1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.commands.dpm;
18
19import android.app.ActivityManager;
20import android.app.IActivityManager;
21import android.app.admin.DevicePolicyManager;
22import android.app.admin.IDevicePolicyManager;
23import android.content.ComponentName;
24import android.content.Context;
25import android.os.RemoteException;
26import android.os.ServiceManager;
27import android.os.UserHandle;
28
29import com.android.internal.os.BaseCommand;
30
31import java.io.PrintStream;
32
33public final class Dpm extends BaseCommand {
34
35    /**
36     * Command-line entry point.
37     *
38     * @param args The command-line arguments
39     */
40    public static void main(String[] args) {
41      (new Dpm()).run(args);
42    }
43
44    private static final String COMMAND_SET_ACTIVE_ADMIN = "set-active-admin";
45    private static final String COMMAND_SET_DEVICE_OWNER = "set-device-owner";
46    private static final String COMMAND_SET_PROFILE_OWNER = "set-profile-owner";
47    private static final String COMMAND_REMOVE_ACTIVE_ADMIN = "remove-active-admin";
48    private static final String COMMAND_CLEAR_FREEZE_PERIOD_RECORD = "clear-freeze-period-record";
49    private static final String COMMAND_FORCE_SECURITY_LOGS = "force-security-logs";
50
51    private IDevicePolicyManager mDevicePolicyManager;
52    private int mUserId = UserHandle.USER_SYSTEM;
53    private String mName = "";
54    private ComponentName mComponent = null;
55
56    @Override
57    public void onShowUsage(PrintStream out) {
58        out.println(
59                "usage: dpm [subcommand] [options]\n" +
60                "usage: dpm set-active-admin [ --user <USER_ID> | current ] <COMPONENT>\n" +
61                // STOPSHIP Finalize it
62                "usage: dpm set-device-owner [ --user <USER_ID> | current *EXPERIMENTAL* ] " +
63                "[ --name <NAME> ] <COMPONENT>\n" +
64                "usage: dpm set-profile-owner [ --user <USER_ID> | current ] [ --name <NAME> ] " +
65                "<COMPONENT>\n" +
66                "usage: dpm remove-active-admin [ --user <USER_ID> | current ] [ --name <NAME> ] " +
67                "<COMPONENT>\n" +
68                "\n" +
69                "dpm set-active-admin: Sets the given component as active admin" +
70                " for an existing user.\n" +
71                "\n" +
72                "dpm set-device-owner: Sets the given component as active admin, and its" +
73                " package as device owner.\n" +
74                "\n" +
75                "dpm set-profile-owner: Sets the given component as active admin and profile" +
76                " owner for an existing user.\n" +
77                "\n" +
78                "dpm remove-active-admin: Disables an active admin, the admin must have declared" +
79                " android:testOnly in the application in its manifest. This will also remove" +
80                " device and profile owners.\n" +
81                "\n" +
82                "dpm " + COMMAND_CLEAR_FREEZE_PERIOD_RECORD + ": clears framework-maintained " +
83                "record of past freeze periods that the device went through. For use during " +
84                "feature development to prevent triggering restriction on setting freeze " +
85                "periods.\n" +
86                "\n" +
87                "dpm " + COMMAND_FORCE_SECURITY_LOGS + ": makes all security logs available to " +
88                "the DPC and triggers DeviceAdminReceiver.onSecurityLogsAvailable() if needed.");
89    }
90
91    @Override
92    public void onRun() throws Exception {
93        mDevicePolicyManager = IDevicePolicyManager.Stub.asInterface(
94                ServiceManager.getService(Context.DEVICE_POLICY_SERVICE));
95        if (mDevicePolicyManager == null) {
96            showError("Error: Could not access the Device Policy Manager. Is the system running?");
97            return;
98        }
99
100        String command = nextArgRequired();
101        switch (command) {
102            case COMMAND_SET_ACTIVE_ADMIN:
103                runSetActiveAdmin();
104                break;
105            case COMMAND_SET_DEVICE_OWNER:
106                runSetDeviceOwner();
107                break;
108            case COMMAND_SET_PROFILE_OWNER:
109                runSetProfileOwner();
110                break;
111            case COMMAND_REMOVE_ACTIVE_ADMIN:
112                runRemoveActiveAdmin();
113                break;
114            case COMMAND_CLEAR_FREEZE_PERIOD_RECORD:
115                runClearFreezePeriodRecord();
116                break;
117            case COMMAND_FORCE_SECURITY_LOGS:
118                runForceSecurityLogs();
119                break;
120            default:
121                throw new IllegalArgumentException ("unknown command '" + command + "'");
122        }
123    }
124
125    private void runForceSecurityLogs() throws RemoteException, InterruptedException {
