AccountSecurity.java revision 6d0016229adc13fefe68820fe4d6e46f530952ba
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.email.activity.setup; 18 19import com.android.email.R; 20import com.android.email.SecurityPolicy; 21import com.android.email.provider.EmailContent.Account; 22 23import android.app.Activity; 24import android.app.admin.DevicePolicyManager; 25import android.content.Context; 26import android.content.Intent; 27import android.os.Bundle; 28 29/** 30 * Psuedo-activity (no UI) to bootstrap the user up to a higher desired security level. This 31 * bootstrap requires the following steps. 32 * 33 * 1. Confirm the account of interest has any security policies defined - exit early if not 34 * 2. If not actively administrating the device, ask Device Policy Manager to start that 35 * 3. When we are actively administrating, check current policies and see if they're sufficient 36 * 4. If not, set policies 37 * 5. If necessary, request for user to update device password 38 */ 39public class AccountSecurity extends Activity { 40 41 private static final String EXTRA_ACCOUNT_ID = "com.android.email.activity.setup.ACCOUNT_ID"; 42 43 private static final int REQUEST_ENABLE = 1; 44 45 /** 46 * Used for generating intent for this activity (which is intended to be launched 47 * from a notification.) 48 * 49 * @param context Calling context for building the intent 50 * @param accountId The account of interest 51 * @return an Intent which can be used to view that account 52 */ 53 public static Intent actionUpdateSecurityIntent(Context context, long accountId) { 54 Intent intent = new Intent(context, AccountSecurity.class); 55 intent.putExtra(EXTRA_ACCOUNT_ID, accountId); 56 return intent; 57 } 58 59 @Override 60 public void onCreate(Bundle savedInstanceState) { 61 super.onCreate(savedInstanceState); 62 63 Intent i = getIntent(); 64 long accountId = i.getLongExtra(EXTRA_ACCOUNT_ID, -1); 65 SecurityPolicy security = SecurityPolicy.getInstance(this); 66 security.clearNotification(accountId); 67 if (accountId != -1) { 68 // TODO: spin up a thread to do this in the background, because of DB ops 69 Account account = Account.restoreAccountWithId(this, accountId); 70 if (account != null) { 71 if (account.mSecurityFlags != 0) { 72 // This account wants to control security 73 if (!security.isActiveAdmin()) { 74 // try to become active - must happen here in this activity, to get result 75 Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN); 76 intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, 77 security.getAdminComponent()); 78 intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION, 79 this.getString(R.string.account_security_policy_explanation_fmt, 80 account.getDisplayName())); 81 startActivityForResult(intent, REQUEST_ENABLE); 82 // keep this activity on stack to process result 83 return; 84 } else { 85 // already active - try to set actual policies, finish, and return 86 setActivePolicies(); 87 } 88 } 89 } 90 } 91 finish(); 92 } 93 94 /** 95 * Handle the eventual result of the user allowing us to become an active device admin 96 */ 97 @Override 98 protected void onActivityResult(int requestCode, int resultCode, Intent data) { 99 switch (requestCode) { 100 case REQUEST_ENABLE: 101 if (resultCode == Activity.RESULT_OK) { 102 // now active - try to set actual policies 103 setActivePolicies(); 104 } else { 105 // failed - just give up and go away 106 } 107 } 108 finish(); 109 super.onActivityResult(requestCode, resultCode, data); 110 } 111 112 /** 113 * Now that we are connected as an active device admin, try to set the device to the 114 * correct security level, and ask for a password if necessary. 115 */ 116 private void setActivePolicies() { 117 SecurityPolicy sp = SecurityPolicy.getInstance(this); 118 // check current security level - if sufficient, we're done! 119 if (sp.isActive(null)) { 120 sp.clearAccountHoldFlags(); 121 return; 122 } 123 // set current security level 124 sp.setActivePolicies(); 125 // check current security level - if sufficient, we're done! 126 if (sp.isActive(null)) { 127 sp.clearAccountHoldFlags(); 128 return; 129 } 130 // if not sufficient, launch the activity to have the user set a new password. 131 Intent intent = new Intent(DevicePolicyManager.ACTION_SET_NEW_PASSWORD); 132 startActivity(intent); 133 } 134 135} 136