationTimeout(mAdminName); |
| 351 | if (currentTimeout == 0 |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 352 | || currentTimeout > policy.getDPManagerPasswordExpirationTimeout()) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 353 | reasons |= INACTIVE_NEED_PASSWORD; |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 354 | } |
| 355 | // confirm that the current password hasn't expired |
| 356 | long expirationDate = dpm.getPasswordExpiration(mAdminName); |
| 357 | long timeUntilExpiration = expirationDate - System.currentTimeMillis(); |
| 358 | boolean expired = timeUntilExpiration < 0; |
| 359 | if (expired) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 360 | reasons |= INACTIVE_NEED_PASSWORD; |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 361 | } |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 362 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 363 | if (policy.mPasswordHistory > 0) { |
| 364 | if (dpm.getPasswordHistoryLength(mAdminName) < policy.mPasswordHistory) { |
Marc Blank | e86d8af | 2011-08-28 16:34:28 -0700 | [diff] [blame] | 365 | // There's no user action for changes here; this is just a configuration change |
| 366 | reasons |= INACTIVE_NEED_CONFIGURATION; |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 367 | } |
| 368 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 369 | if (policy.mPasswordComplexChars > 0) { |
| 370 | if (dpm.getPasswordMinimumNonLetter(mAdminName) < policy.mPasswordComplexChars) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 371 | reasons |= INACTIVE_NEED_PASSWORD; |
| 372 | } |
| 373 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 374 | if (policy.mRequireEncryption) { |
Andy Stadler | c2e6383 | 2011-01-17 12:54:40 -0800 | [diff] [blame] | 375 | int encryptionStatus = getDPM().getStorageEncryptionStatus(); |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 376 | if (encryptionStatus != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) { |
| 377 | reasons |= INACTIVE_NEED_ENCRYPTION; |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 378 | } |
| 379 | } |
Marc Blank | ce58252 | 2011-08-21 21:06:54 -0700 | [diff] [blame] | 380 | if (policy.mDontAllowCamera && !dpm.getCameraDisabled(mAdminName)) { |
| 381 | reasons |= INACTIVE_NEED_CONFIGURATION; |
| 382 | } |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 383 | // password failures are counted locally - no test required here |
| 384 | // no check required for remote wipe (it's supported, if we're the admin) |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 385 | |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 386 | if (policy.mProtocolPoliciesUnsupported != null) { |
| 387 | reasons |= INACTIVE_PROTOCOL_POLICIES; |
| 388 | } |
| 389 | |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 390 | // If we made it all the way, reasons == 0 here. Otherwise it's a list of grievances. |
| 391 | return reasons; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 392 | } |
Andrew Stadler | d71d0b2 | 2010-02-09 17:24:55 -0800 | [diff] [blame] | 393 | // return false, not active |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 394 | return INACTIVE_NEED_ACTIVATION; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 395 | } |
| 396 | |
| 397 | /** |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 398 | * Set the requested security level based on the aggregate set of requests. |
| 399 | * If the set is empty, we release our device administration. If the set is non-empty, |
| 400 | * we only proceed if we are already active as an admin. |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 401 | */ |
| 402 | public void setActivePolicies() { |
| 403 | DevicePolicyManager dpm = getDPM(); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 404 | // compute aggregate set of policies |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 405 | Policy aggregatePolicy = getAggregatePolicy(); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 406 | // if empty set, detach from policy manager |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 407 | if (aggregatePolicy == Policy.NO_POLICY) { |
| 408 | if (Email.DEBUG) { |
| 409 | Log.d(TAG, "setActivePolicies: none, remove admin"); |
| 410 | } |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 411 | dpm.removeActiveAdmin(mAdminName); |
