DevicePolicyManager.java revision 2447edd85baac3225a12b868ef40f76cfdc6ec11
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.app.admin; 18 19import org.xmlpull.v1.XmlPullParserException; 20 21import android.annotation.SdkConstant; 22import android.annotation.SdkConstant.SdkConstantType; 23import android.content.ComponentName; 24import android.content.Context; 25import android.content.pm.ActivityInfo; 26import android.content.pm.PackageManager; 27import android.content.pm.ResolveInfo; 28import android.os.Handler; 29import android.os.RemoteCallback; 30import android.os.RemoteException; 31import android.os.ServiceManager; 32import android.util.Log; 33 34import java.io.IOException; 35import java.net.InetSocketAddress; 36import java.net.Proxy; 37import java.util.List; 38 39/** 40 * Public interface for managing policies enforced on a device. Most clients 41 * of this class must have published a {@link DeviceAdminReceiver} that the user 42 * has currently enabled. 43 */ 44public class DevicePolicyManager { 45 private static String TAG = "DevicePolicyManager"; 46 47 private final Context mContext; 48 private final IDevicePolicyManager mService; 49 50 private DevicePolicyManager(Context context, Handler handler) { 51 mContext = context; 52 mService = IDevicePolicyManager.Stub.asInterface( 53 ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); 54 } 55 56 /** @hide */ 57 public static DevicePolicyManager create(Context context, Handler handler) { 58 DevicePolicyManager me = new DevicePolicyManager(context, handler); 59 return me.mService != null ? me : null; 60 } 61 62 /** 63 * Activity action: ask the user to add a new device administrator to the system. 64 * The desired policy is the ComponentName of the policy in the 65 * {@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to 66 * bring the user through adding the device administrator to the system (or 67 * allowing them to reject it). 68 * 69 * <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION} 70 * field to provide the user with additional explanation (in addition 71 * to your component's description) about what is being added. 72 * 73 * <p>If your administrator is already active, this will ordinarily return immediately (without 74 * user intervention). However, if your administrator has been updated and is requesting 75 * additional uses-policy flags, the user will be presented with the new list. New policies 76 * will not be available to the updated administrator until the user has accepted the new list. 77 */ 78 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 79 public static final String ACTION_ADD_DEVICE_ADMIN 80 = "android.app.action.ADD_DEVICE_ADMIN"; 81 82 /** 83 * Activity action: send when any policy admin changes a policy. 84 * This is generally used to find out when a new policy is in effect. 85 * 86 * @hide 87 */ 88 public static final String ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED 89 = "android.app.action.DEVICE_POLICY_MANAGER_STATE_CHANGED"; 90 91 /** 92 * The ComponentName of the administrator component. 93 * 94 * @see #ACTION_ADD_DEVICE_ADMIN 95 */ 96 public static final String EXTRA_DEVICE_ADMIN = "android.app.extra.DEVICE_ADMIN"; 97 98 /** 99 * An optional CharSequence providing additional explanation for why the 100 * admin is being added. 101 * 102 * @see #ACTION_ADD_DEVICE_ADMIN 103 */ 104 public static final String EXTRA_ADD_EXPLANATION = "android.app.extra.ADD_EXPLANATION"; 105 106 /** 107 * Activity action: have the user enter a new password. This activity should 108 * be launched after using {@link #setPasswordQuality(ComponentName, int)}, 109 * or {@link #setPasswordMinimumLength(ComponentName, int)} to have the user 110 * enter a new password that meets the current requirements. You can use 111 * {@link #isActivePasswordSufficient()} to determine whether you need to 112 * have the user select a new password in order to meet the current 113 * constraints. Upon being resumed from this activity, you can check the new 114 * password characteristics to see if they are sufficient. 115 */ 116 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 117 public static final String ACTION_SET_NEW_PASSWORD 118 = "android.app.action.SET_NEW_PASSWORD"; 119 120 /** 121 * Return true if the given administrator component is currently 122 * active (enabled) in the system. 123 */ 124 public boolean isAdminActive(ComponentName who) { 125 if (mService != null) { 126 try { 127 return mService.isAdminActive(who); 128 } catch (RemoteException e) { 129 Log.w(TAG, "Failed talking with device policy service", e); 130 } 131 } 132 return false; 133 } 134 135 /** 136 * Return a list of all currently active device administrator's component 137 * names. Note that if there are no administrators than null may be 138 * returned. 139 */ 140 public List<ComponentName> getActiveAdmins() { 141 if (mService != null) { 142 try { 143 return mService.getActiveAdmins(); 144 } catch (RemoteException e) { 145 Log.w(TAG, "Failed talking with device policy service", e); 146 } 147 } 148 return null; 149 } 150 151 /** 152 * @hide 153 */ 154 public boolean packageHasActiveAdmins(String packageName) { 155 if (mService != null) { 156 try { 157 return mService.packageHasActiveAdmins(packageName); 158 } catch (RemoteException e) { 159 Log.w(TAG, "Failed talking with device policy service", e); 160 } 161 } 162 return false; 163 } 164 165 /** 166 * Remove a current administration component. This can only be called 167 * by the application that owns the administration component; if you 168 * try to remove someone else's component, a security exception will be 169 * thrown. 170 */ 171 public void removeActiveAdmin(ComponentName who) { 172 if (mService != null) { 173 try { 174 mService.removeActiveAdmin(who); 175 } catch (RemoteException e) { 176 Log.w(TAG, "Failed talking with device policy service", e); 177 } 178 } 179 } 180 181 /** 182 * Returns true if an administrator has been granted a particular device policy. This can 183 * be used to check if the administrator was activated under an earlier set of policies, 184 * but requires additional policies after an upgrade. 185 * 186 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. Must be 187 * an active administrator, or an exception will be thrown. 188 * @param usesPolicy Which uses-policy to check, as defined in {@link DeviceAdminInfo}. 