1/* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.commands.dpm; 18 19import android.app.ActivityManager; 20import android.app.IActivityManager; 21import android.app.admin.DevicePolicyManager; 22import android.app.admin.IDevicePolicyManager; 23import android.content.ComponentName; 24import android.content.Context; 25import android.os.RemoteException; 26import android.os.ServiceManager; 27import android.os.UserHandle; 28 29import com.android.internal.os.BaseCommand; 30 31import java.io.PrintStream; 32 33public final class Dpm extends BaseCommand { 34 35 /** 36 * Command-line entry point. 37 * 38 * @param args The command-line arguments 39 */ 40 public static void main(String[] args) { 41 (new Dpm()).run(args); 42 } 43 44 private static final String COMMAND_SET_ACTIVE_ADMIN = "set-active-admin"; 45 private static final String COMMAND_SET_DEVICE_OWNER = "set-device-owner"; 46 private static final String COMMAND_SET_PROFILE_OWNER = "set-profile-owner"; 47 private static final String COMMAND_REMOVE_ACTIVE_ADMIN = "remove-active-admin"; 48 private static final String COMMAND_CLEAR_FREEZE_PERIOD_RECORD = "clear-freeze-period-record"; 49 private static final String COMMAND_FORCE_SECURITY_LOGS = "force-security-logs"; 50 51 private IDevicePolicyManager mDevicePolicyManager; 52 private int mUserId = UserHandle.USER_SYSTEM; 53 private String mName = ""; 54 private ComponentName mComponent = null; 55 56 @Override 57 public void onShowUsage(PrintStream out) { 58 out.println( 59 "usage: dpm [subcommand] [options]\n" + 60 "usage: dpm set-active-admin [ --user <USER_ID> | current ] <COMPONENT>\n" + 61 // STOPSHIP Finalize it 62 "usage: dpm set-device-owner [ --user <USER_ID> | current *EXPERIMENTAL* ] " + 63 "[ --name <NAME> ] <COMPONENT>\n" + 64 "usage: dpm set-profile-owner [ --user <USER_ID> | current ] [ --name <NAME> ] " + 65 "<COMPONENT>\n" + 66 "usage: dpm remove-active-admin [ --user <USER_ID> | current ] [ --name <NAME> ] " + 67 "<COMPONENT>\n" + 68 "\n" + 69 "dpm set-active-admin: Sets the given component as active admin" + 70 " for an existing user.\n" + 71 "\n" + 72 "dpm set-device-owner: Sets the given component as active admin, and its" + 73 " package as device owner.\n" + 74 "\n" + 75 "dpm set-profile-owner: Sets the given component as active admin and profile" + 76 " owner for an existing user.\n" + 77 "\n" + 78 "dpm remove-active-admin: Disables an active admin, the admin must have declared" + 79 " android:testOnly in the application in its manifest. This will also remove" + 80 " device and profile owners.\n" + 81 "\n" + 82 "dpm " + COMMAND_CLEAR_FREEZE_PERIOD_RECORD + ": clears framework-maintained " + 83 "record of past freeze periods that the device went through. For use during " + 84 "feature development to prevent triggering restriction on setting freeze " + 85 "periods.\n" + 86 "\n" + 87 "dpm " + COMMAND_FORCE_SECURITY_LOGS + ": makes all security logs available to " + 88 "the DPC and triggers DeviceAdminReceiver.onSecurityLogsAvailable() if needed."); 89 } 90 91 @Override 92 public void onRun() throws Exception { 93 mDevicePolicyManager = IDevicePolicyManager.Stub.asInterface( 94 ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); 95 if (mDevicePolicyManager == null) { 96 showError("Error: Could not access the Device Policy Manager. Is the system running?"); 97 return; 98 } 99 100 String command = nextArgRequired(); 101 switch (command) { 102 case COMMAND_SET_ACTIVE_ADMIN: 103 runSetActiveAdmin(); 104 break; 105 case COMMAND_SET_DEVICE_OWNER: 106 runSetDeviceOwner(); 107 break; 108 case COMMAND_SET_PROFILE_OWNER: 109 runSetProfileOwner(); 110 break; 111 case COMMAND_REMOVE_ACTIVE_ADMIN: 112 runRemoveActiveAdmin(); 113 break; 114 case COMMAND_CLEAR_FREEZE_PERIOD_RECORD: 115 runClearFreezePeriodRecord(); 116 break; 117 case COMMAND_FORCE_SECURITY_LOGS: 118 runForceSecurityLogs(); 119 break; 120 default: 121 throw new IllegalArgumentException ("unknown command '" + command + "'"); 122 } 123 } 124 125 private void