1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.app.admin; 18 19 import org.xmlpull.v1.XmlPullParserException; 20 21 import android.annotation.SdkConstant; 22 import android.annotation.SdkConstant.SdkConstantType; 23 import android.content.ComponentName; 24 import android.content.Context; 25 import android.content.pm.ActivityInfo; 26 import android.content.pm.PackageManager; 27 import android.content.pm.ResolveInfo; 28 import android.os.Handler; 29 import android.os.RemoteCallback; 30 import android.os.RemoteException; 31 import android.os.ServiceManager; 32 import android.util.Log; 33 34 import java.io.IOException; 35 import java.net.InetSocketAddress; 36 import java.net.Proxy; 37 import java.util.List; 38 39 /** 40 * Public interface for managing policies enforced on a device. Most clients 41 * of this class must have published a {@link DeviceAdminReceiver} that the user 42 * has currently enabled. 43 * 44 * <div class="special reference"> 45 * <h3>Developer Guides</h3> 46 * <p>For more information about managing policies for device adminstration, read the 47 * <a href="{@docRoot}guide/topics/admin/device-admin.html">Device Administration</a> 48 * developer guide.</p> 49 * </div> 50 */ 51 public class DevicePolicyManager { 52 private static String TAG = "DevicePolicyManager"; 53 54 private final Context mContext; 55 private final IDevicePolicyManager mService; 56 57 private DevicePolicyManager(Context context, Handler handler) { 58 mContext = context; 59 mService = IDevicePolicyManager.Stub.asInterface( 60 ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); 61 } 62 63 /** @hide */ 64 public static DevicePolicyManager create(Context context, Handler handler) { 65 DevicePolicyManager me = new DevicePolicyManager(context, handler); 66 return me.mService != null ? me : null; 67 } 68 69 /** 70 * Activity action: ask the user to add a new device administrator to the system. 71 * The desired policy is the ComponentName of the policy in the 72 * {@link #EXTRA_DEVICE_ADMIN} extra field. This will invoke a UI to 73 * bring the user through adding the device administrator to the system (or 74 * allowing them to reject it). 75 * 76 * <p>You can optionally include the {@link #EXTRA_ADD_EXPLANATION} 77 * field to provide the user with additional explanation (in addition 78 * to your component's description) about what is being added. 79 * 80 * <p>If your administrator is already active, this will ordinarily return immediately (without 81 * user intervention). However, if your administrator has been updated and is requesting 82 * additional uses-policy flags, the user will be presented with the new list. New policies 83 * will not be available to the updated administrator until the user has accepted the new list. 84 */ 85 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 86 public static final String ACTION_ADD_DEVICE_ADMIN 87 = "android.app.action.ADD_DEVICE_ADMIN"; 88 89 /** 90 * Activity action: send when any policy admin changes a policy. 91 * This is generally used to find out when a new policy is in effect. 92 * 93 * @hide 94 */ 95 public static final String ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED 96 = "android.app.action.DEVICE_POLICY_MANAGER_STATE_CHANGED"; 97 98 /** 99 * The ComponentName of the administrator component. 100 * 101 * @see #ACTION_ADD_DEVICE_ADMIN 102 */ 103 public static final String EXTRA_DEVICE_ADMIN = "android.app.extra.DEVICE_ADMIN"; 104 105 /** 106 * An optional CharSequence providing additional explanation for why the 107 * admin is being added. 108 * 109 * @see #ACTION_ADD_DEVICE_ADMIN 110 */ 111 public static final String EXTRA_ADD_EXPLANATION = "android.app.extra.ADD_EXPLANATION"; 112 113 /** 114 * Activity action: have the user enter a new password. This activity should 115 * be launched after using {@link #setPasswordQuality(ComponentName, int)}, 116 * or {@link #setPasswordMinimumLength(ComponentName, int)} to have the user 117 * enter a new password that meets the current requirements. You can use 118 * {@link #isActivePasswordSufficient()} to determine whether you need to 119 * have the user select a new password in order to meet the current 120 * constraints. Upon being resumed from this activity, you can check the new 121 * password characteristics to see if they are sufficient. 122 */ 123 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 124 public static final String ACTION_SET_NEW_PASSWORD 125 = "android.app.action.SET_NEW_PASSWORD"; 126 127 /** 128 * Return true if the given administrator component is currently 129 * active (enabled) in the system. 130 */ 131 public boolean isAdminActive(ComponentName who) { 132 if (mService != null) { 133 try { 134 return mService.isAdminActive(who); 135 } catch (RemoteException e) { 136 Log.w(TAG, "Failed talking with device policy service", e); 137 } 138 } 139 return false; 140 } 141 142 /** 143 * Return a list of all currently active device administrator's component 144 * names. Note that if there are no administrators than null may be 145 * returned. 146 */ 147 public List<ComponentName> getActiveAdmins() { 148 if (mService != null) { 149 try { 150 return mService.getActiveAdmins(); 151 } catch (RemoteException e) { 152 Log.w(TAG, "Failed talking with device policy service", e); 153 } 154 } 155 return null; 156 } 157 158 /** 159 * @hide 160 */ 161 public boolean packageHasActiveAdmins(String packageName) { 162 if (mService != null) { 163 try { 164 return mService.packageHasActiveAdmins(packageName); 165 } catch (RemoteException e) { 166 Log.w(TAG, "Failed talking with device policy service", e); 167 } 168 } 169 return false; 170 } 171 172 /** 173 * Remove a current administration component. This can only be called 174 * by the application that owns the administration component; if you 175 * try to remove someone else's component, a security exception will be 176 * thrown. 177 */ 178 public void removeActiveAdmin(ComponentName who) { 179 if (mService != null) { 180 try { 181 mService.removeActiveAdmin(who); 182 } catch (RemoteException e) { 183 Log.w(TAG, "Failed talking with device policy service", e); 184 } 185 } 186 } 187 188 /** 189 * Returns true if an administrator has been granted a particular device policy. This can 190 * be used to check if the administrator was activated under an earlier set of policies, 191 * but requires additional policies after an upgrade. 192 * 193 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. Must be 194 * an active administrator, or an exception will be thrown. 195 * @param usesPolicy Which uses-policy to check, as defined in {@link DeviceAdminInfo}. 