Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2010 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.email; |
| 18 | |
Andy Stadler | e7f4d3e | 2010-12-08 16:06:16 -0800 | [diff] [blame] | 19 | import android.app.admin.DeviceAdminInfo; |
Dianne Hackborn | 6d00162 | 2010-02-26 17:26:45 -0800 | [diff] [blame] | 20 | import android.app.admin.DeviceAdminReceiver; |
| 21 | import android.app.admin.DevicePolicyManager; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 22 | import android.content.ComponentName; |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 23 | import android.content.ContentResolver; |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 24 | import android.content.ContentValues; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 25 | import android.content.Context; |
| 26 | import android.content.Intent; |
| 27 | import android.database.Cursor; |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 28 | import android.util.Log; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 29 | |
Marc Blank | c6df1d6 | 2011-07-19 14:09:11 -0700 | [diff] [blame] | 30 | import com.android.email.service.EmailBroadcastProcessorService; |
| 31 | import com.android.emailcommon.Logging; |
| 32 | import com.android.emailcommon.provider.Account; |
| 33 | import com.android.emailcommon.provider.EmailContent; |
| 34 | import com.android.emailcommon.provider.EmailContent.AccountColumns; |
| 35 | import com.android.emailcommon.provider.EmailContent.PolicyColumns; |
| 36 | import com.android.emailcommon.provider.Policy; |
| 37 | import com.android.emailcommon.utility.Utility; |
| 38 | import com.google.common.annotations.VisibleForTesting; |
| 39 | |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 40 | /** |
Andrew Stadler | d71d0b2 | 2010-02-09 17:24:55 -0800 | [diff] [blame] | 41 | * Utility functions to support reading and writing security policies, and handshaking the device |
| 42 | * into and out of various security states. |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 43 | */ |
| 44 | public class SecurityPolicy { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 45 | private static final String TAG = "Email/SecurityPolicy"; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 46 | private static SecurityPolicy sInstance = null; |
| 47 | private Context mContext; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 48 | private DevicePolicyManager mDPM; |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 49 | private final ComponentName mAdminName; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 50 | private Policy mAggregatePolicy; |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 51 | |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 52 | // Messages used for DevicePolicyManager callbacks |
| 53 | private static final int DEVICE_ADMIN_MESSAGE_ENABLED = 1; |
| 54 | private static final int DEVICE_ADMIN_MESSAGE_DISABLED = 2; |
| 55 | private static final int DEVICE_ADMIN_MESSAGE_PASSWORD_CHANGED = 3; |
| 56 | private static final int DEVICE_ADMIN_MESSAGE_PASSWORD_EXPIRING = 4; |
| 57 | |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 58 | private static final String HAS_PASSWORD_EXPIRATION = |
| 59 | PolicyColumns.PASSWORD_EXPIRATION_DAYS + ">0"; |
| 60 | |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 61 | /** |
| 62 | * Get the security policy instance |
| 63 | */ |
| 64 | public synchronized static SecurityPolicy getInstance(Context context) { |
| 65 | if (sInstance == null) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 66 | sInstance = new SecurityPolicy(context.getApplicationContext()); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 67 | } |
| 68 | return sInstance; |
| 69 | } |
| 70 | |
| 71 | /** |
| 72 | * Private constructor (one time only) |
| 73 | */ |
| 74 | private SecurityPolicy(Context context) { |
Makoto Onuki | 968be44 | 2010-05-20 16:11:26 -0700 | [diff] [blame] | 75 | mContext = context.getApplicationContext(); |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 76 | mDPM = null; |
| 77 | mAdminName = new ComponentName(context, PolicyAdmin.class); |
| 78 | mAggregatePolicy = null; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 79 | } |
| 80 | |
| 81 | /** |
| 82 | * For testing only: Inject context into already-created instance |
| 83 | */ |
| 84 | /* package */ void setContext(Context context) { |
| 85 | mContext = context; |
| 86 | } |
| 87 | |
| 88 | /** |
| 89 | * Compute the aggregate policy for all accounts that require it, and record it. |
| 90 | * |
| 91 | * The business logic is as follows: |
| 92 | * min password length take the max |
| 93 | * password mode take the max (strongest mode) |
| 94 | * max password fails take the min |
| 95 | * max screen lock time take the min |
| 96 | * require remote wipe take the max (logical or) |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 97 | * password history take the max (strongest mode) |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 98 | * password expiration take the min (strongest mode) |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 99 | * password complex chars take the max (strongest mode) |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 100 | * encryption take the max (logical or) |
Makoto Onuki | 968be44 | 2010-05-20 16:11:26 -0700 | [diff] [blame] | 101 | * |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 102 | * @return a policy representing the strongest aggregate. If no policy sets are defined, |
| 103 | * a lightweight "nothing required" policy will be returned. Never null. |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 104 | */ |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 105 | @VisibleForTesting |
| 106 | Policy computeAggregatePolicy() { |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 107 | boolean policiesFound = false; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 108 | Policy aggregate = new Policy(); |
| 109 | aggregate.mPasswordMinLength = Integer.MIN_VALUE; |
| 110 | aggregate.mPasswordMode = Integer.MIN_VALUE; |
| 111 | aggregate.mPasswordMaxFails = Integer.MAX_VALUE; |