189 */ 190 public boolean hasGrantedPolicy(ComponentName admin, int usesPolicy) { 191 if (mService != null) { 192 try { 193 return mService.hasGrantedPolicy(admin, usesPolicy); 194 } catch (RemoteException e) { 195 Log.w(TAG, "Failed talking with device policy service", e); 196 } 197 } 198 return false; 199 } 200 201 /** 202 * Constant for {@link #setPasswordQuality}: the policy has no requirements 203 * for the password. Note that quality constants are ordered so that higher 204 * values are more restrictive. 205 */ 206 public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; 207 208 /** 209 * Constant for {@link #setPasswordQuality}: the policy requires some kind 210 * of password, but doesn't care what it is. Note that quality constants 211 * are ordered so that higher values are more restrictive. 212 */ 213 public static final int PASSWORD_QUALITY_SOMETHING = 0x10000; 214 215 /** 216 * Constant for {@link #setPasswordQuality}: the user must have entered a 217 * password containing at least numeric characters. Note that quality 218 * constants are ordered so that higher values are more restrictive. 219 */ 220 public static final int PASSWORD_QUALITY_NUMERIC = 0x20000; 221 222 /** 223 * Constant for {@link #setPasswordQuality}: the user must have entered a 224 * password containing at least alphabetic (or other symbol) characters. 225 * Note that quality constants are ordered so that higher values are more 226 * restrictive. 227 */ 228 public static final int PASSWORD_QUALITY_ALPHABETIC = 0x40000; 229 230 /** 231 * Constant for {@link #setPasswordQuality}: the user must have entered a 232 * password containing at least <em>both></em> numeric <em>and</em> 233 * alphabetic (or other symbol) characters. Note that quality constants are 234 * ordered so that higher values are more restrictive. 235 */ 236 public static final int PASSWORD_QUALITY_ALPHANUMERIC = 0x50000; 237 238 /** 239 * Constant for {@link #setPasswordQuality}: the user must have entered a 240 * password containing at least a letter, a numerical digit and a special 241 * symbol, by default. With this password quality, passwords can be 242 * restricted to contain various sets of characters, like at least an 243 * uppercase letter, etc. These are specified using various methods, 244 * like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note 245 * that quality constants are ordered so that higher values are more 246 * restrictive. 247 */ 248 public static final int PASSWORD_QUALITY_COMPLEX = 0x60000; 249 250 /** 251 * Called by an application that is administering the device to set the 252 * password restrictions it is imposing. After setting this, the user 253 * will not be able to enter a new password that is not at least as 254 * restrictive as what has been set. Note that the current password 255 * will remain until the user has set a new one, so the change does not 256 * take place immediately. To prompt the user for a new password, use 257 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. 258 * 259 * <p>Quality constants are ordered so that higher values are more restrictive; 260 * thus the highest requested quality constant (between the policy set here, 261 * the user's preference, and any other considerations) is the one that 262 * is in effect. 263 * 264 * <p>The calling device admin must have requested 265 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 266 * this method; if it has not, a security exception will be thrown. 267 * 268 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 269 * @param quality The new desired quality. One of 270 * {@link #PASSWORD_QUALITY_UNSPECIFIED}, {@link #PASSWORD_QUALITY_SOMETHING}, 271 * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC}, 272 * {@link #PASSWORD_QUALITY_ALPHANUMERIC} or {@link #PASSWORD_QUALITY_COMPLEX}. 273 */ 274 public void setPasswordQuality(ComponentName admin, int quality) { 275 if (mService != null) { 276 try { 277 mService.setPasswordQuality(admin, quality); 278 } catch (RemoteException e) { 279 Log.w(TAG, "Failed talking with device policy service", e); 280 } 281 } 282 } 283 284 /** 285 * Retrieve the current minimum password quality for all admins 286 * or a particular one. 287 * @param admin The name of the admin component to check, or null to aggregate 288 * all admins. 289 */ 290 public int getPasswordQuality(ComponentName admin) { 291 if (mService != null) { 292 try { 293 return mService.getPasswordQuality(admin); 294 } catch (RemoteException e) { 295 Log.w(TAG, "Failed talking with device policy service", e); 296 } 297 } 298 return PASSWORD_QUALITY_UNSPECIFIED; 299 } 300 301 /** 302 * Called by an application that is administering the device to set the 303 * minimum allowed password length. After setting this, the user 304 * will not be able to enter a new password that is not at least as 305 * restrictive as what has been set. Note that the current password 306 * will remain until the user has set a new one, so the change does not 307 * take place immediately. To prompt the user for a new password, use 308 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 309 * constraint is only imposed if the administrator has also requested either 310 * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC} 311 * {@link #PASSWORD_QUALITY_ALPHANUMERIC}, or {@link #PASSWORD_QUALITY_COMPLEX} 312 * with {@link #setPasswordQuality}. 313 * 314 * <p>The calling device admin must have requested 315 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 316 * this method; if it has not, a security exception will be thrown. 317 * 318 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 319 * @param length The new desired minimum password length. A value of 0 320 * means there is no restriction. 321 */ 322 public void setPasswordMinimumLength(ComponentName admin, int length) { 323 if (mService != null) { 324 try { 325 mService.setPasswordMinimumLength(admin, length); 326 } catch (RemoteException e) { 327 Log.w(TAG, "Failed talking with device policy service", e); 328 } 329 } 330 } 331 332 /** 333 * Retrieve the current minimum password length for all admins 334 * or a particular one. 335 * @param admin The name of the admin component to check, or null to aggregate 336 * all admins. 