int BluetoothPolicy::setModeChangeState(const bool enable)
{
+ if (!SetPolicyAllowed(context, "bluetooth", enable)) {
+ return 0;
+ }
+
int ret = __setModeChangeState(enable);
if (POLICY_ENFORCING_FAILED(ret))
return -1;
- return SetPolicyAllowed(context, "bluetooth", enable);
+ return 0;
}
bool BluetoothPolicy::getModeChangeState()
int BluetoothPolicy::setDesktopConnectivityState(const bool enable)
{
+ if (!SetPolicyAllowed(context, "bluetooth-desktop-connectivity", enable)) {
+ return 0;
+ }
+
int ret = __setDesktopConnectivityState(enable);
if (POLICY_ENFORCING_FAILED(ret))
return -1;
- return SetPolicyAllowed(context, "bluetooth-desktop-connectivity", enable);
+ return 0;
+
}
bool BluetoothPolicy::getDesktopConnectivityState()
int BluetoothPolicy::setPairingState(const bool enable)
{
+ if (!SetPolicyAllowed(context, "bluetooth-pairing", enable)) {
+ return 0;
+ }
+
int ret = __setPairingState(enable);
if (POLICY_ENFORCING_FAILED(ret))
return -1;
- return SetPolicyAllowed(context, "bluetooth-pairing", enable);
+ return 0;
}
bool BluetoothPolicy::getPairingState()
int BluetoothPolicy::setTetheringState(bool enable)
{
try {
+ if (!SetPolicyAllowed(context, "bluetooth-tethering", enable)) {
+ return 0;
+ }
+
dbus::Connection &systemDBus = dbus::Connection::getSystem();
systemDBus.methodcall(MOBILEAP_INTERFACE,
"change_policy",
return -1;
}
- return SetPolicyAllowed(context, "bluetooth-tethering", enable);
+ return 0;
+
}
bool BluetoothPolicy::getTetheringState()
int BluetoothPolicy::setDeviceRestriction(const bool enable)
{
+ if (SetPolicyEnabled(context, "bluetooth-device-restriction", enable)) {
+ return 0;
+ }
+
int ret = __setDeviceRestriction(enable);
if (POLICY_ENFORCING_FAILED(ret))
return -1;
- return SetPolicyEnabled(context, "bluetooth-device-restriction", enable);
+ return 0;
}
bool BluetoothPolicy::isDeviceRestricted()
int BluetoothPolicy::setUuidRestriction(const bool enable)
{
+ if (SetPolicyEnabled(context, "bluetooth-uuid-restriction", enable)) {
+ return 0;
+ }
+
int ret = __setUuidRestriction(enable);
if (POLICY_ENFORCING_FAILED(ret))
return -1;
- return SetPolicyEnabled(context, "bluetooth-uuid-restriction", enable);
+ return 0;
}
bool BluetoothPolicy::isUuidRestricted()
int LocationPolicy::setLocationState(int enable)
{
- if (location_manager_enable_restriction(!enable) != LOCATIONS_ERROR_NONE)
+ if (!SetPolicyAllowed(context, "location", enable)) {
+ return 0;
+ }
+
+ if (location_manager_enable_restriction(!enable) != LOCATIONS_ERROR_NONE) {
return -1;
+ }
- return SetPolicyAllowed(context, "location", enable);
+ return 0;
}
int LocationPolicy::getLocationState()
return ctx.getPolicy(name, ctx.getPeerUid());
}
-inline int setPasswordPolicy(PolicyControlContext &ctx, const std::string &name, int value)
+inline bool setPasswordPolicy(PolicyControlContext &ctx, const std::string &name, int value)
{
return ctx.setPolicy(name, value, "password", name);
}
int PasswordPolicy::setQuality(int quality)
{
try {
+ if (!setPasswordPolicy(context, "password-quality", quality)) {
+ return 0;
+ }
+
+ if (quality == DPM_PASSWORD_QUALITY_SIMPLE_PASSWORD) {
+ setPasswordPolicy(context, "password-minimum-length", SIMPLE_PASSWORD_LENGTH);
+ }
+
PasswordManager passwordManager(context.getPeerUid());
passwordManager.setQuality(getPasswordQualityType(quality));
ERROR(e.what());
return -1;
}
-
- setPasswordPolicy(context, "password-quality", quality);
- if (quality == DPM_PASSWORD_QUALITY_SIMPLE_PASSWORD) {
- setPasswordPolicy(context, "password-minimum-length", SIMPLE_PASSWORD_LENGTH);
- }
-
return 0;
}
int PasswordPolicy::setMinimumLength(int value)