| 112 | aggregate.mPasswordHistory = Integer.MIN_VALUE; |
| 113 | aggregate.mPasswordExpirationDays = Integer.MAX_VALUE; |
| 114 | aggregate.mPasswordComplexChars = Integer.MIN_VALUE; |
| 115 | aggregate.mMaxScreenLockTime = Integer.MAX_VALUE; |
| 116 | aggregate.mRequireRemoteWipe = false; |
| 117 | aggregate.mRequireEncryption = false; |
Ben Komalo | e76962b | 2011-07-01 12:34:03 -0700 | [diff] [blame] | 118 | |
| 119 | // This can never be supported at this time. It exists only for historic reasons where |
| 120 | // this was able to be supported prior to the introduction of proper removable storage |
| 121 | // support for external storage. |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 122 | aggregate.mRequireEncryptionExternal = false; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 123 | |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 124 | Cursor c = mContext.getContentResolver().query(Policy.CONTENT_URI, |
| 125 | Policy.CONTENT_PROJECTION, null, null, null); |
| 126 | Policy policy = new Policy(); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 127 | try { |
| 128 | while (c.moveToNext()) { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 129 | policy.restore(c); |
| 130 | if (Email.DEBUG) { |
| 131 | Log.d(TAG, "Aggregate from: " + policy); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 132 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 133 | aggregate.mPasswordMinLength = |
| 134 | Math.max(policy.mPasswordMinLength, aggregate.mPasswordMinLength); |
| 135 | aggregate.mPasswordMode = Math.max(policy.mPasswordMode, aggregate.mPasswordMode); |
| 136 | if (policy.mPasswordMaxFails > 0) { |
| 137 | aggregate.mPasswordMaxFails = |
| 138 | Math.min(policy.mPasswordMaxFails, aggregate.mPasswordMaxFails); |
| 139 | } |
| 140 | if (policy.mMaxScreenLockTime > 0) { |
| 141 | aggregate.mMaxScreenLockTime = Math.min(policy.mMaxScreenLockTime, |
| 142 | aggregate.mMaxScreenLockTime); |
| 143 | } |
| 144 | if (policy.mPasswordHistory > 0) { |
| 145 | aggregate.mPasswordHistory = |
| 146 | Math.max(policy.mPasswordHistory, aggregate.mPasswordHistory); |
| 147 | } |
| 148 | if (policy.mPasswordExpirationDays > 0) { |
| 149 | aggregate.mPasswordExpirationDays = |
| 150 | Math.min(policy.mPasswordExpirationDays, aggregate.mPasswordExpirationDays); |
| 151 | } |
| 152 | if (policy.mPasswordComplexChars > 0) { |
| 153 | aggregate.mPasswordComplexChars = Math.max(policy.mPasswordComplexChars, |
| 154 | aggregate.mPasswordComplexChars); |
| 155 | } |
| 156 | aggregate.mRequireRemoteWipe |= policy.mRequireRemoteWipe; |
| 157 | aggregate.mRequireEncryption |= policy.mRequireEncryption; |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 158 | aggregate.mDontAllowCamera |= policy.mDontAllowCamera; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 159 | policiesFound = true; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 160 | } |
| 161 | } finally { |
| 162 | c.close(); |
| 163 | } |
| 164 | if (policiesFound) { |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 165 | // final cleanup pass converts any untouched min/max values to zero (not specified) |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 166 | if (aggregate.mPasswordMinLength == Integer.MIN_VALUE) aggregate.mPasswordMinLength = 0; |
| 167 | if (aggregate.mPasswordMode == Integer.MIN_VALUE) aggregate.mPasswordMode = 0; |
| 168 | if (aggregate.mPasswordMaxFails == Integer.MAX_VALUE) aggregate.mPasswordMaxFails = 0; |
| 169 | if (aggregate.mMaxScreenLockTime == Integer.MAX_VALUE) aggregate.mMaxScreenLockTime = 0; |
| 170 | if (aggregate.mPasswordHistory == Integer.MIN_VALUE) aggregate.mPasswordHistory = 0; |
| 171 | if (aggregate.mPasswordExpirationDays == Integer.MAX_VALUE) |
| 172 | aggregate.mPasswordExpirationDays = 0; |
| 173 | if (aggregate.mPasswordComplexChars == Integer.MIN_VALUE) |
| 174 | aggregate.mPasswordComplexChars = 0; |
| 175 | if (Email.DEBUG) { |
| 176 | Log.d(TAG, "Calculated Aggregate: " + aggregate); |
| 177 | } |
| 178 | return aggregate; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 179 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 180 | if (Email.DEBUG) { |
| 181 | Log.d(TAG, "Calculated Aggregate: no policy"); |
| 182 | } |
| 183 | return Policy.NO_POLICY; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 184 | } |
| 185 | |
| 186 | /** |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 187 | * Return updated aggregate policy, from cached value if possible |
| 188 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 189 | public synchronized Policy getAggregatePolicy() { |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 190 | if (mAggregatePolicy == null) { |
| 191 | mAggregatePolicy = computeAggregatePolicy(); |
| 192 | } |
| 193 | return mAggregatePolicy; |
| 194 | } |
| 195 | |
| 196 | /** |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 197 | * Get the dpm. This mainly allows us to make some utility calls without it, for testing. |
| 198 | */ |
Andy Stadler | a0d0805 | 2011-01-19 11:40:48 -0800 | [diff] [blame] | 199 | /* package */ synchronized DevicePolicyManager getDPM() { |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 200 | if (mDPM == null) { |
| 201 | mDPM = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); |
| 202 | } |
| 203 | return mDPM; |
| 204 | } |
| 205 | |
| 206 | /** |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 207 | * API: Report that policies may have been updated due to rewriting values in an Account. |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 208 | * @param accountId the account that has been updated, -1 if unknown/deleted |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 209 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 210 | public synchronized void policiesUpdated(long accountId) { |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 211 | mAggregatePolicy = null; |
| 212 | } |
| 213 | |
| 214 | /** |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 215 | * API: Report that policies may have been updated *and* the caller vouches that the |
