@TargetApi(ApiHelper.VERSION_CODES.ICE_CREAM_SANDWICH)
private static void throwIfCameraDisabled(Activity activity) throws CameraDisabledException {
// Check if device policy has disabled the camera.
if (ApiHelper.HAS_GET_CAMERA_DISABLED) {
DevicePolicyManager dpm =
(DevicePolicyManager) activity.getSystemService(Context.DEVICE_POLICY_SERVICE);
if (dpm.getCameraDisabled(null)) {
throw new CameraDisabledException();
}
}
}
private boolean isCameraDisabledByDpm() {
final DevicePolicyManager dpm =
(DevicePolicyManager) getContext().getSystemService(Context.DEVICE_POLICY_SERVICE);
if (dpm != null) {
try {
final int userId = ActivityManagerNative.getDefault().getCurrentUser().id;
final int disabledFlags = dpm.getKeyguardDisabledFeatures(null, userId);
final boolean disabledBecauseKeyguardSecure =
(disabledFlags & DevicePolicyManager.KEYGUARD_DISABLE_SECURE_CAMERA) != 0
&& KeyguardTouchDelegate.getInstance(getContext()).isSecure();
return dpm.getCameraDisabled(null) || disabledBecauseKeyguardSecure;
} catch (RemoteException e) {
Log.e(TAG, "Can't get userId", e);
}
}
return false;
}
private void updateTargets() {
int currentUserHandle = mLockPatternUtils.getCurrentUser();
DevicePolicyManager dpm = mLockPatternUtils.getDevicePolicyManager();
int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, currentUserHandle);
boolean secureCameraDisabled =
mLockPatternUtils.isSecure()
&& (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_SECURE_CAMERA) != 0;
boolean cameraDisabledByAdmin =
dpm.getCameraDisabled(null, currentUserHandle) || secureCameraDisabled;
final KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(getContext());
boolean disabledBySimState = monitor.isSimLocked();
boolean cameraTargetPresent =
isTargetPresent(com.android.internal.R.drawable.ic_lockscreen_camera);
boolean searchTargetPresent =
isTargetPresent(com.android.internal.R.drawable.ic_action_assist_generic);
if (cameraDisabledByAdmin) {
Log.v(TAG, "Camera disabled by Device Policy");
} else if (disabledBySimState) {
Log.v(TAG, "Camera disabled by Sim State");
}
boolean currentUserSetup =
0
!= Settings.Secure.getIntForUser(
mContext.getContentResolver(),
Settings.Secure.USER_SETUP_COMPLETE,
0 /*default */,
currentUserHandle);
boolean searchActionAvailable =
((SearchManager) mContext.getSystemService(Context.SEARCH_SERVICE))
.getAssistIntent(mContext, UserHandle.USER_CURRENT)
!= null;
mCameraDisabled =
cameraDisabledByAdmin || disabledBySimState || !cameraTargetPresent || !currentUserSetup;
mSearchDisabled =
disabledBySimState || !searchActionAvailable || !searchTargetPresent || !currentUserSetup;
updateResources();
}
/**
* API: Query used to determine if a given policy is "active" (the device is operating at the
* required security level).
*
* <p>This can be used when syncing a specific account, by passing a specific set of policies for
* that account. Or, it can be used at any time to compare the device state against the aggregate
* set of device policies stored in all accounts.
*
* <p>This method is for queries only, and does not trigger any change in device state.
*
* <p>NOTE: If there are multiple accounts with password expiration policies, the device password
* will be set to expire in the shortest required interval (most secure). This method will return
* 'false' as soon as the password expires - irrespective of which account caused the expiration.
* In other words, all accounts (that require expiration) will run/stop based on the requirements
* of the account with the shortest interval.
*
* @param policy the policies requested, or null to check aggregate stored policies
* @return zero if the requested policies are active, non-zero bits indicates that more work is
* needed (typically, by the user) before the required security polices are fully active.
*/
public int getInactiveReasons(Policy policy) {
// select aggregate set if needed
if (policy == null) {
policy = getAggregatePolicy();
}
// quick check for the "empty set" of no policies
if (policy == Policy.NO_POLICY) {
return 0;
}
int reasons = 0;
DevicePolicyManager dpm = getDPM();
if (isActiveAdmin()) {
// check each policy explicitly
if (policy.mPasswordMinLength > 0) {
if (dpm.getPasswordMinimumLength(mAdminName) < policy.mPasswordMinLength) {
reasons |= INACTIVE_NEED_PASSWORD;
}
}
if (policy.mPasswordMode > 0) {
if (dpm.getPasswordQuality(mAdminName) < policy.getDPManagerPasswordQuality()) {
reasons |= INACTIVE_NEED_PASSWORD;
}
if (!dpm.isActivePasswordSufficient()) {
reasons |= INACTIVE_NEED_PASSWORD;
}
}
if (policy.mMaxScreenLockTime > 0) {
// Note, we use seconds, dpm uses milliseconds
if (dpm.getMaximumTimeToLock(mAdminName) > policy.mMaxScreenLockTime * 1000) {
reasons |= INACTIVE_NEED_CONFIGURATION;
}
}
if (policy.mPasswordExpirationDays > 0) {
// confirm that expirations are currently set
long currentTimeout = dpm.getPasswordExpirationTimeout(mAdminName);
if (currentTimeout == 0
|| currentTimeout > policy.getDPManagerPasswordExpirationTimeout()) {
reasons |= INACTIVE_NEED_PASSWORD;
}
// confirm that the current password hasn't expired
long expirationDate = dpm.getPasswordExpiration(mAdminName);
long timeUntilExpiration = expirationDate - System.currentTimeMillis();
boolean expired = timeUntilExpiration < 0;
if (expired) {
reasons |= INACTIVE_NEED_PASSWORD;
}
}
if (policy.mPasswordHistory > 0) {
if (dpm.getPasswordHistoryLength(mAdminName) < policy.mPasswordHistory) {
// There's no user action for changes here; this is just a configuration change
reasons |= INACTIVE_NEED_CONFIGURATION;
}
}
if (policy.mPasswordComplexChars > 0) {
if (dpm.getPasswordMinimumNonLetter(mAdminName) < policy.mPasswordComplexChars) {
reasons |= INACTIVE_NEED_PASSWORD;
}
}
if (policy.mRequireEncryption) {
int encryptionStatus = getDPM().getStorageEncryptionStatus();
if (encryptionStatus != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) {
reasons |= INACTIVE_NEED_ENCRYPTION;
}
}
if (policy.mDontAllowCamera && !dpm.getCameraDisabled(mAdminName)) {
reasons |= INACTIVE_NEED_CONFIGURATION;
}
// password failures are counted locally - no test required here
// no check required for remote wipe (it's supported, if we're the admin)
if (policy.mProtocolPoliciesUnsupported != null) {
reasons |= INACTIVE_PROTOCOL_POLICIES;
}
// If we made it all the way, reasons == 0 here. Otherwise it's a list of grievances.
return reasons;
}
// return false, not active
return INACTIVE_NEED_ACTIVATION;
}