196 */ 197 public boolean hasGrantedPolicy(ComponentName admin, int usesPolicy) { 198 if (mService != null) { 199 try { 200 return mService.hasGrantedPolicy(admin, usesPolicy); 201 } catch (RemoteException e) { 202 Log.w(TAG, "Failed talking with device policy service", e); 203 } 204 } 205 return false; 206 } 207 208 /** 209 * Constant for {@link #setPasswordQuality}: the policy has no requirements 210 * for the password. Note that quality constants are ordered so that higher 211 * values are more restrictive. 212 */ 213 public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; 214 215 /** 216 * Constant for {@link #setPasswordQuality}: the policy allows for low-security biometric 217 * recognition technology. This implies technologies that can recognize the identity of 218 * an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). 219 * Note that quality constants are ordered so that higher values are more restrictive. 220 */ 221 public static final int PASSWORD_QUALITY_BIOMETRIC_WEAK = 0x8000; 222 223 /** 224 * Constant for {@link #setPasswordQuality}: the policy requires some kind 225 * of password, but doesn't care what it is. Note that quality constants 226 * are ordered so that higher values are more restrictive. 227 */ 228 public static final int PASSWORD_QUALITY_SOMETHING = 0x10000; 229 230 /** 231 * Constant for {@link #setPasswordQuality}: the user must have entered a 232 * password containing at least numeric characters. Note that quality 233 * constants are ordered so that higher values are more restrictive. 234 */ 235 public static final int PASSWORD_QUALITY_NUMERIC = 0x20000; 236 237 /** 238 * Constant for {@link #setPasswordQuality}: the user must have entered a 239 * password containing at least alphabetic (or other symbol) characters. 240 * Note that quality constants are ordered so that higher values are more 241 * restrictive. 242 */ 243 public static final int PASSWORD_QUALITY_ALPHABETIC = 0x40000; 244 245 /** 246 * Constant for {@link #setPasswordQuality}: the user must have entered a 247 * password containing at least <em>both></em> numeric <em>and</em> 248 * alphabetic (or other symbol) characters. Note that quality constants are 249 * ordered so that higher values are more restrictive. 250 */ 251 public static final int PASSWORD_QUALITY_ALPHANUMERIC = 0x50000; 252 253 /** 254 * Constant for {@link #setPasswordQuality}: the user must have entered a 255 * password containing at least a letter, a numerical digit and a special 256 * symbol, by default. With this password quality, passwords can be 257 * restricted to contain various sets of characters, like at least an 258 * uppercase letter, etc. These are specified using various methods, 259 * like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note 260 * that quality constants are ordered so that higher values are more 261 * restrictive. 262 */ 263 public static final int PASSWORD_QUALITY_COMPLEX = 0x60000; 264 265 /** 266 * Called by an application that is administering the device to set the 267 * password restrictions it is imposing. After setting this, the user 268 * will not be able to enter a new password that is not at least as 269 * restrictive as what has been set. Note that the current password 270 * will remain until the user has set a new one, so the change does not 271 * take place immediately. To prompt the user for a new password, use 272 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. 273 * 274 * <p>Quality constants are ordered so that higher values are more restrictive; 275 * thus the highest requested quality constant (between the policy set here, 276 * the user's preference, and any other considerations) is the one that 277 * is in effect. 278 * 279 * <p>The calling device admin must have requested 280 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 281 * this method; if it has not, a security exception will be thrown. 282 * 283 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 284 * @param quality The new desired quality. One of 285 * {@link #PASSWORD_QUALITY_UNSPECIFIED}, {@link #PASSWORD_QUALITY_SOMETHING}, 286 * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC}, 287 * {@link #PASSWORD_QUALITY_ALPHANUMERIC} or {@link #PASSWORD_QUALITY_COMPLEX}. 288 */ 289 public void setPasswordQuality(ComponentName admin, int quality) { 290 if (mService != null) { 291 try { 292 mService.setPasswordQuality(admin, quality); 293 } catch (RemoteException e) { 294 Log.w(TAG, "Failed talking with device policy service", e); 295 } 296 } 297 } 298 299 /** 300 * Retrieve the current minimum password quality for all admins 301 * or a particular one. 302 * @param admin The name of the admin component to check, or null to aggregate 303 * all admins. 304 */ 305 public int getPasswordQuality(ComponentName admin) { 306 if (mService != null) { 307 try { 308 return mService.getPasswordQuality(admin); 309 } catch (RemoteException e) { 310 Log.w(TAG, "Failed talking with device policy service", e); 311 } 312 } 313 return PASSWORD_QUALITY_UNSPECIFIED; 314 } 315 316 /** 317 * Called by an application that is administering the device to set the 318 * minimum allowed password length. After setting this, the user 319 * will not be able to enter a new password that is not at least as 320 * restrictive as what has been set. Note that the current password 321 * will remain until the user has set a new one, so the change does not 322 * take place immediately. To prompt the user for a new password, use 323 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 324 * constraint is only imposed if the administrator has also requested either 325 * {@link #PASSWORD_QUALITY_NUMERIC}, {@link #PASSWORD_QUALITY_ALPHABETIC} 326 * {@link #PASSWORD_QUALITY_ALPHANUMERIC}, or {@link #PASSWORD_QUALITY_COMPLEX} 327 * with {@link #setPasswordQuality}. 328 * 329 * <p>The calling device admin must have requested 330 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 331 * this method; if it has not, a security exception will be thrown. 332 * 333 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 334 * @param length The new desired minimum password length. A value of 0 335 * means there is no restriction. 336 */ 337 public void setPasswordMinimumLength(ComponentName admin, int length) { 338 if (mService != null) { 339 try { 340 mService.setPasswordMinimumLength(admin, length); 341 } catch (RemoteException e) { 342 Log.w(TAG, "Failed talking with device policy service", e); 343 } 344 } 345 } 346 347 /** 348 * Retrieve the current minimum password length for all admins 349 * or a particular one. 350 * @param admin The name of the admin component to check, or null to aggregate 351 * all admins. 