| 216 | * change is a reduction in policies. This forces an immediate change to device state. |
| 217 | * Typically used when deleting accounts, although we may use it for server-side policy |
| 218 | * rollbacks. |
| 219 | */ |
| 220 | public void reducePolicies() { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 221 | if (Email.DEBUG) { |
| 222 | Log.d(TAG, "reducePolicies"); |
| 223 | } |
| 224 | policiesUpdated(-1); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 225 | setActivePolicies(); |
| 226 | } |
| 227 | |
| 228 | /** |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 229 | * API: Query if the proposed set of policies are supported on the device. |
| 230 | * |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 231 | * @param policy the polices that were requested |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 232 | * @return boolean if supported |
| 233 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 234 | public boolean isSupported(Policy policy) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 235 | // IMPLEMENTATION: At this time, the only policy which might not be supported is |
| 236 | // encryption (which requires low-level systems support). Other policies are fully |
| 237 | // supported by the framework and do not need to be checked. |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 238 | if (policy.mRequireEncryption) { |
Andy Stadler | c2e6383 | 2011-01-17 12:54:40 -0800 | [diff] [blame] | 239 | int encryptionStatus = getDPM().getStorageEncryptionStatus(); |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 240 | if (encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED) { |
| 241 | return false; |
| 242 | } |
| 243 | } |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 244 | |
| 245 | // If we ever support devices that can't disable cameras for any reason, we should |
| 246 | // indicate as such in the mDontAllowCamera policy |
| 247 | |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 248 | return true; |
| 249 | } |
| 250 | |
| 251 | /** |
Andy Stadler | a0d0805 | 2011-01-19 11:40:48 -0800 | [diff] [blame] | 252 | * API: Remove any unsupported policies |
| 253 | * |
| 254 | * This is used when we have a set of polices that have been requested, but the server |
| 255 | * is willing to allow unsupported policies to be considered optional. |
| 256 | * |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 257 | * @param policy the polices that were requested |
Andy Stadler | a0d0805 | 2011-01-19 11:40:48 -0800 | [diff] [blame] | 258 | * @return the same PolicySet if all are supported; A replacement PolicySet if any |
| 259 | * unsupported policies were removed |
| 260 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 261 | public Policy clearUnsupportedPolicies(Policy policy) { |
Andy Stadler | a0d0805 | 2011-01-19 11:40:48 -0800 | [diff] [blame] | 262 | // IMPLEMENTATION: At this time, the only policy which might not be supported is |
| 263 | // encryption (which requires low-level systems support). Other policies are fully |
| 264 | // supported by the framework and do not need to be checked. |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 265 | if (policy.mRequireEncryption) { |
Andy Stadler | a0d0805 | 2011-01-19 11:40:48 -0800 | [diff] [blame] | 266 | int encryptionStatus = getDPM().getStorageEncryptionStatus(); |
| 267 | if (encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED) { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 268 | policy.mRequireEncryption = false; |
Andy Stadler | 7fd14be | 2011-03-02 16:41:05 -0800 | [diff] [blame] | 269 | } |
| 270 | } |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 271 | |
| 272 | // If we ever support devices that can't disable cameras for any reason, we should |
| 273 | // clear the mDontAllowCamera policy |
| 274 | |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 275 | return policy; |
Andy Stadler | a0d0805 | 2011-01-19 11:40:48 -0800 | [diff] [blame] | 276 | } |
| 277 | |
| 278 | /** |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 279 | * API: Query used to determine if a given policy is "active" (the device is operating at |
| 280 | * the required security level). |
| 281 | * |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 282 | * @param policy the policies requested, or null to check aggregate stored policies |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 283 | * @return true if the requested policies are active, false if not. |
| 284 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 285 | public boolean isActive(Policy policy) { |
| 286 | int reasons = getInactiveReasons(policy); |
| 287 | if (Email.DEBUG && (reasons != 0)) { |
| 288 | StringBuilder sb = new StringBuilder("isActive for " + policy + ": "); |
| 289 | if (reasons == 0) { |
| 290 | sb.append("true"); |
| 291 | } else { |
| 292 | sb.append("FALSE -> "); |
| 293 | } |
| 294 | if ((reasons & INACTIVE_NEED_ACTIVATION) != 0) { |
| 295 | sb.append("no_admin "); |
| 296 | } |
| 297 | if ((reasons & INACTIVE_NEED_CONFIGURATION) != 0) { |
| 298 | sb.append("config "); |
| 299 | } |
| 300 | if ((reasons & INACTIVE_NEED_PASSWORD) != 0) { |
| 301 | sb.append("password "); |
| 302 | } |
| 303 | if ((reasons & INACTIVE_NEED_ENCRYPTION) != 0) { |
| 304 | sb.append("encryption "); |
| 305 | } |
| 306 | Log.d(TAG, sb.toString()); |
| 307 | } |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 308 | return reasons == 0; |
| 309 | } |
| 310 | |
| 311 | /** |
| 312 | * Return bits from isActive: Device Policy Manager has not been activated |
| 313 | */ |
| 314 | public final static int INACTIVE_NEED_ACTIVATION = 1; |
| 315 | |
| 316 | /** |
| 317 | * Return bits from isActive: Some required configuration is not correct (no user action). |
| 318 | */ |
| 319 | public final static int INACTIVE_NEED_CONFIGURATION = 2; |
| 320 | |
| 321 | /** |
| 322 | * Return bits from isActive: Password needs to be set or updated |
| 323 | */ |
| 324 | public final static int INACTIVE_NEED_PASSWORD = 4; |
| 325 | |
| 326 | /** |
| 327 | * Return bits from isActive: Encryption has not be enabled |
| 328 | */ |