337 */ 338 public int getPasswordMinimumLength(ComponentName admin) { 339 if (mService != null) { 340 try { 341 return mService.getPasswordMinimumLength(admin); 342 } catch (RemoteException e) { 343 Log.w(TAG, "Failed talking with device policy service", e); 344 } 345 } 346 return 0; 347 } 348 349 /** 350 * Called by an application that is administering the device to set the 351 * minimum number of upper case letters required in the password. After 352 * setting this, the user will not be able to enter a new password that is 353 * not at least as restrictive as what has been set. Note that the current 354 * password will remain until the user has set a new one, so the change does 355 * not take place immediately. To prompt the user for a new password, use 356 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 357 * constraint is only imposed if the administrator has also requested 358 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 359 * default value is 0. 360 * <p> 361 * The calling device admin must have requested 362 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 363 * this method; if it has not, a security exception will be thrown. 364 * 365 * @param admin Which {@link DeviceAdminReceiver} this request is associated 366 * with. 367 * @param length The new desired minimum number of upper case letters 368 * required in the password. A value of 0 means there is no 369 * restriction. 370 */ 371 public void setPasswordMinimumUpperCase(ComponentName admin, int length) { 372 if (mService != null) { 373 try { 374 mService.setPasswordMinimumUpperCase(admin, length); 375 } catch (RemoteException e) { 376 Log.w(TAG, "Failed talking with device policy service", e); 377 } 378 } 379 } 380 381 /** 382 * Retrieve the current number of upper case letters required in the 383 * password for all admins or a particular one. This is the same value as 384 * set by {#link {@link #setPasswordMinimumUpperCase(ComponentName, int)} 385 * and only applies when the password quality is 386 * {@link #PASSWORD_QUALITY_COMPLEX}. 387 * 388 * @param admin The name of the admin component to check, or null to 389 * aggregate all admins. 390 * @return The minimum number of upper case letters required in the 391 * password. 392 */ 393 public int getPasswordMinimumUpperCase(ComponentName admin) { 394 if (mService != null) { 395 try { 396 return mService.getPasswordMinimumUpperCase(admin); 397 } catch (RemoteException e) { 398 Log.w(TAG, "Failed talking with device policy service", e); 399 } 400 } 401 return 0; 402 } 403 404 /** 405 * Called by an application that is administering the device to set the 406 * minimum number of lower case letters required in the password. After 407 * setting this, the user will not be able to enter a new password that is 408 * not at least as restrictive as what has been set. Note that the current 409 * password will remain until the user has set a new one, so the change does 410 * not take place immediately. To prompt the user for a new password, use 411 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 412 * constraint is only imposed if the administrator has also requested 413 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 414 * default value is 0. 415 * <p> 416 * The calling device admin must have requested 417 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 418 * this method; if it has not, a security exception will be thrown. 419 * 420 * @param admin Which {@link DeviceAdminReceiver} this request is associated 421 * with. 422 * @param length The new desired minimum number of lower case letters 423 * required in the password. A value of 0 means there is no 424 * restriction. 425 */ 426 public void setPasswordMinimumLowerCase(ComponentName admin, int length) { 427 if (mService != null) { 428 try { 429 mService.setPasswordMinimumLowerCase(admin, length); 430 } catch (RemoteException e) { 431 Log.w(TAG, "Failed talking with device policy service", e); 432 } 433 } 434 } 435 436 /** 437 * Retrieve the current number of lower case letters required in the 438 * password for all admins or a particular one. This is the same value as 439 * set by {#link {@link #setPasswordMinimumLowerCase(ComponentName, int)} 440 * and only applies when the password quality is 441 * {@link #PASSWORD_QUALITY_COMPLEX}. 442 * 443 * @param admin The name of the admin component to check, or null to 444 * aggregate all admins. 445 * @return The minimum number of lower case letters required in the 446 * password. 447 */ 448 public int getPasswordMinimumLowerCase(ComponentName admin) { 449 if (mService != null) { 450 try { 451 return mService.getPasswordMinimumLowerCase(admin); 452 } catch (RemoteException e) { 453 Log.w(TAG, "Failed talking with device policy service", e); 454 } 455 } 456 return 0; 457 } 458 459 /** 460 * Called by an application that is administering the device to set the 461 * minimum number of letters required in the password. After setting this, 462 * the user will not be able to enter a new password that is not at least as 463 * restrictive as what has been set. Note that the current password will 464 * remain until the user has set a new one, so the change does not take 465 * place immediately. To prompt the user for a new password, use 466 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 467 * constraint is only imposed if the administrator has also requested 468 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 469 * default value is 1. 470 * <p> 471 * The calling device admin must have requested 472 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 473 * this method; if it has not, a security exception will be thrown. 474 * 475 * @param admin Which {@link DeviceAdminReceiver} this request is associated 476 * with. 477 * @param length The new desired minimum number of letters required in the 478 * password. A value of 0 means there is no restriction. 479 */ 480 public void setPasswordMinimumLetters(ComponentName admin, int length) { 481 if (mService != null) { 482 try { 483 mService.setPasswordMinimumLetters(admin, length); 484 } catch (RemoteException e) { 485 Log.w(TAG, "Failed talking with device policy service", e); 486 } 487 } 488 } 489 490 /** 491 * Retrieve the current number of letters required in the password for all 492 * admins or a particular one. This is the same value as 493 * set by {#link {@link #setPasswordMinimumLetters(ComponentName, int)} 494 * and only applies when the password quality is 495 * {@link #PASSWORD_QUALITY_COMPLEX}. 496 * 497 * @param admin The name of the admin component to check, or null to 498 * aggregate all admins. 499 * @return The minimum number of letters required in the password. 