DevicePolicyManager.java revision fd63c85742f4b12065418d48ae10be4bb12468f5
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.app.admin; 18 19import org.xmlpull.v1.XmlPullParserException; 20 21import android.annotation.SdkConstant; 22import android.annotation.SdkConstant.SdkConstantType; 23import android.content.ComponentName; 24import android.content.Context; 25import android.content.pm.ActivityInfo; 26import android.content.pm.PackageManager; 27import android.content.pm.ResolveInfo; 28import android.os.Handler; 29import android.os.RemoteCallback; 30import android.os.RemoteException; 31import android.os.ServiceManager; 32import android.util.Log; 33 34import java.io.IOException; 35import java.net.InetSocketAddress; 36import java.net.Proxy; 37import java.util.List; 38 39/** 40 * Public interface for managing policies enforced on a device. Most clients 41 * of this class must have published a {@link DeviceAdminReceiver} that the user 42 * has currently enabled. 43 * 44 * <div class="special reference"> 45 * <h3>Developer Guides</h3> 46 * <p>For more information about managing policies for device adminstration, read the 47 * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> 48 * developer guide.</p> 49 * </div> 50 */ 51public class DevicePolicyManager { 52 private static String TAG = "DevicePolicyManager"; 53 54 private final Context mContext; 55 private final IDevicePolicyManager mService; 56 57 private DevicePolicyManager(Context context, Handler handler) { 58 mContext = context; 59 mService = IDevicePolicyManager.Stub.asInterface( 60 ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); 61 } 62 63 /** @hide */ 64 public static DevicePolicyManager create(Context context, Handler handler) { 65 DevicePolicyManager me = new DevicePolicyManager(context, handler); 66 return me.mService != null ? me : null; 67 } 68 69 /** 70 * Activity action: ask the user to add a new device administrator to the system. 71 * The desired policy is the ComponentName of the policy in the 72 * {@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to 73 * bring the user through adding the device administrator to the system (or 74 * allowing them to reject it). 75 * 76 * <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION} 77 * field to provide the user with additional explanation (in addition 78 * to your component's description) about what is being added. 79 * 80 * <p>If your administrator is already active, this will ordinarily return immediately (without 81 * user intervention). However, if your administrator has been updated and is requesting 82 * additional uses-policy flags, the user will be presented with the new list. New policies 83 * will not be available to the updated administrator until the user has accepted the new list. 84 */ 85 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 86 public static final String ACTION_ADD_DEVICE_ADMIN 87 = "android.app.action.ADD_DEVICE_ADMIN"; 88 89 /** 90 * Activity action: send when any policy admin changes a policy. 91 * This is generally used to find out when a new policy is in effect. 92 * 93 * @hide 94 */ 95 public static final String ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED 96 = "android.app.action.DEVICE_POLICY_MANAGER_STATE_CHANGED"; 97 98 /** 99 * The ComponentName of the administrator component. 100 * 101 * @see #ACTION_ADD_DEVICE_ADMIN 102 */ 103 public static final String EXTRA_DEVICE_ADMIN = "android.app.extra.DEVICE_ADMIN"; 104 105 /** 106 * An optional CharSequence providing additional explanation for why the 107 * admin is being added. 108 * 109 * @see #ACTION_ADD_DEVICE_ADMIN 110 */ 111 public static final String EXTRA_ADD_EXPLANATION = "android.app.extra.ADD_EXPLANATION"; 112 113 /** 114 * Activity action: have the user enter a new password. This activity should 115 * be launched after using {@link #setPasswordQuality(ComponentName, int)}, 116 * or {@link #setPasswordMinimumLength(ComponentName, int)} to have the user 117 * enter a new password that meets the current requirements. You can use 118 * {@link #isActivePasswordSufficient()} to determine whether you need to 119 * have the user select a new password in order to meet the current 120 * constraints. Upon being resumed from this activity, you can check the new 121 * password characteristics to see if they are sufficient. 122 */ 123 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 124 public static final String ACTION_SET_NEW_PASSWORD 125 = "android.app.action.SET_NEW_PASSWORD"; 126 127 /** 128 * Return true if the given administrator component is currently 129 * active (enabled) in the system. 130 */ 131 public boolean isAdminActive(ComponentName who) { 132 if (mService != null) { 133 try { 134 return mService.isAdminActive(who); 135 } catch (RemoteException e) { 136 Log.w(TAG, "Failed talking with device policy service", e); 137 } 138 } 139 return false; 140 } 141 142 /** 143 * Return a list of all currently active device administrator's component 144 * names. Note that if there are no administrators than null may be 145 * returned. 146 */ 147 public List<ComponentName> getActiveAdmins() { 148 if (mService != null) { 149 try { 150 return mService.getActiveAdmins(); 151 } catch (RemoteException e) { 152 Log.w(TAG, "Failed talking with device policy service", e); 153 } 154 } 155 return null; 156 } 157 158 /** 159 * @hide 160 */ 161 public boolean packageHasActiveAdmins(String packageName) { 162 if (mService != null) { 163 try { 164 return mService.packageHasActiveAdmins(packageName); 165 } catch (RemoteException e) { 166 Log.w(TAG, "Failed talking with device policy service", e); 167 } 168 } 169 return false; 170 } 171 172 /** 173 * Remove a current administration component. This can only be called 174 * by the application that owns the administration component; if you 175 * try to remove someone else's component, a security exception will be 176 * thrown. 177 */ 178 public void removeActiveAdmin(ComponentName who) { 179 if (mService != null) { 180 try { 181 mService.removeActiveAdmin(who); 182 } catch (RemoteException e) { 183 Log.w(TAG, "Failed talking with device policy service", e); 184 } 185 } 186 } 187 188 /** 189 * Returns true if an administrator has been granted a particular device policy. This can 190 * be used to check if the administrator was activated under an earlier set of policies, 191 * but requires additional policies after an upgrade. 192 * 193 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. Must be 194 * an active administrator, or an exception will be thrown. 195 * @param usesPolicy Which uses-policy to check, as defined in {@link DeviceAdminInfo}. 