/**
* Set the requested security level based on the aggregate set of requests. If the set is empty,
* we release our device administration. If the set is non-empty, we only proceed if we are
* already active as an admin.
*/
public void setActivePolicies() {
DevicePolicyManager dpm = getDPM();
// compute aggregate set of policies
Policy aggregatePolicy = getAggregatePolicy();
// if empty set, detach from policy manager
if (aggregatePolicy == Policy.NO_POLICY) {
if (DebugUtils.DEBUG) {
LogUtils.d(TAG, "setActivePolicies: none, remove admin");
}
dpm.removeActiveAdmin(mAdminName);
} else if (isActiveAdmin()) {
if (DebugUtils.DEBUG) {
LogUtils.d(TAG, "setActivePolicies: " + aggregatePolicy);
}
// set each policy in the policy manager
// password mode & length
dpm.setPasswordQuality(mAdminName, aggregatePolicy.getDPManagerPasswordQuality());
dpm.setPasswordMinimumLength(mAdminName, aggregatePolicy.mPasswordMinLength);
// screen lock time
dpm.setMaximumTimeToLock(mAdminName, aggregatePolicy.mMaxScreenLockTime * 1000);
// local wipe (failed passwords limit)
dpm.setMaximumFailedPasswordsForWipe(mAdminName, aggregatePolicy.mPasswordMaxFails);
// password expiration (days until a password expires). API takes mSec.
dpm.setPasswordExpirationTimeout(
mAdminName, aggregatePolicy.getDPManagerPasswordExpirationTimeout());
// password history length (number of previous passwords that may not be reused)
dpm.setPasswordHistoryLength(mAdminName, aggregatePolicy.mPasswordHistory);
// password minimum complex characters.
// Note, in Exchange, "complex chars" simply means "non alpha", but in the DPM,
// setting the quality to complex also defaults min symbols=1 and min numeric=1.
// We always / safely clear minSymbols & minNumeric to zero (there is no policy
// configuration in which we explicitly require a minimum number of digits or symbols.)
dpm.setPasswordMinimumSymbols(mAdminName, 0);
dpm.setPasswordMinimumNumeric(mAdminName, 0);
dpm.setPasswordMinimumNonLetter(mAdminName, aggregatePolicy.mPasswordComplexChars);
// Device capabilities
try {
// If we are running in a managed policy, it is a securityException to even
// call setCameraDisabled(), if is disabled is false. We have to swallow
// the exception here.
dpm.setCameraDisabled(mAdminName, aggregatePolicy.mDontAllowCamera);
} catch (SecurityException e) {
LogUtils.d(TAG, "SecurityException in setCameraDisabled, nothing changed");
}
// encryption required
dpm.setStorageEncryption(mAdminName, aggregatePolicy.mRequireEncryption);
}
}
public void onClick(View v) {
if (mAM.isUserAMonkey()) {
// Don't trust monkeys to do the right thing!
AlertDialog.Builder builder = new AlertDialog.Builder(Controller.this);
builder.setMessage("You can't lock my screen because you are a monkey!");
builder.setPositiveButton("I admit defeat", null);
builder.show();
return;
}
boolean active = mDPM.isAdminActive(mDeviceAdminSample);
if (active) {
long timeMs = 1000L * Long.parseLong(mTimeout.getText().toString());
mDPM.setMaximumTimeToLock(mDeviceAdminSample, timeMs);
}
}