Andy Stadler | e7f4d3e | 2010-12-08 16:06:16 -0800 | [diff] [blame] | 412 | } else if (isActiveAdmin()) { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 413 | if (Email.DEBUG) { |
| 414 | Log.d(TAG, "setActivePolicies: " + aggregatePolicy); |
| 415 | } |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 416 | // set each policy in the policy manager |
| 417 | // password mode & length |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 418 | dpm.setPasswordQuality(mAdminName, aggregatePolicy.getDPManagerPasswordQuality()); |
| 419 | dpm.setPasswordMinimumLength(mAdminName, aggregatePolicy.mPasswordMinLength); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 420 | // screen lock time |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 421 | dpm.setMaximumTimeToLock(mAdminName, aggregatePolicy.mMaxScreenLockTime * 1000); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 422 | // local wipe (failed passwords limit) |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 423 | dpm.setMaximumFailedPasswordsForWipe(mAdminName, aggregatePolicy.mPasswordMaxFails); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 424 | // password expiration (days until a password expires). API takes mSec. |
| 425 | dpm.setPasswordExpirationTimeout(mAdminName, |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 426 | aggregatePolicy.getDPManagerPasswordExpirationTimeout()); |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 427 | // password history length (number of previous passwords that may not be reused) |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 428 | dpm.setPasswordHistoryLength(mAdminName, aggregatePolicy.mPasswordHistory); |
Andy Stadler | 22759ba | 2011-03-16 09:48:08 -0700 | [diff] [blame] | 429 | // password minimum complex characters. |
| 430 | // Note, in Exchange, "complex chars" simply means "non alpha", but in the DPM, |
| 431 | // setting the quality to complex also defaults min symbols=1 and min numeric=1. |
| 432 | // We always / safely clear minSymbols & minNumeric to zero (there is no policy |
| 433 | // configuration in which we explicitly require a minimum number of digits or symbols.) |
| 434 | dpm.setPasswordMinimumSymbols(mAdminName, 0); |
| 435 | dpm.setPasswordMinimumNumeric(mAdminName, 0); |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 436 | dpm.setPasswordMinimumNonLetter(mAdminName, aggregatePolicy.mPasswordComplexChars); |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 437 | // Device capabilities |
| 438 | dpm.setCameraDisabled(mAdminName, aggregatePolicy.mDontAllowCamera); |
| 439 | |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 440 | // encryption required |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 441 | dpm.setStorageEncryption(mAdminName, aggregatePolicy.mRequireEncryption); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 442 | } |
| 443 | } |
| 444 | |
| 445 | /** |
Marc Blank | 9ba506c | 2011-02-08 18:54:56 -0800 | [diff] [blame] | 446 | * Convenience method; see javadoc below |
| 447 | */ |
| 448 | public static void setAccountHoldFlag(Context context, long accountId, boolean newState) { |
| 449 | Account account = Account.restoreAccountWithId(context, accountId); |
| 450 | if (account != null) { |
| 451 | setAccountHoldFlag(context, account, newState); |
| 452 | } |
| 453 | } |
| 454 | |
| 455 | /** |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 456 | * API: Set/Clear the "hold" flag in any account. This flag serves a dual purpose: |
| 457 | * Setting it gives us an indication that it was blocked, and clearing it gives EAS a |
| 458 | * signal to try syncing again. |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 459 | * @param context |
Marc Blank | 9ba506c | 2011-02-08 18:54:56 -0800 | [diff] [blame] | 460 | * @param account the account whose hold flag is to be set/cleared |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 461 | * @param newState true = security hold, false = free to sync |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 462 | */ |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 463 | public static void setAccountHoldFlag(Context context, Account account, boolean newState) { |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 464 | if (newState) { |
| 465 | account.mFlags |= Account.FLAGS_SECURITY_HOLD; |
| 466 | } else { |
| 467 | account.mFlags &= ~Account.FLAGS_SECURITY_HOLD; |
| 468 | } |
| 469 | ContentValues cv = new ContentValues(); |