| 329 | public final static int INACTIVE_NEED_ENCRYPTION = 8; |
| 330 | |
| 331 | /** |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 332 | * API: Query used to determine if a given policy is "active" (the device is operating at |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 333 | * the required security level). |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 334 | * |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 335 | * This can be used when syncing a specific account, by passing a specific set of policies |
| 336 | * for that account. Or, it can be used at any time to compare the device |
| 337 | * state against the aggregate set of device policies stored in all accounts. |
| 338 | * |
| 339 | * This method is for queries only, and does not trigger any change in device state. |
| 340 | * |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 341 | * NOTE: If there are multiple accounts with password expiration policies, the device |
| 342 | * password will be set to expire in the shortest required interval (most secure). This method |
| 343 | * will return 'false' as soon as the password expires - irrespective of which account caused |
| 344 | * the expiration. In other words, all accounts (that require expiration) will run/stop |
| 345 | * based on the requirements of the account with the shortest interval. |
| 346 | * |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 347 | * @param policy the policies requested, or null to check aggregate stored policies |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 348 | * @return zero if the requested policies are active, non-zero bits indicates that more work |
| 349 | * is needed (typically, by the user) before the required security polices are fully active. |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 350 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 351 | public int getInactiveReasons(Policy policy) { |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 352 | // select aggregate set if needed |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 353 | if (policy == null) { |
| 354 | policy = getAggregatePolicy(); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 355 | } |
| 356 | // quick check for the "empty set" of no policies |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 357 | if (policy == Policy.NO_POLICY) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 358 | return 0; |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 359 | } |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 360 | int reasons = 0; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 361 | DevicePolicyManager dpm = getDPM(); |
Andy Stadler | e7f4d3e | 2010-12-08 16:06:16 -0800 | [diff] [blame] | 362 | if (isActiveAdmin()) { |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 363 | // check each policy explicitly |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 364 | if (policy.mPasswordMinLength > 0) { |
| 365 | if (dpm.getPasswordMinimumLength(mAdminName) < policy.mPasswordMinLength) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 366 | reasons |= INACTIVE_NEED_PASSWORD; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 367 | } |
| 368 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 369 | if (policy.mPasswordMode > 0) { |
| 370 | if (dpm.getPasswordQuality(mAdminName) < policy.getDPManagerPasswordQuality()) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 371 | reasons |= INACTIVE_NEED_PASSWORD; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 372 | } |
| 373 | if (!dpm.isActivePasswordSufficient()) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 374 | reasons |= INACTIVE_NEED_PASSWORD; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 375 | } |
| 376 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 377 | if (policy.mMaxScreenLockTime > 0) { |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 378 | // Note, we use seconds, dpm uses milliseconds |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 379 | if (dpm.getMaximumTimeToLock(mAdminName) > policy.mMaxScreenLockTime * 1000) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 380 | reasons |= INACTIVE_NEED_CONFIGURATION; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 381 | } |
| 382 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 383 | if (policy.mPasswordExpirationDays > 0) { |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 384 | // confirm that expirations are currently set |
| 385 | long currentTimeout = dpm.getPasswordExpirationTimeout(mAdminName); |
| 386 | if (currentTimeout == 0 |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 387 | || currentTimeout > policy.getDPManagerPasswordExpirationTimeout()) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 388 | reasons |= INACTIVE_NEED_PASSWORD; |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 389 | } |
| 390 | // confirm that the current password hasn't expired |
| 391 | long expirationDate = dpm.getPasswordExpiration(mAdminName); |
| 392 | long timeUntilExpiration = expirationDate - System.currentTimeMillis(); |
| 393 | boolean expired = timeUntilExpiration < 0; |
| 394 | if (expired) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 395 | reasons |= INACTIVE_NEED_PASSWORD; |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 396 | } |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 397 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 398 | if (policy.mPasswordHistory > 0) { |
| 399 | if (dpm.getPasswordHistoryLength(mAdminName) < policy.mPasswordHistory) { |
Marc Blank | e86d8af | 2011-08-28 16:34:28 -0700 | [diff] [blame] | 400 | // There's no user action for changes here; this is just a configuration change |
| 401 | reasons |= INACTIVE_NEED_CONFIGURATION; |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 402 | } |
| 403 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 404 | if (policy.mPasswordComplexChars > 0) { |
| 405 | if (dpm.getPasswordMinimumNonLetter(mAdminName) < policy.mPasswordComplexChars) { |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 406 | reasons |= INACTIVE_NEED_PASSWORD; |
