@TargetApi(ApiHelper.VERSION_CODES.ICE_CREAM_SANDWICH) private static void throwIfCameraDisabled(Activity activity) throws CameraDisabledException { // Check if device policy has disabled the camera. if (ApiHelper.HAS_GET_CAMERA_DISABLED) { DevicePolicyManager dpm = (DevicePolicyManager) activity.getSystemService(Context.DEVICE_POLICY_SERVICE); if (dpm.getCameraDisabled(null)) { throw new CameraDisabledException(); } } }
private boolean isCameraDisabledByDpm() { final DevicePolicyManager dpm = (DevicePolicyManager) getContext().getSystemService(Context.DEVICE_POLICY_SERVICE); if (dpm != null) { try { final int userId = ActivityManagerNative.getDefault().getCurrentUser().id; final int disabledFlags = dpm.getKeyguardDisabledFeatures(null, userId); final boolean disabledBecauseKeyguardSecure = (disabledFlags & DevicePolicyManager.KEYGUARD_DISABLE_SECURE_CAMERA) != 0 && KeyguardTouchDelegate.getInstance(getContext()).isSecure(); return dpm.getCameraDisabled(null) || disabledBecauseKeyguardSecure; } catch (RemoteException e) { Log.e(TAG, "Can't get userId", e); } } return false; }
private void updateTargets() { int currentUserHandle = mLockPatternUtils.getCurrentUser(); DevicePolicyManager dpm = mLockPatternUtils.getDevicePolicyManager(); int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, currentUserHandle); boolean secureCameraDisabled = mLockPatternUtils.isSecure() && (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_SECURE_CAMERA) != 0; boolean cameraDisabledByAdmin = dpm.getCameraDisabled(null, currentUserHandle) || secureCameraDisabled; final KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(getContext()); boolean disabledBySimState = monitor.isSimLocked(); boolean cameraTargetPresent = isTargetPresent(com.android.internal.R.drawable.ic_lockscreen_camera); boolean searchTargetPresent = isTargetPresent(com.android.internal.R.drawable.ic_action_assist_generic); if (cameraDisabledByAdmin) { Log.v(TAG, "Camera disabled by Device Policy"); } else if (disabledBySimState) { Log.v(TAG, "Camera disabled by Sim State"); } boolean currentUserSetup = 0 != Settings.Secure.getIntForUser( mContext.getContentResolver(), Settings.Secure.USER_SETUP_COMPLETE, 0 /*default */, currentUserHandle); boolean searchActionAvailable = ((SearchManager) mContext.getSystemService(Context.SEARCH_SERVICE)) .getAssistIntent(mContext, UserHandle.USER_CURRENT) != null; mCameraDisabled = cameraDisabledByAdmin || disabledBySimState || !cameraTargetPresent || !currentUserSetup; mSearchDisabled = disabledBySimState || !searchActionAvailable || !searchTargetPresent || !currentUserSetup; updateResources(); }
/** * API: Query used to determine if a given policy is "active" (the device is operating at the * required security level). * * <p>This can be used when syncing a specific account, by passing a specific set of policies for * that account. Or, it can be used at any time to compare the device state against the aggregate * set of device policies stored in all accounts. * * <p>This method is for queries only, and does not trigger any change in device state. * * <p>NOTE: If there are multiple accounts with password expiration policies, the device password * will be set to expire in the shortest required interval (most secure). This method will return * 'false' as soon as the password expires - irrespective of which account caused the expiration. * In other words, all accounts (that require expiration) will run/stop based on the requirements * of the account with the shortest interval. * * @param policy the policies requested, or null to check aggregate stored policies * @return zero if the requested policies are active, non-zero bits indicates that more work is * needed (typically, by the user) before the required security polices are fully active. */ public int getInactiveReasons(Policy policy) { // select aggregate set if needed if (policy == null) { policy = getAggregatePolicy(); } // quick check for the "empty set" of no policies if (policy == Policy.NO_POLICY) { return 0; } int reasons = 0; DevicePolicyManager dpm = getDPM(); if (isActiveAdmin()) { // check each policy explicitly if (policy.mPasswordMinLength > 0) { if (dpm.getPasswordMinimumLength(mAdminName) < policy.mPasswordMinLength) { reasons |= INACTIVE_NEED_PASSWORD; } } if (policy.mPasswordMode > 0) { if (dpm.getPasswordQuality(mAdminName) < policy.getDPManagerPasswordQuality()) { reasons |= INACTIVE_NEED_PASSWORD; } if (!dpm.isActivePasswordSufficient()) { reasons |= INACTIVE_NEED_PASSWORD; } } if (policy.mMaxScreenLockTime > 0) { // Note, we use seconds, dpm uses milliseconds if (dpm.getMaximumTimeToLock(mAdminName) > policy.mMaxScreenLockTime * 1000) { reasons |= INACTIVE_NEED_CONFIGURATION; } } if (policy.mPasswordExpirationDays > 0) { // confirm that expirations are currently set long currentTimeout = dpm.getPasswordExpirationTimeout(mAdminName); if (currentTimeout == 0 || currentTimeout > policy.getDPManagerPasswordExpirationTimeout()) { reasons |= INACTIVE_NEED_PASSWORD; } // confirm that the current password hasn't expired long expirationDate = dpm.getPasswordExpiration(mAdminName); long timeUntilExpiration = expirationDate - System.currentTimeMillis(); boolean expired = timeUntilExpiration < 0; if (expired) { reasons |= INACTIVE_NEED_PASSWORD; } } if (policy.mPasswordHistory > 0) { if (dpm.getPasswordHistoryLength(mAdminName) < policy.mPasswordHistory) { // There's no user action for changes here; this is just a configuration change reasons |= INACTIVE_NEED_CONFIGURATION; } } if (policy.mPasswordComplexChars > 0) { if (dpm.getPasswordMinimumNonLetter(mAdminName) < policy.mPasswordComplexChars) { reasons |= INACTIVE_NEED_PASSWORD; } } if (policy.mRequireEncryption) { int encryptionStatus = getDPM().getStorageEncryptionStatus(); if (encryptionStatus != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) { reasons |= INACTIVE_NEED_ENCRYPTION; } } if (policy.mDontAllowCamera && !dpm.getCameraDisabled(mAdminName)) { reasons |= INACTIVE_NEED_CONFIGURATION; } // password failures are counted locally - no test required here // no check required for remote wipe (it's supported, if we're the admin) if (policy.mProtocolPoliciesUnsupported != null) { reasons |= INACTIVE_PROTOCOL_POLICIES; } // If we made it all the way, reasons == 0 here. Otherwise it's a list of grievances. return reasons; } // return false, not active return INACTIVE_NEED_ACTIVATION; }