{
try {
- PasswordManager passwordManager(context.getPeerUid());
+ if (!setPasswordPolicy(context, "password-minimum-length", value)) {
+ return 0;
+ }
+ PasswordManager passwordManager(context.getPeerUid());
passwordManager.setMinimumLength(value);
passwordManager.enforce();
} catch (runtime::Exception &e) {
return -1;
}
- return setPasswordPolicy(context, "password-minimum-length", value);
+ return 0;
}
int PasswordPolicy::getMinimumLength()
int PasswordPolicy::setMinComplexChars(int value)
{
try {
+ if (!setPasswordPolicy(context, "password-minimum-complexity", value)) {
+ return 0;
+ }
+
PasswordManager passwordManager(context.getPeerUid());
passwordManager.setMinimumComplexCharacters(value);
passwordManager.enforce();
ERROR("Failed to set minimum complex characters");
return -1;
}
-
- return setPasswordPolicy(context, "password-minimum-complexity", value);
+ return 0;
}
int PasswordPolicy::getMinComplexChars()
int PasswordPolicy::setMaximumFailedForWipe(int value)
{
try {
+ if (!setPasswordPolicy(context, "password-maximum-failure-count", (value == 0) ? INT_MAX : value)) {
+ return 0;
+ }
+
PasswordManager passwordManager(context.getPeerUid());
passwordManager.setMaximumFailedForWipe(value);
passwordManager.enforce();
ERROR("Failed to set maximum failed count for wipe");
return -1;
}
-
- return setPasswordPolicy(context, "password-maximum-failure-count", (value == 0) ? INT_MAX : value);
+ return 0;
}
int PasswordPolicy::getMaximumFailedForWipe()
int PasswordPolicy::setExpires(int value)
{
try {
+ if (!setPasswordPolicy(context, "password-expired", (value == 0) ? INT_MAX : value)) {
+ return 0;
+ }
+
PasswordManager passwordManager(context.getPeerUid());
passwordManager.setExpires(value);
passwordManager.enforce();
ERROR("Failed to set expire");
return -1;
}
+ return 0;
- return setPasswordPolicy(context, "password-expired", (value == 0) ? INT_MAX : value);
}
int PasswordPolicy::getExpires()
int PasswordPolicy::setHistory(int value)
{
try {
+ if (!setPasswordPolicy(context, "password-history", value)) {
+ return 0;
+ }
+
PasswordManager passwordManager(context.getPeerUid());
passwordManager.setHistory(value);
passwordManager.enforce();
ERROR("Failed to set history size");
return -1;
}
-
- return setPasswordPolicy(context, "password-history", value);
+ return 0;
}
int PasswordPolicy::getHistory()
int PasswordPolicy::setMaxInactivityTimeDeviceLock(int value)
{
- return setPasswordPolicy(context, "password-inactivity-timeout", value);
+ try {
+ setPasswordPolicy(context, "password-inactivity-timeout", value);
+ } catch (runtime::Exception &e) {
+ ERROR(e.what());
+ return -1;
+ }
+ return 0;
}
int PasswordPolicy::getMaxInactivityTimeDeviceLock()
int PasswordPolicy::setMaximumCharacterOccurrences(int value)
{
try {
+ if (!setPasswordPolicy(context, "password-maximum-character-occurrences", (value == 0) ? INT_MAX : value)) {
+ return 0;
+ }
+
PasswordManager passwordManager(context.getPeerUid());
passwordManager.setMaximumCharacterOccurrences(value);
passwordManager.enforce();
ERROR(e.what());
return -1;
}
-
- return setPasswordPolicy(context, "password-maximum-character-occurrences", (value == 0) ? INT_MAX : value);
+ return 0;
}
int PasswordPolicy::getMaximumCharacterOccurrences()
int PasswordPolicy::setMaximumNumericSequenceLength(int value)
{
try {
+ if (!setPasswordPolicy(context, "password-numeric-sequences-length", (value == 0) ? INT_MAX : value)) {
+ return 0;
+ }
+
PasswordManager passwordManager(context.getPeerUid());
passwordManager.setMaximumNumericSequenceLength(value);
passwordManager.enforce();
ERROR(e.what());
return -1;
}
-