352 */ 353 public int getPasswordMinimumLength(ComponentName admin) { 354 if (mService != null) { 355 try { 356 return mService.getPasswordMinimumLength(admin); 357 } catch (RemoteException e) { 358 Log.w(TAG, "Failed talking with device policy service", e); 359 } 360 } 361 return 0; 362 } 363 364 /** 365 * Called by an application that is administering the device to set the 366 * minimum number of upper case letters required in the password. After 367 * setting this, the user will not be able to enter a new password that is 368 * not at least as restrictive as what has been set. Note that the current 369 * password will remain until the user has set a new one, so the change does 370 * not take place immediately. To prompt the user for a new password, use 371 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 372 * constraint is only imposed if the administrator has also requested 373 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 374 * default value is 0. 375 * <p> 376 * The calling device admin must have requested 377 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 378 * this method; if it has not, a security exception will be thrown. 379 * 380 * @param admin Which {@link DeviceAdminReceiver} this request is associated 381 * with. 382 * @param length The new desired minimum number of upper case letters 383 * required in the password. A value of 0 means there is no 384 * restriction. 385 */ 386 public void setPasswordMinimumUpperCase(ComponentName admin, int length) { 387 if (mService != null) { 388 try { 389 mService.setPasswordMinimumUpperCase(admin, length); 390 } catch (RemoteException e) { 391 Log.w(TAG, "Failed talking with device policy service", e); 392 } 393 } 394 } 395 396 /** 397 * Retrieve the current number of upper case letters required in the 398 * password for all admins or a particular one. This is the same value as 399 * set by {#link {@link #setPasswordMinimumUpperCase(ComponentName, int)} 400 * and only applies when the password quality is 401 * {@link #PASSWORD_QUALITY_COMPLEX}. 402 * 403 * @param admin The name of the admin component to check, or null to 404 * aggregate all admins. 405 * @return The minimum number of upper case letters required in the 406 * password. 407 */ 408 public int getPasswordMinimumUpperCase(ComponentName admin) { 409 if (mService != null) { 410 try { 411 return mService.getPasswordMinimumUpperCase(admin); 412 } catch (RemoteException e) { 413 Log.w(TAG, "Failed talking with device policy service", e); 414 } 415 } 416 return 0; 417 } 418 419 /** 420 * Called by an application that is administering the device to set the 421 * minimum number of lower case letters required in the password. After 422 * setting this, the user will not be able to enter a new password that is 423 * not at least as restrictive as what has been set. Note that the current 424 * password will remain until the user has set a new one, so the change does 425 * not take place immediately. To prompt the user for a new password, use 426 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 427 * constraint is only imposed if the administrator has also requested 428 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 429 * default value is 0. 430 * <p> 431 * The calling device admin must have requested 432 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 433 * this method; if it has not, a security exception will be thrown. 434 * 435 * @param admin Which {@link DeviceAdminReceiver} this request is associated 436 * with. 437 * @param length The new desired minimum number of lower case letters 438 * required in the password. A value of 0 means there is no 439 * restriction. 440 */ 441 public void setPasswordMinimumLowerCase(ComponentName admin, int length) { 442 if (mService != null) { 443 try { 444 mService.setPasswordMinimumLowerCase(admin, length); 445 } catch (RemoteException e) { 446 Log.w(TAG, "Failed talking with device policy service", e); 447 } 448 } 449 } 450 451 /** 452 * Retrieve the current number of lower case letters required in the 453 * password for all admins or a particular one. This is the same value as 454 * set by {#link {@link #setPasswordMinimumLowerCase(ComponentName, int)} 455 * and only applies when the password quality is 456 * {@link #PASSWORD_QUALITY_COMPLEX}. 457 * 458 * @param admin The name of the admin component to check, or null to 459 * aggregate all admins. 460 * @return The minimum number of lower case letters required in the 461 * password. 462 */ 463 public int getPasswordMinimumLowerCase(ComponentName admin) { 464 if (mService != null) { 465 try { 466 return mService.getPasswordMinimumLowerCase(admin); 467 } catch (RemoteException e) { 468 Log.w(TAG, "Failed talking with device policy service", e); 469 } 470 } 471 return 0; 472 } 473 474 /** 475 * Called by an application that is administering the device to set the 476 * minimum number of letters required in the password. After setting this, 477 * the user will not be able to enter a new password that is not at least as 478 * restrictive as what has been set. Note that the current password will 479 * remain until the user has set a new one, so the change does not take 480 * place immediately. To prompt the user for a new password, use 481 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 482 * constraint is only imposed if the administrator has also requested 483 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 484 * default value is 1. 485 * <p> 486 * The calling device admin must have requested 487 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 488 * this method; if it has not, a security exception will be thrown. 489 * 490 * @param admin Which {@link DeviceAdminReceiver} this request is associated 491 * with. 492 * @param length The new desired minimum number of letters required in the 493 * password. A value of 0 means there is no restriction. 494 */ 495 public void setPasswordMinimumLetters(ComponentName admin, int length) { 496 if (mService != null) { 497 try { 498 mService.setPasswordMinimumLetters(admin, length); 499 } catch (RemoteException e) { 500 Log.w(TAG, "Failed talking with device policy service", e); 501 } 502 } 503 } 504 505 /** 506 * Retrieve the current number of letters required in the password for all 507 * admins or a particular one. This is the same value as 508 * set by {#link {@link #setPasswordMinimumLetters(ComponentName, int)} 509 * and only applies when the password quality is 510 * {@link #PASSWORD_QUALITY_COMPLEX}. 511 * 512 * @param admin The name of the admin component to check, or null to 513 * aggregate all admins. 514 * @return The minimum number of letters required in the password. 