196 */ 197 public boolean hasGrantedPolicy(ComponentName admin, int usesPolicy) { 198 if (mService != null) { 199 try { 200 return mService.hasGrantedPolicy(admin, usesPolicy); 201 } catch (RemoteException e) { 202 Log.w(TAG, "Failed talking with device policy service", e); 203 } 204 } 205 return false; 206 } 207 208 /** 209 * Constant for {@link #setPasswordQuality}: the policy has no requirements 210 * for the password. Note that quality constants are ordered so that higher 211 * values are more restrictive. 212 */ 213 public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; 214 215 /** 216 * Constant for {@link #setPasswordQuality}: the policy allows for low-security biometric 217 * recognition technology. This implies technologies that can recognize the identity of 218 * an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). 219 * Note that quality constants are ordered so that higher values are more restrictive. 220 */ 221 public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK = 0x8000; 222 223 /** 224 * Constant for {@link #setPasswordQuality}: the policy requires some kind 225 * of password, but doesn't care what it is. Note that quality constants 226 * are ordered so that higher values are more restrictive. 227 */ 228 public static final int PASSWORD_QUALITY_SOMETHING = 0x10000; 229 230 /** 231 * Constant for {@link #setPasswordQuality}: the user must have entered a 232 * password containing at least numeric characters. Note that quality 233 * constants are ordered so that higher values are more restrictive. 234 */ 235 public static final int PASSWORD_QUALITY_NUMERIC = 0x20000; 236 237 /** 238 * Constant for {@link #setPasswordQuality}: the user must have entered a 239 * password containing at least alphabetic (or other symbol) characters. 240 * Note that quality constants are ordered so that higher values are more 241 * restrictive. 242 */ 243 public static final int PASSWORD_QUALITY_ALPHABETIC = 0x40000; 244 245 /** 246 * Constant for {@link #setPasswordQuality}: the user must have entered a 247 * password containing at least <em>both></em> numeric <em>and</em> 248 * alphabetic (or other symbol) characters. Note that quality constants are 249 * ordered so that higher values are more restrictive. 250 */ 251 public static final int PASSWORD_QUALITY_ALPHANUMERIC = 0x50000; 252 253 /** 254 * Constant for {@link #setPasswordQuality}: the user must have entered a 255 * password containing at least a letter, a numerical digit and a special 256 * symbol, by default. With this password quality, passwords can be 257 * restricted to contain various sets of characters, like at least an 258 * uppercase letter, etc. These are specified using various methods, 259 * like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note 260 * that quality constants are ordered so that higher values are more 261 * restrictive. 262 */ 263 public static final int PASSWORD_QUALITY_COMPLEX = 0x60000; 264 265 /** 266 * Called by an application that is administering the device to set the 267 * password restrictions it is imposing. After setting this, the user 268 * will not be able to enter a new password that is not at least as 269 * restrictive as what has been set. Note that the current password 270 * will remain until the user has set a new one, so the change does not 271 * take place immediately. To prompt the user for a new password, use 272 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. 273 * 274 * <p>Quality constants are ordered so that higher values are more restrictive; 275 * thus the highest requested quality constant (between the policy set here, 276 * the user's preference, and any other considerations) is the one that 277 * is in effect. 278 * 279 * <p>The calling device admin must have requested 280 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 281 * this method; if it has not, a security exception will be thrown. 282 * 283 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 284 * @param quality The new desired quality. One of 285 * {@link #PASSWORD_QUALITY_UNSPECIFIED}, {@link #PASSWORD_QUALITY_SOMETHING}, 286 * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC}, 287 * {@link #PASSWORD_QUALITY_ALPHANUMERIC} or {@link #PASSWORD_QUALITY_COMPLEX}. 288 */ 289 public void setPasswordQuality(ComponentName admin, int quality) { 290 if (mService != null) { 291 try { 292 mService.setPasswordQuality(admin, quality); 293 } catch (RemoteException e) { 294 Log.w(TAG, "Failed talking with device policy service", e); 295 } 296 } 297 } 298 299 /** 300 * Retrieve the current minimum password quality for all admins 301 * or a particular one. 302 * @param admin The name of the admin component to check, or null to aggregate 303 * all admins. 304 */ 305 public int getPasswordQuality(ComponentName admin) { 306 if (mService != null) { 307 try { 308 return mService.getPasswordQuality(admin); 309 } catch (RemoteException e) { 310 Log.w(TAG, "Failed talking with device policy service", e); 311 } 312 } 313 return PASSWORD_QUALITY_UNSPECIFIED; 314 } 315 316 /** 317 * Called by an application that is administering the device to set the 318 * minimum allowed password length. After setting this, the user 319 * will not be able to enter a new password that is not at least as 320 * restrictive as what has been set. Note that the current password 321 * will remain until the user has set a new one, so the change does not 322 * take place immediately. To prompt the user for a new password, use 323 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 324 * constraint is only imposed if the administrator has also requested either 325 * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC} 326 * {@link #PASSWORD_QUALITY_ALPHANUMERIC}, or {@link #PASSWORD_QUALITY_COMPLEX} 327 * with {@link #setPasswordQuality}. 328 * 329 * <p>The calling device admin must have requested 330 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 331 * this method; if it has not, a security exception will be thrown. 332 * 333 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 334 * @param length The new desired minimum password length. A value of 0 335 * means there is no restriction. 336 */ 337 public void setPasswordMinimumLength(ComponentName admin, int length) { 338 if (mService != null) { 339 try { 340 mService.setPasswordMinimumLength(admin, length); 341 } catch (RemoteException e) { 342 Log.w(TAG, "Failed talking with device policy service", e); 343 } 344 } 345 } 346 347 /** 348 * Retrieve the current minimum password length for all admins 349 * or a particular one. 350 * @param admin The name of the admin component to check, or null to aggregate 351 * all admins. 