- return setPasswordPolicy(context, "password-numeric-sequences-length", (value == 0) ? INT_MAX : value);
+ return 0;
}
int PasswordPolicy::getMaximumNumericSequenceLength()
std::unique_ptr<T> instance;
};
-inline int SetPolicyAllowed(PolicyControlContext& context, const std::string& name, bool allow)
+inline bool SetPolicyAllowed(PolicyControlContext& context, const std::string& name, bool allow)
{
return context.setPolicy(name, allow, name, allow ? "allowed" : "disallowed");
}
-inline int SetPolicyEnabled(PolicyControlContext& context, const std::string& name, bool enable)
+inline bool SetPolicyEnabled(PolicyControlContext& context, const std::string& name, bool enable)
{
return context.setPolicy(name, enable, name, enable ? "enabled" : "disabled");
}
int RestrictionPolicy::setCameraState(int enable)
{
- return SetPolicyAllowed(context, "camera", enable);
+ try {
+ SetPolicyAllowed(context, "camera", enable);
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to enforce camera policy");
+ return -1;
+ }
+ return 0;
}
int RestrictionPolicy::getCameraState()
{
char *result = NULL;
try {
+ if (!SetPolicyAllowed(context, "microphone", enable)) {
+ return 0;
+ }
+
dbus::Connection &systemDBus = dbus::Connection::getSystem();
systemDBus.methodcall(PULSEAUDIO_LOGIN_INTERFACE,
"UpdateRestriction",
"block_recording_media",
!enable).get("(s)", &result);
} catch (runtime::Exception& e) {
- ERROR("Failed to enforce location policy");
+ ERROR("Failed to enforce microphone policy");
return -1;
}
- if (strcmp(result, "STREAM_MANAGER_RETURN_OK") == 0) {
- return SetPolicyAllowed(context, "microphone", enable);
+ if (strcmp(result, "STREAM_MANAGER_RETURN_OK") != 0) {
+ return -1;
}
- return -1;
+ return 0;
}
int RestrictionPolicy::getMicrophoneState()
int RestrictionPolicy::setClipboardState(int enable)
{
- return SetPolicyAllowed(context, "clipboard", enable);
+ try {
+ SetPolicyAllowed(context, "clipboard", enable);
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to enforce clipboard policy");
+ return -1;
+ }
+ return 0;
}
int RestrictionPolicy::getClipboardState()
int RestrictionPolicy::setUsbDebuggingState(int enable)
{
- return SetPolicyAllowed(context, "usb-debugging", enable);
+ try {
+ SetPolicyAllowed(context, "usb-debugging", enable);
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to enforce usb debugging policy");
+ return -1;
+ }
+ return 0;
}
int RestrictionPolicy::getUsbDebuggingState()
int RestrictionPolicy::setUsbTetheringState(bool enable)
{
try {
+ if (!SetPolicyAllowed(context, "usb-tethering", enable)) {
+ return 0;
+ }
+
dbus::Connection &systemDBus = dbus::Connection::getSystem();
systemDBus.methodcall(MOBILEAP_INTERFACE,
"change_policy",
ERROR("Failed to change USB tethering state");
return -1;
}
-
- return SetPolicyAllowed(context, "usb-tethering", enable);
+ return 0;
}
bool RestrictionPolicy::getUsbTetheringState()
{
int ret;
try {
+ if (!SetPolicyAllowed(context, "external-storage", enable)) {
+ return 0;
+ }
+
std::string pid(std::to_string(::getpid()));
std::string state(std::to_string(enable));
-
dbus::Connection &systemDBus = dbus::Connection::getSystem();
systemDBus.methodcall(DEVICED_SYSNOTI_INTERFACE,
-1, "(i)", "(sisss)",
return -1;
}
- if (ret == 0) {
- return SetPolicyAllowed(context, "external-storage", enable);
+ if (ret != 0) {
+ return -1;
}
- return -1;
+ return 0;
}
int RestrictionPolicy::getExternalStorageState()
int RestrictionPolicy::setPopImapEmailState(int enable)
{
- return SetPolicyAllowed(context, "popimap-email", enable);
+ try {
+ SetPolicyAllowed(context, "popimap-email", enable);