515 */ 516 public int getPasswordMinimumLetters(ComponentName admin) { 517 if (mService != null) { 518 try { 519 return mService.getPasswordMinimumLetters(admin); 520 } catch (RemoteException e) { 521 Log.w(TAG, "Failed talking with device policy service", e); 522 } 523 } 524 return 0; 525 } 526 527 /** 528 * Called by an application that is administering the device to set the 529 * minimum number of numerical digits required in the password. After 530 * setting this, the user will not be able to enter a new password that is 531 * not at least as restrictive as what has been set. Note that the current 532 * password will remain until the user has set a new one, so the change does 533 * not take place immediately. To prompt the user for a new password, use 534 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 535 * constraint is only imposed if the administrator has also requested 536 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 537 * default value is 1. 538 * <p> 539 * The calling device admin must have requested 540 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 541 * this method; if it has not, a security exception will be thrown. 542 * 543 * @param admin Which {@link DeviceAdminReceiver} this request is associated 544 * with. 545 * @param length The new desired minimum number of numerical digits required 546 * in the password. A value of 0 means there is no restriction. 547 */ 548 public void setPasswordMinimumNumeric(ComponentName admin, int length) { 549 if (mService != null) { 550 try { 551 mService.setPasswordMinimumNumeric(admin, length); 552 } catch (RemoteException e) { 553 Log.w(TAG, "Failed talking with device policy service", e); 554 } 555 } 556 } 557 558 /** 559 * Retrieve the current number of numerical digits required in the password 560 * for all admins or a particular one. This is the same value as 561 * set by {#link {@link #setPasswordMinimumNumeric(ComponentName, int)} 562 * and only applies when the password quality is 563 * {@link #PASSWORD_QUALITY_COMPLEX}. 564 * 565 * @param admin The name of the admin component to check, or null to 566 * aggregate all admins. 567 * @return The minimum number of numerical digits required in the password. 568 */ 569 public int getPasswordMinimumNumeric(ComponentName admin) { 570 if (mService != null) { 571 try { 572 return mService.getPasswordMinimumNumeric(admin); 573 } catch (RemoteException e) { 574 Log.w(TAG, "Failed talking with device policy service", e); 575 } 576 } 577 return 0; 578 } 579 580 /** 581 * Called by an application that is administering the device to set the 582 * minimum number of symbols required in the password. After setting this, 583 * the user will not be able to enter a new password that is not at least as 584 * restrictive as what has been set. Note that the current password will 585 * remain until the user has set a new one, so the change does not take 586 * place immediately. To prompt the user for a new password, use 587 * {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This 588 * constraint is only imposed if the administrator has also requested 589 * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The 590 * default value is 1. 591 * <p> 592 * The calling device admin must have requested 593 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 594 * this method; if it has not, a security exception will be thrown. 595 * 596 * @param admin Which {@link DeviceAdminReceiver} this request is associated 597 * with. 598 * @param length The new desired minimum number of symbols required in the 599 * password. A value of 0 means there is no restriction. 600 */ 601 public void setPasswordMinimumSymbols(ComponentName admin, int length) { 602 if (mService != null) { 603 try { 604 mService.setPasswordMinimumSymbols(admin, length); 605 } catch (RemoteException e) { 606 Log.w(TAG, "Failed talking with device policy service", e); 607 } 608 } 609 } 610 611 /** 612 * Retrieve the current number of symbols required in the password for all 613 * admins or a particular one. This is the same value as 614 * set by {#link {@link #setPasswordMinimumSymbols(ComponentName, int)} 615 * and only applies when the password quality is 616 * {@link #PASSWORD_QUALITY_COMPLEX}. 617 * 618 * @param admin The name of the admin component to check, or null to 619 * aggregate all admins. 620 * @return The minimum number of symbols required in the password. 621 */ 622 public int getPasswordMinimumSymbols(ComponentName admin) { 623 if (mService != null) { 624 try { 625 return mService.getPasswordMinimumSymbols(admin); 626 } catch (RemoteException e) { 627 Log.w(TAG, "Failed talking with device policy service", e); 628 } 629 } 630 return 0; 631 } 632 633 /** 634 * Called by an application that is administering the device to set the 635 * minimum number of non-letter characters (numerical digits or symbols) 636 * required in the password. After setting this, the user will not be able 637 * to enter a new password that is not at least as restrictive as what has 638 * been set. Note that the current password will remain until the user has 639 * set a new one, so the change does not take place immediately. To prompt 640 * the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} after 641 * setting this value. This constraint is only imposed if the administrator 642 * has also requested {@link #PASSWORD_QUALITY_COMPLEX} with 643 * {@link #setPasswordQuality}. The default value is 0. 644 * <p> 645 * The calling device admin must have requested 646 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 647 * this method; if it has not, a security exception will be thrown. 648 * 649 * @param admin Which {@link DeviceAdminReceiver} this request is associated 650 * with. 651 * @param length The new desired minimum number of letters required in the 652 * password. A value of 0 means there is no restriction. 653 */ 654 public void setPasswordMinimumNonLetter(ComponentName admin, int length) { 655 if (mService != null) { 656 try { 657 mService.setPasswordMinimumNonLetter(admin, length); 658 } catch (RemoteException e) { 659 Log.w(TAG, "Failed talking with device policy service", e); 660 } 661 } 662 } 663 664 /** 665 * Retrieve the current number of non-letter characters required in the 666 * password for all admins or a particular one. This is the same value as 667 * set by {#link {@link #setPasswordMinimumNonLetter(ComponentName, int)} 668 * and only applies when the password quality is 669 * {@link #PASSWORD_QUALITY_COMPLEX}. 670 * 671 * @param admin The name of the admin component to check, or null to 672 * aggregate all admins. 673 * @return The minimum number of letters required in the password. 