352 */ 353 public int getPasswordMinimumLength(ComponentName admin) { 354 if (mService != null) { 355 try { 356 return mService.getPasswordMinimumLength(admin); 357 } catch (RemoteException e) { 358 Log.w(TAG, "Failed talking with device policy service", e); 359 } 360 } 361 return 0; 362 } 363 364 /** 365 * Called by an application that is administering the device to set the 366 * minimum number of upper case letters required in the password. After 367 * setting this, the user will not be able to enter a new password that is 368 * not at least as restrictive as what has been set. Note that the current 369 * password will remain until the user has set a new one, so the change does 370 * not take place immediately. To prompt the user for a new password, use 371 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 372 * constraint is only imposed if the administrator has also requested 373 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 374 * default value is 0. 375 * <p> 376 * The calling device admin must have requested 377 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 378 * this method; if it has not, a security exception will be thrown. 379 * 380 * @param admin Which {@link DeviceAdminReceiver} this request is associated 381 * with. 382 * @param length The new desired minimum number of upper case letters 383 * required in the password. A value of 0 means there is no 384 * restriction. 385 */ 386 public void setPasswordMinimumUpperCase(ComponentName admin, int length) { 387 if (mService != null) { 388 try { 389 mService.setPasswordMinimumUpperCase(admin, length); 390 } catch (RemoteException e) { 391 Log.w(TAG, "Failed talking with device policy service", e); 392 } 393 } 394 } 395 396 /** 397 * Retrieve the current number of upper case letters required in the 398 * password for all admins or a particular one. This is the same value as 399 * set by {#link {@link #setPasswordMinimumUpperCase(ComponentName, int)} 400 * and only applies when the password quality is 401 * {@link #PASSWORD_QUALITY_COMPLEX}. 402 * 403 * @param admin The name of the admin component to check, or null to 404 * aggregate all admins. 405 * @return The minimum number of upper case letters required in the 406 * password. 407 */ 408 public int getPasswordMinimumUpperCase(ComponentName admin) { 409 if (mService != null) { 410 try { 411 return mService.getPasswordMinimumUpperCase(admin); 412 } catch (RemoteException e) { 413 Log.w(TAG, "Failed talking with device policy service", e); 414 } 415 } 416 return 0; 417 } 418 419 /** 420 * Called by an application that is administering the device to set the 421 * minimum number of lower case letters required in the password. After 422 * setting this, the user will not be able to enter a new password that is 423 * not at least as restrictive as what has been set. Note that the current 424 * password will remain until the user has set a new one, so the change does 425 * not take place immediately. To prompt the user for a new password, use 426 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 427 * constraint is only imposed if the administrator has also requested 428 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 429 * default value is 0. 430 * <p> 431 * The calling device admin must have requested 432 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 433 * this method; if it has not, a security exception will be thrown. 434 * 435 * @param admin Which {@link DeviceAdminReceiver} this request is associated 436 * with. 437 * @param length The new desired minimum number of lower case letters 438 * required in the password. A value of 0 means there is no 439 * restriction. 440 */ 441 public void setPasswordMinimumLowerCase(ComponentName admin, int length) { 442 if (mService != null) { 443 try { 444 mService.setPasswordMinimumLowerCase(admin, length); 445 } catch (RemoteException e) { 446 Log.w(TAG, "Failed talking with device policy service", e); 447 } 448 } 449 } 450 451 /** 452 * Retrieve the current number of lower case letters required in the 453 * password for all admins or a particular one. This is the same value as 454 * set by {#link {@link #setPasswordMinimumLowerCase(ComponentName, int)} 455 * and only applies when the password quality is 456 * {@link #PASSWORD_QUALITY_COMPLEX}. 457 * 458 * @param admin The name of the admin component to check, or null to 459 * aggregate all admins. 460 * @return The minimum number of lower case letters required in the 461 * password. 462 */ 463 public int getPasswordMinimumLowerCase(ComponentName admin) { 464 if (mService != null) { 465 try { 466 return mService.getPasswordMinimumLowerCase(admin); 467 } catch (RemoteException e) { 468 Log.w(TAG, "Failed talking with device policy service", e); 469 } 470 } 471 return 0; 472 } 473 474 /** 475 * Called by an application that is administering the device to set the 476 * minimum number of letters required in the password. After setting this, 477 * the user will not be able to enter a new password that is not at least as 478 * restrictive as what has been set. Note that the current password will 479 * remain until the user has set a new one, so the change does not take 480 * place immediately. To prompt the user for a new password, use 481 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 482 * constraint is only imposed if the administrator has also requested 483 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 484 * default value is 1. 485 * <p> 486 * The calling device admin must have requested 487 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 488 * this method; if it has not, a security exception will be thrown. 489 * 490 * @param admin Which {@link DeviceAdminReceiver} this request is associated 491 * with. 492 * @param length The new desired minimum number of letters required in the 493 * password. A value of 0 means there is no restriction. 494 */ 495 public void setPasswordMinimumLetters(ComponentName admin, int length) { 496 if (mService != null) { 497 try { 498 mService.setPasswordMinimumLetters(admin, length); 499 } catch (RemoteException e) { 500 Log.w(TAG, "Failed talking with device policy service", e); 501 } 502 } 503 } 504 505 /** 506 * Retrieve the current number of letters required in the password for all 507 * admins or a particular one. This is the same value as 508 * set by {#link {@link #setPasswordMinimumLetters(ComponentName, int)} 509 * and only applies when the password quality is 510 * {@link #PASSWORD_QUALITY_COMPLEX}. 511 * 512 * @param admin The name of the admin component to check, or null to 513 * aggregate all admins. 