/**
* Encrypt/Decrypt device storage.
*
* @param code - Operation code.
* @param data - Data required(Encryption enable/disable switch).
* @param requestMode - Request mode(Normal mode or policy bundle mode).
*/
public void encryptStorage(String code, String data) {
boolean doEncrypt = true;
try {
JSONObject encryptData = new JSONObject(data);
if (!encryptData.isNull(resources.getString(R.string.intent_extra_function))
&& encryptData
.get(resources.getString(R.string.intent_extra_function))
.toString()
.equalsIgnoreCase(resources.getString(R.string.intent_extra_encrypt))) {
doEncrypt = true;
} else if (!encryptData.isNull(resources.getString(R.string.intent_extra_function))
&& encryptData
.get(resources.getString(R.string.intent_extra_function))
.toString()
.equalsIgnoreCase(resources.getString(R.string.intent_extra_decrypt))) {
doEncrypt = false;
} else if (!encryptData.isNull(resources.getString(R.string.intent_extra_function))) {
doEncrypt =
Boolean.parseBoolean(
encryptData.get(resources.getString(R.string.intent_extra_function)).toString());
}
} catch (JSONException e) {
Log.e(TAG, "Invalid JSON format." + e);
}
ComponentName admin = new ComponentName(context, AgentDeviceAdminReceiver.class);
if (doEncrypt
&& devicePolicyManager.getStorageEncryptionStatus()
!= DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED
&& (devicePolicyManager.getStorageEncryptionStatus()
== DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE)) {
devicePolicyManager.setStorageEncryption(admin, doEncrypt);
Intent intent = new Intent(DevicePolicyManager.ACTION_START_ENCRYPTION);
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
context.startActivity(intent);
} else if (!doEncrypt
&& devicePolicyManager.getStorageEncryptionStatus()
!= DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED
&& (devicePolicyManager.getStorageEncryptionStatus()
== DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
|| devicePolicyManager.getStorageEncryptionStatus()
== DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING)) {
devicePolicyManager.setStorageEncryption(admin, doEncrypt);
}
String status;
if (devicePolicyManager.getStorageEncryptionStatus()
!= DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED) {
status = resources.getString(R.string.shared_pref_default_status);
} else {
status = resources.getString(R.string.shared_pref_false_status);
}
resultBuilder.build(code, status);
}
/**
* Revokes device encrypt policy on the device (Device external storage encryption).
*
* @param operation - Operation object.
*/
private void revokeEncryptPolicy(org.wso2.emm.agent.beans.Operation operation) {
boolean encryptStatus =
(devicePolicyManager.getStorageEncryptionStatus()
!= devicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED
&& (devicePolicyManager.getStorageEncryptionStatus()
== devicePolicyManager.ENCRYPTION_STATUS_ACTIVE
|| devicePolicyManager.getStorageEncryptionStatus()
== devicePolicyManager.ENCRYPTION_STATUS_ACTIVATING));
if (operation.isEnabled() && encryptStatus) {
devicePolicyManager.setStorageEncryption(deviceAdmin, false);
}
}
/**
* Set the requested security level based on the aggregate set of requests. If the set is empty,
* we release our device administration. If the set is non-empty, we only proceed if we are
* already active as an admin.
*/
public void setActivePolicies() {
DevicePolicyManager dpm = getDPM();
// compute aggregate set of policies
Policy aggregatePolicy = getAggregatePolicy();
// if empty set, detach from policy manager
if (aggregatePolicy == Policy.NO_POLICY) {
if (DebugUtils.DEBUG) {
LogUtils.d(TAG, "setActivePolicies: none, remove admin");
}
dpm.removeActiveAdmin(mAdminName);
} else if (isActiveAdmin()) {
if (DebugUtils.DEBUG) {
LogUtils.d(TAG, "setActivePolicies: " + aggregatePolicy);
}
// set each policy in the policy manager
// password mode & length
dpm.setPasswordQuality(mAdminName, aggregatePolicy.getDPManagerPasswordQuality());
dpm.setPasswordMinimumLength(mAdminName, aggregatePolicy.mPasswordMinLength);
// screen lock time
dpm.setMaximumTimeToLock(mAdminName, aggregatePolicy.mMaxScreenLockTime * 1000);
// local wipe (failed passwords limit)
dpm.setMaximumFailedPasswordsForWipe(mAdminName, aggregatePolicy.mPasswordMaxFails);
// password expiration (days until a password expires). API takes mSec.
dpm.setPasswordExpirationTimeout(
mAdminName, aggregatePolicy.getDPManagerPasswordExpirationTimeout());
// password history length (number of previous passwords that may not be reused)
dpm.setPasswordHistoryLength(mAdminName, aggregatePolicy.mPasswordHistory);
// password minimum complex characters.
// Note, in Exchange, "complex chars" simply means "non alpha", but in the DPM,
// setting the quality to complex also defaults min symbols=1 and min numeric=1.
// We always / safely clear minSymbols & minNumeric to zero (there is no policy
// configuration in which we explicitly require a minimum number of digits or symbols.)
dpm.setPasswordMinimumSymbols(mAdminName, 0);
dpm.setPasswordMinimumNumeric(mAdminName, 0);
dpm.setPasswordMinimumNonLetter(mAdminName, aggregatePolicy.mPasswordComplexChars);
// Device capabilities
try {
// If we are running in a managed policy, it is a securityException to even
// call setCameraDisabled(), if is disabled is false. We have to swallow
// the exception here.
dpm.setCameraDisabled(mAdminName, aggregatePolicy.mDontAllowCamera);
} catch (SecurityException e) {
LogUtils.d(TAG, "SecurityException in setCameraDisabled, nothing changed");
}
// encryption required
dpm.setStorageEncryption(mAdminName, aggregatePolicy.mRequireEncryption);
}
}