500 */ 501 public int getPasswordMinimumLetters(ComponentName admin) { 502 if (mService != null) { 503 try { 504 return mService.getPasswordMinimumLetters(admin); 505 } catch (RemoteException e) { 506 Log.w(TAG, "Failed talking with device policy service", e); 507 } 508 } 509 return 0; 510 } 511 512 /** 513 * Called by an application that is administering the device to set the 514 * minimum number of numerical digits required in the password. After 515 * setting this, the user will not be able to enter a new password that is 516 * not at least as restrictive as what has been set. Note that the current 517 * password will remain until the user has set a new one, so the change does 518 * not take place immediately. To prompt the user for a new password, use 519 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 520 * constraint is only imposed if the administrator has also requested 521 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 522 * default value is 1. 523 * <p> 524 * The calling device admin must have requested 525 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 526 * this method; if it has not, a security exception will be thrown. 527 * 528 * @param admin Which {@link DeviceAdminReceiver} this request is associated 529 * with. 530 * @param length The new desired minimum number of numerical digits required 531 * in the password. A value of 0 means there is no restriction. 532 */ 533 public void setPasswordMinimumNumeric(ComponentName admin, int length) { 534 if (mService != null) { 535 try { 536 mService.setPasswordMinimumNumeric(admin, length); 537 } catch (RemoteException e) { 538 Log.w(TAG, "Failed talking with device policy service", e); 539 } 540 } 541 } 542 543 /** 544 * Retrieve the current number of numerical digits required in the password 545 * for all admins or a particular one. This is the same value as 546 * set by {#link {@link #setPasswordMinimumNumeric(ComponentName, int)} 547 * and only applies when the password quality is 548 * {@link #PASSWORD_QUALITY_COMPLEX}. 549 * 550 * @param admin The name of the admin component to check, or null to 551 * aggregate all admins. 552 * @return The minimum number of numerical digits required in the password. 553 */ 554 public int getPasswordMinimumNumeric(ComponentName admin) { 555 if (mService != null) { 556 try { 557 return mService.getPasswordMinimumNumeric(admin); 558 } catch (RemoteException e) { 559 Log.w(TAG, "Failed talking with device policy service", e); 560 } 561 } 562 return 0; 563 } 564 565 /** 566 * Called by an application that is administering the device to set the 567 * minimum number of symbols required in the password. After setting this, 568 * the user will not be able to enter a new password that is not at least as 569 * restrictive as what has been set. Note that the current password will 570 * remain until the user has set a new one, so the change does not take 571 * place immediately. To prompt the user for a new password, use 572 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 573 * constraint is only imposed if the administrator has also requested 574 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 575 * default value is 1. 576 * <p> 577 * The calling device admin must have requested 578 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 579 * this method; if it has not, a security exception will be thrown. 580 * 581 * @param admin Which {@link DeviceAdminReceiver} this request is associated 582 * with. 583 * @param length The new desired minimum number of symbols required in the 584 * password. A value of 0 means there is no restriction. 585 */ 586 public void setPasswordMinimumSymbols(ComponentName admin, int length) { 587 if (mService != null) { 588 try { 589 mService.setPasswordMinimumSymbols(admin, length); 590 } catch (RemoteException e) { 591 Log.w(TAG, "Failed talking with device policy service", e); 592 } 593 } 594 } 595 596 /** 597 * Retrieve the current number of symbols required in the password for all 598 * admins or a particular one. This is the same value as 599 * set by {#link {@link #setPasswordMinimumSymbols(ComponentName, int)} 600 * and only applies when the password quality is 601 * {@link #PASSWORD_QUALITY_COMPLEX}. 602 * 603 * @param admin The name of the admin component to check, or null to 604 * aggregate all admins. 605 * @return The minimum number of symbols required in the password. 606 */ 607 public int getPasswordMinimumSymbols(ComponentName admin) { 608 if (mService != null) { 609 try { 610 return mService.getPasswordMinimumSymbols(admin); 611 } catch (RemoteException e) { 612 Log.w(TAG, "Failed talking with device policy service", e); 613 } 614 } 615 return 0; 616 } 617 618 /** 619 * Called by an application that is administering the device to set the 620 * minimum number of non-letter characters (numerical digits or symbols) 621 * required in the password. After setting this, the user will not be able 622 * to enter a new password that is not at least as restrictive as what has 623 * been set. Note that the current password will remain until the user has 624 * set a new one, so the change does not take place immediately. To prompt 625 * the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} after 626 * setting this value. This constraint is only imposed if the administrator 627 * has also requested {@link #PASSWORD_QUALITY_COMPLEX} with 628 * {@link #setPasswordQuality}. The default value is 0. 629 * <p> 630 * The calling device admin must have requested 631 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 632 * this method; if it has not, a security exception will be thrown. 633 * 634 * @param admin Which {@link DeviceAdminReceiver} this request is associated 635 * with. 636 * @param length The new desired minimum number of letters required in the 637 * password. A value of 0 means there is no restriction. 638 */ 639 public void setPasswordMinimumNonLetter(ComponentName admin, int length) { 640 if (mService != null) { 641 try { 642 mService.setPasswordMinimumNonLetter(admin, length); 643 } catch (RemoteException e) { 644 Log.w(TAG, "Failed talking with device policy service", e); 645 } 646 } 647 } 648 649 /** 650 * Retrieve the current number of non-letter characters required in the 651 * password for all admins or a particular one. This is the same value as 652 * set by {#link {@link #setPasswordMinimumNonLetter(ComponentName, int)} 653 * and only applies when the password quality is 654 * {@link #PASSWORD_QUALITY_COMPLEX}. 655 * 656 * @param admin The name of the admin component to check, or null to 657 * aggregate all admins. 658 * @return The minimum number of letters required in the password. 