| 407 | } |
| 408 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 409 | if (policy.mRequireEncryption) { |
Andy Stadler | c2e6383 | 2011-01-17 12:54:40 -0800 | [diff] [blame] | 410 | int encryptionStatus = getDPM().getStorageEncryptionStatus(); |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 411 | if (encryptionStatus != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) { |
| 412 | reasons |= INACTIVE_NEED_ENCRYPTION; |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 413 | } |
| 414 | } |
Marc Blank | ce58252 | 2011-08-21 21:06:54 -0700 | [diff] [blame] | 415 | if (policy.mDontAllowCamera && !dpm.getCameraDisabled(mAdminName)) { |
| 416 | reasons |= INACTIVE_NEED_CONFIGURATION; |
| 417 | } |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 418 | // password failures are counted locally - no test required here |
| 419 | // no check required for remote wipe (it's supported, if we're the admin) |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 420 | |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 421 | // If we made it all the way, reasons == 0 here. Otherwise it's a list of grievances. |
| 422 | return reasons; |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 423 | } |
Andrew Stadler | d71d0b2 | 2010-02-09 17:24:55 -0800 | [diff] [blame] | 424 | // return false, not active |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 425 | return INACTIVE_NEED_ACTIVATION; |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 426 | } |
| 427 | |
| 428 | /** |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 429 | * Set the requested security level based on the aggregate set of requests. |
| 430 | * If the set is empty, we release our device administration. If the set is non-empty, |
| 431 | * we only proceed if we are already active as an admin. |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 432 | */ |
| 433 | public void setActivePolicies() { |
| 434 | DevicePolicyManager dpm = getDPM(); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 435 | // compute aggregate set of policies |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 436 | Policy aggregatePolicy = getAggregatePolicy(); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 437 | // if empty set, detach from policy manager |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 438 | if (aggregatePolicy == Policy.NO_POLICY) { |
| 439 | if (Email.DEBUG) { |
| 440 | Log.d(TAG, "setActivePolicies: none, remove admin"); |
| 441 | } |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 442 | dpm.removeActiveAdmin(mAdminName); |
Andy Stadler | e7f4d3e | 2010-12-08 16:06:16 -0800 | [diff] [blame] | 443 | } else if (isActiveAdmin()) { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 444 | if (Email.DEBUG) { |
| 445 | Log.d(TAG, "setActivePolicies: " + aggregatePolicy); |
| 446 | } |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 447 | // set each policy in the policy manager |
| 448 | // password mode & length |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 449 | dpm.setPasswordQuality(mAdminName, aggregatePolicy.getDPManagerPasswordQuality()); |
| 450 | dpm.setPasswordMinimumLength(mAdminName, aggregatePolicy.mPasswordMinLength); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 451 | // screen lock time |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 452 | dpm.setMaximumTimeToLock(mAdminName, aggregatePolicy.mMaxScreenLockTime * 1000); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 453 | // local wipe (failed passwords limit) |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 454 | dpm.setMaximumFailedPasswordsForWipe(mAdminName, aggregatePolicy.mPasswordMaxFails); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 455 | // password expiration (days until a password expires). API takes mSec. |
| 456 | dpm.setPasswordExpirationTimeout(mAdminName, |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 457 | aggregatePolicy.getDPManagerPasswordExpirationTimeout()); |
Marc Blank | 9b4988d | 2010-06-09 16:18:57 -0700 | [diff] [blame] | 458 | // password history length (number of previous passwords that may not be reused) |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 459 | dpm.setPasswordHistoryLength(mAdminName, aggregatePolicy.mPasswordHistory); |
Andy Stadler | 22759ba | 2011-03-16 09:48:08 -0700 | [diff] [blame] | 460 | // password minimum complex characters. |
| 461 | // Note, in Exchange, "complex chars" simply means "non alpha", but in the DPM, |
| 462 | // setting the quality to complex also defaults min symbols=1 and min numeric=1. |
| 463 | // We always / safely clear minSymbols & minNumeric to zero (there is no policy |
| 464 | // configuration in which we explicitly require a minimum number of digits or symbols.) |
| 465 | dpm.setPasswordMinimumSymbols(mAdminName, 0); |
| 466 | dpm.setPasswordMinimumNumeric(mAdminName, 0); |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 467 | dpm.setPasswordMinimumNonLetter(mAdminName, aggregatePolicy.mPasswordComplexChars); |
Ben Komalo | d09cff0 | 2011-05-06 14:57:47 -0700 | [diff] [blame] | 468 | // Device capabilities |
| 469 | dpm.setCameraDisabled(mAdminName, aggregatePolicy.mDontAllowCamera); |
| 470 | |
Andy Stadler | 469f298 | 2011-01-13 13:12:55 -0800 | [diff] [blame] | 471 | // encryption required |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 472 | dpm.setStorageEncryption(mAdminName, aggregatePolicy.mRequireEncryption); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 473 | } |
| 474 | } |
| 475 | |
| 476 | /** |
Marc Blank | 9ba506c | 2011-02-08 18:54:56 -0800 | [diff] [blame] | 477 | * Convenience method; see javadoc below |
| 478 | */ |
| 479 | public static void setAccountHoldFlag(Context context, long accountId, boolean newState) { |
| 480 | Account account = Account.restoreAccountWithId(context, accountId); |
| 481 | if (account != null) { |
| 482 | setAccountHoldFlag(context, account, newState); |
| 483 | } |
| 484 | } |
| 485 | |
| 486 | /** |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 487 | * API: Set/Clear the "hold" flag in any account. This flag serves a dual purpose: |
