Don't allow disabling of the camera with managed profiles
Change-Id: I2e6085084682b04ef7973bc433214b5b3ab2da79
This commit is contained in:
parent
809313bda6
commit
ce6916b32a
|
@ -25,4 +25,5 @@ interface IPolicyService {
|
||||||
// New version
|
// New version
|
||||||
void setAccountPolicy2(long accountId, in Policy policy, String securityKey, boolean notify);
|
void setAccountPolicy2(long accountId, in Policy policy, String securityKey, boolean notify);
|
||||||
oneway void remoteWipe();
|
oneway void remoteWipe();
|
||||||
|
boolean canDisableCamera();
|
||||||
}
|
}
|
|
@ -85,6 +85,24 @@ public class PolicyServiceProxy extends ServiceProxy implements IPolicyService {
|
||||||
waitForCompletion();
|
waitForCompletion();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean canDisableCamera() throws RemoteException {
|
||||||
|
setTask(new ProxyTask() {
|
||||||
|
@Override
|
||||||
|
public void run() throws RemoteException {
|
||||||
|
mReturn = mService.canDisableCamera();
|
||||||
|
}
|
||||||
|
}, "canDisableCamera");
|
||||||
|
waitForCompletion();
|
||||||
|
if (mReturn == null) {
|
||||||
|
// This is not a great situation, but it's better to act like the policy isn't enforced
|
||||||
|
// rather than crash.
|
||||||
|
LogUtils.e(TAG, "PolicyService unavailable in canDisableCamera; assuming false");
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
return (Boolean)mReturn;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void remoteWipe() throws RemoteException {
|
public void remoteWipe() throws RemoteException {
|
||||||
setTask(new ProxyTask() {
|
setTask(new ProxyTask() {
|
||||||
|
@ -145,5 +163,13 @@ public class PolicyServiceProxy extends ServiceProxy implements IPolicyService {
|
||||||
}
|
}
|
||||||
throw new IllegalStateException("PolicyService transaction failed");
|
throw new IllegalStateException("PolicyService transaction failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static boolean canDisableCamera(Context context) {
|
||||||
|
try {
|
||||||
|
return new PolicyServiceProxy(context).canDisableCamera();
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -56,7 +56,7 @@ import java.util.ArrayList;
|
||||||
* into and out of various security states.
|
* into and out of various security states.
|
||||||
*/
|
*/
|
||||||
public class SecurityPolicy {
|
public class SecurityPolicy {
|
||||||
private static final String TAG = "Email/SecurityPolicy";
|
private static final String TAG = "Email";
|
||||||
private static SecurityPolicy sInstance = null;
|
private static SecurityPolicy sInstance = null;
|
||||||
private Context mContext;
|
private Context mContext;
|
||||||
private DevicePolicyManager mDPM;
|
private DevicePolicyManager mDPM;
|
||||||
|
@ -438,7 +438,14 @@ public class SecurityPolicy {
|
||||||
dpm.setPasswordMinimumNumeric(mAdminName, 0);
|
dpm.setPasswordMinimumNumeric(mAdminName, 0);
|
||||||
dpm.setPasswordMinimumNonLetter(mAdminName, aggregatePolicy.mPasswordComplexChars);
|
dpm.setPasswordMinimumNonLetter(mAdminName, aggregatePolicy.mPasswordComplexChars);
|
||||||
// Device capabilities
|
// Device capabilities
|
||||||
dpm.setCameraDisabled(mAdminName, aggregatePolicy.mDontAllowCamera);
|
try {
|
||||||
|
// If we are running in a managed policy, it is a securityException to even
|
||||||
|
// call setCameraDisabled(), if is disabled is false. We have to swallow
|
||||||
|
// the exception here.
|
||||||
|
dpm.setCameraDisabled(mAdminName, aggregatePolicy.mDontAllowCamera);
|
||||||
|
} catch (SecurityException e) {
|
||||||
|
LogUtils.d(TAG, "SecurityException in setCameraDisabled, nothing changed");
|
||||||
|
}
|
||||||
|
|
||||||
// encryption required
|
// encryption required
|
||||||
dpm.setStorageEncryption(mAdminName, aggregatePolicy.mRequireEncryption);
|
dpm.setStorageEncryption(mAdminName, aggregatePolicy.mRequireEncryption);
|
||||||
|
|
|
@ -17,6 +17,8 @@
|
||||||
package com.android.email.service;
|
package com.android.email.service;
|
||||||
|
|
||||||
import android.app.Service;
|
import android.app.Service;
|
||||||
|
import android.app.admin.DevicePolicyManager;
|
||||||
|
import android.content.ComponentName;
|
||||||
import android.content.Context;
|
import android.content.Context;
|
||||||
import android.content.Intent;
|
import android.content.Intent;
|
||||||
import android.os.IBinder;
|
import android.os.IBinder;
|
||||||
|
@ -82,6 +84,34 @@ public class PolicyService extends Service {
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean canDisableCamera() {
|
||||||
|
// TODO: This is not a clean way to do this, but there is not currently
|
||||||
|
// any api that can answer the question "will disabling the camera work?"
|
||||||
|
// We need to answer this question here so that we can tell the server what
|
||||||
|
// policies we are able to support, and only apply them after it confirms that
|
||||||
|
// our partial support is acceptable.
|
||||||
|
DevicePolicyManager dpm =
|
||||||
|
(DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
|
||||||
|
final ComponentName adminName = new ComponentName(mContext, SecurityPolicy.PolicyAdmin.class);
|
||||||
|
final boolean cameraDisabled = dpm.getCameraDisabled(adminName);
|
||||||
|
if (cameraDisabled) {
|
||||||
|
// The camera is already disabled, by this admin.
|
||||||
|
// Apparently we can support disabling the camera.
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
try {
|
||||||
|
dpm.setCameraDisabled(adminName, true);
|
||||||
|
dpm.setCameraDisabled(adminName, false);
|
||||||
|
} catch (SecurityException e) {
|
||||||
|
// Apparently we cannot support disabling the camera.
|
||||||
|
LogUtils.w(LOG_TAG, "SecurityException checking camera disabling.");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
Loading…
Reference in New Issue