674 */ 675 public int getPasswordMinimumNonLetter(ComponentName admin) { 676 if (mService != null) { 677 try { 678 return mService.getPasswordMinimumNonLetter(admin); 679 } catch (RemoteException e) { 680 Log.w(TAG, "Failed talking with device policy service", e); 681 } 682 } 683 return 0; 684 } 685 686 /** 687 * Called by an application that is administering the device to set the length 688 * of the password history. After setting this, the user will not be able to 689 * enter a new password that is the same as any password in the history. Note 690 * that the current password will remain until the user has set a new one, so 691 * the change does not take place immediately. To prompt the user for a new 692 * password, use {@link #ACTION_SET_NEW_PASSWORD} after setting this value. 693 * This constraint is only imposed if the administrator has also requested 694 * either {@link #PASSWORD_QUALITY_NUMERIC}, 695 * {@link #PASSWORD_QUALITY_ALPHABETIC}, or 696 * {@link #PASSWORD_QUALITY_ALPHANUMERIC} with {@link #setPasswordQuality}. 697 * 698 * <p> 699 * The calling device admin must have requested 700 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call this 701 * method; if it has not, a security exception will be thrown. 702 * 703 * @param admin Which {@link DeviceAdminReceiver} this request is associated 704 * with. 705 * @param length The new desired length of password history. A value of 0 706 * means there is no restriction. 707 */ 708 public void setPasswordHistoryLength(ComponentName admin, int length) { 709 if (mService != null) { 710 try { 711 mService.setPasswordHistoryLength(admin, length); 712 } catch (RemoteException e) { 713 Log.w(TAG, "Failed talking with device policy service", e); 714 } 715 } 716 } 717 718 /** 719 * Called by a device admin to set the password expiration timeout. Calling this method 720 * will restart the countdown for password expiration for the given admin, as will changing 721 * the device password (for all admins). 722 * 723 * <p>The provided timeout is the time delta in ms and will be added to the current time. 724 * For example, to have the password expire 5 days from now, timeout would be 725 * 5 * 86400 * 1000 = 432000000 ms for timeout. 726 * 727 * <p>To disable password expiration, a value of 0 may be used for timeout. 728 * 729 * <p>The calling device admin must have requested 730 * {@link DeviceAdminInfo#USES_POLICY_EXPIRE_PASSWORD} to be able to call this 731 * method; if it has not, a security exception will be thrown. 732 * 733 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 734 * @param timeout The limit (in ms) that a password can remain in effect. A value of 0 735 * means there is no restriction (unlimited). 736 */ 737 public void setPasswordExpirationTimeout(ComponentName admin, long timeout) { 738 if (mService != null) { 739 try { 740 mService.setPasswordExpirationTimeout(admin, timeout); 741 } catch (RemoteException e) { 742 Log.w(TAG, "Failed talking with device policy service", e); 743 } 744 } 745 } 746 747 /** 748 * Get the password expiration timeout for the given admin. The expiration timeout is the 749 * recurring expiration timeout provided in the call to 750 * {@link #setPasswordExpirationTimeout(ComponentName, long)} for the given admin or the 751 * aggregate of all policy administrators if admin is null. 752 * 753 * @param admin The name of the admin component to check, or null to aggregate all admins. 754 * @return The timeout for the given admin or the minimum of all timeouts 755 */ 756 public long getPasswordExpirationTimeout(ComponentName admin) { 757 if (mService != null) { 758 try { 759 return mService.getPasswordExpirationTimeout(admin); 760 } catch (RemoteException e) { 761 Log.w(TAG, "Failed talking with device policy service", e); 762 } 763 } 764 return 0; 765 } 766 767 /** 768 * Get the current password expiration time for the given admin or an aggregate of 769 * all admins if admin is null. If the password is expired, this will return the time since 770 * the password expired as a negative number. If admin is null, then a composite of all 771 * expiration timeouts is returned - which will be the minimum of all timeouts. 772 * 773 * @param admin The name of the admin component to check, or null to aggregate all admins. 774 * @return The password expiration time, in ms. 775 */ 776 public long getPasswordExpiration(ComponentName admin) { 777 if (mService != null) { 778 try { 779 return mService.getPasswordExpiration(admin); 780 } catch (RemoteException e) { 781 Log.w(TAG, "Failed talking with device policy service", e); 782 } 783 } 784 return 0; 785 } 786 787 /** 788 * Retrieve the current password history length for all admins 789 * or a particular one. 790 * @param admin The name of the admin component to check, or null to aggregate 791 * all admins. 792 * @return The length of the password history 793 */ 794 public int getPasswordHistoryLength(ComponentName admin) { 795 if (mService != null) { 796 try { 797 return mService.getPasswordHistoryLength(admin); 798 } catch (RemoteException e) { 799 Log.w(TAG, "Failed talking with device policy service", e); 800 } 801 } 802 return 0; 803 } 804 805 /** 806 * Return the maximum password length that the device supports for a 807 * particular password quality. 808 * @param quality The quality being interrogated. 809 * @return Returns the maximum length that the user can enter. 810 */ 811 public int getPasswordMaximumLength(int quality) { 812 // Kind-of arbitrary. 813 return 16; 814 } 815 816 /** 817 * Determine whether the current password the user has set is sufficient 818 * to meet the policy requirements (quality, minimum length) that have been 819 * requested. 820 * 821 * <p>The calling device admin must have requested 822 * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call 823 * this method; if it has not, a security exception will be thrown. 824 * 825 * @return Returns true if the password meets the current requirements, 826 * else false. 827 */ 828 public boolean isActivePasswordSufficient() { 829 if (mService != null) { 830 try { 831 return mService.isActivePasswordSufficient(); 832 } catch (RemoteException e) { 833 Log.w(TAG, "Failed talking with device policy service", e); 834 } 835 } 836 return false; 837 } 838 839 /** 840 * Retrieve the number of times the user has failed at entering a 841 * password since that last successful password entry. 842 * 843 * <p>The calling device admin must have requested 844 * {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} to be able to call 845 * this method; if it has not, a security exception will be thrown. 