| 470 | cv.put(AccountColumns.FLAGS, account.mFlags); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 471 | account.update(context, cv); |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 472 | } |
| 473 | |
| 474 | /** |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 475 | * API: Sync service should call this any time a sync fails due to isActive() returning false. |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 476 | * This will kick off the notify-acquire-admin-state process and/or increase the security level. |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 477 | * The caller needs to write the required policies into this account before making this call. |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 478 | * Should not be called from UI thread - uses DB lookups to prepare new notifications |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 479 | * |
| 480 | * @param accountId the account for which sync cannot proceed |
| 481 | */ |
| 482 | public void policiesRequired(long accountId) { |
Marc Blank | f5418f1 | 2011-06-13 15:32:27 -0700 | [diff] [blame] | 483 | Account account = Account.restoreAccountWithId(mContext, accountId); |
Marc Blank | 844b14f | 2011-01-26 18:18:45 -0800 | [diff] [blame] | 484 | // In case the account has been deleted, just return |
| 485 | if (account == null) return; |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 486 | if (account.mPolicyKey == 0) return; |
| 487 | Policy policy = Policy.restorePolicyWithId(mContext, account.mPolicyKey); |
| 488 | if (policy == null) return; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 489 | if (Email.DEBUG) { |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 490 | Log.d(TAG, "policiesRequired for " + account.mDisplayName + ": " + policy); |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 491 | } |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 492 | |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 493 | // Mark the account as "on hold". |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 494 | setAccountHoldFlag(mContext, account, true); |
| 495 | |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 496 | // Put up an appropriate notification |
| 497 | if (policy.mProtocolPoliciesUnsupported == null) { |
| 498 | NotificationController.getInstance(mContext).showSecurityNeededNotification(account); |
| 499 | } else { |
| 500 | NotificationController.getInstance(mContext).showSecurityUnsupportedNotification( |
| 501 | account); |
| 502 | } |
| 503 | } |
| 504 | |
| 505 | public static void clearAccountPolicy(Context context, Account account) { |
| 506 | setAccountPolicy(context, account, null, null); |
| 507 | } |
| 508 | |
| 509 | /** |
| 510 | * Set the policy for an account atomically; this also removes any other policy associated with |
| 511 | * the account and sets the policy key for the account. If policy is null, the policyKey is |
| 512 | * set to 0 and the securitySyncKey to null. Also, update the account object to reflect the |
| 513 | * current policyKey and securitySyncKey |
| 514 | * @param context the caller's context |
| 515 | * @param account the account whose policy is to be set |
| 516 | * @param policy the policy to set, or null if we're clearing the policy |
| 517 | * @param securitySyncKey the security sync key for this account (ignored if policy is null) |
| 518 | */ |
| 519 | public static void setAccountPolicy(Context context, Account account, Policy policy, |
| 520 | String securitySyncKey) { |
| 521 | ArrayList<ContentProviderOperation> ops = new ArrayList<ContentProviderOperation>(); |
| 522 | |
| 523 | // Make sure this is a valid policy set |
| 524 | if (policy != null) { |
| 525 | policy.normalize(); |
| 526 | // Add the new policy (no account will yet reference this) |
| 527 | ops.add(ContentProviderOperation.newInsert( |
| 528 | Policy.CONTENT_URI).withValues(policy.toContentValues()).build()); |
| 529 | // Make the policyKey of the account our newly created policy, and set the sync key |
| 530 | ops.add(ContentProviderOperation.newUpdate( |
| 531 | ContentUris.withAppendedId(Account.CONTENT_URI, account.mId)) |
| 532 | .withValueBackReference(AccountColumns.POLICY_KEY, 0) |
| 533 | .withValue(AccountColumns.SECURITY_SYNC_KEY, securitySyncKey) |
| 534 | .build()); |
| 535 | } else { |
| 536 | ops.add(ContentProviderOperation.newUpdate( |
| 537 | ContentUris.withAppendedId(Account.CONTENT_URI, account.mId)) |