659 */ 660 public int getPasswordMinimumNonLetter(ComponentName admin) { 661 if (mService != null) { 662 try { 663 return mService.getPasswordMinimumNonLetter(admin); 664 } catch (RemoteException e) { 665 Log.w(TAG, "Failed talking with device policy service", e); 666 } 667 } 668 return 0; 669 } 670 671 /** 672 * Called by an application that is administering the device to set the length 673 * of the password history. After setting this, the user will not be able to 674 * enter a new password that is the same as any password in the history. Note 675 * that the current password will remain until the user has set a new one, so 676 * the change does not take place immediately. To prompt the user for a new 677 * password, use {@link #ACTION_SET_NEW_PASSWORD} after setting this value. 678 * This constraint is only imposed if the administrator has also requested 679 * either {@link #PASSWORD_QUALITY_NUMERIC}, 680 * {@link #PASSWORD_QUALITY_ALPHABETIC}, or 681 * {@link #PASSWORD_QUALITY_ALPHANUMERIC} with {@link #setPasswordQuality}. 682 * 683 * <p> 684 * The calling device admin must have requested 685 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this 686 * method; if it has not, a security exception will be thrown. 687 * 688 * @param admin Which {@link DeviceAdminReceiver} this request is associated 689 * with. 690 * @param length The new desired length of password history. A value of 0 691 * means there is no restriction. 692 */ 693 public void setPasswordHistoryLength(ComponentName admin, int length) { 694 if (mService != null) { 695 try { 696 mService.setPasswordHistoryLength(admin, length); 697 } catch (RemoteException e) { 698 Log.w(TAG, "Failed talking with device policy service", e); 699 } 700 } 701 } 702 703 /** 704 * Called by a device admin to set the password expiration timeout. Calling this method 705 * will restart the countdown for password expiration for the given admin, as will changing 706 * the device password (for all admins). 707 * 708 * <p>The provided timeout is the time delta in ms and will be added to the current time. 709 * For example, to have the password expire 5 days from now, timeout would be 710 * 5 * 86400 * 1000 = 432000000 ms for timeout. 711 * 712 * <p>To disable password expiration, a value of 0 may be used for timeout. 713 * 714 * <p>The calling device admin must have requested 715 * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this 716 * method; if it has not, a security exception will be thrown. 717 * 718 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 719 * @param timeout The limit (in ms) that a password can remain in effect. A value of 0 720 * means there is no restriction (unlimited). 721 */ 722 public void setPasswordExpirationTimeout(ComponentName admin, long timeout) { 723 if (mService != null) { 724 try { 725 mService.setPasswordExpirationTimeout(admin, timeout); 726 } catch (RemoteException e) { 727 Log.w(TAG, "Failed talking with device policy service", e); 728 } 729 } 730 } 731 732 /** 733 * Get the password expiration timeout for the given admin. The expiration timeout is the 734 * recurring expiration timeout provided in the call to 735 * {@link #setPasswordExpirationTimeout(ComponentName, long)} for the given admin or the 736 * aggregate of all policy administrators if admin is null. 737 * 738 * @param admin The name of the admin component to check, or null to aggregate all admins. 739 * @return The timeout for the given admin or the minimum of all timeouts 740 */ 741 public long getPasswordExpirationTimeout(ComponentName admin) { 742 if (mService != null) { 743 try { 744 return mService.getPasswordExpirationTimeout(admin); 745 } catch (RemoteException e) { 746 Log.w(TAG, "Failed talking with device policy service", e); 747 } 748 } 749 return 0; 750 } 751 752 /** 753 * Get the current password expiration time for the given admin or an aggregate of 754 * all admins if admin is null. If the password is expired, this will return the time since 755 * the password expired as a negative number. If admin is null, then a composite of all 756 * expiration timeouts is returned - which will be the minimum of all timeouts. 757 * 758 * @param admin The name of the admin component to check, or null to aggregate all admins. 759 * @return The password expiration time, in ms. 760 */ 761 public long getPasswordExpiration(ComponentName admin) { 762 if (mService != null) { 763 try { 764 return mService.getPasswordExpiration(admin); 765 } catch (RemoteException e) { 766 Log.w(TAG, "Failed talking with device policy service", e); 767 } 768 } 769 return 0; 770 } 771 772 /** 773 * Retrieve the current password history length for all admins 774 * or a particular one. 775 * @param admin The name of the admin component to check, or null to aggregate 776 * all admins. 777 * @return The length of the password history 778 */ 779 public int getPasswordHistoryLength(ComponentName admin) { 780 if (mService != null) { 781 try { 782 return mService.getPasswordHistoryLength(admin); 783 } catch (RemoteException e) { 784 Log.w(TAG, "Failed talking with device policy service", e); 785 } 786 } 787 return 0; 788 } 789 790 /** 791 * Return the maximum password length that the device supports for a 792 * particular password quality. 793 * @param quality The quality being interrogated. 794 * @return Returns the maximum length that the user can enter. 795 */ 796 public int getPasswordMaximumLength(int quality) { 797 // Kind-of arbitrary. 798 return 16; 799 } 800 801 /** 802 * Determine whether the current password the user has set is sufficient 803 * to meet the policy requirements (quality, minimum length) that have been 804 * requested. 805 * 806 * <p>The calling device admin must have requested 807 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 808 * this method; if it has not, a security exception will be thrown. 809 * 810 * @return Returns true if the password meets the current requirements, 811 * else false. 812 */ 813 public boolean isActivePasswordSufficient() { 814 if (mService != null) { 815 try { 816 return mService.isActivePasswordSufficient(); 817 } catch (RemoteException e) { 818 Log.w(TAG, "Failed talking with device policy service", e); 819 } 820 } 821 return false; 822 } 823 824 /** 825 * Retrieve the number of times the user has failed at entering a 826 * password since that last successful password entry. 827 * 828 * <p>The calling device admin must have requested 829 * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call 830 * this method; if it has not, a security exception will be thrown. 