コード例 #1
0
 private void disableUnusableTimeouts(ListPreference screenTimeoutPreference) {
   final DevicePolicyManager dpm =
       (DevicePolicyManager) getActivity().getSystemService(Context.DEVICE_POLICY_SERVICE);
   final long maxTimeout = dpm != null ? dpm.getMaximumTimeToLock(null) : 0;
   if (maxTimeout == 0) {
     return; // policy not enforced
   }
   final CharSequence[] entries = screenTimeoutPreference.getEntries();
   final CharSequence[] values = screenTimeoutPreference.getEntryValues();
   ArrayList<CharSequence> revisedEntries = new ArrayList<CharSequence>();
   ArrayList<CharSequence> revisedValues = new ArrayList<CharSequence>();
   for (int i = 0; i < values.length; i++) {
     long timeout = Long.parseLong(values[i].toString());
     if (timeout <= maxTimeout) {
       revisedEntries.add(entries[i]);
       revisedValues.add(values[i]);
     }
   }
   if (revisedEntries.size() != entries.length || revisedValues.size() != values.length) {
     screenTimeoutPreference.setEntries(
         revisedEntries.toArray(new CharSequence[revisedEntries.size()]));
     screenTimeoutPreference.setEntryValues(
         revisedValues.toArray(new CharSequence[revisedValues.size()]));
     final int userPreference = Integer.parseInt(screenTimeoutPreference.getValue());
     if (userPreference <= maxTimeout) {
       screenTimeoutPreference.setValue(String.valueOf(userPreference));
     } else {
       // There will be no highlighted selection since nothing in the list matches
       // maxTimeout. The user can still select anything less than maxTimeout.
       // TODO: maybe append maxTimeout to the list and mark selected.
     }
   }
   screenTimeoutPreference.setEnabled(revisedEntries.size() > 0);
 }
  @Override
  public void onResume() {
    super.onResume();

    if (mDpm.getMaximumTimeToLock(null) > 0) {
      // A DeviceAdmin has specified a maximum time until the device
      // will lock...  in this case we can't allow the user to turn
      // on "stay awake when plugged in" because that would defeat the
      // restriction.
      mDisabledPrefs.add(mKeepScreenOn);
    } else {
      mDisabledPrefs.remove(mKeepScreenOn);
    }

    final ContentResolver cr = getActivity().getContentResolver();
    mLastEnabledState =
        Settings.Global.getInt(cr, Settings.Global.DEVELOPMENT_SETTINGS_ENABLED, 0) != 0;
    mEnabledSwitch.setChecked(mLastEnabledState);
    setPrefsEnabledState(mLastEnabledState);

    if (mHaveDebugSettings && !mLastEnabledState) {
      // Overall debugging is disabled, but there are some debug
      // settings that are enabled.  This is an invalid state.  Switch
      // to debug settings being enabled, so the user knows there is
      // stuff enabled and can turn it all off if they want.
      Settings.Global.putInt(
          getActivity().getContentResolver(), Settings.Global.DEVELOPMENT_SETTINGS_ENABLED, 1);
      mLastEnabledState = true;
      mEnabledSwitch.setChecked(mLastEnabledState);
      setPrefsEnabledState(mLastEnabledState);
    }