| 538 | .withValue(AccountColumns.SECURITY_SYNC_KEY, null) |
| 539 | .withValue(AccountColumns.POLICY_KEY, 0) |
| 540 | .build()); |
| 541 | } |
| 542 | |
| 543 | // Delete the previous policy associated with this account, if any |
| 544 | if (account.mPolicyKey > 0) { |
| 545 | ops.add(ContentProviderOperation.newDelete( |
| 546 | ContentUris.withAppendedId( |
| 547 | Policy.CONTENT_URI, account.mPolicyKey)).build()); |
| 548 | } |
| 549 | |
| 550 | try { |
| 551 | context.getContentResolver().applyBatch(EmailContent.AUTHORITY, ops); |
| 552 | account.refresh(context); |
| 553 | } catch (RemoteException e) { |
| 554 | // This is fatal to a remote process |
| 555 | throw new IllegalStateException("Exception setting account policy."); |
| 556 | } catch (OperationApplicationException e) { |
| 557 | // Can't happen; our provider doesn't throw this exception |
| 558 | } |
| 559 | } |
| 560 | |
| 561 | public void setAccountPolicy(long accountId, Policy policy, String securityKey) { |
| 562 | Account account = Account.restoreAccountWithId(mContext, accountId); |
| 563 | Policy oldPolicy = null; |
| 564 | if (account.mPolicyKey > 0) { |
| 565 | oldPolicy = Policy.restorePolicyWithId(mContext, account.mPolicyKey); |
| 566 | } |
| 567 | boolean policyChanged = !oldPolicy.equals(policy); |
| 568 | if (!policyChanged && (TextUtilities.stringOrNullEquals(securityKey, |
| 569 | account.mSecuritySyncKey))) { |
| 570 | Log.d(Logging.LOG_TAG, "setAccountPolicy; policy unchanged"); |
| 571 | } else { |
| 572 | setAccountPolicy(mContext, account, policy, securityKey); |
| 573 | policiesUpdated(); |
| 574 | } |
| 575 | |
| 576 | boolean setHold = false; |
| 577 | if (policy.mProtocolPoliciesUnsupported != null) { |
| 578 | // We can't support this, reasons in unsupportedRemotePolicies |
| 579 | Log.d(Logging.LOG_TAG, |
| 580 | "Notify policies for " + account.mDisplayName + " not supported."); |
| 581 | setHold = true; |
| 582 | NotificationController.getInstance(mContext).showSecurityUnsupportedNotification( |
| 583 | account); |
| 584 | // Erase data |
| 585 | Controller.getInstance(mContext).deleteSyncedDataSync(accountId); |
| 586 | } else if (isActive(policy)) { |
| 587 | if (policyChanged) { |
| 588 | Log.d(Logging.LOG_TAG, "Notify policies for " + account.mDisplayName + " changed."); |
| 589 | // Notify that policies changed |
| 590 | NotificationController.getInstance(mContext).showSecurityChangedNotification( |
| 591 | account); |
| 592 | } |
| 593 | } else { |
| 594 | setHold = true; |
| 595 | Log.d(Logging.LOG_TAG, "Notify policies for " + account.mDisplayName + |
| 596 | " are not being enforced."); |
| 597 | // Put up a notification |
| 598 | NotificationController.getInstance(mContext).showSecurityNeededNotification(account); |
| 599 | } |
| 600 | // Set/clear the account hold. |
| 601 | setAccountHoldFlag(mContext, account, setHold); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 602 | } |
| 603 | |
| 604 | /** |
| 605 | * Called from the notification's intent receiver to register that the notification can be |
| 606 | * cleared now. |
| 607 | */ |
Marc Blank | c6df1d6 | 2011-07-19 14:09:11 -0700 | [diff] [blame] | 608 | public void clearNotification() { |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 609 | NotificationController.getInstance(mContext).cancelSecurityNeededNotification(); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 610 | } |
| 611 | |
| 612 | /** |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 613 | * API: Remote wipe (from server). This is final, there is no confirmation. It will only |
Marc Blank | c82c1ca | 2011-09-28 09:41:44 -0700 | [diff] [blame] | 614 | * return to the caller if there is an unexpected failure. The wipe includes external storage. |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 615 | */ |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 616 | public void remoteWipe() { |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 617 | DevicePolicyManager dpm = getDPM(); |
| 618 | if (dpm.isAdminActive(mAdminName)) { |
Marc Blank | c82c1ca | 2011-09-28 09:41:44 -0700 | [diff] [blame] | 619 | dpm.wipeData(DevicePolicyManager.WIPE_EXTERNAL_STORAGE); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 620 | } else { |
