evict the encryption key of the work profile if possible

2022-02-16 12:32:35 +03:00 · 2022-02-16 12:32:35 +03:00 · 8ffac1070d
parent c3704d422b
commit 8ffac1070d
2 changed files with 17 additions and 1 deletions
--- a/app/src/main/java/me/lucky/wasted/DeviceAdminManager.kt
+++ b/app/src/main/java/me/lucky/wasted/DeviceAdminManager.kt
@ -5,6 +5,7 @@ import android.content.ComponentName
 import android.content.Context
 import android.content.Intent
 import android.os.Build
+import java.lang.Exception

 class DeviceAdminManager(private val ctx: Context) {
    private val dpm = ctx.getSystemService(DevicePolicyManager::class.java)
@ -14,7 +15,21 @@ class DeviceAdminManager(private val ctx: Context) {
    fun remove() = dpm?.removeActiveAdmin(deviceAdmin)
    fun isActive(): Boolean = dpm?.isAdminActive(deviceAdmin) ?: false
    fun getCurrentFailedPasswordAttempts(): Int = dpm?.currentFailedPasswordAttempts ?: 0
-    fun lockNow() = dpm?.lockNow()
+
+    fun lockNow() { if (!lockPrivilegedNow()) dpm?.lockNow() }
+
+    private fun lockPrivilegedNow(): Boolean {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.N) return false
+        var ok = true
+        try {
+            dpm?.getParentProfileInstance(deviceAdmin)?.lockNow()
+        } catch (exc: SecurityException) { ok = false }
+        if (!ok || Build.VERSION.SDK_INT < Build.VERSION_CODES.O) return false
+        try {
+            dpm?.lockNow(DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY)
+        } catch (exc: Exception) { ok = false }
+        return ok
+    }

    fun wipeData() {
        var flags = 0
--- a/app/src/main/res/xml/device_admin.xml
+++ b/app/src/main/res/xml/device_admin.xml
@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <device-admin>
+    <support-transfer-ownership />
    <uses-policies>
        <force-lock />
        <watch-login />