846 */ 847 public int getCurrentFailedPasswordAttempts() { 848 if (mService != null) { 849 try { 850 return mService.getCurrentFailedPasswordAttempts(); 851 } catch (RemoteException e) { 852 Log.w(TAG, "Failed talking with device policy service", e); 853 } 854 } 855 return -1; 856 } 857 858 /** 859 * Setting this to a value greater than zero enables a built-in policy 860 * that will perform a device wipe after too many incorrect 861 * device-unlock passwords have been entered. This built-in policy combines 862 * watching for failed passwords and wiping the device, and requires 863 * that you request both {@link DeviceAdminInfo#USES_POLICY_WATCH_LOGIN} and 864 * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}}. 865 * 866 * <p>To implement any other policy (e.g. wiping data for a particular 867 * application only, erasing or revoking credentials, or reporting the 868 * failure to a server), you should implement 869 * {@link DeviceAdminReceiver#onPasswordFailed(Context, android.content.Intent)} 870 * instead. Do not use this API, because if the maximum count is reached, 871 * the device will be wiped immediately, and your callback will not be invoked. 872 * 873 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 874 * @param num The number of failed password attempts at which point the 875 * device will wipe its data. 876 */ 877 public void setMaximumFailedPasswordsForWipe(ComponentName admin, int num) { 878 if (mService != null) { 879 try { 880 mService.setMaximumFailedPasswordsForWipe(admin, num); 881 } catch (RemoteException e) { 882 Log.w(TAG, "Failed talking with device policy service", e); 883 } 884 } 885 } 886 887 /** 888 * Retrieve the current maximum number of login attempts that are allowed 889 * before the device wipes itself, for all admins 890 * or a particular one. 891 * @param admin The name of the admin component to check, or null to aggregate 892 * all admins. 893 */ 894 public int getMaximumFailedPasswordsForWipe(ComponentName admin) { 895 if (mService != null) { 896 try { 897 return mService.getMaximumFailedPasswordsForWipe(admin); 898 } catch (RemoteException e) { 899 Log.w(TAG, "Failed talking with device policy service", e); 900 } 901 } 902 return 0; 903 } 904 905 /** 906 * Flag for {@link #resetPassword}: don't allow other admins to change 907 * the password again until the user has entered it. 908 */ 909 public static final int RESET_PASSWORD_REQUIRE_ENTRY = 0x0001; 910 911 /** 912 * Force a new device unlock password (the password needed to access the 913 * entire device, not for individual accounts) on the user. This takes 914 * effect immediately. 915 * The given password must be sufficient for the 916 * current password quality and length constraints as returned by 917 * {@link #getPasswordQuality(ComponentName)} and 918 * {@link #getPasswordMinimumLength(ComponentName)}; if it does not meet 919 * these constraints, then it will be rejected and false returned. Note 920 * that the password may be a stronger quality (containing alphanumeric 921 * characters when the requested quality is only numeric), in which case 922 * the currently active quality will be increased to match. 923 * 924 * <p>The calling device admin must have requested 925 * {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call 926 * this method; if it has not, a security exception will be thrown. 927 * 928 * @param password The new password for the user. 929 * @param flags May be 0 or {@link #RESET_PASSWORD_REQUIRE_ENTRY}. 930 * @return Returns true if the password was applied, or false if it is 931 * not acceptable for the current constraints. 932 */ 933 public boolean resetPassword(String password, int flags) { 934 if (mService != null) { 935 try { 936 return mService.resetPassword(password, flags); 937 } catch (RemoteException e) { 938 Log.w(TAG, "Failed talking with device policy service", e); 939 } 940 } 941 return false; 942 } 943 944 /** 945 * Called by an application that is administering the device to set the 946 * maximum time for user activity until the device will lock. This limits 947 * the length that the user can set. It takes effect immediately. 948 * 949 * <p>The calling device admin must have requested 950 * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call 951 * this method; if it has not, a security exception will be thrown. 952 * 953 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 954 * @param timeMs The new desired maximum time to lock in milliseconds. 955 * A value of 0 means there is no restriction. 956 */ 957 public void setMaximumTimeToLock(ComponentName admin, long timeMs) { 958 if (mService != null) { 959 try { 960 mService.setMaximumTimeToLock(admin, timeMs); 961 } catch (RemoteException e) { 962 Log.w(TAG, "Failed talking with device policy service", e); 963 } 964 } 965 } 966 967 /** 968 * Retrieve the current maximum time to unlock for all admins 969 * or a particular one. 970 * @param admin The name of the admin component to check, or null to aggregate 971 * all admins. 972 */ 973 public long getMaximumTimeToLock(ComponentName admin) { 974 if (mService != null) { 975 try { 976 return mService.getMaximumTimeToLock(admin); 977 } catch (RemoteException e) { 978 Log.w(TAG, "Failed talking with device policy service", e); 979 } 980 } 981 return 0; 982 } 983 984 /** 985 * Make the device lock immediately, as if the lock screen timeout has 986 * expired at the point of this call. 987 * 988 * <p>The calling device admin must have requested 989 * {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} to be able to call 990 * this method; if it has not, a security exception will be thrown. 991 */ 992 public void lockNow() { 993 if (mService != null) { 994 try { 995 mService.lockNow(); 996 } catch (RemoteException e) { 997 Log.w(TAG, "Failed talking with device policy service", e); 998 } 999 } 1000 } 1001 1002 /** 1003 * Flag for {@link #wipeData(int)}: also erase the device's external 1004 * storage. 1005 */ 1006 public static final int WIPE_EXTERNAL_STORAGE = 0x0001; 1007 1008 /** 1009 * Ask the user date be wiped. This will cause the device to reboot, 1010 * erasing all user data while next booting up. External storage such 1011 * as SD cards will not be erased. 1012 * 1013 * <p>The calling device admin must have requested 1014 * {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} to be able to call 1015 * this method; if it has not, a security exception will be thrown. 1016 * 1017 * @param flags Bit mask of additional options: currently must be 0. 