Marc Blank | 31d9acb | 2011-02-11 15:05:17 -0800 | [diff] [blame] | 621 | Log.d(Logging.LOG_TAG, "Could not remote wipe because not device admin."); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 622 | } |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 623 | } |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 624 | /** |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 625 | * If we are not the active device admin, try to become so. |
| 626 | * |
Andy Stadler | e7f4d3e | 2010-12-08 16:06:16 -0800 | [diff] [blame] | 627 | * Also checks for any policies that we have added during the lifetime of this app. |
| 628 | * This catches the case where the user granted an earlier (smaller) set of policies |
| 629 | * but an app upgrade requires that new policies be granted. |
| 630 | * |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 631 | * @return true if we are already active, false if we are not |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 632 | */ |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 633 | public boolean isActiveAdmin() { |
| 634 | DevicePolicyManager dpm = getDPM(); |
Andy Stadler | c2e6383 | 2011-01-17 12:54:40 -0800 | [diff] [blame] | 635 | return dpm.isAdminActive(mAdminName) |
| 636 | && dpm.hasGrantedPolicy(mAdminName, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD) |
Ben Komalo | aa0a355 | 2011-06-16 14:40:15 -0700 | [diff] [blame] | 637 | && dpm.hasGrantedPolicy(mAdminName, DeviceAdminInfo.USES_ENCRYPTED_STORAGE) |
| 638 | && dpm.hasGrantedPolicy(mAdminName, DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 639 | } |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 640 | |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 641 | /** |
| 642 | * Report admin component name - for making calls into device policy manager |
| 643 | */ |
| 644 | public ComponentName getAdminComponent() { |
| 645 | return mAdminName; |
| 646 | } |
| 647 | |
| 648 | /** |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 649 | * Delete all accounts whose security flags aren't zero (i.e. they have security enabled). |
| 650 | * This method is synchronous, so it should normally be called within a worker thread (the |
| 651 | * exception being for unit tests) |
| 652 | * |
| 653 | * @param context the caller's context |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 654 | */ |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 655 | /*package*/ void deleteSecuredAccounts(Context context) { |
| 656 | ContentResolver cr = context.getContentResolver(); |
| 657 | // Find all accounts with security and delete them |
| 658 | Cursor c = cr.query(Account.CONTENT_URI, EmailContent.ID_PROJECTION, |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 659 | Account.SECURITY_NONZERO_SELECTION, null, null); |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 660 | try { |
| 661 | Log.w(TAG, "Email administration disabled; deleting " + c.getCount() + |
| 662 | " secured account(s)"); |
| 663 | while (c.moveToNext()) { |
| 664 | Controller.getInstance(context).deleteAccountSync( |
| 665 | c.getLong(EmailContent.ID_PROJECTION_COLUMN), context); |
| 666 | } |
| 667 | } finally { |
| 668 | c.close(); |
| 669 | } |
Marc Blank | 2736c1a | 2011-10-20 10:13:02 -0700 | [diff] [blame] | 670 | policiesUpdated(); |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 671 | } |
| 672 | |
| 673 | /** |
| 674 | * Internal handler for enabled->disabled transitions. Deletes all secured accounts. |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 675 | * Must call from worker thread, not on UI thread. |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 676 | */ |
| 677 | /*package*/ void onAdminEnabled(boolean isEnabled) { |
Andrew Stadler | 856e09d | 2010-04-06 22:17:21 -0700 | [diff] [blame] | 678 | if (!isEnabled) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 679 | deleteSecuredAccounts(mContext); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 680 | } |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 681 | } |
| 682 | |
| 683 | /** |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 684 | * Handle password expiration - if any accounts appear to have triggered this, put up |
| 685 | * warnings, or even shut them down. |
| 686 | * |
| 687 | * NOTE: If there are multiple accounts with password expiration policies, the device |
| 688 | * password will be set to expire in the shortest required interval (most secure). The logic |
| 689 | * in this method operates based on the aggregate setting - irrespective of which account caused |