831 */ 832 public int getCurrentFailedPasswordAttempts() { 833 if (mService != null) { 834 try { 835 return mService.getCurrentFailedPasswordAttempts(); 836 } catch (RemoteException e) { 837 Log.w(TAG, "Failed talking with device policy service", e); 838 } 839 } 840 return -1; 841 } 842 843 /** 844 * Setting this to a value greater than zero enables a built-in policy 845 * that will perform a device wipe after too many incorrect 846 * device-unlock passwords have been entered. This built-in policy combines 847 * watching for failed passwords and wiping the device, and requires 848 * that you request both {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and 849 * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}}. 850 * 851 * <p>To implement any other policy (e.g. wiping data for a particular 852 * application only, erasing or revoking credentials, or reporting the 853 * failure to a server), you should implement 854 * {@link DeviceAdminReceiver#onPasswordFailed(Context, android.content.Intent)} 855 * instead. Do not use this API, because if the maximum count is reached, 856 * the device will be wiped immediately, and your callback will not be invoked. 857 * 858 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 859 * @param num The number of failed password attempts at which point the 860 * device will wipe its data. 861 */ 862 public void setMaximumFailedPasswordsForWipe(ComponentName admin, int num) { 863 if (mService != null) { 864 try { 865 mService.setMaximumFailedPasswordsForWipe(admin, num); 866 } catch (RemoteException e) { 867 Log.w(TAG, "Failed talking with device policy service", e); 868 } 869 } 870 } 871 872 /** 873 * Retrieve the current maximum number of login attempts that are allowed 874 * before the device wipes itself, for all admins 875 * or a particular one. 876 * @param admin The name of the admin component to check, or null to aggregate 877 * all admins. 878 */ 879 public int getMaximumFailedPasswordsForWipe(ComponentName admin) { 880 if (mService != null) { 881 try { 882 return mService.getMaximumFailedPasswordsForWipe(admin); 883 } catch (RemoteException e) { 884 Log.w(TAG, "Failed talking with device policy service", e); 885 } 886 } 887 return 0; 888 } 889 890 /** 891 * Flag for {@link #resetPassword}: don't allow other admins to change 892 * the password again until the user has entered it. 893 */ 894 public static final int RESET_PASSWORD_REQUIRE_ENTRY = 0x0001; 895 896 /** 897 * Force a new device unlock password (the password needed to access the 898 * entire device, not for individual accounts) on the user. This takes 899 * effect immediately. 900 * The given password must be sufficient for the 901 * current password quality and length constraints as returned by 902 * {@link #getPasswordQuality(ComponentName)} and 903 * {@link #getPasswordMinimumLength(ComponentName)}; if it does not meet 904 * these constraints, then it will be rejected and false returned. Note 905 * that the password may be a stronger quality (containing alphanumeric 906 * characters when the requested quality is only numeric), in which case 907 * the currently active quality will be increased to match. 908 * 909 * <p>The calling device admin must have requested 910 * {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call 911 * this method; if it has not, a security exception will be thrown. 912 * 913 * @param password The new password for the user. 914 * @param flags May be 0 or {@link #RESET_PASSWORD_REQUIRE_ENTRY}. 915 * @return Returns true if the password was applied, or false if it is 916 * not acceptable for the current constraints. 917 */ 918 public boolean resetPassword(String password, int flags) { 919 if (mService != null) { 920 try { 921 return mService.resetPassword(password, flags); 922 } catch (RemoteException e) { 923 Log.w(TAG, "Failed talking with device policy service", e); 924 } 925 } 926 return false; 927 } 928 929 /** 930 * Called by an application that is administering the device to set the 931 * maximum time for user activity until the device will lock. This limits 932 * the length that the user can set. It takes effect immediately. 933 * 934 * <p>The calling device admin must have requested 935 * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call 936 * this method; if it has not, a security exception will be thrown. 937 * 938 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 939 * @param timeMs The new desired maximum time to lock in milliseconds. 940 * A value of 0 means there is no restriction. 941 */ 942 public void setMaximumTimeToLock(ComponentName admin, long timeMs) { 943 if (mService != null) { 944 try { 945 mService.setMaximumTimeToLock(admin, timeMs); 946 } catch (RemoteException e) { 947 Log.w(TAG, "Failed talking with device policy service", e); 948 } 949 } 950 } 951 952 /** 953 * Retrieve the current maximum time to unlock for all admins 954 * or a particular one. 955 * @param admin The name of the admin component to check, or null to aggregate 956 * all admins. 957 */ 958 public long getMaximumTimeToLock(ComponentName admin) { 959 if (mService != null) { 960 try { 961 return mService.getMaximumTimeToLock(admin); 962 } catch (RemoteException e) { 963 Log.w(TAG, "Failed talking with device policy service", e); 964 } 965 } 966 return 0; 967 } 968 969 /** 970 * Make the device lock immediately, as if the lock screen timeout has 971 * expired at the point of this call. 972 * 973 * <p>The calling device admin must have requested 974 * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call 975 * this method; if it has not, a security exception will be thrown. 976 */ 977 public void lockNow() { 978 if (mService != null) { 979 try { 980 mService.lockNow(); 981 } catch (RemoteException e) { 982 Log.w(TAG, "Failed talking with device policy service", e); 983 } 984 } 985 } 986 987 /** 988 * Flag for {@link #wipeData(int)}: also erase the device's external 989 * storage. 990 */ 991 public static final int WIPE_EXTERNAL_STORAGE = 0x0001; 992 993 /** 994 * Ask the user date be wiped. This will cause the device to reboot, 995 * erasing all user data while next booting up. External storage such 996 * as SD cards will not be erased. 997 * 998 * <p>The calling device admin must have requested 999 * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call 1000 * this method; if it has not, a security exception will be thrown. 1001 * 1002 * @param flags Bit mask of additional options: currently must be 0. 