514 * @return The minimum number of letters required in the password. 515 */ 516 public int getPasswordMinimumLetters(ComponentName admin) { 517 if (mService != null) { 518 try { 519 return mService.getPasswordMinimumLetters(admin); 520 } catch (RemoteException e) { 521 Log.w(TAG, "Failed talking with device policy service", e); 522 } 523 } 524 return 0; 525 } 526 527 /** 528 * Called by an application that is administering the device to set the 529 * minimum number of numerical digits required in the password. After 530 * setting this, the user will not be able to enter a new password that is 531 * not at least as restrictive as what has been set. Note that the current 532 * password will remain until the user has set a new one, so the change does 533 * not take place immediately. To prompt the user for a new password, use 534 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 535 * constraint is only imposed if the administrator has also requested 536 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 537 * default value is 1. 538 * <p> 539 * The calling device admin must have requested 540 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 541 * this method; if it has not, a security exception will be thrown. 542 * 543 * @param admin Which {@link DeviceAdminReceiver} this request is associated 544 * with. 545 * @param length The new desired minimum number of numerical digits required 546 * in the password. A value of 0 means there is no restriction. 547 */ 548 public void setPasswordMinimumNumeric(ComponentName admin, int length) { 549 if (mService != null) { 550 try { 551 mService.setPasswordMinimumNumeric(admin, length); 552 } catch (RemoteException e) { 553 Log.w(TAG, "Failed talking with device policy service", e); 554 } 555 } 556 } 557 558 /** 559 * Retrieve the current number of numerical digits required in the password 560 * for all admins or a particular one. This is the same value as 561 * set by {#link {@link #setPasswordMinimumNumeric(ComponentName, int)} 562 * and only applies when the password quality is 563 * {@link #PASSWORD_QUALITY_COMPLEX}. 564 * 565 * @param admin The name of the admin component to check, or null to 566 * aggregate all admins. 567 * @return The minimum number of numerical digits required in the password. 568 */ 569 public int getPasswordMinimumNumeric(ComponentName admin) { 570 if (mService != null) { 571 try { 572 return mService.getPasswordMinimumNumeric(admin); 573 } catch (RemoteException e) { 574 Log.w(TAG, "Failed talking with device policy service", e); 575 } 576 } 577 return 0; 578 } 579 580 /** 581 * Called by an application that is administering the device to set the 582 * minimum number of symbols required in the password. After setting this, 583 * the user will not be able to enter a new password that is not at least as 584 * restrictive as what has been set. Note that the current password will 585 * remain until the user has set a new one, so the change does not take 586 * place immediately. To prompt the user for a new password, use 587 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 588 * constraint is only imposed if the administrator has also requested 589 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 590 * default value is 1. 591 * <p> 592 * The calling device admin must have requested 593 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 594 * this method; if it has not, a security exception will be thrown. 595 * 596 * @param admin Which {@link DeviceAdminReceiver} this request is associated 597 * with. 598 * @param length The new desired minimum number of symbols required in the 599 * password. A value of 0 means there is no restriction. 600 */ 601 public void setPasswordMinimumSymbols(ComponentName admin, int length) { 602 if (mService != null) { 603 try { 604 mService.setPasswordMinimumSymbols(admin, length); 605 } catch (RemoteException e) { 606 Log.w(TAG, "Failed talking with device policy service", e); 607 } 608 } 609 } 610 611 /** 612 * Retrieve the current number of symbols required in the password for all 613 * admins or a particular one. This is the same value as 614 * set by {#link {@link #setPasswordMinimumSymbols(ComponentName, int)} 615 * and only applies when the password quality is 616 * {@link #PASSWORD_QUALITY_COMPLEX}. 617 * 618 * @param admin The name of the admin component to check, or null to 619 * aggregate all admins. 620 * @return The minimum number of symbols required in the password. 621 */ 622 public int getPasswordMinimumSymbols(ComponentName admin) { 623 if (mService != null) { 624 try { 625 return mService.getPasswordMinimumSymbols(admin); 626 } catch (RemoteException e) { 627 Log.w(TAG, "Failed talking with device policy service", e); 628 } 629 } 630 return 0; 631 } 632 633 /** 634 * Called by an application that is administering the device to set the 635 * minimum number of non-letter characters (numerical digits or symbols) 636 * required in the password. After setting this, the user will not be able 637 * to enter a new password that is not at least as restrictive as what has 638 * been set. Note that the current password will remain until the user has 639 * set a new one, so the change does not take place immediately. To prompt 640 * the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} after 641 * setting this value. This constraint is only imposed if the administrator 642 * has also requested {@link #PASSWORD_QUALITY_COMPLEX} with 643 * {@link #setPasswordQuality}. The default value is 0. 644 * <p> 645 * The calling device admin must have requested 646 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 647 * this method; if it has not, a security exception will be thrown. 648 * 649 * @param admin Which {@link DeviceAdminReceiver} this request is associated 650 * with. 651 * @param length The new desired minimum number of letters required in the 652 * password. A value of 0 means there is no restriction. 653 */ 654 public void setPasswordMinimumNonLetter(ComponentName admin, int length) { 655 if (mService != null) { 656 try { 657 mService.setPasswordMinimumNonLetter(admin, length); 658 } catch (RemoteException e) { 659 Log.w(TAG, "Failed talking with device policy service", e); 660 } 661 } 662 } 663 664 /** 665 * Retrieve the current number of non-letter characters required in the 666 * password for all admins or a particular one. This is the same value as 667 * set by {#link {@link #setPasswordMinimumNonLetter(ComponentName, int)} 668 * and only applies when the password quality is 669 * {@link #PASSWORD_QUALITY_COMPLEX}. 670 * 671 * @param admin The name of the admin component to check, or null to 672 * aggregate all admins. 