| 488 | * Setting it gives us an indication that it was blocked, and clearing it gives EAS a |
| 489 | * signal to try syncing again. |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 490 | * @param context |
Marc Blank | 9ba506c | 2011-02-08 18:54:56 -0800 | [diff] [blame] | 491 | * @param account the account whose hold flag is to be set/cleared |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 492 | * @param newState true = security hold, false = free to sync |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 493 | */ |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 494 | public static void setAccountHoldFlag(Context context, Account account, boolean newState) { |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 495 | if (newState) { |
| 496 | account.mFlags |= Account.FLAGS_SECURITY_HOLD; |
| 497 | } else { |
| 498 | account.mFlags &= ~Account.FLAGS_SECURITY_HOLD; |
| 499 | } |
| 500 | ContentValues cv = new ContentValues(); |
| 501 | cv.put(AccountColumns.FLAGS, account.mFlags); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 502 | account.update(context, cv); |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 503 | } |
| 504 | |
| 505 | /** |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 506 | * API: Sync service should call this any time a sync fails due to isActive() returning false. |
Andrew Stadler | d628608 | 2010-02-01 16:48:16 -0800 | [diff] [blame] | 507 | * This will kick off the notify-acquire-admin-state process and/or increase the security level. |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 508 | * The caller needs to write the required policies into this account before making this call. |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 509 | * Should not be called from UI thread - uses DB lookups to prepare new notifications |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 510 | * |
| 511 | * @param accountId the account for which sync cannot proceed |
| 512 | */ |
| 513 | public void policiesRequired(long accountId) { |
Marc Blank | f5418f1 | 2011-06-13 15:32:27 -0700 | [diff] [blame] | 514 | Account account = Account.restoreAccountWithId(mContext, accountId); |
Marc Blank | 844b14f | 2011-01-26 18:18:45 -0800 | [diff] [blame] | 515 | // In case the account has been deleted, just return |
| 516 | if (account == null) return; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 517 | if (Email.DEBUG) { |
| 518 | if (account.mPolicyKey == 0) { |
| 519 | Log.d(TAG, "policiesRequired for " + account.mDisplayName + ": none"); |
| 520 | } else { |
| 521 | Policy policy = Policy.restorePolicyWithId(mContext, account.mPolicyKey); |
| 522 | if (policy == null) { |
| 523 | Log.w(TAG, "No policy??"); |
| 524 | } else { |
| 525 | Log.d(TAG, "policiesRequired for " + account.mDisplayName + ": " + policy); |
| 526 | } |
| 527 | } |
| 528 | } |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 529 | |
Andrew Stadler | 2a5eeea | 2010-02-08 17:42:42 -0800 | [diff] [blame] | 530 | // Mark the account as "on hold". |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 531 | setAccountHoldFlag(mContext, account, true); |
| 532 | |
| 533 | // Put up a notification |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 534 | NotificationController.getInstance(mContext).showSecurityNeededNotification(account); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 535 | } |
| 536 | |
| 537 | /** |
| 538 | * Called from the notification's intent receiver to register that the notification can be |
| 539 | * cleared now. |
| 540 | */ |
Marc Blank | c6df1d6 | 2011-07-19 14:09:11 -0700 | [diff] [blame] | 541 | public void clearNotification() { |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 542 | NotificationController.getInstance(mContext).cancelSecurityNeededNotification(); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 543 | } |
| 544 | |
| 545 | /** |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 546 | * API: Remote wipe (from server). This is final, there is no confirmation. It will only |
Marc Blank | c82c1ca | 2011-09-28 09:41:44 -0700 | [diff] [blame] | 547 | * return to the caller if there is an unexpected failure. The wipe includes external storage. |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 548 | */ |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 549 | public void remoteWipe() { |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 550 | DevicePolicyManager dpm = getDPM(); |
| 551 | if (dpm.isAdminActive(mAdminName)) { |
Marc Blank | c82c1ca | 2011-09-28 09:41:44 -0700 | [diff] [blame] | 552 | dpm.wipeData(DevicePolicyManager.WIPE_EXTERNAL_STORAGE); |
Andrew Stadler | 50d1610 | 2010-02-09 11:01:01 -0800 | [diff] [blame] | 553 | } else { |
Marc Blank | 31d9acb | 2011-02-11 15:05:17 -0800 | [diff] [blame] | 554 | Log.d(Logging.LOG_TAG, "Could not remote wipe because not device admin."); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 555 | } |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 556 | } |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 557 | /** |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 558 | * If we are not the active device admin, try to become so. |
| 559 | * |
Andy Stadler | e7f4d3e | 2010-12-08 16:06:16 -0800 | [diff] [blame] | 560 | * Also checks for any policies that we have added during the lifetime of this app. |
| 561 | * This catches the case where the user granted an earlier (smaller) set of policies |
| 562 | * but an app upgrade requires that new policies be granted. |
| 563 | * |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 564 | * @return true if we are already active, false if we are not |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 565 | */ |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 566 | public boolean isActiveAdmin() { |
| 567 | DevicePolicyManager dpm = getDPM(); |
Andy Stadler | c2e6383 | 2011-01-17 12:54:40 -0800 | [diff] [blame] | 568 | return dpm.isAdminActive(mAdminName) |
| 569 | && dpm.hasGrantedPolicy(mAdminName, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD) |