| 690 | * the expiration. In other words, all accounts (that require expiration) will run/stop |
| 691 | * based on the requirements of the account with the shortest interval. |
| 692 | */ |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 693 | private void onPasswordExpiring(Context context) { |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 694 | // 1. Do we have any accounts that matter here? |
| 695 | long nextExpiringAccountId = findShortestExpiration(context); |
| 696 | |
| 697 | // 2. If not, exit immediately |
| 698 | if (nextExpiringAccountId == -1) { |
| 699 | return; |
| 700 | } |
| 701 | |
| 702 | // 3. If yes, are we warning or expired? |
| 703 | long expirationDate = getDPM().getPasswordExpiration(mAdminName); |
| 704 | long timeUntilExpiration = expirationDate - System.currentTimeMillis(); |
| 705 | boolean expired = timeUntilExpiration < 0; |
| 706 | if (!expired) { |
| 707 | // 4. If warning, simply put up a generic notification and report that it came from |
| 708 | // the shortest-expiring account. |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 709 | NotificationController.getInstance(mContext).showPasswordExpiringNotification( |
| 710 | nextExpiringAccountId); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 711 | } else { |
| 712 | // 5. Actually expired - find all accounts that expire passwords, and wipe them |
| 713 | boolean wiped = wipeExpiredAccounts(context, Controller.getInstance(context)); |
| 714 | if (wiped) { |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 715 | NotificationController.getInstance(mContext).showPasswordExpiredNotification( |
| 716 | nextExpiringAccountId); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 717 | } |
| 718 | } |
| 719 | } |
| 720 | |
| 721 | /** |
| 722 | * Find the account with the shortest expiration time. This is always assumed to be |
| 723 | * the account that forces the password to be refreshed. |
| 724 | * @return -1 if no expirations, or accountId if one is found |
| 725 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 726 | @VisibleForTesting |
| 727 | /*package*/ static long findShortestExpiration(Context context) { |
| 728 | long policyId = Utility.getFirstRowLong(context, Policy.CONTENT_URI, Policy.ID_PROJECTION, |
| 729 | HAS_PASSWORD_EXPIRATION, null, PolicyColumns.PASSWORD_EXPIRATION_DAYS + " ASC", |
| 730 | EmailContent.ID_PROJECTION_COLUMN, -1L); |
| 731 | if (policyId < 0) return -1L; |
| 732 | return Policy.getAccountIdWithPolicyKey(context, policyId); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 733 | } |
| 734 | |
| 735 | /** |
| 736 | * For all accounts that require password expiration, put them in security hold and wipe |
| 737 | * their data. |
| 738 | * @param context |
| 739 | * @param controller |
| 740 | * @return true if one or more accounts were wiped |
| 741 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 742 | @VisibleForTesting |
| 743 | /*package*/ static boolean wipeExpiredAccounts(Context context, Controller controller) { |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 744 | boolean result = false; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 745 | Cursor c = context.getContentResolver().query(Policy.CONTENT_URI, |
| 746 | Policy.ID_PROJECTION, HAS_PASSWORD_EXPIRATION, null, null); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 747 | try { |
| 748 | while (c.moveToNext()) { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 749 | long policyId = c.getLong(Policy.ID_PROJECTION_COLUMN); |
| 750 | long accountId = Policy.getAccountIdWithPolicyKey(context, policyId); |
| 751 | if (accountId < 0) continue; |
| 752 | Account account = Account.restoreAccountWithId(context, accountId); |
| 753 | if (account != null) { |
| 754 | // Mark the account as "on hold". |
| 755 | setAccountHoldFlag(context, account, true); |
| 756 | // Erase data |
| 757 | controller.deleteSyncedDataSync(accountId); |
| 758 | // Report one or more were found |
| 759 | result = true; |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 760 | } |
| 761 | } |
| 762 | } finally { |
| 763 | c.close(); |
| 764 | } |
| 765 | return result; |
| 766 | } |
| 767 | |
| 768 | /** |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 769 | * Callback from EmailBroadcastProcessorService. This provides the workers for the |
| 770 | * DeviceAdminReceiver calls. These should perform the work directly and not use async |
| 771 | * threads for completion. |
| 772 | */ |