673 * @return The minimum number of letters required in the password. 674 */ 675 public int getPasswordMinimumNonLetter(ComponentName admin) { 676 if (mService != null) { 677 try { 678 return mService.getPasswordMinimumNonLetter(admin); 679 } catch (RemoteException e) { 680 Log.w(TAG, "Failed talking with device policy service", e); 681 } 682 } 683 return 0; 684 } 685 686 /** 687 * Called by an application that is administering the device to set the length 688 * of the password history. After setting this, the user will not be able to 689 * enter a new password that is the same as any password in the history. Note 690 * that the current password will remain until the user has set a new one, so 691 * the change does not take place immediately. To prompt the user for a new 692 * password, use {@link #ACTION_SET_NEW_PASSWORD} after setting this value. 693 * This constraint is only imposed if the administrator has also requested 694 * either {@link #PASSWORD_QUALITY_NUMERIC}, 695 * {@link #PASSWORD_QUALITY_ALPHABETIC}, or 696 * {@link #PASSWORD_QUALITY_ALPHANUMERIC} with {@link #setPasswordQuality}. 697 * 698 * <p> 699 * The calling device admin must have requested 700 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this 701 * method; if it has not, a security exception will be thrown. 702 * 703 * @param admin Which {@link DeviceAdminReceiver} this request is associated 704 * with. 705 * @param length The new desired length of password history. A value of 0 706 * means there is no restriction. 707 */ 708 public void setPasswordHistoryLength(ComponentName admin, int length) { 709 if (mService != null) { 710 try { 711 mService.setPasswordHistoryLength(admin, length); 712 } catch (RemoteException e) { 713 Log.w(TAG, "Failed talking with device policy service", e); 714 } 715 } 716 } 717 718 /** 719 * Called by a device admin to set the password expiration timeout. Calling this method 720 * will restart the countdown for password expiration for the given admin, as will changing 721 * the device password (for all admins). 722 * 723 * <p>The provided timeout is the time delta in ms and will be added to the current time. 724 * For example, to have the password expire 5 days from now, timeout would be 725 * 5 * 86400 * 1000 = 432000000 ms for timeout. 726 * 727 * <p>To disable password expiration, a value of 0 may be used for timeout. 728 * 729 * <p>The calling device admin must have requested 730 * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this 731 * method; if it has not, a security exception will be thrown. 732 * 733 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 734 * @param timeout The limit (in ms) that a password can remain in effect. A value of 0 735 * means there is no restriction (unlimited). 736 */ 737 public void setPasswordExpirationTimeout(ComponentName admin, long timeout) { 738 if (mService != null) { 739 try { 740 mService.setPasswordExpirationTimeout(admin, timeout); 741 } catch (RemoteException e) { 742 Log.w(TAG, "Failed talking with device policy service", e); 743 } 744 } 745 } 746 747 /** 748 * Get the password expiration timeout for the given admin. The expiration timeout is the 749 * recurring expiration timeout provided in the call to 750 * {@link #setPasswordExpirationTimeout(ComponentName, long)} for the given admin or the 751 * aggregate of all policy administrators if admin is null. 752 * 753 * @param admin The name of the admin component to check, or null to aggregate all admins. 754 * @return The timeout for the given admin or the minimum of all timeouts 755 */ 756 public long getPasswordExpirationTimeout(ComponentName admin) { 757 if (mService != null) { 758 try { 759 return mService.getPasswordExpirationTimeout(admin); 760 } catch (RemoteException e) { 761 Log.w(TAG, "Failed talking with device policy service", e); 762 } 763 } 764 return 0; 765 } 766 767 /** 768 * Get the current password expiration time for the given admin or an aggregate of 769 * all admins if admin is null. If the password is expired, this will return the time since 770 * the password expired as a negative number. If admin is null, then a composite of all 771 * expiration timeouts is returned - which will be the minimum of all timeouts. 772 * 773 * @param admin The name of the admin component to check, or null to aggregate all admins. 774 * @return The password expiration time, in ms. 775 */ 776 public long getPasswordExpiration(ComponentName admin) { 777 if (mService != null) { 778 try { 779 return mService.getPasswordExpiration(admin); 780 } catch (RemoteException e) { 781 Log.w(TAG, "Failed talking with device policy service", e); 782 } 783 } 784 return 0; 785 } 786 787 /** 788 * Retrieve the current password history length for all admins 789 * or a particular one. 790 * @param admin The name of the admin component to check, or null to aggregate 791 * all admins. 792 * @return The length of the password history 793 */ 794 public int getPasswordHistoryLength(ComponentName admin) { 795 if (mService != null) { 796 try { 797 return mService.getPasswordHistoryLength(admin); 798 } catch (RemoteException e) { 799 Log.w(TAG, "Failed talking with device policy service", e); 800 } 801 } 802 return 0; 803 } 804 805 /** 806 * Return the maximum password length that the device supports for a 807 * particular password quality. 808 * @param quality The quality being interrogated. 809 * @return Returns the maximum length that the user can enter. 810 */ 811 public int getPasswordMaximumLength(int quality) { 812 // Kind-of arbitrary. 813 return 16; 814 } 815 816 /** 817 * Determine whether the current password the user has set is sufficient 818 * to meet the policy requirements (quality, minimum length) that have been 819 * requested. 820 * 821 * <p>The calling device admin must have requested 822 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 823 * this method; if it has not, a security exception will be thrown. 824 * 825 * @return Returns true if the password meets the current requirements, 826 * else false. 827 */ 828 public boolean isActivePasswordSufficient() { 829 if (mService != null) { 830 try { 831 return mService.isActivePasswordSufficient(); 832 } catch (RemoteException e) { 833 Log.w(TAG, "Failed talking with device policy service", e); 834 } 835 } 836 return false; 837 } 838 839 /** 840 * Retrieve the number of times the user has failed at entering a 841 * password since that last successful password entry. 842 * 843 * <p>The calling device admin must have requested 844 * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call 845 * this method; if it has not, a security exception will be thrown. 