1003 */ 1004 public void wipeData(int flags) { 1005 if (mService != null) { 1006 try { 1007 mService.wipeData(flags); 1008 } catch (RemoteException e) { 1009 Log.w(TAG, "Failed talking with device policy service", e); 1010 } 1011 } 1012 } 1013 1014 /** 1015 * Called by an application that is administering the device to set the 1016 * global proxy and exclusion list. 1017 * <p> 1018 * The calling device admin must have requested 1019 * {@link DeviceAdminInfo#USES_POLICY_SETS_GLOBAL_PROXY} to be able to call 1020 * this method; if it has not, a security exception will be thrown. 1021 * Only the first device admin can set the proxy. If a second admin attempts 1022 * to set the proxy, the {@link ComponentName} of the admin originally setting the 1023 * proxy will be returned. If successful in setting the proxy, null will 1024 * be returned. 1025 * The method can be called repeatedly by the device admin alrady setting the 1026 * proxy to update the proxy and exclusion list. 1027 * 1028 * @param admin Which {@link DeviceAdminReceiver} this request is associated 1029 * with. 1030 * @param proxySpec the global proxy desired. Must be an HTTP Proxy. 1031 * Pass Proxy.NO_PROXY to reset the proxy. 1032 * @param exclusionList a list of domains to be excluded from the global proxy. 1033 * @return returns null if the proxy was successfully set, or a {@link ComponentName} 1034 * of the device admin that sets thew proxy otherwise. 1035 * @hide 1036 */ 1037 public ComponentName setGlobalProxy(ComponentName admin, Proxy proxySpec, 1038 List<String> exclusionList ) { 1039 if (proxySpec == null) { 1040 throw new NullPointerException(); 1041 } 1042 if (mService != null) { 1043 try { 1044 String hostSpec; 1045 String exclSpec; 1046 if (proxySpec.equals(Proxy.NO_PROXY)) { 1047 hostSpec = null; 1048 exclSpec = null; 1049 } else { 1050 if (!proxySpec.type().equals(Proxy.Type.HTTP)) { 1051 throw new IllegalArgumentException(); 1052 } 1053 InetSocketAddress sa = (InetSocketAddress)proxySpec.address(); 1054 String hostName = sa.getHostName(); 1055 int port = sa.getPort(); 1056 StringBuilder hostBuilder = new StringBuilder(); 1057 hostSpec = hostBuilder.append(hostName) 1058 .append(":").append(Integer.toString(port)).toString(); 1059 if (exclusionList == null) { 1060 exclSpec = ""; 1061 } else { 1062 StringBuilder listBuilder = new StringBuilder(); 1063 boolean firstDomain = true; 1064 for (String exclDomain : exclusionList) { 1065 if (!firstDomain) { 1066 listBuilder = listBuilder.append(","); 1067 } else { 1068 firstDomain = false; 1069 } 1070 listBuilder = listBuilder.append(exclDomain.trim()); 1071 } 1072 exclSpec = listBuilder.toString(); 1073 } 1074 android.net.Proxy.validate(hostName, Integer.toString(port), exclSpec); 1075 } 1076 return mService.setGlobalProxy(admin, hostSpec, exclSpec); 1077 } catch (RemoteException e) { 1078 Log.w(TAG, "Failed talking with device policy service", e); 1079 } 1080 } 1081 return null; 1082 } 1083 1084 /** 1085 * Returns the component name setting the global proxy. 1086 * @return ComponentName object of the device admin that set the global proxy, or 1087 * null if no admin has set the proxy. 1088 * @hide 1089 */ 1090 public ComponentName getGlobalProxyAdmin() { 1091 if (mService != null) { 1092 try { 1093 return mService.getGlobalProxyAdmin(); 1094 } catch (RemoteException e) { 1095 Log.w(TAG, "Failed talking with device policy service", e); 1096 } 1097 } 1098 return null; 1099 } 1100 1101 /** 1102 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1103 * indicating that encryption is not supported. 1104 */ 1105 public static final int ENCRYPTION_STATUS_UNSUPPORTED = 0; 1106 1107 /** 1108 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1109 * indicating that encryption is supported, but is not currently active. 1110 */ 1111 public static final int ENCRYPTION_STATUS_INACTIVE = 1; 1112 1113 /** 1114 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1115 * indicating that encryption is not currently active, but is currently 1116 * being activated. This is only reported by devices that support 1117 * encryption of data and only when the storage is currently 1118 * undergoing a process of becoming encrypted. A device that must reboot and/or wipe data 1119 * to become encrypted will never return this value. 1120 */ 1121 public static final int ENCRYPTION_STATUS_ACTIVATING = 2; 1122 1123 /** 1124 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1125 * indicating that encryption is active. 1126 */ 1127 public static final int ENCRYPTION_STATUS_ACTIVE = 3; 1128 1129 /** 1130 * Activity action: begin the process of encrypting data on the device. This activity should 1131 * be launched after using {@link #setStorageEncryption} to request encryption be activated. 1132 * After resuming from this activity, use {@link #getStorageEncryption} 1133 * to check encryption status. However, on some devices this activity may never return, as 1134 * it may trigger a reboot and in some cases a complete data wipe of the device. 1135 */ 1136 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 1137 public static final String ACTION_START_ENCRYPTION 1138 = "android.app.action.START_ENCRYPTION"; 1139 1140 /** 1141 * Called by an application that is administering the device to 1142 * request that the storage system be encrypted. 1143 * 1144 * <p>When multiple device administrators attempt to control device 1145 * encryption, the most secure, supported setting will always be 1146 * used. If any device administrator requests device encryption, 1147 * it will be enabled; Conversely, if a device administrator 1148 * attempts to disable device encryption while another 1149 * device administrator has enabled it, the call to disable will 1150 * fail (most commonly returning {@link #ENCRYPTION_STATUS_ACTIVE}). 1151 * 1152 * <p>This policy controls encryption of the secure (application data) storage area. Data 1153 * written to other storage areas may or may not be encrypted, and this policy does not require 1154 * or control the encryption of any other storage areas. 1155 * There is one exception: If {@link android.os.Environment#isExternalStorageEmulated()} is 1156 * {@code true}, then the directory returned by 1157 * {@link android.os.Environment#getExternalStorageDirectory()} must be written to disk 1158 * within the encrypted storage area. 1159 * 1160 * <p>Important Note: On some devices, it is possible to encrypt storage without requiring 1161 * the user to create a device PIN or Password. In this case, the storage is encrypted, but 1162 * the encryption key may not be fully secured. For maximum security, the administrator should 1163 * also require (and check for) a pattern, PIN, or password. 