Ben Komalo | aa0a355 | 2011-06-16 14:40:15 -0700 | [diff] [blame] | 570 | && dpm.hasGrantedPolicy(mAdminName, DeviceAdminInfo.USES_ENCRYPTED_STORAGE) |
| 571 | && dpm.hasGrantedPolicy(mAdminName, DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 572 | } |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 573 | |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 574 | /** |
| 575 | * Report admin component name - for making calls into device policy manager |
| 576 | */ |
| 577 | public ComponentName getAdminComponent() { |
| 578 | return mAdminName; |
| 579 | } |
| 580 | |
| 581 | /** |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 582 | * Delete all accounts whose security flags aren't zero (i.e. they have security enabled). |
| 583 | * This method is synchronous, so it should normally be called within a worker thread (the |
| 584 | * exception being for unit tests) |
| 585 | * |
| 586 | * @param context the caller's context |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 587 | */ |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 588 | /*package*/ void deleteSecuredAccounts(Context context) { |
| 589 | ContentResolver cr = context.getContentResolver(); |
| 590 | // Find all accounts with security and delete them |
| 591 | Cursor c = cr.query(Account.CONTENT_URI, EmailContent.ID_PROJECTION, |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 592 | Account.SECURITY_NONZERO_SELECTION, null, null); |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 593 | try { |
| 594 | Log.w(TAG, "Email administration disabled; deleting " + c.getCount() + |
| 595 | " secured account(s)"); |
| 596 | while (c.moveToNext()) { |
| 597 | Controller.getInstance(context).deleteAccountSync( |
| 598 | c.getLong(EmailContent.ID_PROJECTION_COLUMN), context); |
| 599 | } |
| 600 | } finally { |
| 601 | c.close(); |
| 602 | } |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 603 | policiesUpdated(-1); |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 604 | } |
| 605 | |
| 606 | /** |
| 607 | * Internal handler for enabled->disabled transitions. Deletes all secured accounts. |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 608 | * Must call from worker thread, not on UI thread. |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 609 | */ |
| 610 | /*package*/ void onAdminEnabled(boolean isEnabled) { |
Andrew Stadler | 856e09d | 2010-04-06 22:17:21 -0700 | [diff] [blame] | 611 | if (!isEnabled) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 612 | deleteSecuredAccounts(mContext); |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 613 | } |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 614 | } |
| 615 | |
| 616 | /** |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 617 | * Handle password expiration - if any accounts appear to have triggered this, put up |
| 618 | * warnings, or even shut them down. |
| 619 | * |
| 620 | * NOTE: If there are multiple accounts with password expiration policies, the device |
| 621 | * password will be set to expire in the shortest required interval (most secure). The logic |
| 622 | * in this method operates based on the aggregate setting - irrespective of which account caused |
| 623 | * the expiration. In other words, all accounts (that require expiration) will run/stop |
| 624 | * based on the requirements of the account with the shortest interval. |
| 625 | */ |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 626 | private void onPasswordExpiring(Context context) { |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 627 | // 1. Do we have any accounts that matter here? |
| 628 | long nextExpiringAccountId = findShortestExpiration(context); |
| 629 | |
| 630 | // 2. If not, exit immediately |
| 631 | if (nextExpiringAccountId == -1) { |
| 632 | return; |
| 633 | } |
| 634 | |
| 635 | // 3. If yes, are we warning or expired? |
| 636 | long expirationDate = getDPM().getPasswordExpiration(mAdminName); |
| 637 | long timeUntilExpiration = expirationDate - System.currentTimeMillis(); |
| 638 | boolean expired = timeUntilExpiration < 0; |
| 639 | if (!expired) { |
| 640 | // 4. If warning, simply put up a generic notification and report that it came from |
| 641 | // the shortest-expiring account. |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 642 | NotificationController.getInstance(mContext).showPasswordExpiringNotification( |
| 643 | nextExpiringAccountId); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 644 | } else { |
| 645 | // 5. Actually expired - find all accounts that expire passwords, and wipe them |
| 646 | boolean wiped = wipeExpiredAccounts(context, Controller.getInstance(context)); |
| 647 | if (wiped) { |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 648 | NotificationController.getInstance(mContext).showPasswordExpiredNotification( |
| 649 | nextExpiringAccountId); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 650 | } |
| 651 | } |
| 652 | } |
| 653 | |
| 654 | /** |
| 655 | * Find the account with the shortest expiration time. This is always assumed to be |
| 656 | * the account that forces the password to be refreshed. |
| 657 | * @return -1 if no expirations, or accountId if one is found |
| 658 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 659 | @VisibleForTesting |
| 660 | /*package*/ static long findShortestExpiration(Context context) { |
| 661 | long policyId = Utility.getFirstRowLong(context, Policy.CONTENT_URI, Policy.ID_PROJECTION, |
| 662 | HAS_PASSWORD_EXPIRATION, null, PolicyColumns.PASSWORD_EXPIRATION_DAYS + " ASC", |
| 663 | EmailContent.ID_PROJECTION_COLUMN, -1L); |
| 664 | if (policyId < 0) return -1L; |
| 665 | return Policy.getAccountIdWithPolicyKey(context, policyId); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 666 | } |
| 667 | |
| 668 | /** |
| 669 | * For all accounts that require password expiration, put them in security hold and wipe |
| 670 | * their data. |
| 671 | * @param context |
| 672 | * @param controller |
| 673 | * @return true if one or more accounts were wiped |
| 674 | */ |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 675 | @VisibleForTesting |