846 */ 847 public int getCurrentFailedPasswordAttempts() { 848 if (mService != null) { 849 try { 850 return mService.getCurrentFailedPasswordAttempts(); 851 } catch (RemoteException e) { 852 Log.w(TAG, "Failed talking with device policy service", e); 853 } 854 } 855 return -1; 856 } 857 858 /** 859 * Setting this to a value greater than zero enables a built-in policy 860 * that will perform a device wipe after too many incorrect 861 * device-unlock passwords have been entered. This built-in policy combines 862 * watching for failed passwords and wiping the device, and requires 863 * that you request both {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and 864 * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}}. 865 * 866 * <p>To implement any other policy (e.g. wiping data for a particular 867 * application only, erasing or revoking credentials, or reporting the 868 * failure to a server), you should implement 869 * {@link DeviceAdminReceiver#onPasswordFailed(Context, android.content.Intent)} 870 * instead. Do not use this API, because if the maximum count is reached, 871 * the device will be wiped immediately, and your callback will not be invoked. 872 * 873 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 874 * @param num The number of failed password attempts at which point the 875 * device will wipe its data. 876 */ 877 public void setMaximumFailedPasswordsForWipe(ComponentName admin, int num) { 878 if (mService != null) { 879 try { 880 mService.setMaximumFailedPasswordsForWipe(admin, num); 881 } catch (RemoteException e) { 882 Log.w(TAG, "Failed talking with device policy service", e); 883 } 884 } 885 } 886 887 /** 888 * Retrieve the current maximum number of login attempts that are allowed 889 * before the device wipes itself, for all admins 890 * or a particular one. 891 * @param admin The name of the admin component to check, or null to aggregate 892 * all admins. 893 */ 894 public int getMaximumFailedPasswordsForWipe(ComponentName admin) { 895 if (mService != null) { 896 try { 897 return mService.getMaximumFailedPasswordsForWipe(admin); 898 } catch (RemoteException e) { 899 Log.w(TAG, "Failed talking with device policy service", e); 900 } 901 } 902 return 0; 903 } 904 905 /** 906 * Flag for {@link #resetPassword}: don't allow other admins to change 907 * the password again until the user has entered it. 908 */ 909 public static final int RESET_PASSWORD_REQUIRE_ENTRY = 0x0001; 910 911 /** 912 * Force a new device unlock password (the password needed to access the 913 * entire device, not for individual accounts) on the user. This takes 914 * effect immediately. 915 * The given password must be sufficient for the 916 * current password quality and length constraints as returned by 917 * {@link #getPasswordQuality(ComponentName)} and 918 * {@link #getPasswordMinimumLength(ComponentName)}; if it does not meet 919 * these constraints, then it will be rejected and false returned. Note 920 * that the password may be a stronger quality (containing alphanumeric 921 * characters when the requested quality is only numeric), in which case 922 * the currently active quality will be increased to match. 923 * 924 * <p>The calling device admin must have requested 925 * {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call 926 * this method; if it has not, a security exception will be thrown. 927 * 928 * @param password The new password for the user. 929 * @param flags May be 0 or {@link #RESET_PASSWORD_REQUIRE_ENTRY}. 930 * @return Returns true if the password was applied, or false if it is 931 * not acceptable for the current constraints. 932 */ 933 public boolean resetPassword(String password, int flags) { 934 if (mService != null) { 935 try { 936 return mService.resetPassword(password, flags); 937 } catch (RemoteException e) { 938 Log.w(TAG, "Failed talking with device policy service", e); 939 } 940 } 941 return false; 942 } 943 944 /** 945 * Called by an application that is administering the device to set the 946 * maximum time for user activity until the device will lock. This limits 947 * the length that the user can set. It takes effect immediately. 948 * 949 * <p>The calling device admin must have requested 950 * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call 951 * this method; if it has not, a security exception will be thrown. 952 * 953 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 954 * @param timeMs The new desired maximum time to lock in milliseconds. 955 * A value of 0 means there is no restriction. 956 */ 957 public void setMaximumTimeToLock(ComponentName admin, long timeMs) { 958 if (mService != null) { 959 try { 960 mService.setMaximumTimeToLock(admin, timeMs); 961 } catch (RemoteException e) { 962 Log.w(TAG, "Failed talking with device policy service", e); 963 } 964 } 965 } 966 967 /** 968 * Retrieve the current maximum time to unlock for all admins 969 * or a particular one. 970 * @param admin The name of the admin component to check, or null to aggregate 971 * all admins. 972 */ 973 public long getMaximumTimeToLock(ComponentName admin) { 974 if (mService != null) { 975 try { 976 return mService.getMaximumTimeToLock(admin); 977 } catch (RemoteException e) { 978 Log.w(TAG, "Failed talking with device policy service", e); 979 } 980 } 981 return 0; 982 } 983 984 /** 985 * Make the device lock immediately, as if the lock screen timeout has 986 * expired at the point of this call. 987 * 988 * <p>The calling device admin must have requested 989 * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call 990 * this method; if it has not, a security exception will be thrown. 991 */ 992 public void lockNow() { 993 if (mService != null) { 994 try { 995 mService.lockNow(); 996 } catch (RemoteException e) { 997 Log.w(TAG, "Failed talking with device policy service", e); 998 } 999 } 1000 } 1001 1002 /** 1003 * Flag for {@link #wipeData(int)}: also erase the device's external 1004 * storage. 1005 */ 1006 public static final int WIPE_EXTERNAL_STORAGE = 0x0001; 1007 1008 /** 1009 * Ask the user date be wiped. This will cause the device to reboot, 1010 * erasing all user data while next booting up. External storage such 1011 * as SD cards will be also erased if the flag {@link #WIPE_EXTERNAL_STORAGE} 1012 * is set. 1013 * 1014 * <p>The calling device admin must have requested 1015 * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call 1016 * this method; if it has not, a security exception will be thrown. 1017 * 1018 * @param flags Bit mask of additional options: currently 0 and 1019 * {@link #WIPE_EXTERNAL_STORAGE} are supported. 