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to enforce pop/imap email policy");
+ return -1;
+ }
+ return 0;
}
int RestrictionPolicy::getPopImapEmailState()
int RestrictionPolicy::setMessagingState(int enable)
{
- return SetPolicyAllowed(context, "messaging", enable);
+ try {
+ SetPolicyAllowed(context, "messaging", enable);
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to enforce messaging policy");
+ return -1;
+ }
+ return 0;
}
int RestrictionPolicy::getMessagingState()
int RestrictionPolicy::setBrowserState(int enable)
{
- return SetPolicyAllowed(context, "browser", enable);
+ try {
+ SetPolicyAllowed(context, "browser", enable);
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to enforce browser [olicy");
+ return -1;
+ }
+ return 0;
}
int RestrictionPolicy::getBrowserState()
return service->unsubscribeNotification(name, id);
}
-int Server::setPolicy(const std::string& name, int value, const std::string& event, const std::string& info)
+bool Server::setPolicy(const std::string& name, int value, const std::string& event, const std::string& info)
{
uid_t uid = getPeerUid();
- try {
- std::string pkgid = GetPackageId(uid, getPeerPid());
- if (policyManager->setPolicy(pkgid, uid, name, value)) {
- if (event.empty() == false) {
- service->notify(event, info);
- }
+ std::string pkgid = GetPackageId(uid, getPeerPid());
+ if (policyManager->setPolicy(pkgid, uid, name, value)) {
+ if (event.empty() == false) {
+ service->notify(event, info);
}
- } catch (runtime::Exception& e) {
- ERROR(e.what());
- return -1;
+ return true;
}
- return 0;
+ return false;
}
bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege)
}
}
- int setPolicy(const std::string& name, int value, const std::string& event, const std::string& info);
+ bool setPolicy(const std::string& name, int value, const std::string& event, const std::string& info);
- int setPolicy(const std::string& name, int value, const std::string& info)
+ bool setPolicy(const std::string& name, int value, const std::string& info)
{
return setPolicy(name, value, name, info);
}
int WifiPolicy::setState(bool enable)
{
try {
+ if (!SetPolicyAllowed(context, "wifi", enable)) {
+ return 0;
+ }
+
dbus::Connection &systemDBus = dbus::Connection::getSystem();
systemDBus.methodcall(NETCONFIG_INTERFACE,
"DevicePolicySetWifi",
return -1;
}
- SetPolicyAllowed(context, "wifi", enable);
return 0;
}
int WifiPolicy::setHotspotState(bool enable)
{
try {
+ if (!SetPolicyAllowed(context, "wifi-hotspot", enable)) {
+ return 0;
+ }
+
dbus::Connection &systemDBus = dbus::Connection::getSystem();
systemDBus.methodcall(MOBILEAP_INTERFACE,
"change_policy",
return -1;
}
- SetPolicyAllowed(context, "wifi-hotspot", enable);
return 0;
}
int WifiPolicy::setProfileChangeRestriction(bool enable)
{
try {
+ if (!SetPolicyAllowed(context, "wifi-profile-change", enable)) {
+ return 0;
+ }
+
dbus::Connection &systemDBus = dbus::Connection::getSystem();
systemDBus.methodcall(NETCONFIG_INTERFACE,
"DevicePolicySetWifiProfile",
ERROR("Failed to set Wi-Fi profile change restriction");
}
- SetPolicyAllowed(context, "wifi-profile-change", enable);
return 0;
}
int WifiPolicy::setNetworkAccessRestriction(bool enable)
{
- SetPolicyEnabled(context, "wifi-ssid-restriction", enable);
+ try {
+ if (!SetPolicyEnabled(context, "wifi-ssid-restriction", enable)) {
+ return 0;
+ }
- if (enable) {
- applyBlocklistToConnectedAP();
+ if (enable) {
+ applyBlocklistToConnectedAP();
+ }
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to set Wi-Fi profile change restriction");
}
return 0;
projects / platform / core / security / device-policy-manager.git / commitdiff