| 773 | public static void onDeviceAdminReceiverMessage(Context context, int message) { |
| 774 | SecurityPolicy instance = SecurityPolicy.getInstance(context); |
| 775 | switch (message) { |
| 776 | case DEVICE_ADMIN_MESSAGE_ENABLED: |
| 777 | instance.onAdminEnabled(true); |
| 778 | break; |
| 779 | case DEVICE_ADMIN_MESSAGE_DISABLED: |
| 780 | instance.onAdminEnabled(false); |
| 781 | break; |
| 782 | case DEVICE_ADMIN_MESSAGE_PASSWORD_CHANGED: |
| 783 | // TODO make a small helper for this |
| 784 | // Clear security holds (if any) |
| 785 | Account.clearSecurityHoldOnAllAccounts(context); |
| 786 | // Cancel any active notifications (if any are posted) |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 787 | NotificationController.getInstance(context).cancelPasswordExpirationNotifications(); |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 788 | break; |
| 789 | case DEVICE_ADMIN_MESSAGE_PASSWORD_EXPIRING: |
| 790 | instance.onPasswordExpiring(instance.mContext); |
| 791 | break; |
| 792 | } |
| 793 | } |
| 794 | |
| 795 | /** |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 796 | * Device Policy administrator. This is primarily a listener for device state changes. |
| 797 | * Note: This is instantiated by incoming messages. |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 798 | * Note: This is actually a BroadcastReceiver and must remain within the guidelines required |
| 799 | * for proper behavior, including avoidance of ANRs. |
Andrew Stadler | 5893e9e | 2010-02-08 23:09:05 -0800 | [diff] [blame] | 800 | * Note: We do not implement onPasswordFailed() because the default behavior of the |
| 801 | * DevicePolicyManager - complete local wipe after 'n' failures - is sufficient. |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 802 | */ |
Dianne Hackborn | 4ae83c5 | 2010-02-16 20:40:32 -0800 | [diff] [blame] | 803 | public static class PolicyAdmin extends DeviceAdminReceiver { |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 804 | |
| 805 | /** |
| 806 | * Called after the administrator is first enabled. |
| 807 | */ |
| 808 | @Override |
| 809 | public void onEnabled(Context context, Intent intent) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 810 | EmailBroadcastProcessorService.processDevicePolicyMessage(context, |
| 811 | DEVICE_ADMIN_MESSAGE_ENABLED); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 812 | } |
Andrew Stadler | 856e09d | 2010-04-06 22:17:21 -0700 | [diff] [blame] | 813 | |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 814 | /** |
| 815 | * Called prior to the administrator being disabled. |
| 816 | */ |
| 817 | @Override |
| 818 | public void onDisabled(Context context, Intent intent) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 819 | EmailBroadcastProcessorService.processDevicePolicyMessage(context, |
| 820 | DEVICE_ADMIN_MESSAGE_DISABLED); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 821 | } |
Andrew Stadler | 856e09d | 2010-04-06 22:17:21 -0700 | [diff] [blame] | 822 | |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 823 | /** |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 824 | * Called when the user asks to disable administration; we return a warning string that |
| 825 | * will be presented to the user |
| 826 | */ |
| 827 | @Override |
| 828 | public CharSequence onDisableRequested(Context context, Intent intent) { |
| 829 | return context.getString(R.string.disable_admin_warning); |
| 830 | } |
| 831 | |
| 832 | /** |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 833 | * Called after the user has changed their password. |
| 834 | */ |
| 835 | @Override |
| 836 | public void onPasswordChanged(Context context, Intent intent) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 837 | EmailBroadcastProcessorService.processDevicePolicyMessage(context, |
| 838 | DEVICE_ADMIN_MESSAGE_PASSWORD_CHANGED); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 839 | } |
| 840 | |
| 841 | /** |
| 842 | * Called when device password is expiring |
| 843 | */ |
| 844 | @Override |
| 845 | public void onPasswordExpiring(Context context, Intent intent) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 846 | EmailBroadcastProcessorService.processDevicePolicyMessage(context, |
| 847 | DEVICE_ADMIN_MESSAGE_PASSWORD_EXPIRING); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 848 | } |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 849 | } |
| 850 | } |