1020 */ 1021 public void wipeData(int flags) { 1022 if (mService != null) { 1023 try { 1024 mService.wipeData(flags); 1025 } catch (RemoteException e) { 1026 Log.w(TAG, "Failed talking with device policy service", e); 1027 } 1028 } 1029 } 1030 1031 /** 1032 * Called by an application that is administering the device to set the 1033 * global proxy and exclusion list. 1034 * <p> 1035 * The calling device admin must have requested 1036 * {@link DeviceAdminInfo#USES_POLICY_SETS_GLOBAL_PROXY} to be able to call 1037 * this method; if it has not, a security exception will be thrown. 1038 * Only the first device admin can set the proxy. If a second admin attempts 1039 * to set the proxy, the {@link ComponentName} of the admin originally setting the 1040 * proxy will be returned. If successful in setting the proxy, null will 1041 * be returned. 1042 * The method can be called repeatedly by the device admin alrady setting the 1043 * proxy to update the proxy and exclusion list. 1044 * 1045 * @param admin Which {@link DeviceAdminReceiver} this request is associated 1046 * with. 1047 * @param proxySpec the global proxy desired. Must be an HTTP Proxy. 1048 * Pass Proxy.NO_PROXY to reset the proxy. 1049 * @param exclusionList a list of domains to be excluded from the global proxy. 1050 * @return returns null if the proxy was successfully set, or a {@link ComponentName} 1051 * of the device admin that sets thew proxy otherwise. 1052 * @hide 1053 */ 1054 public ComponentName setGlobalProxy(ComponentName admin, Proxy proxySpec, 1055 List<String> exclusionList ) { 1056 if (proxySpec == null) { 1057 throw new NullPointerException(); 1058 } 1059 if (mService != null) { 1060 try { 1061 String hostSpec; 1062 String exclSpec; 1063 if (proxySpec.equals(Proxy.NO_PROXY)) { 1064 hostSpec = null; 1065 exclSpec = null; 1066 } else { 1067 if (!proxySpec.type().equals(Proxy.Type.HTTP)) { 1068 throw new IllegalArgumentException(); 1069 } 1070 InetSocketAddress sa = (InetSocketAddress)proxySpec.address(); 1071 String hostName = sa.getHostName(); 1072 int port = sa.getPort(); 1073 StringBuilder hostBuilder = new StringBuilder(); 1074 hostSpec = hostBuilder.append(hostName) 1075 .append(":").append(Integer.toString(port)).toString(); 1076 if (exclusionList == null) { 1077 exclSpec = ""; 1078 } else { 1079 StringBuilder listBuilder = new StringBuilder(); 1080 boolean firstDomain = true; 1081 for (String exclDomain : exclusionList) { 1082 if (!firstDomain) { 1083 listBuilder = listBuilder.append(","); 1084 } else { 1085 firstDomain = false; 1086 } 1087 listBuilder = listBuilder.append(exclDomain.trim()); 1088 } 1089 exclSpec = listBuilder.toString(); 1090 } 1091 android.net.Proxy.validate(hostName, Integer.toString(port), exclSpec); 1092 } 1093 return mService.setGlobalProxy(admin, hostSpec, exclSpec); 1094 } catch (RemoteException e) { 1095 Log.w(TAG, "Failed talking with device policy service", e); 1096 } 1097 } 1098 return null; 1099 } 1100 1101 /** 1102 * Returns the component name setting the global proxy. 1103 * @return ComponentName object of the device admin that set the global proxy, or 1104 * null if no admin has set the proxy. 1105 * @hide 1106 */ 1107 public ComponentName getGlobalProxyAdmin() { 1108 if (mService != null) { 1109 try { 1110 return mService.getGlobalProxyAdmin(); 1111 } catch (RemoteException e) { 1112 Log.w(TAG, "Failed talking with device policy service", e); 1113 } 1114 } 1115 return null; 1116 } 1117 1118 /** 1119 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1120 * indicating that encryption is not supported. 1121 */ 1122 public static final int ENCRYPTION_STATUS_UNSUPPORTED = 0; 1123 1124 /** 1125 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1126 * indicating that encryption is supported, but is not currently active. 1127 */ 1128 public static final int ENCRYPTION_STATUS_INACTIVE = 1; 1129 1130 /** 1131 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1132 * indicating that encryption is not currently active, but is currently 1133 * being activated. This is only reported by devices that support 1134 * encryption of data and only when the storage is currently 1135 * undergoing a process of becoming encrypted. A device that must reboot and/or wipe data 1136 * to become encrypted will never return this value. 1137 */ 1138 public static final int ENCRYPTION_STATUS_ACTIVATING = 2; 1139 1140 /** 1141 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1142 * indicating that encryption is active. 1143 */ 1144 public static final int ENCRYPTION_STATUS_ACTIVE = 3; 1145 1146 /** 1147 * Activity action: begin the process of encrypting data on the device. This activity should 1148 * be launched after using {@link #setStorageEncryption} to request encryption be activated. 1149 * After resuming from this activity, use {@link #getStorageEncryption} 1150 * to check encryption status. However, on some devices this activity may never return, as 1151 * it may trigger a reboot and in some cases a complete data wipe of the device. 1152 */ 1153 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 1154 public static final String ACTION_START_ENCRYPTION 1155 = "android.app.action.START_ENCRYPTION"; 1156 1157 /** 1158 * Called by an application that is administering the device to 1159 * request that the storage system be encrypted. 1160 * 1161 * <p>When multiple device administrators attempt to control device 1162 * encryption, the most secure, supported setting will always be 1163 * used. If any device administrator requests device encryption, 1164 * it will be enabled; Conversely, if a device administrator 1165 * attempts to disable device encryption while another 1166 * device administrator has enabled it, the call to disable will 1167 * fail (most commonly returning {@link #ENCRYPTION_STATUS_ACTIVE}). 1168 * 1169 * <p>This policy controls encryption of the secure (application data) storage area. Data 1170 * written to other storage areas may or may not be encrypted, and this policy does not require 1171 * or control the encryption of any other storage areas. 1172 * There is one exception: If {@link android.os.Environment#isExternalStorageEmulated()} is 1173 * {@code true}, then the directory returned by 1174 * {@link android.os.Environment#getExternalStorageDirectory()} must be written to disk 1175 * within the encrypted storage area. 1176 * 1177 * <p>Important Note: On some devices, it is possible to encrypt storage without requiring 1178 * the user to create a device PIN or Password. In this case, the storage is encrypted, but 1179 * the encryption key may not be fully secured. For maximum security, the administrator should 1180 * also require (and check for) a pattern, PIN, or password. 