| 676 | /*package*/ static boolean wipeExpiredAccounts(Context context, Controller controller) { |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 677 | boolean result = false; |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 678 | Cursor c = context.getContentResolver().query(Policy.CONTENT_URI, |
| 679 | Policy.ID_PROJECTION, HAS_PASSWORD_EXPIRATION, null, null); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 680 | try { |
| 681 | while (c.moveToNext()) { |
Marc Blank | aeee10e | 2011-04-27 17:12:06 -0700 | [diff] [blame] | 682 | long policyId = c.getLong(Policy.ID_PROJECTION_COLUMN); |
| 683 | long accountId = Policy.getAccountIdWithPolicyKey(context, policyId); |
| 684 | if (accountId < 0) continue; |
| 685 | Account account = Account.restoreAccountWithId(context, accountId); |
| 686 | if (account != null) { |
| 687 | // Mark the account as "on hold". |
| 688 | setAccountHoldFlag(context, account, true); |
| 689 | // Erase data |
| 690 | controller.deleteSyncedDataSync(accountId); |
| 691 | // Report one or more were found |
| 692 | result = true; |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 693 | } |
| 694 | } |
| 695 | } finally { |
| 696 | c.close(); |
| 697 | } |
| 698 | return result; |
| 699 | } |
| 700 | |
| 701 | /** |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 702 | * Callback from EmailBroadcastProcessorService. This provides the workers for the |
| 703 | * DeviceAdminReceiver calls. These should perform the work directly and not use async |
| 704 | * threads for completion. |
| 705 | */ |
| 706 | public static void onDeviceAdminReceiverMessage(Context context, int message) { |
| 707 | SecurityPolicy instance = SecurityPolicy.getInstance(context); |
| 708 | switch (message) { |
| 709 | case DEVICE_ADMIN_MESSAGE_ENABLED: |
| 710 | instance.onAdminEnabled(true); |
| 711 | break; |
| 712 | case DEVICE_ADMIN_MESSAGE_DISABLED: |
| 713 | instance.onAdminEnabled(false); |
| 714 | break; |
| 715 | case DEVICE_ADMIN_MESSAGE_PASSWORD_CHANGED: |
| 716 | // TODO make a small helper for this |
| 717 | // Clear security holds (if any) |
| 718 | Account.clearSecurityHoldOnAllAccounts(context); |
| 719 | // Cancel any active notifications (if any are posted) |
Makoto Onuki | 308ce92 | 2011-03-21 17:08:16 -0700 | [diff] [blame] | 720 | NotificationController.getInstance(context).cancelPasswordExpirationNotifications(); |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 721 | break; |
| 722 | case DEVICE_ADMIN_MESSAGE_PASSWORD_EXPIRING: |
| 723 | instance.onPasswordExpiring(instance.mContext); |
| 724 | break; |
| 725 | } |
| 726 | } |
| 727 | |
| 728 | /** |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 729 | * Device Policy administrator. This is primarily a listener for device state changes. |
| 730 | * Note: This is instantiated by incoming messages. |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 731 | * Note: This is actually a BroadcastReceiver and must remain within the guidelines required |
| 732 | * for proper behavior, including avoidance of ANRs. |
Andrew Stadler | 5893e9e | 2010-02-08 23:09:05 -0800 | [diff] [blame] | 733 | * Note: We do not implement onPasswordFailed() because the default behavior of the |
| 734 | * DevicePolicyManager - complete local wipe after 'n' failures - is sufficient. |
Andrew Stadler | 3d2b3b3 | 2010-02-05 11:10:39 -0800 | [diff] [blame] | 735 | */ |
Dianne Hackborn | 4ae83c5 | 2010-02-16 20:40:32 -0800 | [diff] [blame] | 736 | public static class PolicyAdmin extends DeviceAdminReceiver { |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 737 | |
| 738 | /** |
| 739 | * Called after the administrator is first enabled. |
| 740 | */ |
| 741 | @Override |
| 742 | public void onEnabled(Context context, Intent intent) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 743 | EmailBroadcastProcessorService.processDevicePolicyMessage(context, |
| 744 | DEVICE_ADMIN_MESSAGE_ENABLED); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 745 | } |
Andrew Stadler | 856e09d | 2010-04-06 22:17:21 -0700 | [diff] [blame] | 746 | |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 747 | /** |
| 748 | * Called prior to the administrator being disabled. |
| 749 | */ |
| 750 | @Override |
| 751 | public void onDisabled(Context context, Intent intent) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 752 | EmailBroadcastProcessorService.processDevicePolicyMessage(context, |
| 753 | DEVICE_ADMIN_MESSAGE_DISABLED); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 754 | } |
Andrew Stadler | 856e09d | 2010-04-06 22:17:21 -0700 | [diff] [blame] | 755 | |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 756 | /** |
Marc Blank | 02d59d2 | 2010-10-25 11:49:29 -0700 | [diff] [blame] | 757 | * Called when the user asks to disable administration; we return a warning string that |
| 758 | * will be presented to the user |
| 759 | */ |
| 760 | @Override |
| 761 | public CharSequence onDisableRequested(Context context, Intent intent) { |
| 762 | return context.getString(R.string.disable_admin_warning); |
| 763 | } |
| 764 | |
| 765 | /** |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 766 | * Called after the user has changed their password. |
| 767 | */ |
| 768 | @Override |
| 769 | public void onPasswordChanged(Context context, Intent intent) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 770 | EmailBroadcastProcessorService.processDevicePolicyMessage(context, |
| 771 | DEVICE_ADMIN_MESSAGE_PASSWORD_CHANGED); |
Andy Stadler | 1ca111c | 2010-12-01 12:58:36 -0800 | [diff] [blame] | 772 | } |
| 773 | |
| 774 | /** |
| 775 | * Called when device password is expiring |
| 776 | */ |
| 777 | @Override |
| 778 | public void onPasswordExpiring(Context context, Intent intent) { |
Andy Stadler | a2269e8 | 2010-12-30 00:16:55 -0800 | [diff] [blame] | 779 | EmailBroadcastProcessorService.processDevicePolicyMessage(context, |
| 780 | DEVICE_ADMIN_MESSAGE_PASSWORD_EXPIRING); |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 781 | } |
Andrew Stadler | 345fb8b | 2010-01-26 17:24:15 -0800 | [diff] [blame] | 782 | } |
| 783 | } |