/**
   * Set the requested security level based on the aggregate set of requests. If the set is empty,
   * we release our device administration. If the set is non-empty, we only proceed if we are
   * already active as an admin.
   */
  public void setActivePolicies() {
    DevicePolicyManager dpm = getDPM();
    // compute aggregate set of policies
    Policy aggregatePolicy = getAggregatePolicy();
    // if empty set, detach from policy manager
    if (aggregatePolicy == Policy.NO_POLICY) {
      if (DebugUtils.DEBUG) {
        LogUtils.d(TAG, "setActivePolicies: none, remove admin");
      }
      dpm.removeActiveAdmin(mAdminName);
    } else if (isActiveAdmin()) {
      if (DebugUtils.DEBUG) {
        LogUtils.d(TAG, "setActivePolicies: " + aggregatePolicy);
      }
      // set each policy in the policy manager
      // password mode & length
      dpm.setPasswordQuality(mAdminName, aggregatePolicy.getDPManagerPasswordQuality());
      dpm.setPasswordMinimumLength(mAdminName, aggregatePolicy.mPasswordMinLength);
      // screen lock time
      dpm.setMaximumTimeToLock(mAdminName, aggregatePolicy.mMaxScreenLockTime * 1000);
      // local wipe (failed passwords limit)
      dpm.setMaximumFailedPasswordsForWipe(mAdminName, aggregatePolicy.mPasswordMaxFails);
      // password expiration (days until a password expires).  API takes mSec.
      dpm.setPasswordExpirationTimeout(
          mAdminName, aggregatePolicy.getDPManagerPasswordExpirationTimeout());
      // password history length (number of previous passwords that may not be reused)
      dpm.setPasswordHistoryLength(mAdminName, aggregatePolicy.mPasswordHistory);
      // password minimum complex characters.
      // Note, in Exchange, "complex chars" simply means "non alpha", but in the DPM,
      // setting the quality to complex also defaults min symbols=1 and min numeric=1.
      // We always / safely clear minSymbols & minNumeric to zero (there is no policy
      // configuration in which we explicitly require a minimum number of digits or symbols.)
      dpm.setPasswordMinimumSymbols(mAdminName, 0);
      dpm.setPasswordMinimumNumeric(mAdminName, 0);
      dpm.setPasswordMinimumNonLetter(mAdminName, aggregatePolicy.mPasswordComplexChars);
      // Device capabilities
      try {
        // If we are running in a managed policy, it is a securityException to even
        // call setCameraDisabled(), if is disabled is false. We have to swallow
        // the exception here.
        dpm.setCameraDisabled(mAdminName, aggregatePolicy.mDontAllowCamera);
      } catch (SecurityException e) {
        LogUtils.d(TAG, "SecurityException in setCameraDisabled, nothing changed");
      }

      // encryption required
      dpm.setStorageEncryption(mAdminName, aggregatePolicy.mRequireEncryption);
    }
  }
示例#2
0
 public void onClick(View v) {
   if (mAM.isUserAMonkey()) {
     // Don't trust monkeys to do the right thing!
     AlertDialog.Builder builder = new AlertDialog.Builder(Controller.this);
     builder.setMessage("You can't lock my screen because you are a monkey!");
     builder.setPositiveButton("I admit defeat", null);
     builder.show();
     return;
   }
   boolean active = mDPM.isAdminActive(mDeviceAdminSample);
   if (active) {
     long timeMs = 1000L * Long.parseLong(mTimeout.getText().toString());
     mDPM.setMaximumTimeToLock(mDeviceAdminSample, timeMs);
   }
 }