1181 * 1182 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 1183 * @param encrypt true to request encryption, false to release any previous request 1184 * @return the new request status (for all active admins) - will be one of 1185 * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, or 1186 * {@link #ENCRYPTION_STATUS_ACTIVE}. This is the value of the requests; Use 1187 * {@link #getStorageEncryptionStatus()} to query the actual device state. 1188 */ 1189 public int setStorageEncryption(ComponentName admin, boolean encrypt) { 1190 if (mService != null) { 1191 try { 1192 return mService.setStorageEncryption(admin, encrypt); 1193 } catch (RemoteException e) { 1194 Log.w(TAG, "Failed talking with device policy service", e); 1195 } 1196 } 1197 return ENCRYPTION_STATUS_UNSUPPORTED; 1198 } 1199 1200 /** 1201 * Called by an application that is administering the device to 1202 * determine the requested setting for secure storage. 1203 * 1204 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. If null, 1205 * this will return the requested encryption setting as an aggregate of all active 1206 * administrators. 1207 * @return true if the admin(s) are requesting encryption, false if not. 1208 */ 1209 public boolean getStorageEncryption(ComponentName admin) { 1210 if (mService != null) { 1211 try { 1212 return mService.getStorageEncryption(admin); 1213 } catch (RemoteException e) { 1214 Log.w(TAG, "Failed talking with device policy service", e); 1215 } 1216 } 1217 return false; 1218 } 1219 1220 /** 1221 * Called by an application that is administering the device to 1222 * determine the current encryption status of the device. 1223 * 1224 * Depending on the returned status code, the caller may proceed in different 1225 * ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the 1226 * storage system does not support encryption. If the 1227 * result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link 1228 * #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the 1229 * storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or 1230 * {@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required. 1231 * 1232 * @return current status of encryption. The value will be one of 1233 * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, 1234 * {@link #ENCRYPTION_STATUS_ACTIVATING}, or{@link #ENCRYPTION_STATUS_ACTIVE}. 1235 */ 1236 public int getStorageEncryptionStatus() { 1237 if (mService != null) { 1238 try { 1239 return mService.getStorageEncryptionStatus(); 1240 } catch (RemoteException e) { 1241 Log.w(TAG, "Failed talking with device policy service", e); 1242 } 1243 } 1244 return ENCRYPTION_STATUS_UNSUPPORTED; 1245 } 1246 1247 /** 1248 * Called by an application that is administering the device to disable all cameras 1249 * on the device. After setting this, no applications will be able to access any cameras 1250 * on the device. 1251 * 1252 * <p>The calling device admin must have requested 1253 * {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call 1254 * this method; if it has not, a security exception will be thrown. 1255 * 1256 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 1257 * @param disabled Whether or not the camera should be disabled. 1258 */ 1259 public void setCameraDisabled(ComponentName admin, boolean disabled) { 1260 if (mService != null) { 1261 try { 1262 mService.setCameraDisabled(admin, disabled); 1263 } catch (RemoteException e) { 1264 Log.w(TAG, "Failed talking with device policy service", e); 1265 } 1266 } 1267 } 1268 1269 /** 1270 * Determine whether or not the device's cameras have been disabled either by the current 1271 * admin, if specified, or all admins. 1272 * @param admin The name of the admin component to check, or null to check if any admins 1273 * have disabled the camera 1274 */ 1275 public boolean getCameraDisabled(ComponentName admin) { 1276 if (mService != null) { 1277 try { 1278 return mService.getCameraDisabled(admin); 1279 } catch (RemoteException e) { 1280 Log.w(TAG, "Failed talking with device policy service", e); 1281 } 1282 } 1283 return false; 1284 } 1285 1286 /** 1287 * @hide 1288 */ 1289 public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing) { 1290 if (mService != null) { 1291 try { 1292 mService.setActiveAdmin(policyReceiver, refreshing); 1293 } catch (RemoteException e) { 1294 Log.w(TAG, "Failed talking with device policy service", e); 1295 } 1296 } 1297 } 1298 1299 /** 1300 * Returns the DeviceAdminInfo as defined by the administrator's package info & meta-data 1301 * @hide 1302 */ 1303 public DeviceAdminInfo getAdminInfo(ComponentName cn) { 1304 ActivityInfo ai; 1305 try { 1306 ai = mContext.getPackageManager().getReceiverInfo(cn, 1307 PackageManager.GET_META_DATA); 1308 } catch (PackageManager.NameNotFoundException e) { 1309 Log.w(TAG, "Unable to retrieve device policy " + cn, e); 1310 return null; 1311 } 1312 1313 ResolveInfo ri = new ResolveInfo(); 1314 ri.activityInfo = ai; 1315 1316 try { 1317 return new DeviceAdminInfo(mContext, ri); 1318 } catch (XmlPullParserException e) { 1319 Log.w(TAG, "Unable to parse device policy " + cn, e); 1320 return null; 1321 } catch (IOException e) { 1322 Log.w(TAG, "Unable to parse device policy " + cn, e); 1323 return null; 1324 } 1325 } 1326 1327 /** 1328 * @hide 1329 */ 1330 public void getRemoveWarning(ComponentName admin, RemoteCallback result) { 1331 if (mService != null) { 1332 try { 1333 mService.getRemoveWarning(admin, result); 1334 } catch (RemoteException e) { 1335 Log.w(TAG, "Failed talking with device policy service", e); 1336 } 1337 } 1338 } 1339 1340 /** 1341 * @hide 1342 */ 1343 public void setActivePasswordState(int quality, int length, int letters, int uppercase, 1344 int lowercase, int numbers, int symbols, int nonletter) { 1345 if (mService != null) { 1346 try { 1347 mService.setActivePasswordState(quality, length, letters, uppercase, lowercase, 1348 numbers, symbols, nonletter); 1349 } catch (RemoteException e) { 1350 Log.w(TAG, "Failed talking with device policy service", e); 1351 } 1352 } 1353 } 1354 1355 /** 1356 * @hide 1357 */ 1358 public void reportFailedPasswordAttempt() { 1359 if (mService != null) { 1360 try { 1361 mService.reportFailedPasswordAttempt(); 1362 } catch (RemoteException e) { 1363 Log.w(TAG, "Failed talking with device policy service", e); 1364 } 1365 } 1366 } 1367 1368 /** 1369 * @hide 1370 */ 1371 public void reportSuccessfulPasswordAttempt() { 1372 if (mService != null) { 1373 try { 1374 mService.reportSuccessfulPasswordAttempt(); 1375 } catch (RemoteException e) { 1376 Log.w(TAG, "Failed talking with device policy service", e); 1377 } 1378 } 1379 } 1380 1381} 1382