Exemplo n.º 1
0
  /**
   * Encrypt/Decrypt device storage.
   *
   * @param code - Operation code.
   * @param data - Data required(Encryption enable/disable switch).
   * @param requestMode - Request mode(Normal mode or policy bundle mode).
   */
  public void encryptStorage(String code, String data) {
    boolean doEncrypt = true;
    try {
      JSONObject encryptData = new JSONObject(data);
      if (!encryptData.isNull(resources.getString(R.string.intent_extra_function))
          && encryptData
              .get(resources.getString(R.string.intent_extra_function))
              .toString()
              .equalsIgnoreCase(resources.getString(R.string.intent_extra_encrypt))) {
        doEncrypt = true;
      } else if (!encryptData.isNull(resources.getString(R.string.intent_extra_function))
          && encryptData
              .get(resources.getString(R.string.intent_extra_function))
              .toString()
              .equalsIgnoreCase(resources.getString(R.string.intent_extra_decrypt))) {
        doEncrypt = false;
      } else if (!encryptData.isNull(resources.getString(R.string.intent_extra_function))) {
        doEncrypt =
            Boolean.parseBoolean(
                encryptData.get(resources.getString(R.string.intent_extra_function)).toString());
      }
    } catch (JSONException e) {
      Log.e(TAG, "Invalid JSON format." + e);
    }

    ComponentName admin = new ComponentName(context, AgentDeviceAdminReceiver.class);

    if (doEncrypt
        && devicePolicyManager.getStorageEncryptionStatus()
            != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED
        && (devicePolicyManager.getStorageEncryptionStatus()
            == DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE)) {

      devicePolicyManager.setStorageEncryption(admin, doEncrypt);
      Intent intent = new Intent(DevicePolicyManager.ACTION_START_ENCRYPTION);
      intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
      context.startActivity(intent);

    } else if (!doEncrypt
        && devicePolicyManager.getStorageEncryptionStatus()
            != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED
        && (devicePolicyManager.getStorageEncryptionStatus()
                == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
            || devicePolicyManager.getStorageEncryptionStatus()
                == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING)) {

      devicePolicyManager.setStorageEncryption(admin, doEncrypt);
    }

    String status;
    if (devicePolicyManager.getStorageEncryptionStatus()
        != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED) {
      status = resources.getString(R.string.shared_pref_default_status);
    } else {
      status = resources.getString(R.string.shared_pref_false_status);
    }

    resultBuilder.build(code, status);
  }
Exemplo n.º 2
0
  /**
   * Revokes device encrypt policy on the device (Device external storage encryption).
   *
   * @param operation - Operation object.
   */
  private void revokeEncryptPolicy(org.wso2.emm.agent.beans.Operation operation) {

    boolean encryptStatus =
        (devicePolicyManager.getStorageEncryptionStatus()
                != devicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED
            && (devicePolicyManager.getStorageEncryptionStatus()
                    == devicePolicyManager.ENCRYPTION_STATUS_ACTIVE
                || devicePolicyManager.getStorageEncryptionStatus()
                    == devicePolicyManager.ENCRYPTION_STATUS_ACTIVATING));

    if (operation.isEnabled() && encryptStatus) {
      devicePolicyManager.setStorageEncryption(deviceAdmin, false);
    }
  }
  /**
   * Set the requested security level based on the aggregate set of requests. If the set is empty,
   * we release our device administration. If the set is non-empty, we only proceed if we are
   * already active as an admin.
   */
  public void setActivePolicies() {
    DevicePolicyManager dpm = getDPM();
    // compute aggregate set of policies
    Policy aggregatePolicy = getAggregatePolicy();
    // if empty set, detach from policy manager
    if (aggregatePolicy == Policy.NO_POLICY) {
      if (DebugUtils.DEBUG) {
        LogUtils.d(TAG, "setActivePolicies: none, remove admin");
      }
      dpm.removeActiveAdmin(mAdminName);
    } else if (isActiveAdmin()) {
      if (DebugUtils.DEBUG) {
        LogUtils.d(TAG, "setActivePolicies: " + aggregatePolicy);
      }
      // set each policy in the policy manager
      // password mode & length
      dpm.setPasswordQuality(mAdminName, aggregatePolicy.getDPManagerPasswordQuality());
      dpm.setPasswordMinimumLength(mAdminName, aggregatePolicy.mPasswordMinLength);
      // screen lock time
      dpm.setMaximumTimeToLock(mAdminName, aggregatePolicy.mMaxScreenLockTime * 1000);
      // local wipe (failed passwords limit)
      dpm.setMaximumFailedPasswordsForWipe(mAdminName, aggregatePolicy.mPasswordMaxFails);
      // password expiration (days until a password expires).  API takes mSec.
      dpm.setPasswordExpirationTimeout(
          mAdminName, aggregatePolicy.getDPManagerPasswordExpirationTimeout());
      // password history length (number of previous passwords that may not be reused)
      dpm.setPasswordHistoryLength(mAdminName, aggregatePolicy.mPasswordHistory);
      // password minimum complex characters.
      // Note, in Exchange, "complex chars" simply means "non alpha", but in the DPM,
      // setting the quality to complex also defaults min symbols=1 and min numeric=1.
      // We always / safely clear minSymbols & minNumeric to zero (there is no policy
      // configuration in which we explicitly require a minimum number of digits or symbols.)
      dpm.setPasswordMinimumSymbols(mAdminName, 0);
      dpm.setPasswordMinimumNumeric(mAdminName, 0);
      dpm.setPasswordMinimumNonLetter(mAdminName, aggregatePolicy.mPasswordComplexChars);
      // Device capabilities
      try {
        // If we are running in a managed policy, it is a securityException to even
        // call setCameraDisabled(), if is disabled is false. We have to swallow
        // the exception here.
        dpm.setCameraDisabled(mAdminName, aggregatePolicy.mDontAllowCamera);
      } catch (SecurityException e) {
        LogUtils.d(TAG, "SecurityException in setCameraDisabled, nothing changed");
      }

      // encryption required
      dpm.setStorageEncryption(mAdminName, aggregatePolicy.mRequireEncryption);
    }
  }