예제 #1
0
 @TargetApi(ApiHelper.VERSION_CODES.ICE_CREAM_SANDWICH)
 private static void throwIfCameraDisabled(Activity activity) throws CameraDisabledException {
   // Check if device policy has disabled the camera.
   if (ApiHelper.HAS_GET_CAMERA_DISABLED) {
     DevicePolicyManager dpm =
         (DevicePolicyManager) activity.getSystemService(Context.DEVICE_POLICY_SERVICE);
     if (dpm.getCameraDisabled(null)) {
       throw new CameraDisabledException();
     }
   }
 }
예제 #2
0
 private boolean isCameraDisabledByDpm() {
   final DevicePolicyManager dpm =
       (DevicePolicyManager) getContext().getSystemService(Context.DEVICE_POLICY_SERVICE);
   if (dpm != null) {
     try {
       final int userId = ActivityManagerNative.getDefault().getCurrentUser().id;
       final int disabledFlags = dpm.getKeyguardDisabledFeatures(null, userId);
       final boolean disabledBecauseKeyguardSecure =
           (disabledFlags & DevicePolicyManager.KEYGUARD_DISABLE_SECURE_CAMERA) != 0
               && KeyguardTouchDelegate.getInstance(getContext()).isSecure();
       return dpm.getCameraDisabled(null) || disabledBecauseKeyguardSecure;
     } catch (RemoteException e) {
       Log.e(TAG, "Can't get userId", e);
     }
   }
   return false;
 }
예제 #3
0
  private void updateTargets() {
    int currentUserHandle = mLockPatternUtils.getCurrentUser();
    DevicePolicyManager dpm = mLockPatternUtils.getDevicePolicyManager();
    int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, currentUserHandle);
    boolean secureCameraDisabled =
        mLockPatternUtils.isSecure()
            && (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_SECURE_CAMERA) != 0;
    boolean cameraDisabledByAdmin =
        dpm.getCameraDisabled(null, currentUserHandle) || secureCameraDisabled;
    final KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(getContext());
    boolean disabledBySimState = monitor.isSimLocked();
    boolean cameraTargetPresent =
        isTargetPresent(com.android.internal.R.drawable.ic_lockscreen_camera);
    boolean searchTargetPresent =
        isTargetPresent(com.android.internal.R.drawable.ic_action_assist_generic);

    if (cameraDisabledByAdmin) {
      Log.v(TAG, "Camera disabled by Device Policy");
    } else if (disabledBySimState) {
      Log.v(TAG, "Camera disabled by Sim State");
    }
    boolean currentUserSetup =
        0
            != Settings.Secure.getIntForUser(
                mContext.getContentResolver(),
                Settings.Secure.USER_SETUP_COMPLETE,
                0 /*default */,
                currentUserHandle);
    boolean searchActionAvailable =
        ((SearchManager) mContext.getSystemService(Context.SEARCH_SERVICE))
                .getAssistIntent(mContext, UserHandle.USER_CURRENT)
            != null;
    mCameraDisabled =
        cameraDisabledByAdmin || disabledBySimState || !cameraTargetPresent || !currentUserSetup;
    mSearchDisabled =
        disabledBySimState || !searchActionAvailable || !searchTargetPresent || !currentUserSetup;
    updateResources();
  }
  /**
   * API: Query used to determine if a given policy is "active" (the device is operating at the
   * required security level).
   *
   * <p>This can be used when syncing a specific account, by passing a specific set of policies for
   * that account. Or, it can be used at any time to compare the device state against the aggregate
   * set of device policies stored in all accounts.
   *
   * <p>This method is for queries only, and does not trigger any change in device state.
   *
   * <p>NOTE: If there are multiple accounts with password expiration policies, the device password
   * will be set to expire in the shortest required interval (most secure). This method will return
   * 'false' as soon as the password expires - irrespective of which account caused the expiration.
   * In other words, all accounts (that require expiration) will run/stop based on the requirements
   * of the account with the shortest interval.
   *
   * @param policy the policies requested, or null to check aggregate stored policies
   * @return zero if the requested policies are active, non-zero bits indicates that more work is
   *     needed (typically, by the user) before the required security polices are fully active.
   */
  public int getInactiveReasons(Policy policy) {
    // select aggregate set if needed
    if (policy == null) {
      policy = getAggregatePolicy();
    }
    // quick check for the "empty set" of no policies
    if (policy == Policy.NO_POLICY) {
      return 0;
    }
    int reasons = 0;
    DevicePolicyManager dpm = getDPM();
    if (isActiveAdmin()) {
      // check each policy explicitly
      if (policy.mPasswordMinLength > 0) {
        if (dpm.getPasswordMinimumLength(mAdminName) < policy.mPasswordMinLength) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
      }
      if (policy.mPasswordMode > 0) {
        if (dpm.getPasswordQuality(mAdminName) < policy.getDPManagerPasswordQuality()) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
        if (!dpm.isActivePasswordSufficient()) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
      }
      if (policy.mMaxScreenLockTime > 0) {
        // Note, we use seconds, dpm uses milliseconds
        if (dpm.getMaximumTimeToLock(mAdminName) > policy.mMaxScreenLockTime * 1000) {
          reasons |= INACTIVE_NEED_CONFIGURATION;
        }
      }
      if (policy.mPasswordExpirationDays > 0) {
        // confirm that expirations are currently set
        long currentTimeout = dpm.getPasswordExpirationTimeout(mAdminName);
        if (currentTimeout == 0
            || currentTimeout > policy.getDPManagerPasswordExpirationTimeout()) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
        // confirm that the current password hasn't expired
        long expirationDate = dpm.getPasswordExpiration(mAdminName);
        long timeUntilExpiration = expirationDate - System.currentTimeMillis();
        boolean expired = timeUntilExpiration < 0;
        if (expired) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
      }
      if (policy.mPasswordHistory > 0) {
        if (dpm.getPasswordHistoryLength(mAdminName) < policy.mPasswordHistory) {
          // There's no user action for changes here; this is just a configuration change
          reasons |= INACTIVE_NEED_CONFIGURATION;
        }
      }
      if (policy.mPasswordComplexChars > 0) {
        if (dpm.getPasswordMinimumNonLetter(mAdminName) < policy.mPasswordComplexChars) {
          reasons |= INACTIVE_NEED_PASSWORD;
        }
      }
      if (policy.mRequireEncryption) {
        int encryptionStatus = getDPM().getStorageEncryptionStatus();
        if (encryptionStatus != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) {
          reasons |= INACTIVE_NEED_ENCRYPTION;
        }
      }
      if (policy.mDontAllowCamera && !dpm.getCameraDisabled(mAdminName)) {
        reasons |= INACTIVE_NEED_CONFIGURATION;
      }
      // password failures are counted locally - no test required here
      // no check required for remote wipe (it's supported, if we're the admin)

      if (policy.mProtocolPoliciesUnsupported != null) {
        reasons |= INACTIVE_PROTOCOL_POLICIES;
      }

      // If we made it all the way, reasons == 0 here.  Otherwise it's a list of grievances.
      return reasons;
    }
    // return false, not active
    return INACTIVE_NEED_ACTIVATION;
  }