1164 * 1165 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 1166 * @param encrypt true to request encryption, false to release any previous request 1167 * @return the new request status (for all active admins) - will be one of 1168 * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, or 1169 * {@link #ENCRYPTION_STATUS_ACTIVE}. This is the value of the requests; Use 1170 * {@link #getStorageEncryptionStatus()} to query the actual device state. 1171 */ 1172 public int setStorageEncryption(ComponentName admin, boolean encrypt) { 1173 if (mService != null) { 1174 try { 1175 return mService.setStorageEncryption(admin, encrypt); 1176 } catch (RemoteException e) { 1177 Log.w(TAG, "Failed talking with device policy service", e); 1178 } 1179 } 1180 return ENCRYPTION_STATUS_UNSUPPORTED; 1181 } 1182 1183 /** 1184 * Called by an application that is administering the device to 1185 * determine the requested setting for secure storage. 1186 * 1187 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. If null, 1188 * this will return the requested encryption setting as an aggregate of all active 1189 * administrators. 1190 * @return true if the admin(s) are requesting encryption, false if not. 1191 */ 1192 public boolean getStorageEncryption(ComponentName admin) { 1193 if (mService != null) { 1194 try { 1195 return mService.getStorageEncryption(admin); 1196 } catch (RemoteException e) { 1197 Log.w(TAG, "Failed talking with device policy service", e); 1198 } 1199 } 1200 return false; 1201 } 1202 1203 /** 1204 * Called by an application that is administering the device to 1205 * determine the current encryption status of the device. 1206 * 1207 * Depending on the returned status code, the caller may proceed in different 1208 * ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the 1209 * storage system does not support encryption. If the 1210 * result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link 1211 * #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the 1212 * storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or 1213 * {@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required. 1214 * 1215 * @return current status of encryption. The value will be one of 1216 * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, 1217 * {@link #ENCRYPTION_STATUS_ACTIVATING}, or{@link #ENCRYPTION_STATUS_ACTIVE}. 1218 */ 1219 public int getStorageEncryptionStatus() { 1220 if (mService != null) { 1221 try { 1222 return mService.getStorageEncryptionStatus(); 1223 } catch (RemoteException e) { 1224 Log.w(TAG, "Failed talking with device policy service", e); 1225 } 1226 } 1227 return ENCRYPTION_STATUS_UNSUPPORTED; 1228 } 1229 1230 /** 1231 * Called by an application that is administering the device to disable all cameras 1232 * on the device. After setting this, no applications will be able to access any cameras 1233 * on the device. 1234 * 1235 * <p>The calling device admin must have requested 1236 * {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call 1237 * this method; if it has not, a security exception will be thrown. 1238 * 1239 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 1240 * @param disabled Whether or not the camera should be disabled. 1241 */ 1242 public void setCameraDisabled(ComponentName admin, boolean disabled) { 1243 if (mService != null) { 1244 try { 1245 mService.setCameraDisabled(admin, disabled); 1246 } catch (RemoteException e) { 1247 Log.w(TAG, "Failed talking with device policy service", e); 1248 } 1249 } 1250 } 1251 1252 /** 1253 * Determine whether or not the device's cameras have been disabled either by the current 1254 * admin, if specified, or all admins. 1255 * @param admin The name of the admin component to check, or null to check if any admins 1256 * have disabled the camera 1257 */ 1258 public boolean getCameraDisabled(ComponentName admin) { 1259 if (mService != null) { 1260 try { 1261 return mService.getCameraDisabled(admin); 1262 } catch (RemoteException e) { 1263 Log.w(TAG, "Failed talking with device policy service", e); 1264 } 1265 } 1266 return false; 1267 } 1268 1269 /** 1270 * @hide 1271 */ 1272 public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing) { 1273 if (mService != null) { 1274 try { 1275 mService.setActiveAdmin(policyReceiver, refreshing); 1276 } catch (RemoteException e) { 1277 Log.w(TAG, "Failed talking with device policy service", e); 1278 } 1279 } 1280 } 1281 1282 /** 1283 * Returns the DeviceAdminInfo as defined by the administrator's package info & meta-data 1284 * @hide 1285 */ 1286 public DeviceAdminInfo getAdminInfo(ComponentName cn) { 1287 ActivityInfo ai; 1288 try { 1289 ai = mContext.getPackageManager().getReceiverInfo(cn, 1290 PackageManager.GET_META_DATA); 1291 } catch (PackageManager.NameNotFoundException e) { 1292 Log.w(TAG, "Unable to retrieve device policy " + cn, e); 1293 return null; 1294 } 1295 1296 ResolveInfo ri = new ResolveInfo(); 1297 ri.activityInfo = ai; 1298 1299 try { 1300 return new DeviceAdminInfo(mContext, ri); 1301 } catch (XmlPullParserException e) { 1302 Log.w(TAG, "Unable to parse device policy " + cn, e); 1303 return null; 1304 } catch (IOException e) { 1305 Log.w(TAG, "Unable to parse device policy " + cn, e); 1306 return null; 1307 } 1308 } 1309 1310 /** 1311 * @hide 1312 */ 1313 public void getRemoveWarning(ComponentName admin, RemoteCallback result) { 1314 if (mService != null) { 1315 try { 1316 mService.getRemoveWarning(admin, result); 1317 } catch (RemoteException e) { 1318 Log.w(TAG, "Failed talking with device policy service", e); 1319 } 1320 } 1321 } 1322 1323 /** 1324 * @hide 1325 */ 1326 public void setActivePasswordState(int quality, int length, int letters, int uppercase, 1327 int lowercase, int numbers, int symbols, int nonletter) { 1328 if (mService != null) { 1329 try { 1330 mService.setActivePasswordState(quality, length, letters, uppercase, lowercase, 1331 numbers, symbols, nonletter); 1332 } catch (RemoteException e) { 1333 Log.w(TAG, "Failed talking with device policy service", e); 1334 } 1335 } 1336 } 1337 1338 /** 1339 * @hide 1340 */ 1341 public void reportFailedPasswordAttempt() { 1342 if (mService != null) { 1343 try { 1344 mService.reportFailedPasswordAttempt(); 1345 } catch (RemoteException e) { 1346 Log.w(TAG, "Failed talking with device policy service", e); 1347 } 1348 } 1349 } 1350 1351 /** 1352 * @hide 1353 */ 1354 public void reportSuccessfulPasswordAttempt() { 1355 if (mService != null) { 1356 try { 1357 mService.reportSuccessfulPasswordAttempt(); 1358 } catch (RemoteException e) { 1359 Log.w(TAG, "Failed talking with device policy service", e); 1360 } 1361 } 1362 } 1363 1364} 1365