evict the encryption key of the work profile if possible

This commit is contained in:
lucky 2022-02-16 12:32:35 +03:00
parent c3704d422b
commit 8ffac1070d
2 changed files with 17 additions and 1 deletions

View File

@ -5,6 +5,7 @@ import android.content.ComponentName
import android.content.Context import android.content.Context
import android.content.Intent import android.content.Intent
import android.os.Build import android.os.Build
import java.lang.Exception
class DeviceAdminManager(private val ctx: Context) { class DeviceAdminManager(private val ctx: Context) {
private val dpm = ctx.getSystemService(DevicePolicyManager::class.java) private val dpm = ctx.getSystemService(DevicePolicyManager::class.java)
@ -14,7 +15,21 @@ class DeviceAdminManager(private val ctx: Context) {
fun remove() = dpm?.removeActiveAdmin(deviceAdmin) fun remove() = dpm?.removeActiveAdmin(deviceAdmin)
fun isActive(): Boolean = dpm?.isAdminActive(deviceAdmin) ?: false fun isActive(): Boolean = dpm?.isAdminActive(deviceAdmin) ?: false
fun getCurrentFailedPasswordAttempts(): Int = dpm?.currentFailedPasswordAttempts ?: 0 fun getCurrentFailedPasswordAttempts(): Int = dpm?.currentFailedPasswordAttempts ?: 0
fun lockNow() = dpm?.lockNow()
fun lockNow() { if (!lockPrivilegedNow()) dpm?.lockNow() }
private fun lockPrivilegedNow(): Boolean {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.N) return false
var ok = true
try {
dpm?.getParentProfileInstance(deviceAdmin)?.lockNow()
} catch (exc: SecurityException) { ok = false }
if (!ok || Build.VERSION.SDK_INT < Build.VERSION_CODES.O) return false
try {
dpm?.lockNow(DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY)
} catch (exc: Exception) { ok = false }
return ok
}
fun wipeData() { fun wipeData() {
var flags = 0 var flags = 0

View File

@ -1,5 +1,6 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<device-admin> <device-admin>
<support-transfer-ownership />
<uses-policies> <uses-policies>
<force-lock /> <force-lock />
<watch-login /> <watch-login />