1018 */ 1019 public void wipeData(int flags) { 1020 if (mService != null) { 1021 try { 1022 mService.wipeData(flags); 1023 } catch (RemoteException e) { 1024 Log.w(TAG, "Failed talking with device policy service", e); 1025 } 1026 } 1027 } 1028 1029 /** 1030 * Called by an application that is administering the device to set the 1031 * global proxy and exclusion list. 1032 * <p> 1033 * The calling device admin must have requested 1034 * {@link DeviceAdminInfo#USES_POLICY_SETS_GLOBAL_PROXY} to be able to call 1035 * this method; if it has not, a security exception will be thrown. 1036 * Only the first device admin can set the proxy. If a second admin attempts 1037 * to set the proxy, the {@link ComponentName} of the admin originally setting the 1038 * proxy will be returned. If successful in setting the proxy, null will 1039 * be returned. 1040 * The method can be called repeatedly by the device admin alrady setting the 1041 * proxy to update the proxy and exclusion list. 1042 * 1043 * @param admin Which {@link DeviceAdminReceiver} this request is associated 1044 * with. 1045 * @param proxySpec the global proxy desired. Must be an HTTP Proxy. 1046 * Pass Proxy.NO_PROXY to reset the proxy. 1047 * @param exclusionList a list of domains to be excluded from the global proxy. 1048 * @return returns null if the proxy was successfully set, or a {@link ComponentName} 1049 * of the device admin that sets thew proxy otherwise. 1050 * @hide 1051 */ 1052 public ComponentName setGlobalProxy(ComponentName admin, Proxy proxySpec, 1053 List<String> exclusionList ) { 1054 if (proxySpec == null) { 1055 throw new NullPointerException(); 1056 } 1057 if (mService != null) { 1058 try { 1059 String hostSpec; 1060 String exclSpec; 1061 if (proxySpec.equals(Proxy.NO_PROXY)) { 1062 hostSpec = null; 1063 exclSpec = null; 1064 } else { 1065 if (!proxySpec.type().equals(Proxy.Type.HTTP)) { 1066 throw new IllegalArgumentException(); 1067 } 1068 InetSocketAddress sa = (InetSocketAddress)proxySpec.address(); 1069 String hostName = sa.getHostName(); 1070 int port = sa.getPort(); 1071 StringBuilder hostBuilder = new StringBuilder(); 1072 hostSpec = hostBuilder.append(hostName) 1073 .append(":").append(Integer.toString(port)).toString(); 1074 if (exclusionList == null) { 1075 exclSpec = ""; 1076 } else { 1077 StringBuilder listBuilder = new StringBuilder(); 1078 boolean firstDomain = true; 1079 for (String exclDomain : exclusionList) { 1080 if (!firstDomain) { 1081 listBuilder = listBuilder.append(","); 1082 } else { 1083 firstDomain = false; 1084 } 1085 listBuilder = listBuilder.append(exclDomain.trim()); 1086 } 1087 exclSpec = listBuilder.toString(); 1088 } 1089 android.net.Proxy.validate(hostName, Integer.toString(port), exclSpec); 1090 } 1091 return mService.setGlobalProxy(admin, hostSpec, exclSpec); 1092 } catch (RemoteException e) { 1093 Log.w(TAG, "Failed talking with device policy service", e); 1094 } 1095 } 1096 return null; 1097 } 1098 1099 /** 1100 * Returns the component name setting the global proxy. 1101 * @return ComponentName object of the device admin that set the global proxy, or 1102 * null if no admin has set the proxy. 1103 * @hide 1104 */ 1105 public ComponentName getGlobalProxyAdmin() { 1106 if (mService != null) { 1107 try { 1108 return mService.getGlobalProxyAdmin(); 1109 } catch (RemoteException e) { 1110 Log.w(TAG, "Failed talking with device policy service", e); 1111 } 1112 } 1113 return null; 1114 } 1115 1116 /** 1117 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1118 * indicating that encryption is not supported. 1119 */ 1120 public static final int ENCRYPTION_STATUS_UNSUPPORTED = 0; 1121 1122 /** 1123 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1124 * indicating that encryption is supported, but is not currently active. 1125 */ 1126 public static final int ENCRYPTION_STATUS_INACTIVE = 1; 1127 1128 /** 1129 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1130 * indicating that encryption is not currently active, but is currently 1131 * being activated. This is only reported by devices that support 1132 * encryption of data and only when the storage is currently 1133 * undergoing a process of becoming encrypted. A device that must reboot and/or wipe data 1134 * to become encrypted will never return this value. 1135 */ 1136 public static final int ENCRYPTION_STATUS_ACTIVATING = 2; 1137 1138 /** 1139 * Result code for {@link #setStorageEncryption} and {@link #getStorageEncryptionStatus}: 1140 * indicating that encryption is active. 1141 */ 1142 public static final int ENCRYPTION_STATUS_ACTIVE = 3; 1143 1144 /** 1145 * Activity action: begin the process of encrypting data on the device. This activity should 1146 * be launched after using {@link #setStorageEncryption} to request encryption be activated. 1147 * After resuming from this activity, use {@link #getStorageEncryption} 1148 * to check encryption status. However, on some devices this activity may never return, as 1149 * it may trigger a reboot and in some cases a complete data wipe of the device. 1150 */ 1151 @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) 1152 public static final String ACTION_START_ENCRYPTION 1153 = "android.app.action.START_ENCRYPTION"; 1154 1155 /** 1156 * Called by an application that is administering the device to 1157 * request that the storage system be encrypted. 1158 * 1159 * <p>When multiple device administrators attempt to control device 1160 * encryption, the most secure, supported setting will always be 1161 * used. If any device administrator requests device encryption, 1162 * it will be enabled; Conversely, if a device administrator 1163 * attempts to disable device encryption while another 1164 * device administrator has enabled it, the call to disable will 1165 * fail (most commonly returning {@link #ENCRYPTION_STATUS_ACTIVE}). 1166 * 1167 * <p>This policy controls encryption of the secure (application data) storage area. Data 1168 * written to other storage areas may or may not be encrypted, and this policy does not require 1169 * or control the encryption of any other storage areas. 1170 * There is one exception: If {@link android.os.Environment#isExternalStorageEmulated()} is 1171 * {@code true}, then the directory returned by 1172 * {@link android.os.Environment#getExternalStorageDirectory()} must be written to disk 1173 * within the encrypted storage area. 1174 * 1175 * <p>Important Note: On some devices, it is possible to encrypt storage without requiring 1176 * the user to create a device PIN or Password. In this case, the storage is encrypted, but 1177 * the encryption key may not be fully secured. For maximum security, the administrator should 1178 * also require (and check for) a pattern, PIN, or password. 