    updateKillAppLongpressBackOptions();
  }
コード例 #3
0
 private void setupLockAfterPreference() {
   // Compatible with pre-Froyo
   long currentTimeout =
       Settings.Secure.getLong(
           getContentResolver(), Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, 5000);
   mLockAfter.setValue(String.valueOf(currentTimeout));
   mLockAfter.setOnPreferenceChangeListener(this);
   final long adminTimeout = (mDPM != null ? mDPM.getMaximumTimeToLock(null) : 0);
   final long displayTimeout =
       Math.max(0, Settings.System.getInt(getContentResolver(), SCREEN_OFF_TIMEOUT, 0));
   if (adminTimeout > 0) {
     // This setting is a slave to display timeout when a device policy is enforced.
     // As such, maxLockTimeout = adminTimeout - displayTimeout.
     // If there isn't enough time, shows "immediately" setting.
     disableUnusableTimeouts(Math.max(0, adminTimeout - displayTimeout));
   }
 }
コード例 #4
0
  /**
   * API: Query used to determine if a given policy is "active" (the device is operating at the
   * required security level).
   *
   * <p>This can be used when syncing a specific account, by passing a specific set of policies for
   * that account. Or, it can be used at any time to compare the device state against the aggregate
   * set of device policies stored in all accounts.
   *
   * <p>This method is for queries only, and does not trigger any change in device state.
   *
   * <p>NOTE: If there are multiple accounts with password expiration policies, the device password
   * will be set to expire in the shortest required interval (most secure). This method will return
   * 'false' as soon as the password expires - irrespective of which account caused the expiration.
   * In other words, all accounts (that require expiration) will run/stop based on the requirements
   * of the account with the shortest interval.
   *
   * @param policy the policies requested, or null to check aggregate stored policies
   * @return zero if the requested policies are active, non-zero bits indicates that more work is
   *     needed (typically, by the user) before the required security polices are fully active.
   */
  public int getInactiveReasons(Policy policy) {
    // select aggregate set if needed
    if (policy == null) {
      policy = getAggregatePolicy();
    }
    // quick check for the "empty set" of no policies
    if (policy == Policy.NO_POLICY) {
      return 0;
    }
    int reasons = 0;
    DevicePolicyManager dpm = getDPM();
    if (isActiveAdmin()) {
      // check each policy explicitly
      if (policy.mPasswordMinLength > 0) {
        if (dpm.getPasswordMinimumLength(mAdminName) < policy.mPasswordMinLength) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
      }
      if (policy.mPasswordMode > 0) {
        if (dpm.getPasswordQuality(mAdminName) < policy.getDPManagerPasswordQuality()) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
        if (!dpm.isActivePasswordSufficient()) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
      }
      if (policy.mMaxScreenLockTime > 0) {
        // Note, we use seconds, dpm uses milliseconds
        if (dpm.getMaximumTimeToLock(mAdminName) > policy.mMaxScreenLockTime * 1000) {
          reasons |= INACTIVE_NEED_CONFIGURATION;
        }
      }
      if (policy.mPasswordExpirationDays > 0) {
        // confirm that expirations are currently set
        long currentTimeout = dpm.getPasswordExpirationTimeout(mAdminName);
        if (currentTimeout == 0
            || currentTimeout > policy.getDPManagerPasswordExpirationTimeout()) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
        // confirm that the current password hasn't expired
        long expirationDate = dpm.getPasswordExpiration(mAdminName);
        long timeUntilExpiration = expirationDate - System.currentTimeMillis();
        boolean expired = timeUntilExpiration < 0;
        if (expired) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
      }
      if (policy.mPasswordHistory > 0) {
        if (dpm.getPasswordHistoryLength(mAdminName) < policy.mPasswordHistory) {
          // There's no user action for changes here; this is just a configuration change
          reasons |= INACTIVE_NEED_CONFIGURATION;
        }
      }
      if (policy.mPasswordComplexChars > 0) {
        if (dpm.getPasswordMinimumNonLetter(mAdminName) < policy.mPasswordComplexChars) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
      }
      if (policy.mRequireEncryption) {
        int encryptionStatus = getDPM().getStorageEncryptionStatus();
        if (encryptionStatus != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) {
          reasons |= INACTIVE_NEED_ENCRYPTION;
        }
      }
      if (policy.mDontAllowCamera && !dpm.getCameraDisabled(mAdminName)) {
        reasons |= INACTIVE_NEED_CONFIGURATION;
      }
      // password failures are counted locally - no test required here
      // no check required for remote wipe (it's supported, if we're the admin)

      if (policy.mProtocolPoliciesUnsupported != null) {
        reasons |= INACTIVE_PROTOCOL_POLICIES;
      }

      // If we made it all the way, reasons == 0 here.  Otherwise it's a list of grievances.
      return reasons;
    }
    // return false, not active
    return INACTIVE_NEED_ACTIVATION;
  }