diff options
| author | Ben Komalo <benkomalo@google.com> | 2011-05-09 16:05:33 -0700 |
|---|---|---|
| committer | Ben Komalo <benkomalo@google.com> | 2011-06-10 09:37:17 -0700 |
| commit | 2447edd85baac3225a12b868ef40f76cfdc6ec11 (patch) | |
| tree | ce3ee08dbdbc8f56af08b9cd4606707e3c71fa05 /services/java/com/android/server/DevicePolicyManagerService.java | |
| parent | d3ee2fa18464fb7e4d7f6d27610fbf60b6d1ffce (diff) | |
New device policy to disable camera.
This introduces a new policy that a DeviceAdmin can use to disable _all_
cameras on the device. A separate CL will be made on the media side to
watch this policy bit and act accordingly.
Bug: 4185303
Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
Diffstat (limited to 'services/java/com/android/server/DevicePolicyManagerService.java')
| -rw-r--r-- | services/java/com/android/server/DevicePolicyManagerService.java | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java index 3181a9d061b5..d54930870564 100644 --- a/services/java/com/android/server/DevicePolicyManagerService.java +++ b/services/java/com/android/server/DevicePolicyManagerService.java @@ -172,6 +172,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE; boolean encryptionRequested = false; + boolean disableCamera = false; // TODO: review implementation decisions with frameworks team boolean specifiesGlobalProxy = false; @@ -274,6 +275,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { out.attribute(null, "value", Boolean.toString(encryptionRequested)); out.endTag(null, "encryption-requested"); } + if (disableCamera) { + out.startTag(null, "disable-camera"); + out.attribute(null, "value", Boolean.toString(disableCamera)); + out.endTag(null, "disable-camera"); + } } void readFromXml(XmlPullParser parser) @@ -339,6 +345,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } else if ("encryption-requested".equals(tag)) { encryptionRequested = Boolean.parseBoolean( parser.getAttributeValue(null, "value")); + } else if ("disable-camera".equals(tag)) { + disableCamera = Boolean.parseBoolean( + parser.getAttributeValue(null, "value")); } else { Slog.w(TAG, "Unknown admin tag: " + tag); } @@ -393,6 +402,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } pw.print(prefix); pw.print("encryptionRequested="); pw.println(encryptionRequested); + pw.print(prefix); pw.print("disableCamera="); + pw.println(disableCamera); } } @@ -424,6 +435,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } if (removed) { validatePasswordOwnerLocked(); + syncDeviceCapabilitiesLocked(); saveSettingsLocked(); } } @@ -578,6 +590,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mAdminList.remove(admin); mAdminMap.remove(adminReceiver); validatePasswordOwnerLocked(); + syncDeviceCapabilitiesLocked(); if (doProxyCleanup) { resetGlobalProxy(); } @@ -801,6 +814,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } validatePasswordOwnerLocked(); + syncDeviceCapabilitiesLocked(); long timeMs = getMaximumTimeToLock(null); if (timeMs <= 0) { @@ -844,6 +858,28 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } + /** + * Pushes down policy information to the system for any policies related to general device + * capabilities that need to be enforced by lower level services (e.g. Camera services). + */ + void syncDeviceCapabilitiesLocked() { + // Ensure the status of the camera is synced down to the system. Interested native services + // should monitor this value and act accordingly. + boolean systemState = SystemProperties.getBoolean(SYSTEM_PROP_DISABLE_CAMERA, false); + boolean cameraDisabled = getCameraDisabled(null); + if (cameraDisabled != systemState) { + long token = Binder.clearCallingIdentity(); + try { + String value = cameraDisabled ? "1" : "0"; + Slog.v(TAG, "Change in camera state [" + + SYSTEM_PROP_DISABLE_CAMERA + "] = " + value); + SystemProperties.set(SYSTEM_PROP_DISABLE_CAMERA, value); + } finally { + Binder.restoreCallingIdentity(token); + } + } + } + public void systemReady() { synchronized (this) { loadSettingsLocked(); @@ -1982,6 +2018,53 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private void setEncryptionRequested(boolean encrypt) { } + /** + * The system property used to share the state of the camera. The native camera service + * is expected to read this property and act accordingly. + */ + public static final String SYSTEM_PROP_DISABLE_CAMERA = "sys.secpolicy.camera.disabled"; + + /** + * Disables all device cameras according to the specified admin. + */ + public void setCameraDisabled(ComponentName who, boolean disabled) { + synchronized (this) { + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + ActiveAdmin ap = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA); + if (ap.disableCamera != disabled) { + ap.disableCamera = disabled; + saveSettingsLocked(); + } + syncDeviceCapabilitiesLocked(); + } + } + + /** + * Gets whether or not all device cameras are disabled for a given admin, or disabled for any + * active admins. + */ + public boolean getCameraDisabled(ComponentName who) { + synchronized (this) { + if (who != null) { + ActiveAdmin admin = getActiveAdminUncheckedLocked(who); + return (admin != null) ? admin.disableCamera : false; + } + + // Determine whether or not the device camera is disabled for any active admins. + final int N = mAdminList.size(); + for (int i = 0; i < N; i++) { + ActiveAdmin admin = mAdminList.get(i); + if (admin.disableCamera) { + return true; + } + } + return false; + } + } + @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) |