1179 * 1180 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 1181 * @param encrypt true to request encryption, false to release any previous request 1182 * @return the new request status (for all active admins) - will be one of 1183 * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, or 1184 * {@link #ENCRYPTION_STATUS_ACTIVE}. This is the value of the requests; Use 1185 * {@link #getStorageEncryptionStatus()} to query the actual device state. 1186 */ 1187 public int setStorageEncryption(ComponentName admin, boolean encrypt) { 1188 if (mService != null) { 1189 try { 1190 return mService.setStorageEncryption(admin, encrypt); 1191 } catch (RemoteException e) { 1192 Log.w(TAG, "Failed talking with device policy service", e); 1193 } 1194 } 1195 return ENCRYPTION_STATUS_UNSUPPORTED; 1196 } 1197 1198 /** 1199 * Called by an application that is administering the device to 1200 * determine the requested setting for secure storage. 1201 * 1202 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. If null, 1203 * this will return the requested encryption setting as an aggregate of all active 1204 * administrators. 1205 * @return true if the admin(s) are requesting encryption, false if not. 1206 */ 1207 public boolean getStorageEncryption(ComponentName admin) { 1208 if (mService != null) { 1209 try { 1210 return mService.getStorageEncryption(admin); 1211 } catch (RemoteException e) { 1212 Log.w(TAG, "Failed talking with device policy service", e); 1213 } 1214 } 1215 return false; 1216 } 1217 1218 /** 1219 * Called by an application that is administering the device to 1220 * determine the current encryption status of the device. 1221 * 1222 * Depending on the returned status code, the caller may proceed in different 1223 * ways. If the result is {@link #ENCRYPTION_STATUS_UNSUPPORTED}, the 1224 * storage system does not support encryption. If the 1225 * result is {@link #ENCRYPTION_STATUS_INACTIVE}, use {@link 1226 * #ACTION_START_ENCRYPTION} to begin the process of encrypting or decrypting the 1227 * storage. If the result is {@link #ENCRYPTION_STATUS_ACTIVATING} or 1228 * {@link #ENCRYPTION_STATUS_ACTIVE}, no further action is required. 1229 * 1230 * @return current status of encryption. The value will be one of 1231 * {@link #ENCRYPTION_STATUS_UNSUPPORTED}, {@link #ENCRYPTION_STATUS_INACTIVE}, 1232 * {@link #ENCRYPTION_STATUS_ACTIVATING}, or{@link #ENCRYPTION_STATUS_ACTIVE}. 1233 */ 1234 public int getStorageEncryptionStatus() { 1235 if (mService != null) { 1236 try { 1237 return mService.getStorageEncryptionStatus(); 1238 } catch (RemoteException e) { 1239 Log.w(TAG, "Failed talking with device policy service", e); 1240 } 1241 } 1242 return ENCRYPTION_STATUS_UNSUPPORTED; 1243 } 1244 1245 /** 1246 * Called by an application that is administering the device to disable all cameras 1247 * on the device. After setting this, no applications will be able to access any cameras 1248 * on the device. 1249 * 1250 * <p>The calling device admin must have requested 1251 * {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call 1252 * this method; if it has not, a security exception will be thrown. 1253 * 1254 * @param admin Which {@link DeviceAdminReceiver} this request is associated with. 1255 * @param disabled Whether or not the camera should be disabled. 1256 */ 1257 public void setCameraDisabled(ComponentName admin, boolean disabled) { 1258 if (mService != null) { 1259 try { 1260 mService.setCameraDisabled(admin, disabled); 1261 } catch (RemoteException e) { 1262 Log.w(TAG, "Failed talking with device policy service", e); 1263 } 1264 } 1265 } 1266 1267 /** 1268 * Determine whether or not the device's cameras have been disabled either by the current 1269 * admin, if specified, or all admins. 1270 * @param admin The name of the admin component to check, or null to check if any admins 1271 * have disabled the camera 1272 */ 1273 public boolean getCameraDisabled(ComponentName admin) { 1274 if (mService != null) { 1275 try { 1276 return mService.getCameraDisabled(admin); 1277 } catch (RemoteException e) { 1278 Log.w(TAG, "Failed talking with device policy service", e); 1279 } 1280 } 1281 return false; 1282 } 1283 1284 /** 1285 * @hide 1286 */ 1287 public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing) { 1288 if (mService != null) { 1289 try { 1290 mService.setActiveAdmin(policyReceiver, refreshing); 1291 } catch (RemoteException e) { 1292 Log.w(TAG, "Failed talking with device policy service", e); 1293 } 1294 } 1295 } 1296 1297 /** 1298 * Returns the DeviceAdminInfo as defined by the administrator's package info & meta-data 1299 * @hide 1300 */ 1301 public DeviceAdminInfo getAdminInfo(ComponentName cn) { 1302 ActivityInfo ai; 1303 try { 1304 ai = mContext.getPackageManager().getReceiverInfo(cn, 1305 PackageManager.GET_META_DATA); 1306 } catch (PackageManager.NameNotFoundException e) { 1307 Log.w(TAG, "Unable to retrieve device policy " + cn, e); 1308 return null; 1309 } 1310 1311 ResolveInfo ri = new ResolveInfo(); 1312 ri.activityInfo = ai; 1313 1314 try { 1315 return new DeviceAdminInfo(mContext, ri); 1316 } catch (XmlPullParserException e) { 1317 Log.w(TAG, "Unable to parse device policy " + cn, e); 1318 return null; 1319 } catch (IOException e) { 1320 Log.w(TAG, "Unable to parse device policy " + cn, e); 1321 return null; 1322 } 1323 } 1324 1325 /** 1326 * @hide 1327 */ 1328 public void getRemoveWarning(ComponentName admin, RemoteCallback result) { 1329 if (mService != null) { 1330 try { 1331 mService.getRemoveWarning(admin, result); 1332 } catch (RemoteException e) { 1333 Log.w(TAG, "Failed talking with device policy service", e); 1334 } 1335 } 1336 } 1337 1338 /** 1339 * @hide 1340 */ 1341 public void setActivePasswordState(int quality, int length, int letters, int uppercase, 1342 int lowercase, int numbers, int symbols, int nonletter) { 1343 if (mService != null) { 1344 try { 1345 mService.setActivePasswordState(quality, length, letters, uppercase, lowercase, 1346 numbers, symbols, nonletter); 1347 } catch (RemoteException e) { 1348 Log.w(TAG, "Failed talking with device policy service", e); 1349 } 1350 } 1351 } 1352 1353 /** 1354 * @hide 1355 */ 1356 public void reportFailedPasswordAttempt() { 1357 if (mService != null) { 1358 try { 1359 mService.reportFailedPasswordAttempt(); 1360 } catch (RemoteException e) { 1361 Log.w(TAG, "Failed talking with device policy service", e); 1362 } 1363 } 1364 } 1365 1366 /** 1367 * @hide 1368 */ 1369 public void reportSuccessfulPasswordAttempt() { 1370 if (mService != null) { 1371 try { 1372 mService.reportSuccessfulPasswordAttempt(); 1373 } catch (RemoteException e) { 1374 Log.w(TAG, "Failed talking with device policy service", e); 1375 } 1376 } 1377 } 1378 1379 } 1380