126        while (true) {
127            final long toWait = mDevicePolicyManager.forceSecurityLogs();
128            if (toWait == 0) {
129                break;
130            }
131            System.out.println("We have to wait for " + toWait + " milliseconds...");
132            Thread.sleep(toWait);
133        }
134        System.out.println("Success");
135    }
136
137    private void parseArgs(boolean canHaveName) {
138        String opt;
139        while ((opt = nextOption()) != null) {
140            if ("--user".equals(opt)) {
141                String arg = nextArgRequired();
142                if ("current".equals(arg) || "cur".equals(arg)) {
143                    mUserId = UserHandle.USER_CURRENT;
144                } else {
145                    mUserId = parseInt(arg);
146                }
147                if (mUserId == UserHandle.USER_CURRENT) {
148                    IActivityManager activityManager = ActivityManager.getService();
149                    try {
150                        mUserId = activityManager.getCurrentUser().id;
151                    } catch (RemoteException e) {
152                        e.rethrowAsRuntimeException();
153                    }
154                }
155            } else if (canHaveName && "--name".equals(opt)) {
156                mName = nextArgRequired();
157            } else {
158                throw new IllegalArgumentException("Unknown option: " + opt);
159            }
160        }
161        mComponent = parseComponentName(nextArgRequired());
162    }
163
164    private void runSetActiveAdmin() throws RemoteException {
165        parseArgs(/*canHaveName=*/ false);
166        mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId);
167
168        System.out.println("Success: Active admin set to component " + mComponent.toShortString());
169    }
170
171    private void runSetDeviceOwner() throws RemoteException {
172        parseArgs(/*canHaveName=*/ true);
173        mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId);
174
175        try {
176            if (!mDevicePolicyManager.setDeviceOwner(mComponent, mName, mUserId)) {
177                throw new RuntimeException(
178                        "Can't set package " + mComponent + " as device owner.");
179            }
180        } catch (Exception e) {
181            // Need to remove the admin that we just added.
182            mDevicePolicyManager.removeActiveAdmin(mComponent, UserHandle.USER_SYSTEM);
183            throw e;
184        }
185
186        mDevicePolicyManager.setUserProvisioningState(
187                DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId);
188
189        System.out.println("Success: Device owner set to package " + mComponent);
190        System.out.println("Active admin set to component " + mComponent.toShortString());
191    }
192
193    private void runRemoveActiveAdmin() throws RemoteException {
194        parseArgs(/*canHaveName=*/ false);
195        mDevicePolicyManager.forceRemoveActiveAdmin(mComponent, mUserId);
196        System.out.println("Success: Admin removed " + mComponent);
197    }
198
199    private void runSetProfileOwner() throws RemoteException {
200        parseArgs(/*canHaveName=*/ true);
201        mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId);
202
203        try {
204            if (!mDevicePolicyManager.setProfileOwner(mComponent, mName, mUserId)) {
205                throw new RuntimeException("Can't set component " + mComponent.toShortString() +
206                        " as profile owner for user " + mUserId);
207            }
208        } catch (Exception e) {
209            // Need to remove the admin that we just added.
210            mDevicePolicyManager.removeActiveAdmin(mComponent, mUserId);
211            throw e;
212        }
213
214        mDevicePolicyManager.setUserProvisioningState(
215                DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId);
216
217        System.out.println("Success: Active admin and profile owner set to "
218                + mComponent.toShortString() + " for user " + mUserId);
219    }
220
221    private void runClearFreezePeriodRecord() throws RemoteException {
222        mDevicePolicyManager.clearSystemUpdatePolicyFreezePeriodRecord();
223        System.out.println("Success");
224    }
225
226    private ComponentName parseComponentName(String component) {
227        ComponentName cn = ComponentName.unflattenFromString(component);
228        if (cn == null) {
229            throw new IllegalArgumentException ("Invalid component " + component);
230        }
231        return cn;
232    }
233
234    private int parseInt(String argument) {
235        try {
236            return Integer.parseInt(argument);
237        } catch (NumberFormatException e) {
238            throw new IllegalArgumentException ("Invalid integer argument '" + argument + "'", e);
239        }
240    }
241}
242