runForceSecurityLogs() throws RemoteException, InterruptedException { 126 while (true) { 127 final long toWait = mDevicePolicyManager.forceSecurityLogs(); 128 if (toWait == 0) { 129 break; 130 } 131 System.out.println("We have to wait for " + toWait + " milliseconds..."); 132 Thread.sleep(toWait); 133 } 134 System.out.println("Success"); 135 } 136 137 private void parseArgs(boolean canHaveName) { 138 String opt; 139 while ((opt = nextOption()) != null) { 140 if ("--user".equals(opt)) { 141 String arg = nextArgRequired(); 142 if ("current".equals(arg) || "cur".equals(arg)) { 143 mUserId = UserHandle.USER_CURRENT; 144 } else { 145 mUserId = parseInt(arg); 146 } 147 if (mUserId == UserHandle.USER_CURRENT) { 148 IActivityManager activityManager = ActivityManager.getService(); 149 try { 150 mUserId = activityManager.getCurrentUser().id; 151 } catch (RemoteException e) { 152 e.rethrowAsRuntimeException(); 153 } 154 } 155 } else if (canHaveName && "--name".equals(opt)) { 156 mName = nextArgRequired(); 157 } else { 158 throw new IllegalArgumentException("Unknown option: " + opt); 159 } 160 } 161 mComponent = parseComponentName(nextArgRequired()); 162 } 163 164 private void runSetActiveAdmin() throws RemoteException { 165 parseArgs(/*canHaveName=*/ false); 166 mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId); 167 168 System.out.println("Success: Active admin set to component " + mComponent.toShortString()); 169 } 170 171 private void runSetDeviceOwner() throws RemoteException { 172 parseArgs(/*canHaveName=*/ true); 173 mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId); 174 175 try { 176 if (!mDevicePolicyManager.setDeviceOwner(mComponent, mName, mUserId)) { 177 throw new RuntimeException( 178 "Can't set package " + mComponent + " as device owner."); 179 } 180 } catch (Exception e) { 181 // Need to remove the admin that we just added. 182 mDevicePolicyManager.removeActiveAdmin(mComponent, UserHandle.USER_SYSTEM); 183 throw e; 184 } 185 186 mDevicePolicyManager.setUserProvisioningState( 187 DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId); 188 189 System.out.println("Success: Device owner set to package " + mComponent); 190 System.out.println("Active admin set to component " + mComponent.toShortString()); 191 } 192 193 private void runRemoveActiveAdmin() throws RemoteException { 194 parseArgs(/*canHaveName=*/ false); 195 mDevicePolicyManager.forceRemoveActiveAdmin(mComponent, mUserId); 196 System.out.println("Success: Admin removed " + mComponent); 197 } 198 199 private void runSetProfileOwner() throws RemoteException { 200 parseArgs(/*canHaveName=*/ true); 201 mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId); 202 203 try { 204 if (!mDevicePolicyManager.setProfileOwner(mComponent, mName, mUserId)) { 205 throw new RuntimeException("Can't set component " + mComponent.toShortString() + 206 " as profile owner for user " + mUserId); 207 } 208 } catch (Exception e) { 209 // Need to remove the admin that we just added. 210 mDevicePolicyManager.removeActiveAdmin(mComponent, mUserId); 211 throw e; 212 } 213 214 mDevicePolicyManager.setUserProvisioningState( 215 DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId); 216 217 System.out.println("Success: Active admin and profile owner set to " 218 + mComponent.toShortString() + " for user " + mUserId); 219 } 220 221 private void runClearFreezePeriodRecord() throws RemoteException { 222 mDevicePolicyManager.clearSystemUpdatePolicyFreezePeriodRecord(); 223 System.out.println("Success"); 224 } 225 226 private ComponentName parseComponentName(String component) { 227 ComponentName cn = ComponentName.unflattenFromString(component); 228 if (cn == null) { 229 throw new IllegalArgumentException ("Invalid component " + component); 230 } 231 return cn; 232 } 233 234 private int parseInt(String argument) { 235 try { 236 return Integer.parseInt(argument); 237 } catch (NumberFormatException e) { 238 throw new IllegalArgumentException ("Invalid integer argument '" + argument + "'", e); 239 } 240 } 241} 242